Overview

overview

10

Static

static

10

1f4e927f6e...a4.exe

windows7-x64

8

1f4e927f6e...a4.exe

windows10-1703-x64

8

1f4e927f6e...a4.exe

windows10-2004-x64

8

1f4e927f6e...a4.exe

windows11-21h2-x64

8

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

  • max time kernel
    1698s
  • max time network
    1175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

  • Size

    2.2MB

  • MD5

    f5f2f6c370db4b38bdf8032ea3ef2a64

  • SHA1

    b5e188540539bc2b1d128f408160fa91e724c84b

  • SHA256

    1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4

  • SHA512

    f2216faac5d07fb2d6f3faf6cf1e18e94c0ada8aba35a8d2d8491efd1ada526d5358a592b6877a9783cc9b5e81dd54fec8b9969ffd650c0f8aff2e3243dbe18c

  • SSDEEP

    49152:UtAZanCoV4BdnctNbS/iXmYjlV8O7pzTs8OYFFxZbVybdXERd:9x6Mdn0p7pzTsQR

Score
8/10
persistencespywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 34 IoCs
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
    "C:\Users\Admin\AppData\Local\Temp\1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2592
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5048
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies registry class
    PID:4640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\Dont_Worry.txt
    Filesize

    738B

    MD5

    7854423ffc1ddebaf6d2aa0319df9da6

    SHA1

    102f885e12ab54c45788d080dfbfc259719c8897

    SHA256

    d00e18a6aabc9c410cf6ed54974e57d13a29d30cf561e21f3f2d6155fbc2a07d

    SHA512

    0d7b9473e003df7184d88c57c1f2a82c7afce00c560c8b8bf3d111551e89a0b651ec1fbccad8d6aa7042bcf23ba96a804cbc3b5b73466ea8b74bc18f2cc8345d

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
    Filesize

    52KB

    MD5

    5eaee5092d01fd39b4abeaf43ef9d80e

    SHA1

    eb2ebaddd251aff6894230d95377c86ed6ead537

    SHA256

    51f64a93a25cd12a019065796bcd7c9e8ed42a88ddf6e055aeea2edde09fef68

    SHA512

    a5cc56da99547da8a4ca0af4c308e9b617046051ce679e1eb720a2c2413fbf19ab84bf3e0ec7c98219cec93e36cc4ef64506430f6d4f12a2a9e41e5308d5c3ee

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
    Filesize

    5KB

    MD5

    93067d32993ffd611c11de18574798df

    SHA1

    b6f3431999e67e1cadb5cecc91a14533492ff505

    SHA256

    2ef59d0f7bb254b4c3ab2d96b23747a78818bab8ad1547d95d753707fe13dcfd

    SHA512

    e2a9c55e0921da2d4f3c000c63babf763f2e2238d49ab1764795799c06db53d0d87f07498722212083c1c12d819fc8f23194f267b2b9cba5881cfeeeb80a8e52

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png
    Filesize

    9KB

    MD5

    2e46b6935202da0450fd1f384088db06

    SHA1

    8dc69652997a1c0297f16a04c73001e9b968d9b4

    SHA256

    14a1883a1a28b0e51916bf0910ba95f189219b52ba6dfb1ba529645306cfe8d1

    SHA512

    fa2db71fe852ab80713a61b70af4d328ad011c208d3437b970f68eff704e93f8c8c418ba51a9f0e5af372ad517e2ac9bb420f98768480f3d02bd24cafdc3c303

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif
    Filesize

    9KB

    MD5

    b6dfafbb2a05dc380fd2c57cf9c49458

    SHA1

    c46170be9d88cb44698e09df2b8c2f698ed34d2d

    SHA256

    f0a22bfbe60d535bdd3b618d32f691f41681aa830a892e955ddd673a6c278c56

    SHA512

    d4fd6f11afc101d38919e22c377cff85a7ab7960792aac076670c5a365ec392b9a12b3bff27f88268e33b94d38f52ef8a69a01b2c370daa6e67d58242473ae76

