xorist | 44ee695b532eb984e46de29569ce35854b37d409efaabb6bcf9f5316e2b0546d

Resubmissions

18-04-2024 18:50

240418-xha8wabh29 10

01-01-2024 15:12

240101-slnwxsfeh4 10

Analysis

max time kernel
1s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Size

2.4MB
MD5

675716e76d329c21fd1c8584c4bbf4e0
SHA1

3f31361a356346980a458f72639b167f8557d997
SHA256

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e
SHA512

33990b75e05409956567e2c417c4af3cefed346d18b1c990651ba9ae55f4c41e448f48e708ebb3f0a47dd2f95a648d99fa49b1f53bd68275754a98662451b75e
SSDEEP

49152:T1qnoAYJ+dAyibulZllnhELJPA2GINhptUhwRVmif4lqKw1UWHgCw8SbdkYMy:pMoAYJlyi8WBAypSQVf4l21xw80ke

Score

10^/10

xorist evasion persistence ransomware themida trojan

Malware Config

Signatures

Detected Xorist Ransomware 2 IoCs

Processes:

resource	yara_rule
behavioral32/memory/4788-4356-0x0000000000400000-0x0000000000A50000-memory.dmp	family_xorist
behavioral32/memory/4788-4360-0x0000000000400000-0x0000000000A50000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Renames multiple (457) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral32/memory/4788-4356-0x0000000000400000-0x0000000000A50000-memory.dmp	themida
behavioral32/memory/4788-4360-0x0000000000400000-0x0000000000A50000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe"	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

Drops file in Program Files directory 64 IoCs

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\History.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\javafx-src.zip	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11@2x-lic.gif	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

Modifies registry class 10 IoCs

Processes:

741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.kmbgdftfgdlf\ = "XVFHASZDBSERGJE"	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe,0"	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\ = "CRYPTED!"	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\DefaultIcon	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XVFHASZDBSERGJE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u0m269i9MFZ31k7.exe"	741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe

C:\Users\Admin\AppData\Local\Temp\741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe
"C:\Users\Admin\AppData\Local\Temp\741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies registry class
PID:4788

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize
4KB

MD5
b49ead4ef7fcd48f7859291c3cece8e4

SHA1
7fe6ae243cc4ec72a6179d339796dc25eb685427

SHA256
c33456296b75d7c4e87801f81205bdc3498405de266dd7dd4433f5d9f5913d74

SHA512
4a67aabcc7ddb5dcd14a076ac8d6c6208bf881682de73652bc81070dcddd0d634d17c17ee9b3bbe59a84d5c5013ea784ecc91e33d907cdd3279b93d298caf7dd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.kmbgdftfgdlf
Filesize
1003B

MD5
56f62e2cb16a8fd31385d7c383b9e3c6

SHA1
ecdce79b4f9f3a177bdadb5b7223a3cce696e24d

SHA256
5e91bd053b7f83499e064949b8c4ff2f49d5ef4d6a446a1911143b19142105cc

SHA512
e8655a7ad4cedfe2930cc312ee50e7a3bb9d729212f1f6e18f064599594389e14449a97be5d774032f2b15d956cf2917a32fbc4e519e0b47727f48240ae75a8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize
1KB

MD5
b4fb91cd86d284240cc0fcbf22480158

SHA1
dd3d53a14312f08a912b61fd135564d7cc2bdd84

SHA256
1ce17ed0478298f3fe72ce2f02495e08420403eead00c2de999e0fa4e80beaed

SHA512
ac389228e820a051587573d6dd8441cc2a6f63e465c8a1ae0bc8221ca7b1620861b6f113f2ff10a3de9ec6f572cd240ab89210759c1f859f9fc15f5a9b425822

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize
2KB

MD5
9b6d9d21c6287ec7a8efd4a4bb863be5

SHA1
0c0e02cca8b4df635f048b7997cf7ddfcb287c47

SHA256
e7a05746f140ec3da2dfbe53f983f8de093089961a19431403a93aeba618bc28

SHA512
28e0d1fd26269100f040f460bcc0a056a1021ccbf2ab5b1816239c3140404e1243904e8afbe5e520fe2020af40ffca9e72c6fb251212d89a6244ab39fae6d7e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize
3KB

MD5
f9b0181bd8ccc0cf5536163670c55913

SHA1
542f14e68071eff88ddfc9a504a03494ce7ffea0

SHA256
ed8339834a0e332d2acebd44069017a961a317bd4751f5c3d6e63cb2165e8051

SHA512
eb2163a4379c363b617b9b3307d04e3cc9ae198b2dada8db7014541f82c75ccff26a2bbefb0dcec1799a0c16bce1001642a5a91f2fc6b31d4fc75f30664bf1d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize
556B

