6183c1a2a1cf6f0ccfeac2cf4d8539f332730ce70c4fb9a958d9641d8443f92b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Size

5.9MB
MD5

d081e83c3d2cf3b5665dae5bfcc6f44f
SHA1

85c7bffa89114cde65cc25f9d4165e1015c74959
SHA256

6183c1a2a1cf6f0ccfeac2cf4d8539f332730ce70c4fb9a958d9641d8443f92b
SHA512

eb9689e0c7b38aadfa345e9aba88a424687edafa849b4b850b8d02316f80d9e676b8d6a4c16badb4ab81194d48646956f38f0fa25a20fd2ab94cb09b0993d039
SSDEEP

98304:wFb5Wmoy75V16+P6lnC6tVoaq0LVbBIlbBTVXf1FInq+WxaR++dntHClq9U:wFb4mBnE+uhbq0LDIlpF7xL+JtjU

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4152	PPStream.exe

Modifies system executable filetype association 2 TTPs 4 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\lnkfile\IsShortcut	PPStream.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\IsShortcut	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\lnkfile\IsShortcut	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\IsShortcut	PPStream.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WinPcap\Database Compare.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempPowerPoint.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempAdministrative Tools.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempPaint.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Disk Cleanup.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempOneNote 2016.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\System Configuration.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempQuick Assist.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Snipping Tool.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Disk Cleanup.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Registry Editor.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempRemote Desktop Connection.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Administrative Tools.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempWindows PowerShell.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempWordpad.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Word.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempWindows Media Player.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\VLC media player - reset preferences and cache files.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Command Prompt.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempODBC Data Sources (32-bit).lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempRecoveryDrive.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempWindows PowerShell (x86).lnk	PPStream.exe
File created	C:\Program Files\WinPcap\System Information.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempWord.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempOneDrive.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Windows PowerShell (x86).lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\PPStream.exe	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WinPcap\Firefox Private Browsing.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempDatabase Compare.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\RecoveryDrive.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\OneNote 2016.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempVLC media player - reset preferences and cache files.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Windows PowerShell ISE.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Database Compare.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Magnify.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempMath Input Panel.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempDisk Cleanup.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Firefox.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Immersive Control Panel.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempRemote Desktop Connection.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempSnipping Tool.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempQuick Assist.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\dfrgui.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Tempdfrgui.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempFirefox Private Browsing.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempDisk Cleanup.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempVLC media player skinned.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Telemetry Log for Office.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Acrobat Reader DC.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempNarrator.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Quick Assist.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempODBC Data Sources (64-bit).lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempOneNote 2016.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempAcrobat Reader DC.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Windows Media Player.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\iSCSI Initiator.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\TempTask Manager.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\VLC media player skinned.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Excel.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempAbout Java.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\TempOffice Language Preferences.lnk	PPStream.exe
File opened for modification	C:\Program Files\WinPcap\Memory Diagnostics Tool.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\Registry Editor.lnk	PPStream.exe
File created	C:\Program Files\WinPcap\VLC media player.lnk	PPStream.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PPStream.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\IsShortcut	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\lnkfile\IsShortcut	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\IsShortcut	PPStream.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\lnkfile\IsShortcut	PPStream.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4152	PPStream.exe
4152	PPStream.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4152	PPStream.exe
4152	PPStream.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4152	1808	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe	86
PID 1808 wrote to memory of 4152	1808	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe	86
PID 1808 wrote to memory of 4152	1808	d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d081e83c3d2cf3b5665dae5bfcc6f44f_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files\WinPcap\PPStream.exe
  "C:\Program Files\WinPcap\PPStream.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system executable filetype association
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinPcap\PPStream.exe

Filesize
13.4MB

MD5
d743bfa3c1e2ab17faa75cfac8ed5fb1

SHA1
2946b93c9a31a8c186fbe77664cae6437a4c4f28

SHA256
a2ce05b1fb82ae6fcbfdf70b106d1814613ff069f6c7fa6989be7d21f5db1483

SHA512
42cc10b7f56d8613d90455b2f612d7aaae41906696b40efbab5e10c982925a930c7cf3b2f6f301033c8599bd702e6759812f811b7b23149a0da249e5d283107c

Download Submit
C:\Program Files\WinPcap\TempImmersive Control Panel.lnk

Filesize
2KB

MD5
2baafb3b32b7a347ededd0764903dfd3

SHA1
37869fff67ac5cb8d7963827c705dadb04c1e7eb

SHA256
376350b762792040040a8aa732d0812f95a63c6541621e84b013b865916c4405

SHA512
70272d9601ff603ef22ed21c57b453a6cb00c271d887ee4dd8faa5aa952bed6b891d662622c0f492e41e1b78ca07c6688045b17e34799dc6fdf1607d98a75659