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png
    Filesize

    16KB

    MD5

    3a5bca007d35cbecf1c5d376791227e5

    SHA1

    7f08e0be73dffaac5034ec1277ddca453b4cb8e3

    SHA256

    99e9ccb65495e0b72fa9a35c17cb5d310fb4a5674649e6e3e7de1f1af8cf3c79

    SHA512

    72136fb7a692bb6a7a36f59dc2b2e39a0ba9f94efd31641a529f3210993451ca56b6f04409ba767bc7dd620bf23c5a51091c01af85e7a5c799348740f2fe82ba

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png
    Filesize

    9KB

    MD5

    722cb0773777496a629899316290803f

    SHA1

    a6b1de68e91c7f2a7e1e42c36d4bacf8c511438c

    SHA256

    1a3c006c854f7b22f8f0ff86cc03ba782abbfa8f9bf6c2f97b8dd517ea6c6cd5

    SHA512

    798f34ade1da1ed6fcb16113f171334563f01cd8dc3db805f013990f866cabfa36b905c7f1c26c28aedf59bc94fa6da282577d0bf57235f0fd6074a1fba5820d

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png
    Filesize

    18KB

    MD5

    b248edee06a7f18e06f3b197051c5460

    SHA1

    63c3c82b745d444a0750c513a1dcfab1d7d5ddcf

    SHA256

    67c53d8362bbf60b3923be5fe44cd8d25abdf890ef86ebd30473c3ea12b21690

    SHA512

    6d69327d38efafaecb53a4b48a5c016cb44b88aa3ce553bacc221ae0d480974eb6aef2d4de2e26a707cc4bfe419ee134d180bc760392ab9de4ec5d912195f748

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png
    Filesize

    18KB

    MD5

    8f8a203ace0cc9e1f4299b9448e9dd8c

    SHA1

    510e99dbbc81c5f1cca6448f7810a46ec9e2eb90

    SHA256

    0301770ac3ba68db961c506891edbf63e2b01ff6e815c6d626029620ae1e8a61

    SHA512

    89766dbd1c291be87427562b9b9511c838b09de3a360e6e46eb1eda5296d89674a2fd9d31c02a6034e8cc5755e3eda9a8ccbdfa02a233ade5f21694ced7d51ce

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png
    Filesize

    6KB

    MD5

    ec22296a1a7e6bbe16f7fbcb4c516196

    SHA1

    ddf74360ead6fe5afc3d49c3ab93c9bbf28cb089

    SHA256

    58ce9f1fe6a2c0a92bc3fcf6db6e0e868ef3d4c5fb237ae5d9ab7caa5d3016c8

    SHA512

    e4ee33defd9f811d2360aaebae61b8127bc53ebe0a46b1298bf4c7658528f4a8b5e87677a19bc12dfe4ad59a89dda3eea31d5d9959cb49dbc1fa15269b656d77

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
    Filesize

    34KB

    MD5

    7fdbd652c81eb64406c3f5426ba154ad

    SHA1

    ff00d63682b47b5bf74e6e4f8a1249e396399edd

    SHA256

    8f79265bb3a07ac13504f6123d50edba8ccb6f365c4db73c7dcd9c70256a8416

    SHA512

    1ae9c38057c7bbaa2fde62c41da28dd2aa4712be37d069745c8d7c70e896ab9e44b2b3a0eb755cc1cd01a4e7afdf7a1f68252d8383989e25eaad0cf3f2e5c392

    Download Submit

  • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs
    Filesize

    1.0MB

    MD5

    e5b035352dd3462e33818c3721882460

    SHA1

    ad6a4f47a7946291bb824697ea809020d5a8e7db

    SHA256

    3fef59c94e2d4f25033d9177b44a543b535cc38530ea391c80e2d6334087ab8a

    SHA512

    21b7f4156880f2c57a033a37b16a01f9a7ab7efc86e480c7c77dd51e887a72db68afb47c700e105a3dd442b51eb1ef3b0be7e0ac2717d317ff4239575b55506e

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Caches\{0B501CCD-3742-4A87-8FC1-8D2F666948F9}[email protected]
    Filesize