MD5
56633bfbf611061058ef4a6f0d7ce8b4

SHA1
9892ccd118d38e3db3ec12571960e309c1fd8962

SHA256
823e4ff6d47f1458f89279f98bbaca4f6b2daf8d43ae6fa359560bcb030ed6e1

SHA512
59221a2bb4a5f9c7aa4b26057d33383020e6d1ec7f0a57b7918eabdf6004d060dd14ec97a5ea1a7fecf15ea9970b73490af22cdeef2c34035b577d97b7fb1ca3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize
6KB

MD5
339406a8805d3201ef492d3d1ddeff90

SHA1
54fa18879eaeb40080902ecb13d06bff22c02313

SHA256
91029186180c0becffb8487ab0fc0156fbc3fb451b7f845947595f4794205fcc

SHA512
5e5a87d24ab3195465fa234a6ac29cd9ca28a60c9ecd65b5a016bc1891207abf10f3fa772ddc211747ec1a4de2d34702ee5bc2ea68b2666af43b8cd89aad12fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize
826B

MD5
930bb880c04de5cf3b513466f48ef2a4

SHA1
8cfe0984ffcd8cc46246908bfa2568b9cfb8f5eb

SHA256
7217a9537b03399140b3251513cc870a92e6ad5a486a54b4819cfbb69a8857d9

SHA512
51896348fdd4bcf8336ce30ca922618e303e296b762efbf7501c752fe85f6bc3102165ad3526612f084b910a373d10d9145b25081ad644c7a975170e3f6f3e46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize
1KB

MD5
fe5ce1bcbb8bd188664d3a27c28ba088

SHA1
43fe1d3e6a9ae5657ba068d311571b0687773ef9

SHA256
6629e0720f36cdfb2b8aeb94bb3ede6fbb75a9fe24b4ef6f682965cfb589a208

SHA512
e8422ddf27ae73f41092d252dcd13a566179e9b02cd3c57bafe63c8d60830f40b23aff89d5693670e4d0121632e023f3df352e634d9c01f371fd49cff5c65bb4

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize
32KB

MD5
36cb1452952f0715f3f012fb9660c763

SHA1
6823862aedc0881b7913a9d8610fdda2ed28d3bf

SHA256
def1b3e66a59256026c89967e34cdfb869b642b58601e3fabafb8b220d6b29ea

SHA512
05dfa480d16234ec0aab8cce7d44be4f2cdfcc884c0663401bec5240b6cf50f4e889ef3fc750395d619bf3d7247eeadacff6b8496e7e378d83e22fdbbdae5fa2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471123731700584.txt
Filesize
77KB

MD5
a9691dd57fa1495808006a6bc1fcfd2b

SHA1
7777b97458292f864ef3e06645a6e2ada5f86fb8

SHA256
3d08b27d52519c7eaef77b76c8de740786d5ef0f1c50299aafdaebe5e4a25f6a

SHA512
dc74b6c11a2551a9d70ccf5aa57f880bdc7a14bd0d4d2e1cbc441a38f827522004e05ab6e7fe04881d9c1c57c3ea51daab5225e3d94af7d759af497d06829939

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471124267469309.txt
Filesize
47KB

MD5
469e2b7be4d1773f463fa614f24027ad

SHA1
768fe8f56470b6b93846990a72f4b2749cf65a33

SHA256
47d6632ef919a2d9283a3ea0504ec4b88438a0cc6aac46733162ae96ba838038

SHA512
3818a1b9b51685b75e18c4d8e8872bed23a88e6309e9ee6cf2596b010ed5737bb0b2a39149b82077e01a8452f072e022e7e16f4ec9280819f5cfefead82232d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471130177752040.txt
Filesize
63KB

MD5
d34fa9240ac0380b33b6fff6fbb5e966

SHA1
ce63e6f2643f29bdd63d323afcfa9c46ce667b1a

SHA256
eaa712ca42e745b971998595d4c6ab464bfb3536fc0be8a08f43b6eee5fbecd4

SHA512
5a8527b8f99d233d3dae59968f07f85ad49ed015e2e309100cc92521bc2dced25197c143c443f416f4a9b30ae141bc1e5d31802a3821a231e5abfe4aa23ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471154988301288.txt
Filesize
74KB

MD5
55a8d42cd800b4730b0c055853788e11

SHA1
2b49bfe8d6313b1cacabe887f2d7a96cf382e3db

SHA256
1f3eee6d0c721c7ec956926e1b7d4666acf7732e6227be4ae9e286cedaf80642

SHA512
1a836fe7f1ee034207f1ea0cdfec2f8c2bfbfa3e005fd7ef827e9d2473128cf57c9fa88ef57c442915f46f23f1885751898200a84b6c5b4703caf39f4ea1e597