Download Submit
C:\Program Files\WinPcap\TempODBC Data Sources (32-bit).lnk

Filesize
935B

MD5
a0d351a13aff6e7260a3ddf4a2620e4f

SHA1
6ddd865e33cd5c27c1ec11aabc15bbc3e87fd6d5

SHA256
57d4544bee5b6e3a414e85755087e71dfe436b04224ec0f2035768d0f92b9f4d

SHA512
4cd52d3b7ed682dd430d6830d3015f6dedcd6df93353782e7ac63ad20dcf6e047e41d76cda8a2c2c97bc09651b1d4a95e304b494d889d1b910a324b676e55436

Download Submit
C:\Program Files\WinPcap\TempPaint.lnk

Filesize
920B

MD5
b0041c90058cde6286643644fe8060a9

SHA1
525624fe84a6441ef560cf26d72f8436bf6a1fe1

SHA256
46c9417c4905ef49abd2ebe31d7bf9b1830ccb4e18b5503be26771764e27e166

SHA512
a6f77c518095b77d857e8d1ae02ccf2b73323172e1b94519244cfa8e3f7fc599a104e2ca50c357cc0701f3c455636f61cb26cdb16340f6db889bd09020b82ce9

Download Submit
C:\Program Files\WinPcap\TempRegistry Editor.lnk

Filesize
873B

MD5
5c13519ef27a0742751d2f857cafb55f

SHA1
13ea657bea30d46108d2f49f3322c944ccaf7a35

SHA256
34795522364e8739f3500669eae30ce6f3c135e6a26bbab554887a2c28e07eef

SHA512
fbfda7db1e22e5fa1a5d8afd512057f177eb8b9a62ca15cab8798d957ec3b79c9cdb2cec46885532d3713a34e6cb3ae49685d6c2887d43737b4e76775b2c5911

Download Submit
C:\Program Files\WinPcap\TempResource Monitor.lnk

Filesize
909B

MD5
ebbb0779deb9a32089f05a30f2e3f659

SHA1
6cc86174e6a49822fd686fb7810f26f7f59a2d70

SHA256
45c4be888f385cbac2f7b78d8ce5a26e30aeb023d8843bc6e649781f823e085f

SHA512
699b3de4bcb68d73b5fda2846e8fe2e7665da7fe0077daba63d06086f2ccaebbf8a63ca23458dc7ae5347f7a5875c55bf194eacbee6fec6be4d25ed529beeaaa

Download Submit
C:\Program Files\WinPcap\TempSystem Information.lnk

Filesize
929B

MD5
f9bfb98a4609183f8a15639430aeabe2

SHA1
bf2df419153309a4655726aea34d814290419a69

SHA256
32c7cdcbdf35c890961de0ef8ef68ab32133bf6ed24558456431de797dbe2613

SHA512
4856dc76a632ea41e7b3393f78c69880eb5db94216dca683804ae567d2e804c7aee08c1d1817ca7ebcd5e1949729c7dc812542437f9ba6155dad0e1c289b137f

Download Submit
C:\Program Files\WinPcap\TempWindows PowerShell (x86).lnk

Filesize
1KB

MD5
cf2860891d9ca17b615b1e694a8e077b

SHA1
b9ca46598e029de945712179678da629ecefb796

SHA256
da6e3d067e5e18b1d4669cb80be052c5d003b90776c3bf41d8a71b6658e6bc45

SHA512
32b231f342f9ca41be052478ca38abf10f991ec9460bf0876c6c43697f0e4a41b867393686bd739fe76d98175bb0bc6b488ea90378cf9c5a40fad4b2d418b57a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk

Filesize
1KB

MD5
a91be10c95815ef0dc8255301d08e597

SHA1
5c269854b1a9669fbe189d28d96248e016ae22ca

SHA256
d1271b4c104e548d6b4db8bef01420549ccd03245d43a7ede99568327161302f

SHA512
e7c4d60b68b677186a1483c80caf2cc984cccb1b476d574668e8819dc0b9d680019fbed4970eb86aad53d685d124050e1884ca9649c0edfae4c5559bc54e95d5