    2KB

    MD5

    3b971bf16f27a62afa2c544590d217db

    SHA1

    e00a58a6738fe71714fc96848e6e68940429470c

    SHA256

    94bbea63329e88acf38106fa7d1ed5995077a4d3930e7ad047a052a251ee3e03

    SHA512

    363c7bb13db12268cb7dc60483212ec0d467bf20204ce7ce64e90a842a8e01a54234edfee4569c5e3fee13e5e2286662eb70d40f285729e1ab7c96199e16e11f

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}[email protected]
    Filesize

    624KB

    MD5

    3f7f77d7672f3abf37e4bb6526350ced

    SHA1

    28eeb3dd2a7cb678eca8e76f539ff98c84791edb

    SHA256

    be6b189e8fcea447916345ca878ce4953c692b5e4426c1f95fd3a7f7f83baf20

    SHA512

    aafac639255afb59b89c976e31092784f9106f7865c15944ae41bb6c601e5251401781303c9da9e98cdd769bddcd682b6dc30e2c6b7510e37630b12023f68774

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
    Filesize

    9KB

    MD5

    c4c2f442f5cf46074080b52b178dbc8e

    SHA1

    6a7dc65c70056d97c0dea7d7a5ac6818337b6fbc

    SHA256

    74346e5d524ab26043d0dd76a52daf1b53952aaab2dc355a6f0cbf0aed3033f1

    SHA512

    de2a9cae85815e603e2a5e53ea3a2a4169b63c510618764bc8f1df6cc02642b76c79ae063878a0399d4b07894bcfd838990e4e61b9c3caa1f1e8942d91f157fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0
    Filesize

    9KB

    MD5

    1273c31c143f67f942455123a5fe003f

    SHA1

    ec9637afc2a79ff4b2f6d812ff98587ff8806854

    SHA256

    db7a4576a85ee0151bbb0b56ac97b4d4352d9fc464ce4ed9d230bedff2c57c1f

    SHA512

    6edbacc3b1318ff0c5b01ce20002ed03b53fcf35389b4f8004e10b4b389fb5c6d5ea6c8f06c7457da8ad4e00880cb883e29c9d2053dc05f509dc58c63e3d4883

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1
    Filesize

    265KB

    MD5

    72fb806b5d731d2d6fe31f6ec41011b8

    SHA1

    4a47662d7ce1e412888370c9773ff18462592f18

    SHA256

    9fdbf5f00ce82bb5973fcbca94989760c1558f77406b128eb39203ce4d54c7ff

    SHA512

    78d23db0371fa985dc452d42f0bf12496b2b6653738472926661c22d664ae67c401a135d8d461d4e50f259ca757003cbef1109267dbb4a71caa67d19e33dc5bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3
    Filesize

    9KB

    MD5

    db97b084f05d936657f93fe44a23ea45

    SHA1

    d5a729072aa886dad52b0949853fda5cf9d41adb

    SHA256

    8d76bde660695b82b9d66af9e450530ad71706e5ad2ef62f2e6d82ce6f1dcb00

    SHA512

    d3b971ba85f10dfabe080f850ce8cf1ae11a4ca2d1b7409645ae729ce18c2ad0b1a37d11831fa46038bae5c3b355c514f54668ab372af96e61881e8cb1736616

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help
    Filesize

    37KB

    MD5

    2037f52b68db0a6ea37c5953ae6dc934

    SHA1

    c98bf7bd34b44e06c6d13d51046b2ebb8567bc44

    SHA256

    0fb2638e56e08121aba4791c7aa4a6c1bf5ab99135d7591b1c3c534b4d72ab23

    SHA512

    a0f684fb8c6ae075d54092f5596e8b025b6a1938c888639ebad135f3d6c68c4a10f7a37a350f028e4d088b88a390d8bf06012cda6bb55a9a9321570586640054

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_vlc_exe
    Filesize

    37KB

    MD5

    189ba3de8e185f8e6bc8f537120e1518

    SHA1

    180181e8db3f23897658b5b1901db4699474cdbd

    SHA256

    2864b70bc209656eeb9f4840113fc4250290fba62901ec4a386c7c1f9731e314

    SHA512

    2dd0d5511dadac56e25e7358592b66d71617e50e8525ad1cf873acbf8dd66abaf225579703b3aa02c72e40851daff0abcdec68738475126387389165b63946bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b439d8cd-4918-4c70-9e19-9a97d753728f}\0.0.filtertrie.intermediate.txt
    Filesize