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize
407B

MD5
931b5a3f8cf61515219431347c07ad77

SHA1
b649cebf796669ee9d39652b3c4c7b0f1b3e304e

SHA256
123f3335e52d9aba2fea1f981b993352fab05e1beedd5ee8e2f8a8d648294daf

SHA512
250dae98790e1392207afbe6f7e4b462c0ff1c9048289e5637cc24fe58949bdd9b6393c34b10c52800c14dcfa67b93afab22c09f550421303705cd692f30a379

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
Filesize
21KB

MD5
a020bb28bd35fb03f367946b4faef444

SHA1
d28c059f65960f8a812f08906bb1b75662317004

SHA256
6e657a8dcb8338a48860a04a7bac4f5fda6f4cb67fc7765032bbf394d40c95ff

SHA512
8f1865a86250c2de1dd6959e61d23fc5904167d97648aca558d755ed93f13124b5a05c2679382106bf986452e3c78704540b511a37985b6cc0d5973c022be5f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
Filesize
1KB

MD5
1460db39e48809697d3ba5e675e44aaa

SHA1
3a6a7954c5bee8ec192cac49da32daa20b68ee40

SHA256
b5bf8bd3be1ec2ec951a05dcd0a3b830365aa6adaee9a1bef4c4636b996b7ea0

SHA512
8dfe019557ceceae9a35175ffb38152857c532c15617ba1203f379356d2e8e43918f64cfdd575c7abbab242851b755a28d22deab04631393dbbbfeb90f9b7b8b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
Filesize
952B

MD5
7c9bf5da1c349c270c334f553e9f59dc

SHA1
470555da3fc3b416035a9ea6e76309cffe700603

SHA256
5e8b1ace18acc03e54ce8d7950c1063ea0cd962d8a879cd69b16a0b49880d800

SHA512
4590553d7cb465f7a6b0151ba8c073aaf99b63d3e311a5be5987c682bddd58a6f253149c0f5943dd78a282bafae429b3b3247052c3fa7ff0f0d0158df4aeb187

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif
Filesize
121B

MD5
36a3f40b0a1dd2196f4acf3deab70a24

SHA1
afcf55ce3ebe2ef39efa816bce8bb2b7b4ac7ff2

SHA256
54f57a6d0b84f50b0985689a39aa5957d05b95024fbd052ded5985d4d3de8ca7

SHA512
e78e7108673257c829bb92896cdde4c5ce1dd34543c725cae3009c794078023e0f8eda84ae6d6265af5304b012b5b820febeefd4dd81800ecf8862f11820f644

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif
Filesize
1KB

MD5
86e6c0fe465279f0aed32810180900f0

SHA1
701b620cfe8fe50b41901b2bac427c4fa2780816

SHA256
7f6edeee0bf26373516d03c513dc5d474cb0609f70d375a431b9bc43659f1993

SHA512
0d43ca0f4eaed9a122f31147f48be2ff5012751725f699e5a05d45e8389ed8bd387a9b6b1c38e263b93fa7d33da56c9d2b1620a998fb6e563fb4779d5cc8bcdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
Filesize
8KB

MD5
60a572ad1bde9f702c5e3c9335ab09e3

SHA1
5f7e8383a934762316d1d41888b3a7394c4dd085

SHA256
448e5d4a8adbf750840b3ac9858369583f0b4f3cdf0ba41a8fbdcd16ff3d97a9

SHA512
d8630e023068e0f277187f70fd1446cfd9244a5e49e3268b9037966411cb451b49e3cf9dafbe363456af1f9a604cc311ab2298736558315a589e8ada2c65f6f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif
Filesize
61B

MD5
e7c9c85f5f4d62c65c31acf49842320d

SHA1
4307d892d4255939a79ec70865e8d4230ea6e9d4

SHA256
8e12cd0290d025231f50646753ffbcb2a436691ca3ded8550cce1ee781e46cc2

SHA512
2086dee0ce633ac79bf4e8cf8fafb750f1f119f4f24635bd30475b3bb581ff5f84c28991d9da97edc1299c7cd186732f5a09ca757c148596115da0f9062dc85a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif
Filesize
914B

MD5
773d07547f47e381629d2c3a41b6947d

SHA1
0f36939f18bb6c3b85dac66027e84ea9e6828a38

SHA256
38ed93714e8b54c12ad02210bf47a15a88d70c71c987d81a1c60d79aae4b65ae

SHA512
042552c3ac84c8c9bdd273a8f90d5f6d46f7e65df192f916fb049920f5bc0abbfe9309645ee2aa838e79283ce2fae6060282bd3ec88c880ca0263ac0af688087