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk

Filesize
971B

MD5
66e60063e5ef3148f0f9444a75afd55c

SHA1
46211123d16cab1f1cef09021d8d20c7bd8826e5

SHA256
c78110fe20cf17011acb6ab8bcc8247e0b401c156f75d8988a87450eb21dc1d8

SHA512
b2411276d87912fe0765ad90a0d4dbc62a915b78a3e3deae188d04a8fe2cb85a2c14208555af60c0ff72f45aca45307209d0a22ddaf9858a9adeb4df821cef99

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk

Filesize
1010B

MD5
35cdeb739201631261c7dcd3c1c338d1

SHA1
b45025d9dac2519c23d492ccfccaa8a8bf04040c

SHA256
c0e2a48e6d0ce0fb16e1d463cf4f5878bed2438d5d9d68a68c48924736a72cd1

SHA512
e6da86a4918340a8a6e2b6c04cc0729cf2f4b11b8248b3532d9faf8bbf8be8fc45cbfda4dacfab30d743b73d256da32ac795840981678070c93b68391f693ca2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk

Filesize
924B

MD5
c7d14b72cc189c166558f217f7ef33d1

SHA1
3aa224b073f201896474f03d9f9e6b273ddf7fea

SHA256
6675a06b4a391551718c422175bdb7c496c494b3dabba251e0c32a051d36b95a

SHA512
4e2abd2dc06111f523467899532590bad3d3831e5b66f497db53dd31998d72e259602e1f75a68bb37e9b129e8f917538673a9cd8ba4b56df53df8c34b54d061e

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk

Filesize
946B

MD5
c8baafcc99ea10cde4c90d4de52e7bfa

SHA1
582423df7eb4a8f745c0cacea811e82ee03b7367

SHA256
bfcc0f5a50a28c2ac6526277f75d9e4aae7f241541c0c2ff3f7df9e43cbf3242

SHA512
ba0dd801aef912a067d57c8a61be0c0af4111c9a3b23c6ba12e462241c9ae3b5beb47d373845af9e82d2a25a50e381cb36ab7c8dc88de89fb0ed439ac122baca

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk

Filesize
1006B

MD5
f049dcc5b92112141148c2a87de51dc0

SHA1
438fc0850896e065e8913745649b89eef06bdfa9

SHA256
cd390aa37c1ac3f673a285fbc8987242a0002c21c10cb464ddde984823531a6e

SHA512
b1b42c503fd5b57672e8471899030592df2de3144fc639e412a987626ee5c70d44871ebc9f9e1189f59fe848efb2b4f05b72ce3ef9d0263ae13945e6b78d7aba

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk

Filesize
939B

MD5
c7ba6c38eb9710a36742df1c2567091c

SHA1
baf3dd36c06eb4aea124b5ece334e749bc0ee571

SHA256
88b49dc5a553c533e3441dfa0457789a89aa49dbecbe7a9ff74404d852e669b2

SHA512
55918acccf0ebb03f9a548901acfe34fa845a8506dcf00aa15734ca560ecdabddabb0ee072771477a91172e9bd9be088371fddf8997c7955bb67a2628cc44628

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk

Filesize
920B

MD5
190cfd26cd19c6303a708da474137df5

SHA1
d3d5df6ebabe6eba50b705e4ae40d4925914618f

SHA256
94646ae080c4cc62e238053ccbf27b5cc4c3400cee238da516acf67ac67d899a

SHA512
f1309b8c14b1fefb296130b20fb35090556d955df96a5dfc638b530b0b4dfea61471444beca787b8f6966c1d5f366250c5872d3c2a6f1a83dbd80c3aa6782588

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk

Filesize
919B

MD5
182dcf5eeab6afa4221e3bbc63aeda51

SHA1
8971a0a52ed09fdebb99e41b5782a0dc1e8c7227

SHA256
78c5bceb1f23065b95aadc42cc89358a4628d64b9861268397e18fa06fe4133f

SHA512
b4ae09e44e4da24e1cc84aec51cce6e431a8c69ab5f2647f27ff31c0f1268bca4cef69e586e88b48e7ecdcd17964055a5d42d0d2cbbdc5d86c1927a38b7b918a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk

Filesize
932B

MD5
53f0e96923229b51357ab30b53063004

SHA1
3f6f452087a7fde46ad4c28c53c61c483d875945

SHA256
0d5592e674489f4882caf9deea6f55179acda374b7c1d4df9a17a18e69c158b7

SHA512
3744f6afbfb10b602af4965736112a788b4ce57bd0cbc6a00fab13bcee12509915def794c77d92a7166417ced4de5b5511098d9316e4d5a0fddcc53238e29a91

