Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2024 04:11
Behavioral task
behavioral1
Sample
svhitsa.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
svhitsa.exe
Resource
win10v2004-20241007-en
General
-
Target
svhitsa.exe
-
Size
7KB
-
MD5
06a9c10159921f27917d59c473adf1a5
-
SHA1
b1f3252512aae364126de0c7047d3830778c2094
-
SHA256
06f6b90aa9db58d3a1c0223397a3c2ad3e59cdb313462df903374030897aacc4
-
SHA512
a62fdb6e18586f382d78c5ed51f3952c86cd9a533505cdb83f42beaad90fbc4c4651f53f86e75e5ab5cd1cfb1a77051081d2260a9a9674a2e22afa93cda99325
-
SSDEEP
96:ltZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExqoXAU6hARhTjq16lX3c:Tzdrr1FG1WDCgmjPZFXnNJX3YvubMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/4852-5295-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-5298-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-9908-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-10907-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-11280-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-11311-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-11316-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4852-11317-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" svhitsa.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_b401376fd0a39c95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_fefc1160d15aa667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
resource yara_rule behavioral2/memory/4852-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-5295-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-5298-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-9908-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-10907-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-11280-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-11311-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-11316-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4852-11317-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_contrast-white.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-40_altform-unplated.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-200.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png svhitsa.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook.png svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-lightunplated.png svhitsa.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png svhitsa.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\XboxNotificationLogo.png svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_retina.png svhitsa.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleProfileAvatars.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated_contrast-white.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-150.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100_contrast-high.png svhitsa.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es_2x.gif svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png svhitsa.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-black.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-to-phone-tiny.png svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt svhitsa.exe File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png svhitsa.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square71x71Logo.scale-125.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-black.png svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif svhitsa.exe File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp svhitsa.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-72.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-200.png svhitsa.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-100.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-100.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\NoiseAsset_256X256_PNG.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-200.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-100.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40_altform-unplated.png svhitsa.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\THMBNAIL.PNG svhitsa.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\file_icons.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-200.png svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_sm.png svhitsa.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png svhitsa.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\wow64_microsoft-windows-networkprofile_31bf3856ad364e35_10.0.19041.746_none_60e946790955ce95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.0.19041.1_none_3090bf440aa2e852\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12script.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_0b3ead81bed98179\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..wnlevelmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_78b1f5f5c57dadca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.844_none_58b34d76cd8c2980\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#\6d056f3fff70a663755a1120dd61d6e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_it-it_c61696446f34e90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\x86_netfx4-netfx40_iis_schema_update_xml_b03f5f7f11d50a3a_4.0.15805.0_none_bd83a0446cce66f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_10.0.19041.1_en-us_8688a8c5dd24bb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\On-Screen Keyboard.lnk svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-analogshell_31bf3856ad364e35_10.0.19041.1_none_2a55c08b69ad4049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-geolocation_31bf3856ad364e35_10.0.19041.746_none_1e9dc338f1237ff1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.19041.746_none_47ec758ff9f94aa6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..xtensions.resources_31bf3856ad364e35_10.0.19041.1_es-es_72f5ec15377aba0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\DropAccept.scale-150.png svhitsa.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars40.contrast-black_scale-200.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cba172883e274afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-125.