    30KB

    MD5

    8b00354c75f18335e6edde029ed2af54

    SHA1

    2a491c640e1afee26cbf1c3326701b1f529630dd

    SHA256

    15067ad5ac9e6c9205c1396b2c11ae739d08f0cf2984d2c795c56c6c51be1da8

    SHA512

    82d9437cc9351b712e544d4608ff6d03dfe90ba41c80414b789e3033cc820c0ca28bb5773e157ad9762613d2445e46582819c7fd398e7be1248a3b8a681d1f71

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534370011333363.txt
    Filesize

    48KB

    MD5

    10bdc940ffa50647282045d2799ffcc9

    SHA1

    32dd5f1483b99eaf8d43df27cc8c4b51c9ea0a1a

    SHA256

    f0a038b98a30e463755ae66b69a5d9de3ec64883a48ba58e7cc29ee0242507bb

    SHA512

    e67c750b2de4fe0b41c95feca49950e5d3180775112676f8915405ace6af207ad113ece20e962712ab3ee9c00bbce469d1d15dd44f0c45ac1ace720ffe8d8e44

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534387468409957.txt
    Filesize

    75KB

    MD5

    e2f0cdf0b17ed1e85278844abe675808

    SHA1

    0f2ad18e38d61f7ab31a3be731840713c82b4021

    SHA256

    6cb39d17a3e2c1bffb16fc72d8462ee2fd0509279f00a8358574ce554f651fa3

    SHA512

    3dd300e578aa49788f3614b8f498d42f065d7f4504248349a07f03dd8b344642f158f44dc97150bab06bb8b3f7df47fd14e350bf267743cbc78b2eaf3a0812e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133559381484545984.txt
    Filesize

    3KB

    MD5

    6c02e95684c22fea3d0d39b174a8f651

    SHA1

    4024578af114c95438fb2876cee5a13c3880544c

    SHA256

    0bf49416f4e8e1838ce28e68b66074a38d113ccb0f6da4d4186e849c54b5f505

    SHA512

    c3cc8776d21856d64731dd60dbda995345c0a90041e90f78538c7d3fe0fd79f5a13bebb76dd062513388e2f5456f3eec95d58303fff24297f81f80a547fc30f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
    Filesize

    7KB

    MD5

    43f5ec18968f5117691b6915c22c9dcc

    SHA1

    354464cf4204e724a48fc8194b0538a4a7c7c3c1

    SHA256

    39eecfc2335395cca6efd4cd6af9b632f25016d4011a92a6d7d6a33fc7431a2b

    SHA512

    c17b8cd3e4a8a3302f100b1df8d371119e5023504266644419afe5cad584623d24a51fac20df0b78a5ee9e4ac4f1a57b9b1c91a9423c10e14f1acad2b925d029

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wct60C3.tmp
    Filesize

    64KB

    MD5

    9064001cbdd9d5d9992885a508816fac

    SHA1

    ccbc186b24f6a698bfba26c67d2d26cdff394027

    SHA256

    d1a84833902729489333e26cfc68cb1857cb3d4d072a44857ad35964855ca93f

    SHA512

    6372ae9b44fc50b97584782061264ecafa65247c868bdb0e23abe88bf17d4ff355f3c28c07c259cc022a3e64698c068dd629d5c386810beea18b385ce86980f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsuA336.tmp
    Filesize

    15KB

    MD5

    def1771957242448a18f49d9eb03683d

    SHA1

    eec8cfc5fd464f705db9cc9f3821fbf3d6d65b35

    SHA256

    0a5827a8a0b81a71f2c456a0580b93e63049d46384f94fa8f97e361bd359245d

    SHA512

    2896e42d3277ea503fee89c40dbf8a135c17a8d88b14845a9b70ff272ae60ad9b8594da765ebc401f6af5ea4c7cd8fe021d376e0d034becefb105d0550db010f