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk

Filesize
1KB

MD5
e9033d420b9f8a4cd131eec4780cc43c

SHA1
cc71fd0c17cc3de12973b09bfc4cb69d663a9510

SHA256
3e98bc812656254e7de2ef4fe4659f558ab48adefef0f3a46ab44c3369a3238d

SHA512
0f3f3bceb99946b5a83c5a89be525fec66a6350d3dbe8e8861ddf42986da290d52f308018301da1e8fad6ff994dcd00ac24e0a82f8299f162de4838f20cee307

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk

Filesize
964B

MD5
8b02984a5461a8e1dcace2862ce93a18

SHA1
da6b77213ecff05138195a0872b744f065806a02

SHA256
6576d4afa97f74d1f00ada9fa8a17a0fc0e2f38ee1030e9c6100c9625418e7e7

SHA512
32241575cb792661be882a932e86760aca9b1676a2d68f55db240e4964c0e1f31ce326a0b19061ad25da072bff6842eb55162960169e9bb8e0a606e5d5b5accd

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk

Filesize
919B

MD5
582c80fc06c197bfcf0c79ea54e9bb61

SHA1
cc962c3c609e884a8492365c4886375366948dfc

SHA256
3c2a6085691d05edf39cf5312ba493ed56c943fe712032703f6f207011c8ab29

SHA512
80c797c2433fb293dcd7ecfebdc147ad86718224edeef9660e4830890829dc26b60fbfe4d0469cc9575f205d682b220dd1cc0333d637cf97aa209b509aad6804

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk

Filesize
929B

MD5
644f3825b8064177c2dae1d47b5c8558

SHA1
e31b5a8607f6ae74a81d0343f45c51eba710efdb

SHA256
b21ba121b1dda5e6e94552b9e095400f56172d9abc30bf8252bcb495f8f552ee

SHA512
6cbf06600822ebd1af1f88ecbf758615e3a7cb8fbd24796a48a1f0afe58120777431941e3bb7658441ee033e275d6f11cd419f7e137461054bd38efbd546f265

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk

Filesize
935B

MD5
b4113e2c27c77596b16cfb8f87fc71d5

SHA1
cddfff7f5a7a3519f68a5c579ff31983a0ef7824

SHA256
90abcb1f60f6db12860dbd1add0781e905adece0af63f6094aa1250d9a87abe1

SHA512
ed20035bc731a168e997af41ebd220b1d694362d58a66239267ad9135e34eafe1d0d9ab1cdf158a4217873afd6aa8775cdccbef32f64c2b838ec3124461fd3a3

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk

Filesize
939B

MD5
3733349a9772929e66a569718ed93986

SHA1
cf2ae14a250c94e18ac1f0bd4deddd834bd7451c

SHA256
a601cbe499e5e736d5071e271f32bc424fcc8cdb3c61c6e71de96ade88d4d5fa

SHA512
c0c651a9096b33304473d3ad7edf529a63ba17ce56314b3a92824085a6dd466373586c198458bcccf55f477a1cc37d528a9f135fc0876aca62f56d20225537c2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk

Filesize
935B

MD5
f4dd19ee6b98cfd1df6baddb3cb3e496

SHA1
7aed8f619c9290fe4cf38d3029cbd615b8843d33

SHA256
bd09217dbf9e03058cbc881481dc950deb34a2089d12978759f5ee277c684fa4

SHA512
c1577aa25c15e87c429b4ff1820c5cb9ea30d949608c877d76b9d06d87d864f633d3facfd452a5804a62fa57300c156a9a0b7a0ef63bddb0823684c1c9447dd2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk

Filesize
905B

MD5
f877d85a2e0543f4be93957794cc61fe

SHA1
7d55fdf41b8c827d31eac9439bf2d9b878da6ff4

SHA256
dbdcb975a88925c76f3a935b49ef00cc4c4696456e01bcea9816ce9d17dab091

SHA512
4314dd930e96d93cb637465dbfbc0e93608145904ea8e0e259a4cf32451a16462ac95dd08511e379de10ef1ffac0ae988b5c2db6d8671937f975ef869b7bce58

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk

Filesize
917B

MD5
3e6dd61e5bef1a84e6a3a6513e63a0b3

SHA1
8978f6dbda55146ed12ed69267f8660346d576a5

SHA256
e73eed11e5b547a5c90b14d02654a7ef7286b6ddb98ea18d2560f0a9b54ac4a5

SHA512
3e0cde38173362eb599bd7e077d920f0d06c3eb907d1d7aec0457af53483c75b4a45d12755d305133c8653d4511f8d2c078f443b13a6b3e8a31cec3b67fd0745

