Analysis
-
max time kernel
97s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 13:45
Behavioral task
behavioral1
Sample
ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe
-
Size
401KB
-
MD5
ebca89c07e65029da85ecbbf4a6d3e0c
-
SHA1
729eff4cb8efd00072c1876491d359de71b27e3e
-
SHA256
1d773d866966940f042d442b9e0cec638e733a83f7137cbdd4e70d4cb9803ada
-
SHA512
1385ce3ed11ffa54a203baada1888fbc0603074139bb1b9b637e29a1df2fb89ec98c64477eeb71959f6e524e0c3c313f42555b296c0e6855e3cc5ddb7d399f53
-
SSDEEP
12288:JOSzKmbt2q+jraSEjcH9m38srBvbvKSRc:4m/N++Am3vVvt
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/968-6077-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-6087-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-10247-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-11221-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-11558-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-11559-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-11564-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist behavioral2/memory/968-11566-0x0000000000400000-0x000000000055C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2357) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\F12\es-ES\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\F12\ja-JP\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMETC\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_6360d736a6f64e35\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\ras\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0410\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_facbddcbb097c790\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\TTS\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-GB\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\es\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\ja-JP\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\ar-SA\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp.inf_amd64_614ec8e6e63777b7\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mbtr8897w81x64.inf_amd64_0d8225e7d2696ece\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giilnaaknaacfhpc.bmp" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/968-0-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-6077-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-6087-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-10247-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-11221-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-11558-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-11559-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-11564-0x0000000000400000-0x000000000055C000-memory.dmp upx behavioral2/memory/968-11566-0x0000000000400000-0x000000000055C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-125.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyCalendarSearch.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Pyramid.Medium.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-64.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-125.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-lightunplated.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-150.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-32.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-lightunplated.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-150.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-200.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-125.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_DogEar.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\ValueProp_Ring.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-white_scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-125_contrast-black.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomSetupDisambig.jpg ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Dismiss.scale-64.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48_altform-unplated.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ind_prog.gif ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-lightunplated.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsLargeTile.scale-200.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\remixCTA_welcome.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7e3.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\fr\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pl-pl\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200_contrast-black.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square150x150logo.scale-150_contrast-white.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..hextensions-desktop_31bf3856ad364e35_10.0.19041.153_none_d2ef79c3144d3a4d\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_9d61200c734f61dd\BadgeLogo.scale-100.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep_31bf3856ad364e35_10.0.19041.1_none_f7ae8900566fe5a3\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_taskscheduler.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aaabe2143ee55a3e\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0f8e494c#\f265296f3cbf5114818388ec01d3f658\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja-JP\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-white_scale-150.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_10.0.19041.746_none_122faf636b919ad9\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_fdc.inf_31bf3856ad364e35_10.0.19041.1_none_c34d185b8c634ca0\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_10.0.19041.1_it-it_8c4a985ca0386ecc\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_11ff460c9a6b888e\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-skype-ortc_31bf3856ad364e35_10.0.19041.153_none_d2372d0fe1e12dd7\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_hidinterrupt.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_efdeb5c4ce62c58f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-header-template.html ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-refs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0b42ed22ae518b2b\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..mpattools.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_322083f3f051bc87\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xdiagndll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_853eb0c2728d541a\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..topservices-rdpnano_31bf3856ad364e35_10.0.19041.1081_none_519c64266c482363\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\pdferrorneedcredentials.html ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.84_none_42927ae06bc1dce9\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-bpa_31bf3856ad364e35_10.0.19041.906_none_313eac52c3bd5b22\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_10.0.19041.746_none_3d6e7c8a3ebc7d97\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-media-audio_31bf3856ad364e35_10.0.19041.1266_none_46b4281ff6ecbf6c\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-o..ion-legacy-stdole32_31bf3856ad364e35_10.0.19041.1_none_97c1bccbb75667d4\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-lowlevel-winrt_31bf3856ad364e35_10.0.19041.264_none_12a7603dd0f94c98\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_c_multifunction.