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
Filesize
90B

MD5
7a8a32d97111cfa2b1d4c72cca943636

SHA1
bf825267627fe94aac445673277ad6d40f31fafc

SHA256
055348c654b7ad120831d2c53c0d260e28469f099b70c1e47d0465101cfe2833

SHA512
da5393c8e10808fa8f05140958493c063d20ab4058d38da83b841809b9673bf13bf03fb2aa06d131f89905a671300c6b82ba5641e4b99a45de70534947845f42

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
Filesize
90B

MD5
c18e42fd079450d9acef51832f19c807

SHA1
60f113a0600c0cfbf896db2ed982562337126e23

SHA256
2e3ab0f306cf390afbd4c29b7b173d24177b657efe9d1e10f129893b6eec22e8

SHA512
cb9a0bf0ca20c656f00b34a23a01afee12fc8078586d20f6a0dc78c39182155f821a917a14ef9756882c79ec27c86801612aa04a7ea0d7bfd7afd9d26daa14b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
Filesize
328B

MD5
efb0ea957deac176d69a9b308b74b4e6

SHA1
3d777c666f8a5b0d9935cc4eea7e55400325e035

SHA256
2e93095604d6b1231d0a5246af2e9703ab604e85b6ff22a8ab16fb85a72fc8f0

SHA512
5a1f26641e911a17d3e4e350399e5a026be73bf03ce6bcd38ca24f25652008a2acccffbde3d5e5e0291a56482e20fb2c95dd62ba3ef7b5d36b1b433433aebe69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg
Filesize
1KB

MD5
180076facef7816ce6473b3060f825a7

SHA1
ea1d8fb79e96c42a6251b1435fc746546bc50a13

SHA256
56336b8c7c5624c4ff6807ef754431749a8e49dc506247516c92294b8b6009d4

SHA512
4805edbebc66d89bc521560ce2c2dbf88023b608a5274bf7b05a87b20e0c3d76e150cbbd3bedfaf166089f64b42a27a65e85c628b05d2081e1de7f015ec6b099

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif
Filesize
162B

MD5
cc36c0eb353da99d7bd74e50d6936c28

SHA1
ff3ca9160b56915fb42cb1a38a368126715e9e72

SHA256
217347c58c413ce4be41efa7be1e68bcc94ad12b608ee44b3dafc25a6ecd455e

SHA512
6964926a8512d3d0d4cd633eeb6f784d5a7ed544699ff331b6e7f80eae3b8e26875fc72a89c71b7fb1428169f913e20488ee2c74a50c09cd0157c41f731cc031

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif
Filesize
586B

MD5
a004b0668d0ebface583523e6d7ad241

SHA1
f3e1fbf9e6dca294aefac7d9e34b53966f2681cb

SHA256
662e096be08b8e82e8aa39e6deb7b95e1d52d213ca5879178da2226a74c5b284

SHA512
3569a24f2b3a55bc1f68ef80172a007c9f6ec4d2d51c9bdaa6b9e1e015b7145c56a643611c8b4939ba4f50d6d1a6dfc72d704e70c4576be489244f5a05abaaed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif
Filesize
124B

MD5
803d54daa282f21be1152996aee9a2cd

SHA1
ca4fe19b5632d669f3fca3eca7335c94f66c2bf4

SHA256
17b0a4a0f1657872cbe1a3118c2d62f52849631b45dae43be4b9f692f58db8d7

SHA512
6aa406e34766a8e9ee635179906b55a3583b6ab81a44f777f64aeb5b3566189f443cab6d8ad62ae16cae96b52be62354f43bbba421b62314f636bfacd436d1b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize
65B

MD5
2dfa1c99a049073a4c9505bd935effa2

SHA1
b0741e17de03f1764d7f2f32aad41d19484f834d

SHA256
8a84304686f35c24ec6b46b4a8ca16ce003dc2f38a13f75c0660571ec0ce1cec

SHA512
d7491bc882643a5fe7dd6359599a2505ee53240c600dcb8f24cfe9dba14f87f6dea3842c9cebf7e07b2675bb6e12b7d24d5e56aca84c372341f79b729189ec5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize
65B

MD5
a26905f1803d640b46f11df11bdce796

SHA1
8738620276cde66a037c41d0d87b7052c30e87ea

SHA256
6068f4efa77101ee6104cd6ab52b457989502d304fd39e01a20d0dfacacb24bb

SHA512
c38d3a3f0f104b061aa9935fcf4540a47301574a8a54d71b5479108943d1f9124e44a6096b5c4964aea46b165418dd4369f8d930d4ed8a19261da965543a0419