    Download Submit

  • C:\Windows\Installer\SourceHash{3A706840-2882-423C-90EB-B31545E2BC7A}
    Filesize

    21KB

    MD5

    24bacae6c84a9c37e69ed6f2b7f2166b

    SHA1

    4e27dd228fc0a47032c8bf82053180fe311b332b

    SHA256

    0adea435d4ed33cb08066186ec2d2198397f1bc5cd608f846325de8f6a29b29e

    SHA512

    8ea13fd01b5efda91213507c6eb3a6a19771a73056e9d3798114686e4e1f229d38fc9d787b8173dc865f26766d185225d8d27c035116e6d85273860e8eee58b9

    Download Submit

  • C:\Windows\Installer\SourceHash{90160000-008C-0409-1000-0000000FF1CE}
    Filesize

    21KB

    MD5

    4abf4df83fe6ad3adaf3a818e529a7e7

    SHA1

    bfc388cb2251eba2df9ae822265a721e3c840b2c

    SHA256

    3f32032b87a2a88f9627c3e04e209460ea5211439be1f428b8390d0fd8f1d5c7

    SHA512

    74933c96ab00703b77e82d2106e51bdb598a19fabcec54f29efc2c8b9970ab718822b981936ab398b15e8f6e31f00aa0e3d8584a369f6748482d7fb1f4bcce0c

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql
    Filesize

    14KB

    MD5

    049f07ec1c24d2b2460fe202587b4ae1

    SHA1

    4b0d2ea238cee19fae2395cd893dc08e585bf4c9

    SHA256

    75a61e96988f0bb520c20fdf906accbb7a2a8404addc88bec032783a6cfc0202

    SHA512

    700ef6f686f702ffba80aad98ac13078e56e44af5f424e913d5f7f314f4c56da3269609cc97204cd1e45f052577f4ec9e4e77ea4884360c093285f76da181cbc

    Download Submit

  • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql
    Filesize

    14KB

    MD5

    9efb1c7c2339fdf1aa644d884543e8d9

    SHA1

    7aa910dbbf3a85b170f84661beea036f386cddbf

    SHA256

    661db78acc65670c115bff8e130fe54860de8fb2852baeb60b83a04beef0fdc4

    SHA512

    76ebab0a86d2f29c067c253299b130edb42f11113e3f72415b29de558fb9a066be39712075c0cf9d7b5d68c7ec5e98a227912e1182356cfd73cabfc924e8afd7

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\Steps Recorder.lnk
    Filesize

    2KB

    MD5

    245b8ca66207c9b8bdb0042dc9b11ea0

    SHA1

    c59ec61b990af5f208ba41e2d3f0f44fd00cc5bd

    SHA256

    ac0ed6dae5267d8a0e5effe906fe9977a2f150b2891854d24a6d121702c25b18

    SHA512

    d38b1bc94d58ea8bdb7829de9d637d9d4346d08542cc5e5c065ef3b1ead38f9b6a46f689337c08600b265edfe4e01f1f2372f010f55616a36e6e0e3a897509d6

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\Task Manager.lnk
    Filesize

    2KB

    MD5

    e883bb272ce33bd066cbc9b86d870531

    SHA1

    e08e53efc1c8b75b582b6add642ad905e72bf3c1

    SHA256

    08b200da6846eac1f9f4f9a80bab0feeb925f8453aab0602fb672d3933fbd9b7

    SHA512

    f7412048768f8696f4be72e971c283dbcfb059934aa2a3f1b1994e8798b8baf86cb87c70e090ca2924367908c7caafc68a351183bd4b48353ff7a9c35a5fbaf6

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.746_none_290f6af7d5263efa\Computer Management.lnk
    Filesize

    2KB

    MD5

    fd86caf9d4017df48b1bd197080017de

    SHA1

    df006d5feb6e017ae587954d8c519491d3befab3

    SHA256

    4a5485b1b83a7ad1d1fcfb0156883a6b834b2c0f1a200002719e586536391d5a

    SHA512

    6f37efd63b471cd3c621dc313cb96ce88f226a1794b885578dae469e72443f6ccd4c63114d01571d7610b06ba3dfbd53f50bd7735b98090296f471f48a764023