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fda6760d5c07176b\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_multipoint-wmsusertab.resources_31bf3856ad364e35_10.0.19041.1_de-de_fd50738c2f3b7ec2\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.264_none_710c9f2f825938d1\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wlanmediamanager_31bf3856ad364e35_10.0.19041.746_none_7b704dfc45023538\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmadmod_31bf3856ad364e35_10.0.19041.1288_none_fb1691c6d327cd9c\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_5965506219f13752\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nkrecognition.de-ch_31bf3856ad364e35_10.0.19041.1_none_7919a9fbf0725602\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..ents-mdac-ado15-jvs_31bf3856ad364e35_10.0.19041.1_none_68476268563baa10\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_10.0.19041.1_none_d0cb895c91934362\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_165687f3449ded80\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_mdmirmdm.inf_31bf3856ad364e35_10.0.19041.985_none_4491852228621c15\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_10.0.19041.1_es-es_c90cc0cd39e23013\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_795560ce4ca218ec\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sqmapi_31bf3856ad364e35_10.0.19041.1_none_b42ec090a42bc426\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system_b77a5c561934e089_4.0.15805.0_none_3595566d47213bb8\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-onecore-tiledatarepository_31bf3856ad364e35_10.0.19041.1081_none_4da7416588d59b79\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_41fcf13230fc70b1\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.Vectors.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_megasas35i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a65e7d58dbc7d272\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_10.0.19041.746_none_61c8b5a8e8547fa8\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-store-install-service_31bf3856ad364e35_10.0.19041.264_none_c64b21e20c9a9fe8\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.1202_none_c0150a0a443c0ffc\r\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dd80637a0a77432\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_b0668ce42cc34128\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_de-de_66e59d75b0f4e5c0\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\RestrictBackgroundData.png ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_10.0.19041.1_none_6a243910908ea471\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_stexstor.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2d5529fc8597317\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-energy-winrt_31bf3856ad364e35_10.0.19041.264_none_f5ea8a4757ab344a\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.19041.572_none_42ec0e96ce977bdb\f\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_10.0.19041.1_none_2ff1ce9055062c18\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_uiautomationclient_31bf3856ad364e35_4.0.15805.110_none_d6c8e8d95463d1f9\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Notify Calendar.wav ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_10.0.19041.1_it-it_6fe9d19440b3ee9b\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_2b0ef3ce25fabaaa\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\HOW TO DECRYPT FILES.txt ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\DefaultIcon ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\ = "CRYPTED!" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ld869rwRuHeO9Tw.exe,0" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell\open\command ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KZXBQDZALDHFNGD\shell ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015 ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015\ = "KZXBQDZALDHFNGD" ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ebca89c07e65029da85ecbbf4a6d3e0c_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD50fa655a02c7758444963ca8e589e2abc
SHA117e4e5229c10bb21851f775ba997ddbddb10d021
SHA2566dd73094b29127c60cb6e497ff0751c475de206f56000b45b5cbc93f72847a82
SHA5124f92bdf7dfe4b0960954a0b7735e8ba988eae182ac928435e213db07bdf964e369fcc562e471f304f54707b5012766991c7cf433d2feac7548a496a23f7b2af6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD51601e33519cc534894fd53ebb49e8fb8
SHA1eeebeb8992a9dc3a0f657d70cdb2d95aac5b629f
SHA256562687736cd82d295206b367166bbcbafe642cffa5291647e76302d0d027cccf
SHA5120974eac42017680e31e50ad906171f4baf51748764e1efa7d1b0a737fd2bf41b02007ae5c403b37c33de65fc589406dc0de13f8f6c5e41b1d7f9688ada6a5f03
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5bf3fc563f901fa333308d461bc6abd82
SHA1a8185e0a2377c4283f24fe3432789b5700f83873
SHA256a8029026f9ebbb833ebb77b4bd2c013d59dd511c04498e226a0f23562a07a714
SHA5129c2442576aafe33929091559ee183fa573e95c6d1f79d92eb066a97b7a2f1c314a1d5e3798bc6ead7ed8999f552379852a2de84142520309343dffcfa78f4ca4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5d60efc3dbb75ea0839a94560d9a0bca9
SHA1733af187ed2cc49ff72241556f43a046193242c5
SHA25622e93d1e941186920fbe0c715718b2189915b99e5523c0c7a37690a9a5547389
SHA5123984262726c3073a52b36d2dcef2f7919092079e2417f11e5187a3ab0bb9e5dcce9bb5ba07fd1a42af21d75370b40096efc4aeea72753dd52cb5648c4d06010a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5a2beaddc3262ec5294e4bb036c549974
SHA1aa3dba819abf679387943d813efd47aadb9f95a9
SHA256468b6214e67f42219e2e40ceafff1f616ae1a8c518d1b6c5825fb5e95b71d027
SHA51293eb5555630121c9e2cf0bd1973b488cf4ed3b9641cf94719376868be72edf4c250a98d2d99baa5b951b96c053a577b35377188ea378ed0d30e0e42780cd72ab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD54f12872e2943cfa3ff22a132cd094184
SHA1d5a6095f16978237a3938d4e300ffc7f0978fc4e
SHA256ac0cd6b431ac7d09c639d48bae16b6dbb14dffc088bc1f3b05869e4813c12829
SHA5125545b16abf79faac2b37e943442b8ef5fe94f97f0442239602d969e51954ceabf1abdba073a204fcd96a44cf45bfde1d67bea174e90285f3c31831ab7262d97e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD50f2ba6537a2906a18d33e655321ae77c
SHA159afe58398d3158e304ad192592ec520a1a45a14
SHA256a820311f8bbaedb268ced7dda117c8bbeaa4bfb84bcc68f897e73d71b91b2f67
SHA512b3c80e9a910eb6e1becaf3e22fa762192abf765484a46877a96ea40ca78e3a8cdb0571813132eeacfb50bf09d5258a686cf58608a8d8277766dfdc05053efcf6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD597b0dbc55540feaa048ad1037d8f0b16
SHA1355009b817999a85bca748d411642eaa05e6aa94
SHA256bec2e7f99031fb567beaa48a4cdc8794ffbc04b9badda30c947830b2b898e3dc
SHA51253c5bf6402b9db02454816eb6f56374bfa85e0551e78e44c542c100e1712b249bbc8e3954e4dc685e074c68070f8a55326e2854c2248b52a940eb578489c80f5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD54acfcf4778305c7e9d6d11b5b4ee2ea0
SHA12a39120a7116ae6d84bdc448299576e907a96f57
SHA25628e0e7f31748c87e14690341dd0ccf9ca0c7ba46c6d9c842f1d23e9e43148b14
SHA512c16588c244610e9ce640306f973e7f6efdc6212cf154518c15ff1c4d49453a20d158c4c2b130cc291ccdb3b3b7d3d75db489c5585e36578ddf6a8ba1b901d8ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD50f58b3f8534fd896bc2f89183a831b44
SHA1fbac8ef53f0ed61a717669e8371a80ca18f4c29f
SHA25639c17b6666c25f45c9ec66a528e972cbe8e1e13aee5711320e84c97d2271898a
SHA512fc48a1edaf4728a6ede52149177d0836ae705c529a189888374dc105c82c615117dc19b6104f3756f941c2347b83f5334b82bc3fa91dbec1fcbd0ac09f0fea64
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5905ecf6cbd64c6fc6e81631671664bef
SHA11088d4a19d7c8cb8ff66d4e6c7118eaa7cb354cc
SHA256c693b8ff139580dbcd84a9592946ab72633e9eb4de339fef127d34404b93e409
SHA5126f355fbf692aeb5795a18b0eb66692c495bea19246cf1ec6683eef16c57ec7d3eb3a176d802cb96f98eb51d7340db9d5ef6271c2a277ce8ec1cc4a020954c81e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD554a80ae71328fcb35771a8e9bef09bc0
SHA175c9b36b7b38858d8cf47d5b2698b39e830d88ac
SHA2566c783d7f8665d6e618f4dbcbf32f91c2acecc07c9523d8c830ad914da957f875
SHA512ca32b7058e0f4a5c2ef9d2a3d32269ab1aff93ca4a5a5e1059d6ec36b3890400e5dd2693ea3bd58a57399de401fe7b0ad41d5245cb55b086323c974deb3affcb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD56db3f03780f83f5c9abf129781434254
SHA1857bec99b1c7dd55742e4511b241a683e1294ea4
SHA25658cda660a59c46b018f349f060588f2bb45dfd92add72399b69512fe57775cde
SHA5125801af98a20656495eed59bd0f3f349439d00424e2123c64692233ad836d3c6d3509b52c486302026a85afe0c4fd5462a2f877b4f9d843ec12c3e7cfbe292a70
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD589a37c11b34b59f32caa821d889dafa6
SHA16d2e8eef34e29529cd500d73b0015a3e97d6640c
SHA256ce1f0f96597cb6eb2c20011e790c9b4b76b5190e79998055ecdbe893b0274f99
SHA51243961533aa39c69494ae90a52e4dfc653839ae200042267c0814cb4ca2399df85668976a18cafe8c182cea8dc7be740d1398a3294c25ebbffb4655820143def6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD53d4c2243d7160964c123a06dd7b912ae
SHA18bbc60fbbb9f8f91d11d2b4000e06f9a7c030dd7
SHA256f7a5f784ef3843900d87524a12dfd1663e778957ed3b98404e5470376950eba0