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
Filesize
8KB

MD5
d4795c5698ad24feda0e59f83d580b23

SHA1
221a6ceb847d7f70b14065eebf1e510f62bda8c2

SHA256
6bb30eb5f649f46f86dc29c1b4b55243ff4fecf5920dc804bc0f77759136da2f

SHA512
cc7a6619e2c0d603467f32bc94845fe5276d60b700698098e3e65cbc42a7dc13054cb9b3e144dec35519ce1031f7b7eecb341b73ea1f3b4afe349eca120abfad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize
65B

MD5
67fb765610c8abf76888e7495ab06336

SHA1
a5a84df7407f11cd843f1c4dbf6454d9be957c95

SHA256
8422b56e579f6e042c2797ecde2f90a309b1b9bdb7d6a28d68c17b9a12c03cb3

SHA512
c73db2c48f17a5634cbfee81e879138675dcfb7ab23fe6e8ed7535126dea2decc7a8707938419c8e0a970525046ae92a633534359a1c8a578e19fb2469c14c46

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize
65B

MD5
09541b880b28fcdbe91fa78b2e26e0db

SHA1
c0ae4c3b10b65556b8760faa68f8e149cb63933a

SHA256
a859f10c6975880b2dd4830513bc1084b4eca069a9a8ff489453b703973d5d7e

SHA512
7903a75c2604c00cd2de9df38d74039272076c6939fc241326b52d4904555820d58eca5d22a253488e01e395f1a36c38edc739c41429bcc8f04f85951983c12a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
Filesize
880B

MD5
cbf19257d583410b336eeb203273acda

SHA1
0118e2952b901132bc9b9c1211f628c9a0ff6adb

SHA256
13ee275b05640d6db78114d6634028b7b4b2bb573f45c304d8e96d537c87b17b

SHA512
01a3c5b838aeef1f38546487202e2b6cd2a03c845ecbfb8e3bc29f3c983a5f3f33396338e1d809ff96315ed87c452bcb68045e32d69ba27a504715ea59831d93

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
Filesize
49B

MD5
1bc0708738f800231c2f2fb48b3b9509

SHA1
0b59fff429f22e8cf7f885b327e48041281b20d7

SHA256
78b881ba9e3b61685fe049e795f829792e9debb549c3ece91a2d1296f9fd71e9

SHA512
a727108ce70a2cb117ffad9815a14a5ab0aaba637ab7cc1969c8d20abc721710fe1948ebf2c6d594a706436fbf58e933702b40a1f26c2c34fb3a94b9b24efdea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
Filesize
1KB

MD5
8fe32e98f8d2132c8c36503236ccc2b8

SHA1
7be72643a99da2d872a8b52f87255b51a7ba600f

SHA256
972bbffd1c99bd95046c5f2e0ef7acfad80576d410aa09aaf124b63a43092e0f

SHA512
0000f4e4c9b8d808aa922715e4d600841b3b66c389c5a488265015f3c03554ed44d414005045fcef8d9b880529ae93b9545158797d0179dbfc0a7219e443ac01

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk
Filesize
1KB

MD5
730293fa614bd4ff96df3fdf39206506

SHA1
82d4a127f6ad9f5fbe06e1d3e4bdb5d3046861e8

SHA256
656c262863f200527ebe6bac5046de40d3480ffc7950c42f9a19a9f0c88d7710

SHA512
e9aaaf75df9225140243608ce6a69c79ceefbaa707861b990362540d8f475660a154ef9e37377ebc686211e06a57f0300d16a60859474591c23cbf7badfffec2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk
Filesize
1KB

MD5
af8888565653e17b69eec6e395c89be0

SHA1
8165395e5af5b9b52841eda5d57782dcb6c16ba2

SHA256
d45ec3d74f2362673ecc4cb716d6ad21f3c22f7f9d57b4a4fe2590a5b0945bda

SHA512
8e20f3f064ab74928dc93f29895777bbc906be8a087638090cd1386d12f3bd75102ab1fd598c64a584912497ed3a9992291c2eebc5d92684f1c7dc7ce0e4464d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize
1KB

MD5
4baa8beba8773d59c6cbb06ec59bbc21

SHA1
cfb7a0b1082e136734815fe157226321603d331e

SHA256
72b0284327275beb55cd47a13891038892f9d7be2e3103869957c6a8b2afdc28

SHA512
28d609de4603a43aaca35ba5ff6e72516386c96b0d21c9fb7591b6c966176dc1025236233e76e34f890c80be93369bbf5042fdcc14f7c4d5db6f0e9552f64061

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize
1KB

MD5
5831d4dac6462c97e1052c6b41cbb7e0

SHA1
d980a979578b296b4751314b69c5d46566f839aa

SHA256
c504aba448c8c7e46d629d87136b8cefdb1b2b7badd5498eb50795bbc1d717d1

SHA512
254137c1259eeb957a9be5d01b90aeea436a968faf86fad4c96a671ba8513d1f76a0920280fd443d8a8ec9a9750ab123e469f9d874d3877f9d3002a134ae284a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize
1021B