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk

Filesize
2KB

MD5
61960abc1e36f4d48d33935b8720ddd8

SHA1
67f8f55c6253d030ff8ed2610be8fc58a735bd11

SHA256
25d06499a36cf037584ca66c5a181f2af09817dc5b0255b70ff7946337d398cc

SHA512
753c5c17ed7af6e2ca050ffb9031174dfb440fbe06b625b67b793cf1ecdd3db26ee2f7f8cc7b16423acc2b4f45a4649afa50f43a20abda4a356b34815d5f06d4

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

Filesize
1KB

MD5
0bd2717dd58612ef780186aaf08957ea

SHA1
26983850b07dbf450ea43694940cecfddbaf4d3e

SHA256
ee14005e988fb43329b70f1a144b13dbb59c0ea08af5ac34d3b5e9bbd81bc16d

SHA512
e121dc5e3cc92edb67e3e904ebb193d36e059036c12307a91247359d890f01c24ffcaa212546a971fb81476ceec61af7493c62a858c1483d807ded46f3c339f8

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

Filesize
1KB

MD5
e7e720bf025275da85f68a7a760363f2

SHA1
41e69678c07a448e5d5185f65d1a86c9c9060670

SHA256
adc414043156a4f2fb3133428bd9957ca739d0665cf14b5a337bc5eaac90281c

SHA512
75d92a9e414da9bf6f04ebd2dc3334d4f32d8765d72721ea58ff5c64f642c9a9fb22fc257bb00e905aad0d21079157acf54bc1a79be22d847367ed81fc4ac8c3

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
1KB

MD5
65ab8a673a82dd24a72424c6215c40ba

SHA1
5e6eee5c4adaac345c4a7cc1abc85c4b940020e8

SHA256
9e120c777285a27c36874cc1001aacfca1a15ad8f9bdce9dbe7f2e9ef2f9b600

SHA512
183204f99d45f37c5a66c698690a30f9e911e49bba41267cb2d0aec06140b5c2316c26dece89002718c32568dc967044dfcf8ff851b354c5db9eb6305915ccbb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk

Filesize
1KB

MD5
3f8347e83ae86a1019b2ce175cc4e4e9

SHA1
067c5409fd8b87ce16e211c30b0e2b4c88c86b42

SHA256
dcb7ef2a2b8eb5e7f16f8f099be6a9e75ac559c2d3bd2745d1d77d65d7afef01

SHA512
67059e9b0b5a5b5665261f47b6acf1095dea6d9442175869e47b916d679f95268d9af08547b99ef80d08c018f086e2d5781d6d7db8de7ac2565d7f44e64d6640

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk

Filesize
1KB

MD5
ab2a4aa95cd6caf3fa13c604e9350f58

SHA1
ea36927c68589b5ebe67219f1eb8d2e0d16327a3

SHA256
53b5c538a17d251c969446f1a0d3445a7a4f7404b809ddeee572daed35ec5aaa

SHA512
3338eb999fc7fb4846e56ec15419a056542c9d434fd3a31466fe95d008f6557173346bd373f8046f0ee860a905d098c0c60b47000ca086c87e5b5d0deda28a20

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk

Filesize
1KB

MD5
39d6359eb8ed4f0388f53ed1ecd9d722

SHA1
5614ee1c2890c8d1c820acf34cd74b41666918bb

SHA256
95e6d374dded31a84bb395d5c6184a9df1c3fe00ba8bd55ad2f5608c49b6018b

SHA512
3cc89b1cf686e5adf5edcf54c18ae89b707fc09b862f3c563ff4fe8e93332575ef48e5423718663f928af8680ffc76b988389aaa091ae5e781f09a5a6e847299

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

Filesize
2KB

MD5
5944e95fd8df22b9594bca50cd74837b

SHA1
fe4d21ed0aab38e031f797997a0944b0ab2022f4

SHA256
a58c9847582f47e18f96250696e915c5218c45557614c241229a90e3bb7d7a47

SHA512
5da400239093baf3aa26cc53e4aa0460fd692c7f833f0c3316ec5f0c148f1642dd65a6c36e8325a6c4697c8e167f7dcf0ac872520efc47d6586a7ea2555b488b