SHA512f06dc8a731355edb2a2f469cb1534b9ff4df856cc75483af610856d2def7d5a2de36c9bef29edfd16929192fae6c67a33262435618f30f139b9080675da44174
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5dc5845467e9574d6a00a3305143bb533
SHA13d22c371479eb1e44377c47f01d223ac08de92e5
SHA25644e3e5ccc9394148f32e7c1eb9de49f4cfbbe5ef6552de3b05d70b3be4863c57
SHA5125359fe74fc406abaf5861072025f50f58d1af989a1b12d8a7a661b88239fd62fe67876d45d1c8355c77e0807ea0b077446e7ff8c1c4b13d8cccc252eb2722aae
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5d4468a87f6693c143a95485397a081bf
SHA17457ca8288a69736f426053647456f21265c02f5
SHA25605f353657368d084f666ad916400de336d883ff7f08092753869eb6d08a3dd57
SHA51270732035e8b70d3ea25992277f9912fb38aba5164bfb4e2b6dcb260904576f4abdd7c0745cd3f0071d4726d045d4e8c1d3377acbd75c464266aef073764dc13f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD59d7e55a9d649c97020fb75ee3c563359
SHA1b9fde6ab32032b72244ee885eb72934b5c24a23c
SHA2569cd228bdd63d8268eaa921d72bc3d3fa66c8b007cf275631f378749cb24a949f
SHA512b9e717a656bb46f03c2e76d57ae5270c5d75dbcc9f3023e4a24094c6cf8702d2148e270b20dd560aa9ae46fcb55a1ee7219c254a9df763566507802b1e02d8eb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD51846c9f6b494980db59172f800c8f5da
SHA19edcb105d88eedc0a54bf15149c29625fed81f12
SHA2562789e898e495662f5b929860e8570cd0b2b57916067ad7514775b8ac942a508a
SHA512f52423b54c79c3e11eb0455b88e47d28c32b98e0385ed5c83e26c23dd0058960276c166fdda4f01c76ff3c368f8e7d4d7ca76493072f1743743db3c038ea6064
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD51333d06d27dfcd89ab798154b318765b
SHA1cb87c537e084787b3e6804b1277f6020b8277a56
SHA256a5dd63883811f09aeb57af96299c3adec30047aa15264feadf611471e552ae28
SHA512a50f796246d5c230ee57f04e09c9d963ae4a8af609183915ffa630b73125b64dd0043589f4688f09f97ff120ea34a91bc2bab2cd3a589eb3c0b5c206415c8e86
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD528e3ab9ab77e7597744e32aced326580
SHA12cedc61e52bd49462e6bcdf85dd1a9a25fab0a99
SHA2569b5ce3d9f49a3ed0a18320ca648e965655e0496f3e41b003467facc4c1c5bbcb
SHA512f1968f6ab14a32df6e6a37ce11fc54ea577fe8aa7204ec2be7dadb8535b015f74a339b7f4e8421ca9793782f56771a30853486afecafd442217edc7c58497ab3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5644ed7b0861549709cf76efc672d6ce6
SHA19f6370c8fd9af4b009cd7fbfe7a62243633f5054
SHA2564f1284a56d3861b976286e54016cfccb22596385209a54637ddd9ecab2fb063b
SHA51283540376ce591fed508247e560d9728b4e292fd4d83a885b3ee773838510c95460e3ee99c9237f499a28f2e986850b9fb9e4f758f013b93032717df4503dd638
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
Filesize19KB
MD52343450a63f063d124b7d74257ea2cf7
SHA1c94d475326d69f3893d03e6b9958666d2e3b02e9
SHA256f84c76878f1675887561c27a16b40165a355dc4dde96bad9ac1175e5b0d405b5
SHA51271c4dbc53840a5a32734d04a3106c02d2f14bfa5ec06a6962b007033bf9e1bf5b21c58c629cd756a48c58cbcac7252691f8cc92130422843127a31a3794f811f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD55c230afeb0a8afe1968dbb10b9c64610
SHA1466b3c0d96f886418d7cd4db441565640faa2244
SHA25620165b09408c1d03da62a5c86bc5fab0416c893356c214d4f80449d61ee9fb64
SHA51256e88e3917c4930bf26e5bec036c57b15908de16f9869409d7a275153d26b1ee848ac62f6f7dccc47aac2c3fc5179a6ff7c051c11c2805afddd4bb672e229735
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD58137a0a2da891105651099c010cf7a5e
SHA1f3c0ff7460f714bfa41c7f42f9b6a78efd5720d9
SHA25640745f7fa68bb9c952b55f1215fc8c8d58632fb1b032e0754c54309101a0597d
SHA5124fd78305b78d316a0630b823e2829e2c0512a7ced6075f72654ca24416c922c4846621033dc77ed3f138dbe0eef4c5f08d3c38509dd767da395a39b4c3c3a9c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5fc4540a5406adba425c299e4cf29e3c6
SHA1e1002e44823ad392caaf7e5f9f843c5de572efce
SHA25699c0876e323c53b860804e02dcc92f714b20e04a84e48c079116719ab0307967
SHA5125cbf47a8c4eda03ee73e77ab394b236a1ad0bf992f33e53c25f87ccdf04570f86628dd263c92916f8e89998441c0ee6874386703107dcb5f291ee65e9d9032b3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5619b33308b4941bfd793f066a8c76fc5
SHA1da663e3b524f5398ed8954ac9cbd48a59bca32df
SHA2564480b533f8e4bf94c5d1fbf50e8540d19251eca2a723d5cc8e880fc598db8dde
SHA512e8c22376dde2504ebdd3bd0ad4137f3b06dd4665d7acb8f6f74938d73b5be7ab75adf64ac4b36a9769f4b02a068d790b158b7e38d6d6a4066f9d4b23cb090f57
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD586977068884e4eb365fc5f0b9d663d5e
SHA189e5131e4518bd66ec35603489d92f0b50d14ee7
SHA25661a06d9e44370c312fcbb2057c8160d7838d877c86b14a827752fe2cee417b4c
SHA5129c4427d9855763d7f767fbb8c04b46d451a3f9676e625bb15243b84bfaaaea38f7abc22e94940ec466650d6a277655f5ac2d83ab46ac6d2cb3720a62f40f5c8a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5af5397dbc408cdb6f5ef2fb0791c4b01
SHA13e739518a37a9ab701501ec50abc1d5557a02fe7
SHA256721e0032665add400a0b6dff1127ed02e52753926450a54ae3e91bf034b6892c
SHA512d259d86f5ddf98c887f46ba82a8c35257719704b82860050fb1e1650eaf1f2f1846873dff34385899a6767e84fcf0296569bd27e931bfe26b1dd05c001472a5c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5b21063e8c8aa5645a8634e87976a73bf
SHA14df3bf4de84f7d755198a55fb54fa66448a50b62
SHA256e56510ad5892c2ce772f74fcd7535d49672db966a3982a6ada76f9d48d35bb87
SHA512feb13e0de4e74dc54335f5ac20cfaf1e70623ed8b9e80b6b5490b59eba624522ba661d0921c0dd18a16daa5ba7b6e7cf34d94b57e83fea479f72a8af8d43d4fe
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5c1e5ddce631b7eba5deffca4e4b2311e
SHA1e1c460419bbd2b2af50bcd9a343e9aaa8b2b2456
SHA256a10618000a2ae5b58456a30d2d2a39c2437779a2ef519734ef9678d9121dd166
SHA512d6fefab3a6be585b619d412c446340d1d17dd816c57ca3b2d912e39f838bf3831e64be5fa72f80bfe986cb28fe64339ffb9c3a8304f3943760650960c2958715
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5b253f180480dc9de3f7bff95dabab1ea
SHA186e1fed0683c8ecbde8992e73659182532c26474
SHA2561c8c12baeb1be6d9f0bd75be7839958ea38ebe8e28919a3a7f06344ee7868bdd
SHA512b470156c2bb043daaaaf2254c98557b46f6c397cc1a8dd6fd68dd7820e40025898ccdaa7fedf5981b62798d0b24094ca45a1ba1ddeabdbafe9e87532d9e4a7ba
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5aff0d746a423fb590fcadc50f54d7f3e
SHA1101dc0d50c79cd10d1235f79a0e1794830866310
SHA2567e6de442f04d0df7633ff63c865042247d50497baa58884d5dbf711e8a557493
SHA512ea2203c51b5423e7459db09764caad5c8de70689dc4e28d57d842386337923a58dc9ad965a75c29b5409e084ef61a31330862425ed4b40066b998f6ed15de1af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5bb623d28042841b780503083ef7e25d7
SHA1ff02cb8a9efe747c31baee6fc3a4f6a2673a09bb
SHA25637a0de436983eb4622f75f6ec360edd4c99defa2f0c18ae18fb5d34e10ec165e
SHA5124c92b75ddc9954fc0e4404661d7dc4fe5601da5f3fffaafe7d46cf2b66a3b0ece64dd27a3b7cadcefa25fb58afc3d6a7442f4ab76190d45cfccc81d2b795a45c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD53dcdbfb58125cc7b84adc46adce2a857
SHA1f1833da52c590f69a9126e36fac48540dc59a129
SHA2568cf0e3086f9a77849d1f43d06cda13f63885db2451e71202fb570845130e572d
SHA5125e0192e096fcdc9129f2c708a5924e6b8092a7b204bfa5b00c8755eb91cbe06995163291673eb8d86e7e5c8318711f85bc731e918cb555b7104de11409617086
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5b6aa54e784ef123388cfb62a80505c04
SHA1de7cac2dacf6157d39bb9f548590d19882b74f2e
SHA256ad8298e95b1aaaa9c26f9927192b4564bd2e2428c2f03c448d53b671902a8e34
SHA512f54d8a0136ba0ee0de7491b49ee643f00beec8915760112727b4d5d24e30860a4f58c7d376bb0b14227453f6655486037a4794c8d7d21aa07ab2fd03c83ee7be
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5ce490cad37c2038ecc6e57087c87a774
SHA14fc9951c271053216e922b9dc07e19e5acfc3f56
SHA256167db846758a595e593a1018991296df05531b0deab413c15c65a891fee66627
SHA5122fe0ecb80cc10756a78164c43247d31e1be015a01d200d201a15320c623a4aabf34454925742613d503ba2fea723d30b7e07c534e6232acddf68c0338172acd0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD535c7dcb21dcfb4d76d31a9dbc250f094
SHA15d75c4dbe58d219427cdf086b97ad4a9dfa42a90
SHA2561800c9e2a28a2b266c179dd9b013021ba300df8f7071c2d46352663505dbb3e2
SHA512809249773bc91a0ddc9ec66940e74b1b8d8f2cd0b0ebe9e4a37c9ec66c0cdc3f339a81cd3558c2eab91b7168304a837cc32ee4777d7e3c7a8ceee48adbb6c062
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5c8a614a6fda80a0440e9f4b2450129c9
SHA1d67b030fd1895b3a0188212f08eac8b01c87358b
SHA256f7dde1f898054c382c61d67c8c984678f38162a6bf9aa0877a84e4560d086439
SHA512997211db1192dc65d2feaa8923bd4034108e53b43b63b6d7d10fe2133f1c6f643229374fd81f7eb879e42e67c72b86b53ec491b8f8a3ce554786754401660afb