MD5
e9bb63ef18aa61437f9d4370f584d84e

SHA1
922c764dc13100b0653baa005dc77715d1ffc1d4

SHA256
69564e8415e742b9caacc5dcf1e154c3bdfba3b9af540aef43e48dca13a55ca4

SHA512
26898c5467a7049638ae00f8dbd8a2e3631cfe62c36366e6744af452b907f33a9a9a51a052fd199628b40ea7af0759e0239638168c05dcef02753a90cfe8b180

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize
1015B

MD5
ea99ada2b8430a74cc74ee5d4d00e5b4

SHA1
59f61995b7c242e43853e6b9b525e34a0f19ef91

SHA256
2572a3807264bcd6c60fc7823e3db9f4731c37a0beeab8108ef78d7b203df67c

SHA512
aac63267f81f3a97d9f696c24394d3e0179d91fcff797c837183f9bb48b1540857eb1b350c3f8a3681a5ff94ff2f314c413093bc5f429ceb5caa6ccf625e571f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize
1KB

MD5
18a6880d38349e4cf239f6092f7a01ab

SHA1
00a1f554923c30f4bafe01d86786bce78f10509b

SHA256
b3f5874f162acc49c73f2065ff536f208eeb5388702b85d2ae7fa37f602a85ef

SHA512
669fefad80b3ce8bad7c4c4bb721cb0d51e2a7ce32f6320042bef3a07566e968ecca13f1e18f29f902a32c244c20e4503d4f760f00982ae3d3003645da66216c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize
1KB

MD5
0627e4dea439a0e845a98e4134dfa35d

SHA1
472e7f13b83c23e6d503aaf3f4a6ad389a93a58a

SHA256
ad3694a81e05f8a51aa774430b816c6acdf0ad06b6855dc68a688d818eb2317d

SHA512
d700e666cfe682c5ed281885c4aa7f3501933d7c34c167ee3af8f660c898e5a165ca17cb3a5b38e1bdad6a9c928a9b742e86ce2fe48ae1d9c8ac6d6d7ca0d87f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize
1KB

MD5
51cae131d462b7d4d9540db45a02c24d

SHA1
b7ccdaca8d1357a222f818510249952c83e40293

SHA256
cbb957e5717208b1e8929f0eb240ba518630bd37f516eb910b954a30a6ac5317

SHA512
ca5ec067dcd25d65909f7efa73af3c6f184e965d8b896c1d2778b82bc06f7fe4dae1931e040f439d159166c5895a43b87e29a71fbd7eef89b34a6eede252bb56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize
1015B

MD5
c692b92d86f139d1493a996470309961

SHA1
e63c0599b05dc0563a761b1c0d1e4a17042894ac

SHA256
8f6fcbad2e220b96ad387bb04fbd2b2bcb2a81b504febfb308b1a052a8b5444a

SHA512
3b2d47ab7ca92ed61ed59968e024a3bdaaa934974e4b869be063e7dcd5e0ade1222969020908ea99e512c5d81a5a497b9b6f418a141832de8dc63c063d257cc1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize
1015B

MD5
18d11185371933dadd6e8fcd7a154968

SHA1
0da206fe00b352975fa3b6e6ec7211e2afdd8975

SHA256
2626011e601a295d3b2b0e2f8efbc24b65e2c09c59cb52491c3c526a5763bc7b

SHA512
ca4c57a7f7157d3060dd825d725502e709894df7f05e3eb742e58200e6e689840876ea30a5bb35719ce3f8fef6b5e60adc3b2ce5478fc49cb8f6e010f470e3eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize
1KB

MD5
8062c02b7c75966213203ce394588c3e

SHA1
983837041751f32f08de1c0c27f4c05757befb60

SHA256
6ad79ccc1b40dbbd12b9ac5084702fb909f7847b96c967e3d8e798bc1aac1f00

SHA512
2074649531ee1d24f84d8132e9383c53100e1350716accdc84343a37a16018414e2aa7bb580b353aa8dacec91b1c2cf367568328f176930ebda515d5c47ddd06

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize
1KB

MD5
2f0fd3743f89059397d37c4880ff614a

SHA1
5d3cf51e8a9a1d1c8850edf3471d0814a15e4924

SHA256
ae847d2b764e281e256a7ca988b4352009aefd671488a5787d506e7141eb92a8

SHA512
a3f5bca61d14b742023946205a2575bb6aa7b444280dc71ea39d82ac906f504a3e28847d510fda815685907db8d03f2e2cb8cde28f00e3117cad701008befbc9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize
1KB