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk

Filesize
2KB

MD5
85b1a618330c8feadbbd5ef93900508a

SHA1
0d544ca08f94f1bdca1a2ada5693490af2b11ace

SHA256
c83ea1562a04062e15951e03b7581da1fb62d47e12ac96bf132cddf4c54f040a

SHA512
572a8a9bc63b602f9834365da6fc786276e1949a33038c7d5c63f2384b862cd103c1398ff8a175db8b2a8d5c19ea984581955f666e465081e16fc149e46c7e40

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk

Filesize
2KB

MD5
2e1f3daaafb4e310b3089b5f3b402f3c

SHA1
3bce96285c463d8b5a4a5adab3b883e5b4a160f6

SHA256
71d1104477321139b162f551ad1310438ddd27e789352c1140bc19cf6b83daa7

SHA512
2f07c18c9bfabf67c845f879320086db074d9f297d1515fb618d3af7f273e9f22cce650a401d61a8e344b97bc3a3538726caebaf9431dfe2349e95c46f721f41

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk

Filesize
2KB

MD5
6c16ad9f96493a4b30eaeead18658153

SHA1
b12a6c3d2a0de800772e9aa47afe13acb1dc957b

SHA256
6e6fd5d201be81e753acedc8eeee5a013beec768b300ff319fdf2029c81eff25

SHA512
7c753ac3b59f9fc019a05b902b2f0c06fbe34e64cca8106efee27208a3344d144b2e46a3675c180505099c627ee4385e01c95b4a5ca2b4986a6f9576eda4dade

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk

Filesize
2KB

MD5
f82b481688b72336031f120b0f0c1d33

SHA1
ed37ee59433fbb28706fa4131deb58a5747a23bf

SHA256
7dc7b38ab1384f29851ca387d1620c9eef34f82a19ed30d0679eb748ddc62ef3

SHA512
4846f6e6a3959154c860c21a9078599fd667d19aec9cf1a3443409d3737e6a6a3578617fb3ee88566a59e31aa4f4b6d5748ad72fdfda368ac5c0cfe192fe997a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk

Filesize
2KB

MD5
6022c43350cd57f9cee2b48682384da1

SHA1
b25658f0f4804d209d779ad1026474ae94a836a3

SHA256
53b3d1f5edd6cd17f451db72e3d113b07cccc25caa41c9a5fc0af4528da09ce5

SHA512
60eb04ae545e41782ffa01a4f59abb85798372133c0d1e9c66128750d90a8c82cba85452140f7a6be463e3d57aca2aabd963769c29c3669b6cdb8fbcc70ab077

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk

Filesize
2KB

MD5
5692a08a4b2f86cdae309d5748510f67

SHA1
38dee8cc7c13fbb31059b183695e3f77333a879e

SHA256
069b2ee49b0d4c28ae659ed3b1701518431b8ed8249fdb7cf6bfc9e4529c641e

SHA512
22964a55d293b6eba96462f312d20ed001285b2dd13b409a967eb4976072082a46801267de10379f2d8441db0a813d2f506476ea035962b4e3b6915dad4d1855

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

Filesize
2KB

MD5
3088b3d70c845373a0f4998f64aa267d

SHA1
cec74678a62d65384ebabf8f847ce96230706471

SHA256
61d8c99fccd1f6273451cd26e3fe1da868cde9f6b4525500e1fe4f405e2aef9e

SHA512
254f1a53bee605ae59cf875b3a2e94868904efb00493a4d40067d359a629b44c4b53f6cbaa3bbfb992fb37ce6130dd276ef842e15080d6a2fa0e5305e6cf8180

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk

Filesize
2KB

MD5
dcf1b254b750f904c87231c9c3d3fb86

SHA1
e089c9865c3624dd7540a7fc06142a9ab46b337c

SHA256
1dd54d1ba48e1e2c446d117a8fa823f0327b41cfbde250ce98bbf53574295e19

SHA512
bbf45c2be75fa4d988d2da736ef9e81ff1d7d9b66106855568ef90bd5e267ddfea87da2fd1e60eaee56a9e1789b3711959db07caecf0045f9c8d74dfde67b764

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk

Filesize
917B

MD5
91a3303f5d447f3a818ccef490d26626

SHA1
194355d2c9a97fd4b0f14afcdf56179765edff1c

SHA256
f723bd83ab5cc540e3e07dcca1bdf1a61dda49b82cbe93a1894f4639049f7f82

SHA512
d26541c3fb149b40a732a791b1ae579c7b009bee15a42cc7dc1c94f83c605d2be6aef78d79e39067d51476c56499d76cc046ddfd5f4397a86bc1f90e41d70c47