-
Filesize
1013B
MD5de3a3b707082b03731cd74bf977523ad
SHA1a9fcbea5239c1b8c0597c784603f3a67fcb1ffb2
SHA25621efc99273c3b60e01b4df75dc2c96f8aeca13df0ca77374b00a2368812db6fb
SHA512b7196c3be7230914ac2378574e3b72c9a4a4ad17d36d40a5bb93eeb4d50be72a94e397a8fd568426db85682615e2522ce1a9a4a95b5a73e5633099c4ee3ae6bf
-
Filesize
153B
MD557a830c949e2f06785a8262b23c8a733
SHA1083ad85c2dafc16548b7f05141b888104414d379
SHA25639f6ce804e25ec1131c30085684d368808b793a4cc71641c76912d84038f6fc4
SHA512711cf475f6573ab7b07d75e460ed61684e703997c1fe3a42cf52dc6cfa6de6e19a8bf6a44c17579cc5ee9eea2a086d538a2227c798ec1d371588f6ccc33d92bb
-
Filesize
190B
MD5c87fe9db162768b6c0381b4c0c2bbfee
SHA17e30a7a70c0d18323eee4dc86adf90e8f2c49008
SHA256e9d3302f968c0e6fa517b253361d89795c88d1fc9ab8865543407d8a9377130c
SHA5120a70cb48593c0d87e3024c40f143f3b331adb2c0d658179db2d96a59f98fcbba7aa434e12758edf2891e000273cdd42c52c6f76fa9ebb599ab56377ba4d7a6f8
-
Filesize
190B
MD54ef9eebbb5fcf838be7d8935ceae2c78
SHA1d997c714d9e68815408ae5e9b385999801c93305
SHA256df3f97500c1346561d432bf762f0836f29f36b041db2e58d3fc732add77a556d
SHA512069535d0e305c80e2c299fb008986398250772528609c14055a2078abfa99c20b5f863253e866c3c51504cefbe9a24cd71a3112ab2f4f4b35e827a2af08f7a0e
-
Filesize
1KB
MD504a8ce61fa75f61f12c531f777acc1b7
SHA1073b5c13535329a7de755c74b1ed7e4a84209979
SHA256e4ad0546626e60fea85118b12c465bda320a2654ee4292e37e87c3180781f008
SHA512b784aa17ec8909071e254e27bb49a2009fb523064cf0568358a82bc3ef6ecd102d73fc957fac025196863b3edcc6a9e61badd0c6b5080d14568a50bd412787ea
-
Filesize
31KB
MD507762e3096dbcefb6a0afd6808111210
SHA1c19e5120484b34048059e51a9a9fde2f13be0316
SHA25649dcfe7eca65b2418448ec7c3fd1aa69241cc1ab6f7b005031b43c0fea5f213e
SHA5129c66b7a3245243686594ddcde22ed91a75837f098b789eaec0078e1f91be69cef1cd863c5b053c5ba7503c9e384da4b2b36eb81e1e9f9b97e2cb25cb75cd5bda
-
Filesize
34KB
MD55cb5710b38d8a3e43d9ae4d13b7d2224
SHA1b51185b65dc7fee68d76bc412ab92c600f4e8f27
SHA256ab7936b9287c2ce80b1d35c5c00c3ee1c4db706d73e4f2616d5517cae71a1c69
SHA5127a50ed573cf100e65e9cbb3a0ad4cea81159e9fca0b0365ba2ba56d788230c86616a8f73afdfd091b1e7f9fc837db735c095ea33b797d4b3d2dbdf909bb09e81
-
Filesize
23KB
MD5faa83b4c11f50f82f441b8fd6035e35b
SHA1fd7ac9d667b74886210f4840461e8a6755df4c20
SHA256b37d86a3d5a640959d61d0fca422b8b65d54d588b671dc2103e62f598d34b11a
SHA51279ca159ac4ea32a7d101ed957df23854c36ebd6332ae9e81783238c07bcf07c43f9a61a2e9c236e4cd8bfb5ffd09b0740b6402e27003ad899d5c0f0e2e936a75
-
Filesize
2KB
MD52ab6accd01fc32b10172c8b3d628c157
SHA14d1e8349ee2da451137f1b9b48f65e86e22ef851
SHA2562d420dd69dfc2b7a809df4031de6d8f52c3f9230838c8da82f90d535fc02971a
SHA512270be63c75ecfa63f8276f2b438c777e6465034c31ecc3600295b60c8dea37c1c96eba076eb99b9d56e5fb2db8d4d51cc4d55202146715c89ccb7c837d141f07
-
Filesize
1KB
MD5c30b94c26355a285148c70ba660358c2
SHA15012662a17ca464e1775bd36c1a46d8d1fbd4a91
SHA25646e8d82e52a47e6a19264c9108413318a0c5e0e8d45ee8aa7ba5a7903ca4f9d6
SHA5128dec8ae02daab8099b50610467708a143915b5a5728b34b2679a9557829c8d60c65953063194ff4a90b101c0b2442ef048ae65eef70a87fd97a040ac8d134e21
-
Filesize
3KB
MD59a206f8efdf0151836d8c24befe3ceb5
SHA1f9d4ed63d985aee593ba770cc5580672f587b9f3
SHA256cbe4ce4899ca9ce60e25b4cb07eedb366cc136eb93a4f974d4616aad81046a8f
SHA512b6ff10f80f43513e547c40e1cada5fdccc7f1464e4cb0aa16ed4d6bcf33744f3280547f1880ed05cd807e6004ec20ced0b82ccb11f6d5dfd6bc8b91166a255f2
-
Filesize
2KB
MD545fcb40f7d0e3ab2a89e07340ca53bd0
SHA10583b4062610c40107b95cf3734911733ca602d5
SHA2562c1ba4f0e94179ad7e8fe262c3d98275e28e5b6d93a7cee178d5b64a4ae178ad
SHA51287f9883a0186271aa59a47d60c0eb7c7e2da5af4452141f869105b8a9c5a79b8e113faffb65c81ecf7940cd1a6f7382053b5cccbb1dafe40980e88bd8ff70737
-
Filesize
5KB
MD5da31ca1bcb76820d945c436f9cfe0951
SHA1ca36dfdb7e4cb99a97f28c1f6aba80bc080f6f0b
SHA2564cefb11c36da6d2a55c999fb0e8116f820977d12fe262ca6c09998627bdf712d
SHA5123643014ad94fbe4710c2e40d22306677e6a49ffe91a4c184827126c766146cbec785a94161e19f0215a42eeed848dbe3138b01fbb6a8195ae8915a9064e78713
-
Filesize
17KB
MD56e1874257dfa17a52423b10c18d00bf8
SHA1b9cb9780850bfe88d5b9853eeae55a99bd39327b
SHA256d61d944e80fa09728de363907848315e7c5542b07c5af1bafbc05be47d30ee81
SHA5128cbb273a580bacefc9e43c2c0a31a5514d2368c7f97eda26a82f0e2a95433784763d5868e85bc5e4159be64083136726d16a22cf65e715095db2cbb4859e4ed4
-
Filesize
320KB
MD5930e367e023e6aa4ef165f55f56298ff
SHA1df57e904fc9ee0142da40575d8f2cecd40e341e5
SHA2560169a18e1b7f68f0aafcfbb170ed1bcbdd41c94a6bfa81aede07f8eb091f814a
SHA5122771c849147693e73b67e18e0d1a3e0ac3384e1cac9b4a4ac0418f13bc7e6d27bce64d40b70949c27da42cece5f7bf29055a923ad12d272160ba98e47c30f7a4
-
Filesize
1KB
MD5e8e2c9e30dc676a97bcbf4e9c81781a4
SHA186ae68f9ab22a60e7ef9877b0b3feb7dabcca68d
SHA2569034c76a6050b2d15d2ab7d4078484fcd2bd5e4c1d420e43e1efbcafcb2c5d65
SHA51228a08269a58615ab1bc9dea21ab1d11198614ee774a6d73f70518d8d3c1784c9c2e12c7b2de1f60b2b92f6c517f89951c4ac166409925ab9c77a28bf8ac49022
-
Filesize
10KB
MD53607c7b46ad79f22f3b864fd3bfd5a72
SHA1a78554f47c43ac5c375cd576cd39b1057b1c34de
SHA256fb1645d52735bafce74756a801b57a501a658b61ccd934f6a4caed4918ebddcb
SHA512723ad89cf4f6a438291dc0b92df9f33ec56f60e4f89bb95553a4b372f737c50ad29d4611c2a436cd045ea526cbc55895dc306930280fc49a07118c27f192bf0c
-
Filesize
3KB
MD5cbfb64ffab50180b397fc2f6207dfffa
SHA141020872384f960c18379275f588d3c8f79be2b6
SHA256720b571c7cfdbeeac008430d908d4fb5a7168be397ff4699793fb716f45046a0
SHA512cd930398f5f3d040fb091b398d618f6a4516b43c61559ad28912ed964e2bd21cc1c414f6f2ca912f3c07af6fd073d8e9422950be148a382493cacb738d9ed295
-
Filesize
162B
MD5df2fa71228a6c5da22956cd1e84949c3
SHA1edfcc85fdddd51a7957695f3d069aa12587940f7
SHA2566979015762ec7633fa67c5643d0083329196d782ae03a95bb3016db2588ae001
SHA512b49fdd34daa57e61098c7366b0075301795d06d1a55b8ed75cea4adf9a8a99506e61b23ce69ca9945e55144a940b27ea5ffff131748abf248ab044e63b1f2d45
-
Filesize
1KB
MD5be4ae324e81bc48ce5cd0a1e6e2e719e
SHA1887c18e7f08301d4f402d9871383a990e34ade3b
SHA2567e7793ed99353fdc5e680171e0741137a59a2b7c0d0030e59f151c3cb3dda84e
SHA512b01d4befc11e3eae7b863be6b3b722448d464157f1f57690c1c0eb8296331cc778705ea62c6ad017c21bd109248574f88010cf709664b0a1f519a1cb0e781748
-
Filesize
3KB
MD59c232d293cd967ada7cad7837b7d87e9
SHA1ec436894f8c92298cf15dc7db1bc1f849038e416
SHA256726701a5d3c051b108052737b652763b1417a29cd7b62759c22f820155a69a0a
SHA5122538bafb450c71f0523b31af90e9e48beaf69b37abbc267525013eaa8b7531d70d5462a4d208326b55da939cf00815c138e8ab1cfe91b04a0a2db1071d0696b8
-
Filesize
1KB
MD58b5e41856805bd4091c2445d95698569
SHA16887a4a567b0f6de5f5077d6b4b1a83949610198
SHA2561133d919cb57c1a762cf4be00f1718874892cd818420bde76b60285816e4b713
SHA512f48d60e9397e887ed69259c53e4887d71b5a4df3f566406f9b7e3dea5aa67d0a517d7680008a9070c65b824ff19fe663df4f2ababa1a9e9989d641ac6f62a88f
-
Filesize
28KB
MD5f51e873763d776412d5f174b6ff7c7b8
SHA1d277b4fb5f3b8a82d5e22ae8fb484d17c2ec440c
SHA256564937d4b0cf3ddea6ca6f9395a0337b35ad824f3c10045a6a8812ab3b9f3b9a
SHA512e25b39f684ae014c94f2eebda9511c15a92076e9485a8b1bf8236172be58aad7e7087034cd2442dfb7bc8e0c324c8ae4fbe40afeb577034b09d89e1a62fedede
-
Filesize
2KB
MD5dcaa84b0934a8ace5f16da2b3c8f675d
SHA12ea364cf7bf9156e853d1c451d25e5429596db21
SHA2563471becc886dbe7bebe60b414c5dde7ad977bd64c8b870dd405d12300db52df8
SHA51287f931a2104c3c371391e1145c8a72e3b1a1b194d50398f58ac1a241214d19d778ec452ce5017369524f05aaac866e05edfde1bfc48e9308cbdebf6d22b8f8ef
-
Filesize
1KB
MD591d59e106e864aadd5bac2d4c4a87edc
SHA1c64de7ff0fcebea81588b4a5e7ef7690e71f9a90
SHA25683e76e85d09e470e6154d670496eba031a928f175d85732802ae3f9ffe6d0f6e
SHA5126e8abbd6abd8c300fdaf9c6b49a797ca954c034194e644124cb6c290c02777367fe667aa40af383f5535c1eda9cbb34fe43ad4a28786ef7b96d8d56f82bc163a
-
Filesize
2KB
MD5e322dfb7a06dffc8defb32227a1b3b28
SHA19ef5931ee85896870e68e1415eb6b34ed4e2c888
SHA256f7644ece7b6600169d5ba689c3e0c02ee563374a341dfb02895cca5ccac2397c
SHA5128e6662592571c9b0715e880ee330b75670d8e802d81b5444e298ecbf5977fb62b5585e11538f48e51a869a504c83829b21668cff85f88ef36affa5917b71daab
-
Filesize
1KB
MD5c30643dc666b001cb5abe4744d014d8d
SHA1d0faebbb2dfdd8adf0ee7c67d3aa4d291f8291f7
SHA2562482d58d9a898815cdad4f123c24f6dbb0a67750526dfd118e8b8a4156d29fb9
SHA512edce834efe74c1cb96eac584d2e757f3415c2cdc0a75132efbdb99d34c9dbdba721e33ba6cd182ce6460bbe8e1f7c213b21887b91bfe7c30b468fe6cd9c0aafd