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk
    Filesize

    2KB

    MD5

    69a282a23069de69be357993793bb4fa

    SHA1

    191718c5f3fcd04bf2d41a294c8d958ce24746d2

    SHA256

    e595a9160e55c996920b712b44583dbab9d2f6ce597b5468601f63159556f75e

    SHA512

    f0a11348188e2e6325faeef484c0cf1b8c20f033900078c9b9984c5f80494586ffbb1b626b5b5d8440f5b9c08c68ec50784c9f6fd97e9942fe4c44561302c2d7

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.84_none_90b92bf6be625d1b\dfrgui.lnk
    Filesize

    2KB

    MD5

    f6ad5c71c9e40bc1834eade98620c9cd

    SHA1

    a6bac4a50a66df79c81f3fe6ef39a1704a3c25d0

    SHA256

    0b34ec91cd2e29e3cdcd8721d74c007d37351c03f5232dbddc61f159db6f4e1b

    SHA512

    8f55d02b79e692fd94c9252c3b15f0303a58859941128682c299f1c29c312be3af2bd4bb23edf655cdd157c3c2718281835fc2f30cb7d8cdb3cafa3653a177af

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.746_none_56f2f7338735a9a6\Fax Recipient.lnk
    Filesize

    2KB

    MD5

    28db9af7575929038757e1878948bfa7

    SHA1

    8b4e5c074f3a2e787f1b6b2714b7811e689885e7

    SHA256

    5c850e6c4ae7068e55f507df32936adbdb40edc1863b97e1a3d06c3bc1abcc0a

    SHA512

    780555a88f649200b48a6785a67a42e1e1ad4674fd581e3822405d417ff2e4a6c872cf6da43f7bb07bbd9d19fdb7ea5d22793f901de94537be31d8782c76bf13

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.746_none_56f2f7338735a9a6\Windows Fax and Scan.lnk
    Filesize

    2KB

    MD5

    a86fd61c81abc0f352db41641f91c95b

    SHA1

    e8c10d053ffe6da3c7f2f39b3b599df8f9f5cb6c

    SHA256

    cf66b64e5997228c95ab334eb98ecf4e9795f2deaf789931a3d32cfee8ba7b4c

    SHA512

    e1b67b3e6af6fa0e6891ab318e294f05d5a335742c800ec912d1b0424077f6d50c2574e635f97f911f8869b78e12464c85daf63cea37f8466cf692cf2c5b6755

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.84_none_65d0f4a4c6cd4975\Magnify.lnk
    Filesize

    2KB

    MD5

    95469f6193f1083201968924f14ceb25

    SHA1

    427c4d563f98cfe2afb709ea1ef3d45869e5abfc

    SHA256

    44c99daa6937dab715afa9e0c9d8d9f9027f698736f479269276c3dba31fe58a

    SHA512

    13353b67be44742f7baf1e84759e21372b2fb47239be5cf7ce918ec00f4696804b4e7deed04d304cecdad699164a46115dd97c74d75d88459782800578211819

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.19041.1_none_906b4c073d1d970c\System Configuration.lnk
    Filesize

    2KB

    MD5

    de674a4d2f1d061b68e24944dc3b3198

    SHA1

    b1b51411708c54f88cc16f732e16000d2e6f79db

    SHA256

    aa95e13789da3877f4aea42342698946c034049c4dd9775c8ee0f63860a9a06f

    SHA512

    9ba464c013db9f4bdf5a62ceaa7108a0c81e225e9dbc136ce203aeb1e0d0f6469c60b5b65462bdecb85e63e809d1c957fd93048a2276abdb1c69cc61214d2f6b

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk
    Filesize

    2KB

    MD5

    bf75dffe5507a6ff65392a30ce4b6350

    SHA1

    d71abaeb64c3b89fe6395ed79c1cae3101a3741b

    SHA256

    ebcf00f93e2e66a6488279111575bb709c0c931b32de14e0d534accac892584f

    SHA512

    62b2833d18636a4a72147784f1d1fdfcd339c4c62133adc93f60591fbf9a78b14bbdc245b7e8382a1bac0fbe751c1030a7197f7e63a92e7d7cdcd100456baeaa