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk

Filesize
1KB

MD5
5c8449a837c5771f4757257352101414

SHA1
2cd2d049f1809f059a2ab4d534971b851869ad0f

SHA256
71385c5657fffa39dc7393cf7a92b7b55dd68096305ebfd16e5c0f2bbccc7021

SHA512
fe95ca72b88190cc0d9383c995f46ce07beb5d47958fc8b4123b41290f8d4be85039a637dd7a908cdaaf03bc2d3754a0ef954d4352fb11ce971343d0b073dc47

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk

Filesize
1KB

MD5
bfb38bc18d1cf06757da53281f990e7d

SHA1
14c880064fa65a47b08b3a2bf9a3eca6213a8024

SHA256
bed0c3f58d74bd9a59ca9747e38cbc23e8a161ff33572792e2d3627d7e79437b

SHA512
8e4d29818e7d4b845c5ea19a40cde89729c19e4cbd5e1c54a5498cc4d5c41044519df16c1ec489d5556599597f26b08656e3153dacb86b4383cf8c8aadb23718

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk

Filesize
1KB

MD5
eb736573e2aa2914f12aa626e90dcf0b

SHA1
8ec7c7735bfbf3dd380950d81f0144f4bf21739f

SHA256
0171be89a33d4ca121f496fb70d3ddeb83c1f86c54ebab833d134bf4ee5ba9d2

SHA512
14fa0e1787a5b484ba262accec2cb74f8a17fc097fd7a8fd5aef701cec3b824adf1f8a225f3f6888bb3866cfe3a8686aa31347bc47935e701e4ca0bbbbfaff93

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk

Filesize
1KB

MD5
d2d081e9044227fb5027104ecf11a3e9

SHA1
97ec3a6a074cc1db7feee31db9ec8cb6be25b999

SHA256
44bc2074c08af994e3e52ada9537abc8df95dc75b56ae8c45d3e8851983bb285

SHA512
88f015adf6fa87a67fbf92ad634b6741e53f95eae5d6db95a0d495621352a19630f03b94edf8ab6034cf52e66cc0b9883e1de8840af3e7badd947ac400aa6c12

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk

Filesize
1KB

MD5
1f24bb5fb49d7b879a9b67245dbeac82

SHA1
24643979fc5073f8b74024839d65128391ff26ed

SHA256
24678be94e2270152786384334e248d9269ebfd288451fc8ec5fbd1e9bab9f37

SHA512
df15d695c45ec6c49a7b83c269924fd12fd4d572293d7bb21c1009224d6667b186c97562af00bb189501fa974074ef743247c570eb45502608fb0421001a5887

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

Filesize
2KB

MD5
18a68b880ba3e9dd14fcbcc48417c3c6

SHA1
088eb46cfb8b274e88e43e5778282fef59373f47

SHA256
529eb3d5cf26149999233ea99fd59bcf6911b36ffbba2f0fd12de1d0165c2f6e

SHA512
b9da3080462cd300eb6d0b7340a698b0d1bad46482083f09a252c6a58a25892a352d34ed38a046b51e4b238e08f095b9a357283afee6718bbf4212d2fdf1adef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
899B

MD5
18b1e002793ab2f6d886ffbe33004352

SHA1
03eb1af7e3a75b1cd242dfe08dde4f23af6ed045

SHA256
eaddb6eabd01d3dae8e10b30cd0376e4656bd93806595f7085f01f41790786db

SHA512
c4630f33e4355e7276e6958b20edb2db62ed40ba1f8fd875ec929b5a4d78ece6a4949708fd14f0c1bee34f39b9c650298a4c570d3dd534c067ee336a4eb7cbe5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
903B

MD5
d0105bd37e429418011b285cda62d1d6

SHA1
b18c136c1e9253f516085eb549ba141ecc5c60ed

SHA256
9183b9395aa926db3b771830727a5614afaa73955056a4e15d7b54d5f091ec31

SHA512
18ae188bb7b3b70db66e85c8e1fb31fb5c9e17839c74b033c1701b8265db36f4954ac8648a7990804d89acaa0e562e8c69945f015929f3ba4489cb61adbf1f4d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
921B

MD5
302454fbc6293fdc1564b19aa410491e

SHA1
5db33bb60b6577b44af2b719a5e4dc65d4ab6190

SHA256
9e624c009d630095adc82cdf84bdd5c7d77d93e47b337c7a2ce1d4d60ea83807

SHA512
460b7573fe4e2b32be637832c6f1cd4db4788a206b26d011e4a155f6b9666037b35bcbd4cf05876cdfbdd3926d8488b000b371499a2ffb186c410a810562b17f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