-
Filesize
1KB
MD50701acf83f43d24661cd80a1163bd8ba
SHA16f2f25c092f7154a93eaaa5e2350ad73e5e3f366
SHA256c81d94df4efb902455e534cad0298ffc064410c84ffbb719b2ad64ebc0124edc
SHA512fd94a08c899fb55652494991be11638f316582f491d6a2da4a529586814d27220f84d889bad628ebf52e94d23b1ad59c1aaae6b71d6802958990afa735237b95
-
Filesize
1KB
MD526f52d3220badcd298f500bd42e7cfd2
SHA181e41c7eb3fd9fa4c161245b7617353531f87da0
SHA2567fec6070785587cef474c8d61be4029f1f32f067b60e54169d1c5417e271472a
SHA51215707c08249dac9e64fe7b1c86953c9ead321a4f33c6a82d3e75b9a7ebf869791dc372c9896f2f6a52427e299cee04e1da5f957902a8f978b7164f790d6acd67
-
Filesize
3KB
MD5d7e82a7e2ad7cf2adb089bc938a6f28b
SHA16e7730ea3bbe201fd253a950b32acc6bcdf09d28
SHA256a0ffc0436bb31f94250cc29034231a8f5f04589015719568c1a52039bbf29a9a
SHA512d80ac23a2e8a2e96ec9e64711e574b872b1b79a9151e1f847053e93ac69653acf2a4a80396fa2da1c7d445cd73f2fa18366306a77fa63f25dd8e115ed81015fc
-
Filesize
2KB
MD54a60ea55227351845ff44606c0406f9e
SHA1c439a01c8eb4f98ea27f57b9e63950ffbdbdb5eb
SHA256100c386e5f190d4be95f2e249df4261a85c9812fce9b780303be0f986abb3bd7
SHA512bc06b461685395934ffc44100cdbd284bf3f2db0ef09321f10558132e4656c0da0294d86f641f95c1ce1aa0036fbb57023b83dcd6fe6812d3cdb5353f0056594
-
Filesize
6KB
MD52a4fcfc629c6fc856e89a6c42e0f22ca
SHA1e928b728858615e287f64582b821fb28e976e720
SHA256e5e40d3e00bb89e8c817ac12b82fb1ff35dbeb74b1a04d08976112d44cb0458e
SHA512162db109c2b28ecedcf7567b4eb4ba44fa31c1d63523a443f0e46df5bc86d5ee27ff10bf8b5fc938b2beddddc0854df24569c442309f2f37f67495041e8730fb
-
Filesize
5KB
MD5b17fae1535a10739c43a47a040273d9d
SHA19fd5860de006e04d80fca667b809a89956a6f09f
SHA25663e3dd9480e231671381c0dc2b8a6f9bccd19d4e96f675dc2ca1c3e2fbfd1707
SHA5129b6c89b46ff81cc51e6e8addfe65bc47cb37c0a19099fa9e5bafbe8b1bf3f01889a15b237def41d783b0df2ba723b7d40d75769d588e9600a89c9803a2d2464e
-
Filesize
3KB
MD5a00e529fe9129b1e7650a01e533dd70a
SHA107130515c586d71a234570d213c25e49ed2f137f
SHA2567f26480c9363ac518a07ca7729d406176d3cceadc8df32a08eda6efe45249ea9
SHA512e58809d61bfe4e7e3c7a4c0a63450f44038c0ebb7fd3149a97bc8bea558e48194b3bca13da827a438baebc044eaae12a03719dd1c4b5d0a3aa79a5aaa32c2fa7
-
Filesize
2KB
MD5094ee3ce3f2ad12eaf390314d9cb0d5b
SHA13c8d37e8a7e826432244bf0ac188e6071b744687
SHA25694bf7d5541db615a1f64af1a00ec81f6545109f1579cab99774ffa65edafe3cf
SHA51268042a5611a299a260cbf60e964558688967a7898b0165e456d1addcb96d9991ec7440cce2c2b9213cd9751a5ce48c70a17d84a21c74ffcb6905bec5fdcc4709
-
Filesize
2KB
MD598c531026bb4cf4ea4d379b4157b18e5
SHA17944d589625f11484b338bbaf308be5370b16201
SHA256107f5356e9374b9307842dbd484d5ddd15414f157b9a5b7410348fb978d27fcf
SHA512305ab24bfdbca49f6b655db44268f4873c792577d5fe10f5d7bc1a7a5f5d857e13df2ac547bd2284e320145cc6c3c6c6424679cbd92fdb0f972819e6ca88bd83
-
Filesize
1KB
MD555322f2a6b9dd767cd92ef1b87f42b49
SHA1b6234a0a0ff5412eaac83ec7b653abcbfcb68ef5
SHA2564e37644f07d24fea40bc88221dbad907218195a9a499a617727381e13c0c459e
SHA51209e5a20ccf277193c54a53bf47db088cd26facfe417a94d21a743b0f9602a0c2fbdc4b7aa046654ff647c8c9b958297e25fb4c995231e168f3ed8f2242caa63c
-
Filesize
1KB
MD561df05eba895837c555131f857605d8a
SHA1afd51ab5686a6e156d4cd46b0f4ba453de2ba7c1
SHA2561d175404349444c3c2d30aa6bc1d493ef8271f6eb10dd7e67226b791bdf0fdbf
SHA512d5804ef3c2c8c223aeb1335f2400b0606a93d5220537722622ddefc94f6a1956bb5b3c8009c178cdc55fff600533845eac3f495a80497a5dbe37c773f99eb5cb
-
Filesize
11KB
MD57211cc4b7843aaec13b7f5e7f0739039
SHA1c4f023b699465963dc53462d3c96221f22ee42ef
SHA25687c86ee6646e90d393877a9c109317ee86963357e5e077115b25388372cac3f5
SHA5124479a92e5dae21b0b56c7d6d4e292325038935bb200b78ecdfdcfed3e1662afbc997176040d00e77611c8f08cd7eebcd9334da38d2d90c00473fbfe9796b59c9
-
Filesize
1KB
MD5903c3067e879eeebcfada2b0230b0fab
SHA17f61e8ef4a12bee3d501de379d2d04f815613200
SHA25652aba23d28f9cebaa58483ebfb63e94d6a604f041610cec8c99da5cbf9c12dc1
SHA512d4fa9e9397e7d9962203ddb5d0c9ba36b3a23fc632ec7ed81bfe43ff591545b9351f48c5371a92946b51b8c7037b33ed1b8a72fac3dc4b5a6d9e4d4eed8753ba
-
Filesize
2KB
MD55b683eb27d0f8059b116bdb01a2613b4
SHA127e0eb2cc45dd48dfbb1e3a3bcd70eed4495e3cf
SHA25644a8b590fe69677c1ae2ced372e0add1df4e9fabdd8209fd8db281dac2467dd7
SHA51293ecebdb98589fa8b8f1c54e88f27f533272899e8aafcabb269181215b91a48f912d7ed88ca95402c47616bde89059ea5fe1e7a98e9825db2e5e0479a8b5b50e
-
Filesize
11KB
MD5b9d07358e884e418365da008be0238e7
SHA14045a6bf023f5dc7cff29bd8dd0f15ff2012dd89
SHA25613eabec8c8900dab5b533a375432e2bb203f86c991cc3b1255ee4a77089a855d
SHA5129e85b6458996adb6b0789a21eb1bc0e106e8ea2f9247ca6cc57ab58e2fc8a2a78c5bfddce3ab9ac12b783f78e76c75fb9eabc2a06d86c25fe9dc609ac4188c60
-
Filesize
11KB
MD53961a18ba8f3d775734f2796bbaa66fa
SHA185d1a2344217ec330a3e2cd8b14ec2a05e383f13
SHA256ab6ce8a3a0a7b056f30448ed7a8bf9f05cb7de015fc831585d2061d42b715193
SHA5124ceceab05621cd5124d0055358eb10f1c64634fe224a1f0b9ce8a0a90e95b9adda2ec5e1528bd56c46c23333096d84f3af671eba26ca191f419d0edc8227b08b
-
Filesize
11KB
MD51a564286a412b036d96a6f4536e21736
SHA113403dc348d4842c252fe6188c47bbbbf077a2df
SHA256515a412817b0cfb996d2168bf284d413e8892ed29e87167f29d2d54516891ca2
SHA512906aa0647ca12b442c31068a31d22181f3ad95432117300f2890f578b9ed047c9e737522e65d4ae97c1e708c317dccdb9115ba821d4fb1d278c8a1a4fc9efef9
-
Filesize
1011B
MD5dc92d60dbbaef2d2bcdfcb8d0f2e5d21
SHA1dd7a55a3a8e9c0982e24e364472d24b9211b6bce
SHA2569c56904480d7756bd7850ad2eda2ea1320186414c905d31b129939b5b040e714
SHA5124ea595ce95f8c23b7d8e642fe95be96376ae5ff71add28799176ff1d32631894fd42f00e8a34155cadd1d57e1955bd6a59e4b299d9ffff8404ed8279f99dd51f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662720631316.txt
Filesize77KB
MD57e98b299a64cd4ace23229bc224f9394
SHA168d824b0fa8d4e96011242ac03489a630246754f
SHA2560f820bae99f50ec727c4c14fa2667f0902381f899f23f104355102591a7f6c3f
SHA512cbc6aa577c2c685e1ed5dc6d5646fd9a41eab53100e499c806009fd5f18900cd70c51368ff1d0cc27d431919f8c3965e5ccb30676a966d2101d6f70902950e2c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt
Filesize48KB
MD5a5e9ca86e697b6fd83a1fc1ec1fe6599
SHA16c79646d6ebbbced52d4de907b310b3bdc11a15b
SHA256ab0b4f2c89d2e4421a85898c829f3d0b3ff47f1c9a131dfa245ca7410a5afece
SHA512c8e2808b2a8029b9f85491e377d58fc753194a2183772e969a84989a06557d671dc3b2925ecb7e8656a89767001b4932a0c1fbaa45f5fe45877eb02104484690
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt
Filesize64KB
MD5e18b263d5cc999ba7bdc2765b3956940
SHA1184f54b30c2886875ee34762d8950cc207450ae8
SHA256b631033e8148585b7a8bb937ec7a1edc2cc232d7a07522bb056a6440d696790b
SHA512b3e44bef731dfad9f6b59e70044dc1e5dbe2153e0a37d9b3d536ecee8a7be2fc8d3bc7a0716f680df8501cd03d6cd9224733f6aca4561ef8f0cd00ee6ca5de9b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt
Filesize75KB
MD552ac32a6048c06e9bf9182b86710e5c9
SHA11a987bd10f7d8fb8f2429daa6558b592fc282241
SHA25601ee6915b59ffe5c31a506d10e3b1ff6459947dfd5367727ef9e5fafe06475fe
SHA51279058ac5696fcb89c156c36b131c430a40d50f5e74f8702e6176e26762db8f193e057d0d04bd959cdefb3ff3aab51c3805ecd30724fe8c91ee8a0c2d096a8922
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD58b32df1a4e72fdd156f5d04ae6354f88
SHA11780b4e9a8f9401b57070d75a7f46e57a2df78a9
SHA25660abf90216ff093b9133544e39f79db14a967e88a7cfc0245d983eb9d10a2fa6
SHA5124e76762e6de23ba87f4e4c25b304f0d11afb47fdbe43907dc95750c22459ed549f935d00982670b996f8557b0d9b815230444a29cac77e8606740b2711060551
-
Filesize
21KB
MD5dd95eb82af1cb745b2ca4c3301a5d937
SHA14bb7c2af7ca9dcc0e482f65aeecec3556b4056b5
SHA2565865461ad13d737ea9e915e788f957eb87b0fb42f69330d6f1b6e4eb73cd1687
SHA512671f4c939cb5268315d9fc1b766538037f33e77dac9ec810124c04b40f401d14a1d62d4f8bb3646b8a7ba9c6f3f16ec863af308697248357fdab934314436b80
-
Filesize
1KB
MD577621ad0db95cd7aa3b18331bb78e8d2
SHA16c7d3cde5521aa243d8ccb9af2d2345e4f361799
SHA2565da7bf87988f29b04517ba7b20c1058702a2011e675d765a95783d4cd3da5090
SHA5122c27ddc88d62a30533cf4d9b08d465eade79c37b2c4168cfd383dfeff11ba671ab1b86e26741e9f4379593f2c9b0904a045283202a298e14ba270e706cdafd6a
-
Filesize
952B
MD5e841b85ca7a8599d0f049b58727bff89
SHA1747944e20f878a203faa0f0646edf9507d3456cc
SHA2561bc9f4a76a209a063197e6c98786fe46e97a85c6e9fee3e806a45d146dd45d46
SHA512c8b0380a57c10b22a08e6c4842a195c6b8ca0cf02a62e35a5112c81ffa20632e864ec0c12f329fd3816a8a21b052eff56011e82def3059631088414e9743326f