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\Paint.lnk
    Filesize

    2KB

    MD5

    fe2877a20b1213d5821cb8d322d80bbf

    SHA1

    0857d116862d9c162e93fbda27ac14eda334fe3a

    SHA256

    03a54217ce5962bfc54be757b146832967413813c29f697fd26a76c0858e47a3

    SHA512

    da6ad876a8a18a7f6ca5bd125d7024ac08e89452ca7e2b3b176b543db408a70a438590f6d9c6fc69c999696305344c67d089a8c228fb6724aac479bccae290a9

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.84_none_b5c0f628d1d661eb\Narrator.lnk
    Filesize

    2KB

    MD5

    bcab25cbaea5fd3f1705722846ac0d28

    SHA1

    f976f038e5405990df1f0daa61682ba294bdb9ef

    SHA256

    032557570305d521b9bccce1624a097262a9963dde81ae0cd3d6c2b00a887afa

    SHA512

    e279e4858d3925f7be1f47637ff2149229050dbfac5b80a932e2048fdfe0a54d4f65e46f1df994e3b97fdf045a279cfe7e659c665bf2e74025c6334d7ffa3dc9

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.117_none_4d353cf1ceb5d6d2\Notepad.lnk
    Filesize

    2KB

    MD5

    2870c432f1ce6dbfe3237ff70567177e

    SHA1

    bc6ed5de9bb7f31f7cb02af5f64a19ca117128f6

    SHA256

    684ea7395a35e062b89f275b35743271c6f3ce102ea11fdcb0f3a6a9f2bc6d3e

    SHA512

    1301c6d62f77771b4a548895751e06d6cccf02c76609ef8539e11d322ea6b6dd0d2cd065c84749200217474aceea7a7216de38964c60f5d136b8310d83aa5a5d

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk
    Filesize

    2KB

    MD5

    f3f2a220558922ce33b8885a3af218dd

    SHA1

    110a9076b72a783ad47c845eb7133d8ccabc8c3e

    SHA256

    33c268939a5957678343b43a302283489a058e59e5db084d82631e664e5109b9

    SHA512

    705eb5768c9417bb7f0ed009c7492b7cd70f2dfbce2f7f486fbe78830fdc025560f0bab4cc5977217b879c34604941ef781e44a0e4c8ad8495fb8d68807bc8de

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk
    Filesize

    2KB

    MD5

    aa3713c50e9a75a96b0b1c74d1fff746

    SHA1

    38a062900294fab8ee837749129732949c173903

    SHA256

    f4310b20a401218730aa34d55dea4dd388ca36c56c73216309395849b3a8879b

    SHA512

    50dd9b21a6c930bb5a76f265ad650fa07a7a9b443f06abbe4495ba72a54dd6f3ea274ebc5e565177bd364fbf366432c89cc871b58ae37f78c99a30645f771686

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\Quick Assist.lnk
    Filesize

    2KB

    MD5

    9f33bbd6c1a32e2d528d13364c8139a7

    SHA1

    54d02842a514eec657fece7f165e1e5dc9d0b5b3

    SHA256

    b00fddac515fb431109cfc68ffaa61e05c21ca097405c9aff3736b9339d6fa5e

    SHA512

    ddb4ec6b5725b128bc41e1647055479b9bbfdd1bde1d9978704a4a43a2b9f21d6c5972338290fa1dac4acc97bfb1256d931770db52996160e40e19d53dcd0b79

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1_none_de83be952b0afb6a\RecoveryDrive.lnk
    Filesize

    2KB

    MD5

    d47b858285f1252d9811106742b32c93

    SHA1

    798370075028d7cbaaf8bfd7d5dc9367935e0fd1

    SHA256

    032046853578a622cb2df945be0a90bfb3ed4d8385fcbf996a8c237f8b2b62e7

    SHA512

    720e1c09ded5365fe5fa82663909d50b83bbc328453a9652a76cead0408ebec989e72fa2808f1721633cefc268241d7782037eb9a6baf3e328117c61963364ee