MD5
d05a20aa0cc2db47eb2ba1b5c6034fbe

SHA1
19d7ecb96fb8cf57d75c9e58f48a32af41965743

SHA256
c22bb48d4cce235fac4a2cb26c91ef72a00cc50c5b95a92d3e477f0b9fcee1ca

SHA512
5b11ac475b917a029047a4c8e2552823940c392315c2cb86d25c95c18481527af24a55cb8afe3a3439133fb87187e13a7fb375dca7089e31a0bd6c4df7a04e57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize
1015B

MD5
54a386c3e677cec704070436ead1f0d8

SHA1
8f7f9554c0cedd87934fa5dd87d648b2f6293f25

SHA256
ed2ca8412d96c456903754338cb385bdb6c7d83c3bc5ae323d95e6b6e4091742

SHA512
e2780b0f733c88b86968e29fe251dc8739356f5d66acc45203f989159574145cde7054485fccdde8fdc43b84de86b6403a4266bf45535f969336e4a9a1b3ba3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize
1KB

MD5
76b5d780788230cf587bae30cdf3ac7a

SHA1
8ad14494243f10962a6c125a25184cd144c17e95

SHA256
21a8c8e5235d54458100e84d0a6e1a7222414fa520ff5faebf2cf148a6999035

SHA512
4d26b3ae0cfd426f23d5330fa1fb51678c86cfeec11cd370adb65ad326f9791782488d601486dbef79a98f10d27f187dc7ba54791a384fa01416f26f4cd99e68

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize
1015B

MD5
8d28500a1e2948120e3238ad1b7b49d7

SHA1
ccdbd2c86c32d301fbcbc9ba599138cc9f872dc4

SHA256
a0ca13503edd32db4a313e552bf4c2c7173afaf5fbc9a28771b9cf9820513475

SHA512
39268ef212faf6fc160022044ee7a39337d87dbec2cc00b9a8d993e6df640fb1337cd03fb61aa0c58a5453256a55a19e192a8cb13881b496bf46069736f77a40

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize
1KB

MD5
7ca41d30cb174a1e2ad97032d381479c

SHA1
95a5c1174690032955384741ab37cf8513cc675f

SHA256
d4b39d3deaf50e68cac834dab8d8bec4fa5e26ee963db8b892e1c5b0c51fc0c4

SHA512
27fa32501a0bd0af37a77e3c1e9c0a8c6c19c457fb2c617848db728d9659a1d52e7e57e138e24cbb11f73e80446901662b682370f62e881147cb0ab9a7c9bafc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize
352B

MD5
8670dbe48a40f4fe86d6de8a2f8a607f

SHA1
02c0392087810b488a35b7ffa7a8f24d2baf16a7

SHA256
5bbc099f120a8a8b7c3094791733ff3fc2bd3c6e1d22f7c037cedb7fe1734273

SHA512
95da0fceb44a3cde052c31792290536b73338a7af6b52661fed7d5f3198c3431253dea1aa1ec479f7a319d5625a98e4a945275076fcdfbcafe71cac3583467e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize
334B

MD5
83be4eb1c8a55a7803da9537bec33bfd

SHA1
f41bcdc2aefef239a811b6f428ca87cb357c6e77

SHA256
19c6eeebae31d7879cc81c0d6476703290873a506ab55be0691957add80a8a25

SHA512
b37230a6c080f580c0ba269840bb3d161f82a61bc50650c5f48530264f0c3f118947e212498c1c9749f9e913dda1217932537132d459ae5db169ed0f1f2814a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize
1KB

MD5
295ed63b2badf18df085c503d0832d11

SHA1
0561540f0d2aa3d60e157c761808a7ba1ce723a4

SHA256
c33fb5b624e68905bbee3d69d75b6799b22a2840761936a0946a83dfa7253f68

SHA512
f605f0d524a5ef3082de626b7d3e6e68abfd1ba23c57e41bbc46291d2f3577c220fa3fc5f2bb625d2afef85ab978069ccca3db3fda6cb64affce1b89276c4df7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize
1KB

MD5
ae227696476800ea187990a61a670da7

SHA1
3448a701212bda7bc3879985ff830d158c09a845

SHA256
b5867226b4c21a7c0ae0339c231e33206f2d32e5fe4fbc215533c49feba37986

SHA512
77a48cb69d3b83a082f60d87a7b6280a6b325a6baa8a94bba13638722474864bc211bd93e4dbf0d80941c4ee03c28adbc8e8db046a4ebfbd4ee45d6522edd29f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize
1KB