-
Filesize
121B
MD5e87496333cad95b8e46106d6df381cdc
SHA158e0307579cc8268f72d7fbbc1cf541685024999
SHA256682cdd99930d4a45de6730d5a7eb27726dd70a63d71d2e87f43f33dfed49bb97
SHA51274ac90b467302b4dcb2b50752ebc3a1ef230f90b884258a6917bc9c6d8714ac0e238ed8c464fa2e9634b358f139dead052851bfeb13b1b293946619553526d56
-
Filesize
1KB
MD54e20fa35bcbf9f033b49d59e54acea7f
SHA1186956e9223bcb506cba537ef5ff57551c2188d1
SHA25682ff24a31c042ea6930c70c2fe200de83c9b4ccfe08d29744b9bace629d4a6a2
SHA512d91aa67998896668f4479fefd6823aa97c0d77d58b0d085fc0bdeeb20c58baa360ddb3402bdd7f37310f4869e296d88c73a609cb578758672197c1f0800bb25e
-
Filesize
8KB
MD5f5ca0a72e88687188f532d8187ce1c03
SHA1e621b26daf130cf5831ae115b1caa6bc35cbcfec
SHA256b1d3778117a3d17e122b53cd09722593eb46ce8a8b7f81b38329d6c1c89c5a9e
SHA512efc5cd587c4053f5c9e2d6c7c9eeca86c5235ed30d00bb049c1c57632d246fdd9dea922d80bb1ae8ef868f83f7d0e186cd2d88192a77f69034bfda6153c222fa
-
Filesize
914B
MD52e41ebef7742876009d1fb72f3ce19d8
SHA1f5c031e2f4e9870d6d0249cab70813a165df54bf
SHA256d43826bce1d5f3c9faf9f7b1205500b1309b34d24e42ecf0e2f1f3ff0d5d9a3b
SHA512aaecb12b6cada85043c626d183568a06ab0e64c2853b9c1bb40ff5d42716cdb690a7d28a1a512d17398253fe9ea0244bd4ec46e553eba62fe8c92eb1d1bf2cac
-
Filesize
90B
MD5a259c3ac00e96cf08d2275548b1cb876
SHA1a2e9f00db0ca38ae43981f7382f798b626b805a2
SHA256841f0fd2181138316e809298be2cc522fd9fa723afa5e5992ddc50952ff9c054
SHA51248883922d20013bda59c8d3fbaea40d36b06b387c935cac6784511912cca91a1be3669e6ae2fae96f54aa9511d8388a7b6eba4892b430346c737536365e4aa06
-
Filesize
90B
MD5be9fe65fbfc61621793bf89536f7954a
SHA16f53058bb15ed6eeffb365f173d4a4eee0e81f9a
SHA256c6a5a8060eae79d8ef967bf18665b9e977c6fdcd64cc03669f64dea5cd85414d
SHA512d54dcf9d1b6fc0a85be546e54cee057d58d3263162b8d77932185394df0d247cf63f2f2e80209220930618dca65c347b7f5769941399c89206459efe84a21ea8
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.CryptoTorLocker2015
Filesize328B
MD59b0bd05208a5ba2020033788e7979a04
SHA1bd12653cf4ba32db4d739792e847dc2f086aa816
SHA2562c3b78fceba0aabe7113a0de3d6703bb14dc346c93f7dc14bd5ee81fefdc84b7
SHA5121f16daa98b9e4255e5e1628f42d21934bdd94c136af0008ead70d9f0f4f6470481d153e96791037911f2054348fa4fc891208a80051da351f46e72a057b02d14
-
Filesize
1KB
MD53ccfaf44d005819cef439334920bb340
SHA1e0c78ac672e10ad655f6360e115f72ef77048f42
SHA25618bbb6ab207ff52badfb6fb38636e865934764f4eac24428799917656fa517da
SHA51237da0d2bd7534d26e2863c768d5e3f6116eab944664126c53edb977f649604703320dffb4060d7d995631a2adf18f11f2054ea19571b464fe0c095e9063bd236
-
Filesize
162B
MD582f1bfedce7e7b611760ffcf22993cd8
SHA19a5214ebefcd028524e63b7556e39c627ac74846
SHA256509a26b2811348cda04734de3bcb6cf1c9b75c1f2e39f2ae775c319ceab75fcd
SHA512f13c666af9cbbeab71c03338a941732d039a670c7b7a8904159ec130a59bb3508ec61fbc5153558ee424013e3e5a79f6cf5e92afaaf7e98d2ba30bb83421c44b
-
Filesize
586B
MD5b51a56346d58b0fac59af274ff3279a9
SHA1339e23d11069a2f8e4d82cd93294838996303fc8
SHA256b229020ad39a2b4707f34f31bacfba9d1e9d465be20d8dd3ae9765c25b85c494
SHA512a9882acf4e56a7543001d0a8d61dea92c19dd264f6c7c0b559eb84e673bcc58f05e8717b686e96d14113219a379d27a33f50008525a3a961d9ebd6050f0212d2
-
Filesize
124B
MD5441faf5cb3be6e74380fbc118dc50aed
SHA19ab30ba04d852d1fe87d0ade6e5471e0fc0882ff
SHA256f850cec607088830be8084ac4207dc137d81d5ec3b2b1b6b12cd53600ebde6aa
SHA51227295068852229e2607390149d7c47efd5781ed947f1a05b897ee3ae34e2159dc73d7609defd3c5da298a0bc6b6127aa5bbfcf595f9db9559b8f250e0040dbc0
-
Filesize
8KB
MD5eac6b774af88cd2ccf20983b32687982
SHA16a577f56531e5ce18849d633db3821cd947e8aab
SHA25667cd596e4b11850054916be44e50077c1c2c46c0c7727718aacd199a93dc50d0
SHA5128c03f5b17f6262c866edf31f1cd23f703b8a2dcff9c6b9b6fd3117844632630a249a3cf5ee747fefc47bf9bec31c6a9cc1f8b0dac2d46f084a6e6fc4d753da25
-
Filesize
880B
MD5819a8e49f1223052d4e30cd9b97c973d
SHA1b180a701732381c8181c2aa934736f2fa6976feb
SHA256f1950f445c0a2c561ec4ee234527aba545e09a0261b905069fe4ed82589e6ce9
SHA5122f11de6bf9ad373ded1ead2d5be8064f645adbd9a75d324f7306fb541bc743634a59618895d41a990264d392441010692294a941a37cdeeec08b14dcc7db0591
-
Filesize
24KB
MD52f5e2f5eb831c19fe8c45cbd207eb65b
SHA1ec94349e8b057d70b1f184a25b58d21f518537c6
SHA2561472725202e817a3d6cf400d018a66369622be0c987c5404358ec2ba7b1de172
SHA5121c4704c087e52c824a7fb47a09919f9449c11e2b29876e71c440394e5fcca931440b26d7f76a89fe1efa2f6cab82b44b593fd985510081f055648aeda2ea9f45
-
Filesize
54KB
MD5347df849cae49b62f220f52688bc7ae4
SHA1deab52ca391ab902fa39302bc073ce218bd9d63f
SHA256e8480828262f4a9f4d24217a2bb6ad991e1c5e94debfe2d3dfd3ccbcb94e164d
SHA512cad254dce3cfba470acb9dbadfedb18b3a48879a1799857ecee77b376c59cef486d022510d914f9122522c4cbef019615fefa76e46aea171e668e612134c6f6e
-
Filesize
51KB
MD5ad7aaa67b6f2e63d205d97da8f36c82c
SHA16abdb36d9781217ce6c17ec31dccf15bed9faf45
SHA256e5ca1ccbf1fbbde25d797d10785d0d7acada9b048887d6bc963546abd47b2f39
SHA512209fce4301c82deb3726bef9adb966a9d9ddaa5f763285f11d41cf41d3ab751bd927890a2fff41c88723e6269940822b9badc1e711e2d40be41b69cad3033cd7
-
Filesize
34KB
MD5a86ea9ab1938f10f9693ea5555a5c69c
SHA119fbf46161306ba06656c5fa6bd709b9b1f892f7
SHA256f831aa223985c7e4a55ae094dd82da43939fc6257efbaad6aab291a5fd46492d
SHA512cea451d976454bf49c04d807ca0a4f42331c358823325d0893ede025d90c2d4794decbd7e02c5032a60952e5adb7f83fca883d5fd8381e8cc221be708b6b9b4f
-
Filesize
20KB
MD5c53df44f083a63ae9dd2d5b06dd7a012
SHA1854546fe3b52a93f743bbdce985c79f27b0c215c
SHA2562cba2497a7b5ff73dcc3d86edff23a5d8c352c86222b6f81894a34a51635ccff
SHA512a71e58ffc61d435c4fdd29014578d66636ea7ef31d7874bcef20d7200cbb4a51cd4d594ed34c42cdbba033d0d57e0d997d7438bc0cb256459330548e13a90d83
-
Filesize
33KB
MD56a3a8256f36a153d65fcba43fbbff37f
SHA117b79c20f63daf1e72af9d87bc26193eb31a29f9
SHA256cd11c2a12e9e188ac188157e96989c2a8429f0e404954c9fc9d33e940c8ed00d
SHA512989c7aecf304f36452650a80b29fe00ecf06f623e10ab44a2fe1e2b0687d5519eb7bb9f17014254fe665c94ebc18acaf85113715a85e1d8b6d33fb2ba724319a
-
Filesize
50KB
MD530c5a1180cf5cf312d5f9e592d573e85
SHA130a0b03be30ac9e1f65a36e9ccc6174d15def1e7
SHA256b01aa06ff2e4bc6073363588f875a52f9cf976bbf2208021f8af83c95787a675
SHA51213acf9ced245848702b1e469d0a4aca5a45a59c9858cc2c472a4535ee29c47b5ddab8f8bb55063d1dcf3ba135a89234c89b68b80d9fe116d7cae1e1c0075ef7c
-
Filesize
52KB
MD5918fbd1d2041c7d1e4ce2246bb41cd15
SHA1f2d0e578263738fd655f118bec0c4fc273cf9395
SHA256665b76832f9881f1fb7a643ca69590df8d9fb194493afc81d1849d1be9f1c8d9
SHA51214d6af03a1283b1c892dc7e250c4251d7ecdfa7f269dafddf55d66eca55ccfe7cf6c762ba00956c1aef5c7cfa11034607dcdbc712e6bab63a846dabe43cf8f05
-
Filesize
6KB
MD53f8527e01176f9dc52cc37ef973256e5
SHA1d1a932256ef9de61aad199693244eb38ba4a2a18
SHA256d988faf1a1f903d16c7437bd0ed1b60ac0d8562ce579ab533d188b5793d1f96b
SHA512e573b45a3ce8194298fe7cc61a6a7e730fa998bddabdf4019697429161d910dff827498f1c96a697908dc568214c95d08a2289bb962dc080ce85e64197d0d8ef
-
Filesize
4KB
MD5bffa741d6728a267dab7f91f69bfce3f
SHA1b9b30edfbfb9b7383aa9c243c6ae7ea60a416bef
SHA256aadf222b34bdb651709603ef6e5ae03cbbe7cb9ab2e602dc45f1e9ef171cb7e5
SHA512d960dc2c101b59621e471c268d3686c625869174c8bca3cbc1519ca340db8b1cd4491e4d3bb330da462ffb87459566ec56e21f3690329dc19babd5a27941f89d
-
Filesize
3KB
MD501742d1c533dd3c1f4cc209eb26823d9
SHA172a84f81b0b53f754f794e070fad381080ae404b
SHA256e129c64254a19dab17659ea515edeb97c76d6d3db5efb9d35bfe22f3d9f92a0e
SHA512e53b70eeb81879714c0e8c3fd74634dd2cf20c82bffef218fcb2ed741451a0eeff70560c4fb8726ab6976a5f163e671e88ecccde2fb1bac7ce5defff3aac1fb3
-
Filesize
6KB
MD5d86d414de312bc13e74fb9d4ceb5c260
SHA1e10281827b477b052037e567c8ac9a220dd97d2f
SHA256da421342e6991d6d6ebdabb51be7e07997cbdaf2e12cfb1b1c49f34713d9e769
SHA5120d0dae34820e19408097282732f99ea03d3c57a14daf1f5dff8ba1acb793feb14ffa009cb417f3321b68946a131aa76b03ae45c422cd3c3e81e33d0b11c28ac9
-
Filesize
9KB
MD50850a128de1a82cc5f9a0a17881c1f6e
SHA1cbf573c2f4fba4b6ac0b0ebee0a14296aedd2de8
SHA256ede516cd783c0a2c6dd96d553ad8b2b9b1e822812762c6f4c6a53f3986d17254
SHA5128012b9d8db14a8bed99b74f03d8305e938f20162716479d8f4dacbd318b9e98df519fd5b24d6267c5c34561875cbed9e3e25bf675f18f090de076ff23ceeff6c
-
Filesize
7KB
MD53b3e1960c944512e3c73c9b1b929ef01
SHA12579db5774dd6264cf4333bd063192ef2fe59a21
SHA256a13ab5d9121980fa262db14982a9f5c43b9e71037698407499c79b26f9fab620