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk
    Filesize

    2KB

    MD5

    7b6445ae9c62d10fd7f44c54b911e0d7

    SHA1

    e82c9420eb4c066ce14d6f263ae79aaec7715475

    SHA256

    b9b3e1f730458c455b638179a65329affb1f4fd9ec75a4a8545534698511fa68

    SHA512

    ff51601568c30600a15ac08414a28a4b798e81e0ef753596f867b7f5071838d8700bb6a7ff7a91055c09e34032e091496fcb4963ee38ae66ed1b0799649e38df

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.19041.746_none_77bd4cfbe87238a7\Snipping Tool.lnk
    Filesize

    2KB

    MD5

    a5ceea9712062d1599a644fa00ab243e

    SHA1

    083f0ea23b5b40c7a750dfdcd5339e9ce1fc349b

    SHA256

    f8ac51f934661fa9614163071632c55f670fb787e639ecf5f968d4b53045c68d

    SHA512

    0d29cf95200ec7472252a9dcc37963bfee6deb5f7b8dacd273e3dd7dd2a2b5f1331d82cf182fecb0d2c95550abcf4be02b599a65729b551bfb5a55de063f1806

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\Speech Recognition.lnk
    Filesize

    2KB

    MD5

    5f245703f03096835558c18f42eb10ba

    SHA1

    05605016057d587915b93334d8475a44ce511aa9

    SHA256

    f5730578c9425c592b2f630dd92a5a2d975f92cca7587fe0e4b2648ba365595a

    SHA512

    f29b79ad261c9e30a184704767bf3f6fe20b55f9e0407626a684ad1a797bdecd61c967bcc5781f4f5172b587abe90522e77c115dfd0843d107dabc479cbbb6eb

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_10.0.19041.746_none_a89acde4afbab635\Math Input Panel.lnk
    Filesize

    2KB

    MD5

    938b55c2485f051d03e28e0875786f19

    SHA1

    92ea9b0a6efea9799ef3eb801fea11ac8534c44f

    SHA256

    675b27ffb9a51346f04c0ebce7a1bd38d2ab7e937721e922c1f893067cdd526e

    SHA512

    fffdd59aa2a0e36effafca26891d15028112fc753648688d5e0ea5941c85e42d7bfa6d4dd259e054b4b6e98de050f07bc43e2f50d55897aa3c157894a2927374

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1_none_03cd5b18c0751679\Remote Desktop Connection.lnk
    Filesize

    2KB

    MD5

    b3b991aac4bcbb43c91190a029dc5706

    SHA1

    55b9c88e1b1ff27feaa8aca5f17254ca0aa62dc8

    SHA256

    96378d7197ff743f54758aa1f2a89c2345833f3094a5ba8842c65098740384aa

    SHA512

    2534f22da6a38a0b01172f5b42875c268fe1b33f57b420dc5b72fbf0eaf47f431eb33e1b1f38e1c73f8499e904def8b988b2b24799caadaad8b60e5cfc5b2fd3

    Download Submit

  • C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1_none_e3ab86b70c430b3c\Wordpad.lnk
    Filesize

    2KB

    MD5

    3853e796c062fa3e506ae13603531af3

    SHA1

    8782c6e15d353d01a8870c13f13e5d60e7946100

    SHA256

    1953bc0f7b063a2214f1d6802f862ab8ad6a0447fe2556e1401efa47033579a9

    SHA512

    88dc252237294e702f2bac08d8e37e1abf929e9192caee6d33f49c4408c0ab9524395e518e7920998972819b7304b76c69bfbad3a2e547a5180db7be941b0b0f

    Download Submit

  • memory/2592-15491-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-19977-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-11666-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-19567-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-19679-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-16892-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-16972-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-17262-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-17791-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-7599-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-19115-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20000-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20004-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20006-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-5265-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20018-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20023-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-20024-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2592-2507-0x0000000000400000-0x000000000064A000-memory.dmp

    Filesize

    2.3MB

    Download