MD5
180c702c5f7adb5f52f9d662114d587a

SHA1
638380c1c728a5c6132c2ba997f207542f575dcf

SHA256
e694b845cf49d21dc126f6eef3107913f34364f2412cbb10b169e82796080669

SHA512
d8287879ae89a9bfcbf3c0d7247542738d7a2dee4251c2a5190300b4e0775d34d9628ceac1d17a62fbe4c1e935f439ca4c9800c0d99a7b7d4f609b79235bf262

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize
1KB

MD5
10f60721021cc3871034542ea0ea9bed

SHA1
459195aa25ddb94cd7658b497a975b00238fcc58

SHA256
74dd1eaf9b603517100d3a938f532594fccbc221f4ec0a48f69b0c4dc108ffb4

SHA512
987ea10cf3a43bf9b401b21ae64765f277048894efc91bea3e45e7566cdf4cadf3f45a02ca4674a89e278e279eb633239e85e7df4d31d79b5bc583abc3864f7d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize
1KB

MD5
12578fe16ca13a510855feed234c3445

SHA1
1707ee67f299ca27493135fee6108e5885a1a4d9

SHA256
ca1e1751f4f2aa3bd4a67b0c495b1c5b52e999108856e1d5ddffb746613cdf6c

SHA512
788412d3881be585e7d9c3d0347f18c029da21fdbab08a1d1a4b65e7d2b40c54d4e3c25cd2d39127cd5a082be0088df2ce8d2abd642caa253fe66b5583697db3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize
405B

MD5
5fb7632587949a9710bb4d501ccc34d5

SHA1
a39fe3a4c549c85a0fc9f5625d9dd7ecb996a676

SHA256
7d55477fe1b2d6f6342b33150b561b9c130d882a1a6f1b2db437b96df41e0ffb

SHA512
341d422dd3017fdd1cdd0fe3f83831d974794e522cd6609202d9ea8a7f9a789673ad8143561a858b623b2440b35dc3d8d045a8c552e670729121621d3a12b67b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize
409B

MD5
05a73553a577c977768f72af54b8a3f6

SHA1
ab4bba44edf77132f5a22ef0014f49b4d74954cc

SHA256
eff4516d9e432fca14878e7ec6c649c98f5531d559d67779457b6b793a3301dd

SHA512
d2f22a296507bc4499159698cae599058491b7dea1294963b689209d1356b50fcfbd1eb05c68983751ee00ce43d948d4b6cccbcd3d117100eb6c1e5acd8d934a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize
335B

MD5
11411fbc729d2406d0abdce47af9c254

SHA1
725ddc512bfd4232cfe58f1fd1d69f35f09ced8f

SHA256
2975ae8b292501e07359005693d6f9195d674ccf41bc4719126c2073bf735d76

SHA512
0ab068f36f85ba608a5078b0721ce3e0758a5f94dfdc0cd20bb8b8b8371ac9e153b273392034168aa1bfe7a49c923bae4315ef1b88778f820e3c45339ee656dd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize
2KB

MD5
71916c2c4bf76151fe42feaf701b533a

SHA1
5890ea199c7ec2a1c7fb4bf0717d4506b837e39c

SHA256
d560e465270773c40ccbb1bab89730642732d79cb5502f1183d8469c9b6751f0

SHA512
d3e81ee764539b4a9ddfab910b7f7793f6027c66a88f1f104e09f8038aaca076347dad301d83a4e2a79dfc1bbd680bde2fa85421855941b7dd2e108d1ecb9583

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize
2KB

MD5
0bcd387e90f0fdcda71be68a059607c1

SHA1
21da8d5341096b8e312769e89b689c4c66440302

SHA256
704e62a770fbdfd12e9736e79b3a18a700c54f3acd3de705b643100330d2d400

SHA512
ddb0c06a261cb88fc289e7ba8ddf7c445898f3275cc689a0e734932f816814436970c0778bf1a9b9c4de837fcc239d9fcf12a76c63ab9072415bb3cd42ff8f58

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize
1KB

MD5
d8989a645382f483f78b459dfdd464c3

SHA1
d0f9751c453b00760ba3c6ac4fbfe40e63b9e4bb

SHA256
c6b8a058604e407eba5be2c63d167d783c899f057eceb6e89813ded29ac54769

SHA512
d84d812fdb19d0202db97c34f1f407d6f95006e13d9e560a972a7d61851290fb0652a22eac62f9da026f666537ce98f0bd0f1fea9a615857b1762a163ac72534

Download Submit
memory/4788-0-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download
memory/4788-3947-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download
memory/4788-4336-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download
memory/4788-4353-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download
memory/4788-4356-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download
memory/4788-4360-0x0000000000400000-0x0000000000A50000-memory.dmp

Filesize
6.3MB

Download