SHA512240effca032f23895e332d5fc5065b67c8909562a775f727136a81ef11ecd0749fbd1f0653a1ddc232a4b5b7329bdec1128fed1cbc661f4520bcd5e014858b1a
-
Filesize
5KB
MD5d7679b06ea3ecbdd56212b6e6e5ed99b
SHA17e21ec0198f0740baf544ac172f0eeb69f4df4a6
SHA25652088e8a2ceb737e6b01ab275f06c84406a36f2c5ca481e53eca2f874ec32c8d
SHA512ac9d6eddaf473be09a371be9b7e8c5ef2519e61e3031532ad34f49fb28daffb9a5b8382633ebc316321262bbac125bc217d4264422363b594515924bb0c5b27e
-
Filesize
9KB
MD530c69867898b89e64209cd32f799f0b8
SHA12e4683bd9c9986492564bcfb9884c1868e3fe3ee
SHA256e178ab75d6524539a9c5f89d8b1e4f847e66b0b225767b2afe6a5d93e9784dec
SHA512672277a2323200ab614996ccb268edad23c8b3571fa323e0543b51ef9976bd2f4bd4e6e1e1a3afcf69ebca973cd2861c59ae8d55b1db4edeedafa5695ceb5e96
-
Filesize
11KB
MD5a182309970f6381106eb78c5323e450b
SHA12dd1656756bf1dcd27a029c3ec72efe0ef4dd462
SHA2568852f69921e30f55940ecba38967c9f6a463edcc3c2e2db3d545172023cb8f29
SHA512964873e3134c60a77e106642aa8ccc6ac0eee6fc2f0d0b9d6040c64400e3a8a98100f594d1fd2ece82806364fdf9aa8d062435a9021bb80a6098cde0dc0d658e
-
Filesize
2KB
MD5180fba033218b528a4613ef7d049c283
SHA1c09b9a25d60304f7d1045959e083298a006aa5b2
SHA256461175c174063d0bd5088437b948fd3c48eacb19dce70d579e83c269b487d7cc
SHA51291aaf26982a5c99997e524d06c93d6154512b222b991604a0bda26dcea74466923c0cd21649281828e085f4b73d48057c0e80ba19b70938933b775099c0658bd
-
Filesize
23KB
MD590b0cabb51844f14482d16f8f462570f
SHA17c0156ae6142af88c9a3c8ae4cbedd869070a0b9
SHA256930ab5f94640fd3a208b52220a34899e952bd63bf79e8052ae86996660ec4c4e
SHA512978b2729b4670c8fc71e4d61c090a5963007832c4eba2f30e30cf53cf17ca0ad05a8ca1e1cf7c99b576d6ea7a26ceb909d061277234ff538b1de9add1c9b5d2d
-
Filesize
4KB
MD5eacb7bc7db1a9066ba9e328650f1a872
SHA152a37ed5a366eb191a9543a7b65a09e90e3ee344
SHA256bc5390eb9a58c1192764554db53216fcad1aebc6ee027b0d79fac646edea84aa
SHA512603fe9b71640e82a73f2f5ade0a827f11df789da1c81e0d6058df66b954034ce3c83b8ee181f9a6885ec503c45d3819661356acba4dfe3db0798cdfd13d70768
-
Filesize
372KB
MD526d88cbc4f4ec65e960eaa3fc3cc1ac4
SHA17b3dbd9bdae7fc7946ca9e27c2a0d5d9a6d8a5e7
SHA256bb308c19646aad0083ea4b6e8a17bf6bf2f70e43e6c1882555585b1667ed07e8
SHA5127896ae0bef3782e322d273cfa9ef21be1f28fb7f64573c0e429c0443bd847b1a0bf36cfadea7f64817e8dd9968204a8cfd1448b27ed9c0746caeb18e4074effe
-
Filesize
49KB
MD5a5f02f79f67873187936065ffe01b4f3
SHA13147e67aaa752e8c4be17e970f33aeb7250ad27d
SHA2563d2f288bc88b484338ee61f339d353897ad80b4d8fb095ff731d9d1ec26ded6c
SHA51247fc44c34bf67557310f262e866e0bc181bdd7b419c0c1bc587c3f2cf81551fe8f9dcb809bea876e8ee22e72a1070017d56aaf4188388965541fc51966667df3
-
Filesize
2KB
MD5eb45050384f460b8359de2fc6c20ba15
SHA1499ba6dbfa2b7a21187b6d05f6f647cdfeb3e230
SHA256dc714b27f7d06b502d6c0a3fde5c25f8de910c563f8c53236e875ac5c5da7563
SHA51235abd26db6eff92da3c9255cddb249afe50deacc90dd6b4c3c9b5768ac3da6d88cfb2a7adbc8c31bd37a7346c485e53de4e84caae1d8b0a358ef4138a3f132ff
-
Filesize
13KB
MD562e40c4abaf9bb39463c526abaffb4a7
SHA1f85a9e1d35fc457f67588ccb47216dbd8434bfac
SHA256cb876db64268be8ab0d4aa924d1fc2b32c0f4304a17a319b717e39145277efbd
SHA51203160dae2e382ce820a08a181a83c31f020dd31815986308f5aefbd43cfcc740096b004a64714e4128ca208e9089b8f67c25b598926343767d40121524cb6599
-
Filesize
1KB
MD5d6e06d66809475cee634ce41e1892633
SHA16970a603908f68672b4daadcc1247760da3afba0
SHA256e3cc64a26a6f652502fc27b6199b0d2738fc8f701dc5273109b868628eb79f81
SHA512f3791a0c519fbfeee998cf311291609623d8e38399fc1f51a9c3d29b885dde8802d8d6e1c06da19d6de22d5e611cafcc1a691867156dc65a5ea90bfb010b6252
-
Filesize
1KB
MD5fd08a85824d1eed0fa8b5d344c159968
SHA16b9dcd4f4d7c1090342cb880e4aa73b2f52ec2a7
SHA256eddea8e5e721cbdb806caf8ea02ebf9fb018cbd0d284048e778b81804006bca0
SHA51251d641ef51a33c9eb7ac942b6dc730767e6595a2de926cb57d2c4695382066f85ef16f7e43f7c8aafd41819449708129c93d375ade61aedb92415d8a429358c3
-
Filesize
1KB
MD5829646cc5ed9f5fb435ab2e61bcfa8fb
SHA16bdfa79c609a3912767ddc8c4d0d562197e87736
SHA2560eab908d326599bbbb7f42426a92caaa073f831d5303e93a1ab3fba4f34edc3e
SHA51276630a4bb4ae3609e88b097cb434190b19254f926c9ae95d011e3d7431b2fd33a2435c361dfa91be716fbd757e73405aaf066117de9c5f6254d78a37128f6603
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD541c8e1c9777930575baad062aba21c91
SHA1f3f0838c21f9b59ab0c0f3e87dad6e97bf91ceb2
SHA2560fdb7b9154f70d87efff2de2288a5b2d017fcd286c0f79d2efc64be9f041e9f2
SHA512fe99316983426af18de7acd1e1d505ce61279bc9641e4c9abde485aeab8e3ad40b113ecb5ab35377cc109577e2615ce06ec5a2b869719fb8364a49900527830a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD579771edb2dc0bc4f8c896f60d0cc8ac2
SHA1b614162e5da0a8f57f290b35922d7f280b8affd2
SHA2565e42dccae04c05054719d1d23e5f9303f2b266f80ac6ec43b7c6f35a9af25c9a
SHA5129539feb5df345c4392c8097d246bcc41eb262d2603589599bdf0b1ad673b06a4e95f3ee1c26cf3e2bec674be3286256a045132d3b88151f788f43acf7d608640
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD55596b5b1fec692b8538c3bb9f5bf8494
SHA131598b64960f53cd9ede5e9084c74c8a1b612af2
SHA25664890381d9715c0a3402b90d16dd39af46480c3dae7b95f8f05223f831cdd68f
SHA512fd9991aff8257d3264f1177b480e542f796fc77b69488571fb49b52e54b0fb351279c5aaf9b730baeaf3bb0a7940a16fdbc2ed0d646ccff8b04cf175a76fcf90
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5dad3bb97df4f2b9c6f8e06373c019409
SHA17fbc7add69836b24da4609e49b96c075aae12727
SHA25616c27c4075d40de3b901ee22a14277ab989b99fa96cb95def3c0d987d9928c05
SHA512e99ebe43502b37f01a482912ad8b771c6b64cfa05053c958f874e21257649133eacc0f9a6f87bce0ace39c1aeaa8256a0b6245a91f81b36f5eb707e9a37dfd08
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD50b2510a28014da8d8fc20b58b93cf2fe
SHA1e4b13459bc793449575fc77c543a5df25299d3fb
SHA25685aef602fea806ac6657e055965e35891ad689dfc6928b70f3842b5328189ab9
SHA512d4a8f639c778f0ea3824a603746f29aec0bfb4adad03a2b1de3cfbf899adbd6c8da58710e1dfdfe028341f990c8ed8acc0451f225caafe7ca31d0fff90558430
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5bc44972a98c986ff1e1edbc60821567f
SHA1f810f632ea08127ebfad81d5f8b9ddec3a5f24ce
SHA256638bf739837c4b23fa3cbf0d35f16c82de785ab849530f01a4a0e951358a3946
SHA512a3178640255cb650118971567a114696a695ff9dc1f01127eead060db4333326cd32ad764901a5e3cec6a6169e2e9c0ce1b82d89805287fc0ea3e4fd7508dd3f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD51dde611707c0eddb12b8a7dd8165994f
SHA1c9980d500d02567f6bc2fe26e951a0bfc4be1e20
SHA256cf00c7709aa94cd90ffd2fd777df91a94c724787e0c865aa14d4ce7a6175529b
SHA512fe329b8b9e716eddf30c7a1bc35e6e390c974482092d58bd84d0422f09c48fedf0686c75d4e0c2c7b6492046beb18ff34e2ce7b88dea68a09621de05f43ff020
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5058e69c3bf0ee4ad362c99b647b50681
SHA1270c4be62ee0485143e17140a89b5c1d7783976f
SHA256e8d2973e04227648e081c5ac547e0b8c1ae87eaf941fffcc63895a45d6512999
SHA5124afba80e4765391a1b1a8d7e07c5f170d12ad31939132ea2aff1042167ca6781e934eecae8f7b5d20fb500be054de40e36d9d12c5e7a87a3fece977ac635bc48
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD520b4a58517f84e35b70ecbbd4b8adb93
SHA1cb8dca157e5f2c02dc0b9b531cdf4b123989b3c0
SHA256447513fc2008b28b4a8fd6cd79a154bd35de1dcd6b15f0938673b21b96b6b669
SHA512f1b3d6ea6c64c78ada90a60f40ca4ef15abb0f983522264028e830a344224eeb7e8788e8c6b4d7e5f8d84367b9d39259ed2178dfe3f2f4e7093cd5463cb65f1d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD50cd0169498d337a24e364c1cea0d27be
SHA189009b12d652a7ff29e780c4e7d0ad46228cc87f
SHA2567ee8888dbd561f230f0b775282cb494443617e45b2b1a2ed49724f6c748301e6
SHA51292328e075fd49cc44bcd89705a0d638b400ecaa7e24302ba8be0b5e3dfc362a7848c1b4ef8c4c720bdcda3ec127d05b8256bd4eaaa109f308564430eeb49b07d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5715df31b9f1f5c1863a7b8fd061247e4
SHA1cd771185afc0d3c61b1250cf56989e5dfa9644ad
SHA256789dfb113e9cc459641f3cf2cd78e3a14a9e1188eb3fdf10fddf987a59ea93c1
SHA512ff5079613e978f01a84aa094a3bde6019b99fe2be835bba211579452c289a357968326c6d1c8e4cb1f62d0bbe186eb295211259753517d529852b91d3c3be7cc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD57a8ef053a0ec1eb7b54fbd699844d20d
SHA1867e720ee1a4716a308f91661cf4dbbb89157d4b
SHA256bc222f98183e22932455baf722cfc9a795286efa613ddaa86d9dc75374ba45cc
SHA512779da29e90118a02832d853f2dbccba98fbeb5942e89625f8b4f63cabd1701f6f8e5889a344ce991aca280837940119b2905374ff04686575fba3f01bf4652b7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5bc5c8c276c6baae49f324dce9195e858