Filesize
2KB

MD5
329aee37ef837e48f12d15ee48ac31c5

SHA1
adb3d421a26fd60a40f1192b02c5a40077e360f6

SHA256
36c314a1eaa35718cd43403a8f885514023ec25ff3d89d396ea42395c290bb81

SHA512
4896b6cb9cc9916458d069936c143b0086440084137e4b281789ff38d32827e5a3d121b6067afa963efbacb82504e2bee4a15fb783c98b35596de01b9b779768

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
a92f67010450d669f446ed1ecfe56821

SHA1
0550e7430f8cb1559cd8dc256b4d6b9a047a0442

SHA256
d3cc0a0f189a823cf9d048821050bf424795b013260c66a449eb5fcc0f3492a4

SHA512
7c0117777f53fc95f3a0012ceaeaf3a264e0280862e5d44e97218a12c620645ec0cac6fea97b7ed510ba7a31784a5fbc72ebc99e8c9297da05805acd5bbf0cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
905B

MD5
11fb50b1f3e0faf76a2f67468c1003db

SHA1
4410cd7662eb3f6f7fa5497fe7cc92afa7d6dd66

SHA256
697929d93ef2bb90ebd95cd2b365a96ee38a894d34d98f193f1641fd116c1e58

SHA512
fbea1b79acc58458f8a331ad40bb30acad8d99a0d53e55ffafbd92d1f3b51ed714775c96c3d31838e1c6069d254d982670106f255cbaad5d9959d9fda692feb6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
1KB

MD5
b4191d1ad0b82f7f39a9cbff1bc6100f

SHA1
cb8b45c2cf592733f31df1c6b22c617f59ea5c5b

SHA256
398d17b470cdbbc387048c7e8c807979b86b91b7bdfa686df7cf96dd751ceafe

SHA512
a29de80527bc88abbe14b4f9035fcf8af33f7c40319cffef809758d1b52fc9f78bbace1055620df82f92b9456de753f7e88c10874d625d929d9a2b0b3a0bee47

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
1KB

MD5
0d07ecf23d37da43adf631a12878686a

SHA1
43648a0d5b9e59536686e144ca1f1103e391436c

SHA256
3296d00ba337fa18405467da5340bf86b6aa0863f76304233f97d3656d5a5be8

SHA512
6df1b7bed8726a22bf9cef8cabc7435825648c3deeb1a6e2876de3f2d90c5f1f5e356068233669cd7747e4bcd1bef777573d58d5fc5163f80b5b18231d756a01

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
1KB

MD5
de49442f3d2af3866e2cf032b73e6c41

SHA1
2be5c0c0f0b9b599395e45cc2d7aa10e5365e4c5

SHA256
b0409b16cd9fef6c445b861095b4e730196e2a6c3a0ad87b7dd8427ca10f3a0e

SHA512
63752410304b93caadde538abd7f73c71f77686465d04ca7bd2ed70bb85b5d52b7bb49165466c21db1132a4f5572a1225305f3ee7c7babf7f546717902bb0483

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1KB

MD5
0a874bc0583599d6f1cebc58da47f8df

SHA1
a3a6f06143037397e61e580b540420322d52228b

SHA256
581b33b9920200eb173e8088a318748e0ea2b1156dc62c46a7f1ef85b2097d87

SHA512
c92d20297da79d0a5d86a76f63cfae5083c5b500af238ffe74b1599427f36a653b93f083525c33be91c00d35007464f74c157aea5f4fc94d231d04ba326cfe3e

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
1KB

MD5
9197094584d5e57d2982103bf797892f

SHA1
eb9381fbf91adb8f5ee4ac564aec371a579b7cca

SHA256
05bfc5aa957d974592d7f4e38ea114cf6b9ddab4ed90c8d0556b0d07b5330de2

SHA512
7637f386c87c124d553aa8440f4ab2ec03e0a9f2c9c34d691852a7f050dc0043f4ee7df7523a57ebe0f904963948778fbd67f048dbfcc7a6983efa43e245be69

Download Submit
memory/1808-0-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/1808-2-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1808-39-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/1808-1-0x00000000005F0000-0x00000000005F3000-memory.dmp

Filesize
12KB

Download
memory/4152-40-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4152-36-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/4152-37-0x00000000005B0000-0x00000000005B3000-memory.dmp

Filesize
12KB

Download
memory/4152-646-0x00000000005B0000-0x00000000005B3000-memory.dmp

Filesize
12KB

Download
memory/4152-647-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/4152-648-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download