SHA1ca4b3d05d030fea91e2c847c21f9627beae8240c
SHA256d10d7556419d8a39f7cec8a71b6ddf48019870991a407d695143fd255d942c84
SHA512adefc1cb67c733d73b2552f0fcac318f5c691d1f544baeb5c38c00847258862e6eba06fe4e743a85b93089947be6e1a6237a962785c23e79f365b25b2fc130a2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD58864996c7dea4f6ed1d315096524894d
SHA14f32b03284b3ecba0e3a9f0ec75743434d22a4c1
SHA25619eb169621078a4101b2de7cb7a9594b98e232d7487d139066b3b18b242fb794
SHA51240db22baa513f6648dfb31b17504b4a8b9f6e8a7d3e491a1356617e274706a4ec5215fe19ebc27691c15ca4063866373f966493e5fc0c7f493310e38967b8763
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5e8b7424d2d16f647441570c03bd78a1d
SHA14d9fd7065959b081a98d722636beafcd0db11149
SHA2568eb37062982232a35c385b8f089f6eaa436e545cbf2a0adb7d0a8494699617ef
SHA5126c6a5ff151c971b7c93095e75cae8d01b951c615ba482f228952aad0c778892dcb292edf2dec9f10826e8e30ad2efa392c59bdd8ee84dc8a70fe873c0f004a68
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5f5c64fab3fb65f7050b3b19090334a34
SHA13ec9c4fefbb181ed756469116754e3ff7a0714a6
SHA256dda1d351dc32fd669d4b66b930be83c8a04a306c23b161d2d608b2d57308fd97
SHA51212dccebdb727fe9c669004f80a54f4ee7fbf1c031d8e4a92c68573b4c7cb7eb20a66657e50651b64926137fe049fa458fe1647ce41aa4e3fdb766b533635763e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD575d943e19ff42cf784fd3e6c798ff355
SHA14c9179362358f17baa25733e1d4df0609f78c64d
SHA256aaca1d5ff43f0b9c7b3bc8ce1f89c46792d36c490fd5280a35f6dff5de7fd04c
SHA512fb8beba6f6feefc862893bdc04d8cc882e07444e8c52d975669903963a91aadb8350741571d2101a1c4c98463b1e609fb3772870e69c3892ac868e6fe94f2695
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5d8e89bebc73798ca21437245b4557e1a
SHA14fc955bfe18791f805db63618022f31ce3ab3f8f
SHA256c198a4bbd00abc6b092c1613221789f4b2b2a0269142de964a534345fb2a765a
SHA512b96872ba8442706a176ff3b92c506fb737b2c997e3f4b8eb89d0ce611b1a659d94969f8659c44cfd7394ded4efb4308803fcfe7e0afd0d936b01f9fcd1f738a1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5f3a251639c88fff4eda16837d1c8affa
SHA102c136ce497996468e55f76d791ae2c09b03025c
SHA256d3bf719216b11c65523dd39c4cbd052dc65b8790252b7fec575ba29991375c48
SHA512cedbfbec2cd74f658da70196644ac9870e658c95c59d7767a07e7ed8890a1db1d19e1fea1f8e680b1fede4e31c0739aad030ccb9f347eca04afc5b679ec98498
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5bf9b0d6f56e7157b95737df0cc747641
SHA18d70d7f2dd2b3a0f9df6e6b34024644dafa27e6c
SHA256e13be769c08cb095baa87f6be39507f5eb390d8e65a0be448f80c5a44b1b4d23
SHA5123dbad4606c8cb08167112448196422aacabb1ad16b6b2d78e23e181f4d9bfbeaec138accabb7e1a4beae4b6a530509da7787218dc13b62b8df0506a5ec7e7990
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD598b258731acff1683768500b6b129fc3
SHA1a6b131944775f77af52d4035146712ef92313657
SHA2568c7c88e9b6de6c7b531fca54e31cbc7a92b8b38c99a004107cf4fc779c855cc3
SHA512edc8e89f545318592503bf7d9a1b8a15acc17a76350087d3bfd86ecb2abc44496acfd2be8d5ad81159542109d3fd3adf24a74ddb9f597aa21068dafe72f5460d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5eb2410563c93d73926facfa066bfdb6f
SHA11d5abf362f0c267b760e1114af5fe81a2c7d5390
SHA25649e7726d51bd91d3811e2cb81d4d94e0014ddd92c55dcdfb2194be97fb4c9a8d
SHA5128fc775551aa331520a97634d997c1075194c960df2f4d23c9f5f91ab95de1ec14d7f949486fd06952943057d8cad9857d331674bb39933271fe2ee9e362226a6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5cf1e737b92a6a16395f5f3cd595e9265
SHA10ed1c3dcb82ee30f0851e191cf6bb95c717ef5ed
SHA256061a6fdefd7ecbc1e88b94ab2969da4de9ad2af0b378404b7baccb589d6046d5
SHA5126780cfabd6e996adaf5c5143013333136e4dc3b77391ee496968e9e7bce650372d4183bed0b949984bb4a0fda062e623446991ba4e5b1369fe7e71e2d343d2b1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD51f9bcf5f9e2290bdfc1b8f6c5d4af708
SHA1ff0f9708df4880a7b09c93322e904693bcea8ee1
SHA25632bd5abf8d86052ca9ca4277853bc1c3018f467486e00cab33931c1850d637c3
SHA512d192a4ede90a1968d635f001027f1746ae96b1e42c01a2352d6988463817b5f72c77faa4228451bf91afc40b8ac84f53aa8b74aed3c6c1957f7b91f96bebab7e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5d69bbc30b07e82e958acb87130435acb
SHA153ba05ab6f6b6f542a5bc279ce97aa9c588359df
SHA256b54060697eedf1ea753b5e45c81e502306f8bc229d4df9e3a38408238ff95f34
SHA512448af740ffecf7bb8ce01b593121c15957bf42c14c89ea7fa796ddb50980a63a5ef11dc8f4b6398de26eb71876c5d9b6fed890d9a38c81dceeff17bad71dfcc9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5cb75d7234d2f1b14de2940f793bcc74a
SHA1a202e191914279a49d43802f36cfa6d305ed24f3
SHA2563244ac2af6854c52ba9e2e0b5581604511e8463620996644251ee99fd46e9fb5
SHA5120b23d80318508fc95c8c9bee359facbccff34686740db0170af3857bcb5c8cdc3a2c91ca9556e9da0451c9cc59342245191426c9558a5f3d767651bb0e7c4fa3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD53ff73947c07524164c633283db31ef48
SHA1f8d20e99b6c80e1558ba5162388bb5bc807aeecb
SHA256d5164bb218498a5b30ca943e87c8cc9a83e2bcefdd0f33f52921db0e5f99ec38
SHA512ec70c50a35d21f4a68259601b656a96c455d5e03867ad8543201b4c96c46b58ff25dc2e9226e23cdc90bf0be012d0f0de73391b2216a1e62768a0f109e84c336
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5f306f65014d12dedab5a5340ec60f94a
SHA1121b24504f42b73910b3c1d0b4203c759f29acae
SHA256b5bcbfed4680634090aeac9cf1fc70d1e72846bf0242ca1ed6fe88054dd703a7
SHA51203fcb95cc1c8c3d69b26c5f484f2818f051bae8ad1c225b648483ba68b3c06107e30ba53a3c6c34c9764c71e665ec763bc858e4b5b4741aedc92c99244ec313d
-
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk
Filesize1KB
MD5d71f7a471ce1d4684a0ece1266fb2a84
SHA15f1ab1c8d04f8445cfc27f87dfc86e3a7144b98f
SHA2568b8e73885fb7588a03648634a0b68ec27054b2ab2c3707bde5d883fbf6c6ffb6
SHA5129f12d65a2bcb03363c4066d95fa8d157f887e7284473692b59a934370a76230431d37bc6fe3b654f571dae24233eed34a8e69decc38c570ebedb722a6db72f99
-
C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\Quick Assist.lnk
Filesize1KB
MD5dcc575d29b412041be273c9ee0729806
SHA185702620489231ed1c1829a9899c3efb72686321
SHA25694e0fef9aecbbe627f8562b6164ac12829bf148f4e23510a752f5a3d53ea6b32
SHA5121677bbdf395f0df40c5f45ba1f1d67345b580595f6e824b048d56bc8c40484a09aac336d6560e635d2ec4a18b9909f03c9e6b99047ae4637578a18093f8e51fe
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5fa551e41c42b920a61d7d239dfdc3414
SHA174f9b0ace251a8ef8d827c6cf8be1464f0cd1208
SHA256d1c596c3b316166be6e11f1a7836d02375d0475041d12e65c1d5d4b4de1e5926
SHA512ecee257bfc67eb82b358d15edef8b19ef31f72f0a269f0a307e0012cf668baf3a95a6d768c8b6241f5dae659c0cb0222460129bfa2bf3ede445ef2f423afbb28
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5437353c9dbc738c7e67f3755169997e4
SHA1048507376ef8a856f604c1852861b5ff8b161804
SHA256e1598c9a5c04f83f4eab075e14de275004aad79d7d391ae48e25fb22ab36fdbc
SHA5129d97a19e9f3a0bd43e6b9dba2eaae89e31c64d0221019fc28398ec4626323ab18b34571b32e060102c4af388f2fc7a53be9babdb8422886f8b401ae1a717bd61
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png
Filesize501B
MD56198b7ba00be74c6985d3839cf0b433f
SHA142b3fb77bb7b93d12464718847086358c1b7c495
SHA2564b288c879a0b7a1ca6a9d5a1680a94a926c66362162282739320b832311edf06
SHA512d8e92cfaebd29526430dd31fcca7a650eabea324f805e960f99ca67384d53023eaf69d6487677c68ceffbbcc538f3aac4b3b734e90c3dd93f8f2700faaf5a786
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD555c082e5c753a3be7704ddf066d0e895
SHA1ced13c44a19f82b143b033378d601f93b1de3388
SHA256e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA5128a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA5123e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png
Filesize501B
MD5cc732d0bd874a5559714f32366affe1a
SHA1b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA5123d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD56118450a0158591446f0b517880a858c
SHA15f2212cffb59d2d3b79210e6834904606eb65054
SHA256f018e2f7bced508ccd64f579d22930007828ade5fde08c442c9d0c14b1ba6b7a
SHA51278d4dd56c67cff814b1476fbb99ce9844ef0287ed778fae297b637c4073220c10636180e938d6fbb203831fefe360b8913ee25c9f193e12fa307106ade731e72
-
Filesize
81KB
MD5c9bc420eff07c647f4235d1a5d7d500e
SHA1b7917f5d04b2e585cd7ccb4c19aabdda2ad1f0c2
SHA25677c605f84202b0fea84245765dc4abc50d503f6f6361d269bee7c7a8b71beb72
SHA51275b05991b54420534790b0bf51a07a5797f29e4e90e961443dabcbd7788a4ada72a9f2aad732337601a63bf10ed6146efc96ede921cebb6a9b2a3bbaed60cc98