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c30587016df4e465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_dual_netvwwanmp.inf_31bf3856ad364e35_10.0.19041.1_none_2a5be9cf8a7d141c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ackground.resources_31bf3856ad364e35_10.0.19041.1_de-de_21842ce5257431d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..acementmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_0538f2a34494964e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmadmoe_31bf3856ad364e35_10.0.19041.1_none_3cb17feebd0c9c85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#\4bbb283adecdf8a5bf110bc6786d021d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_5423242a834ca42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.264_none_33cbc8e23aac35d1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_10.0.19200.110_none_25877e2690ba5b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\SmallTile.scale-200.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_de-de_62ac0abf15e2ff77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\msil_multipoint-wms.dashboard.forms.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e1d99a5aee9bf419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-mx_02f04ed9c02b2896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\wow64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.746_none_07b59b67e21ec38b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_44344cd8024ee1bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_en-us_4df75bd69cec0d2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install.Resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core-cpl_31bf3856ad364e35_10.0.19041.423_none_9134ae6b97cbbd15\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_10.0.19041.1_es-es_f2b56bacf12b5848\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_13ca655f6246677e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b5a0fc040a75c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_10.0.19041.264_none_a0f2741fe53eb880\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\SendPhone.scale-100.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_aeeb306313eb7ca7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-util_31bf3856ad364e35_10.0.19041.546_none_cc8076c97817971b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-setupcl-library_31bf3856ad364e35_10.0.19041.1202_none_3d14890c84f6bcec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_10.0.19041.1_none_c94bb6333e8c7c9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_10.0.19041.1_de-de_8843b79929632053\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-400_contrast-white.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ab788870cf3872be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ation-mfphotography_31bf3856ad364e35_10.0.19041.264_none_abc4650086efc4e0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-bpa.resources_31bf3856ad364e35_10.0.19041.1_it-it_d09350d3311986cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-runtime_31bf3856ad364e35_10.0.19041.746_none_371e9f62a4194eb2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\x86_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1220_none_02b28c2f7a0070a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..inidriversmigplugin_31bf3856ad364e35_10.0.19041.746_none_1f140c7aff2a801a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_10.0.19041.1266_none_db15e480a69981a5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.746_none_b9f682f6b5dee942\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_651ed14350af0db0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-125_contrast-black.png svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_10.0.19041.546_none_374799efaee581e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_e158bbe885c6652b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-profsvc_31bf3856ad364e35_10.0.19041.1266_none_70772af2e7de61d2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\msil_wsatconfig.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_3e1abf08e6388b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2enc.resources_31bf3856ad364e35_10.0.19041.1_es-es_27eb4a82003d4fc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.84_none_f80970fc24265338\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt svhitsa.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svhitsa.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC" svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!" svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0" svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC svhitsa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon svhitsa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" svhitsa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD56a657f76d7a858720ae9ccb2a7880fe5
SHA12f2518289843b8f37a33308c4d9b3c5c64efc359
SHA256ab2149e47f097d87c4cee8bc6c2bbc771f437c70ae848eb80d9c62d126b65151
SHA512514ae51a8ef0481d7a74b56af01cba6b19e82d1f466740e203f54434e661515f59913b58cb3a18eb285023276074b23d708eee3627ad7c1cf4f0b89ff4de2d04
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5fe94a3c3a14078ef27e5c4f0ae4e332f
SHA1d66aa44c62fa9dd017005d04209f1fea3b5171b3
SHA2562277107a677c18af8d4a4e0c63da8cfe2b89c56ad0cd1bd02625ffe6bf1c5972
SHA512a1af6da33083514df2a6739ae091fc657cd110b1e273dc0aaaf00982b296cf897934b68fbce1e7a6c46ca1ed82f3ead26d2b20fa6defe076045a380ab0caac54
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5a9b2cddfde7aa412d19849ba4a961d64
SHA1654932863b8449f8925d6303f07a99e70e1764a8
SHA256b608de5b5561a09c86f4e6b447ba38c17aed198466f39e9f9db41aff246b10ce
SHA51204762da726932ca6a4d296a112b4cfc2e4ec72c027f1b9a24cf856d355fbd886aca401be379d1c3593ebe335e2e8f583fc87f88896e1b3071bd2b09d1590a9b8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5f97ee7ac5456f4d9a7c4517ace51eea5
SHA18157ffc7e641701ff017cbc1c82acf016ca5a022
SHA256660363c20a2df89681d4109b4eeb80af26f5d0a31030d42b54be7db170029cc7
SHA51245d44fcb492614f55f74aa9530c8afb17eec56cd5d27a9269f2be3d89f7eb26737331cfc2b931c898e4ad735b1fb653b51151baa11a7b5d916891adf51cbb37d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD57d76cda0a1e0cd0aac54783f27ae30d3
SHA1ed7c972d72e3b8261a2fd0e83f3764112077cd35
SHA256bcd271c0a43aad1ae520cff1fa0898be1b4c9edd1f9fc7a8af0913be31834677
SHA512db5bcdfb629e8017c2a3879f4a870ebac10d642045aeccfcba3f72517b3502f249e25ba10aa51850366908bda1991a8ce93bfee815c32ad77eecc663688b791e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD58c75aae44d814d08eb36c6c12f2dc9dc
SHA1b47d374af2b1516baf73266b7b5c1c059dc7996e
SHA256392a63b507c9958e68c5ed159123870ded2ceb3742c7a662ca45b1fdc2100d14
SHA512cdf33a1d534e6ea82aeabcf81432f652323d28349020c39a48bdd9c7e09fd6a32d6f5b83053b2a2b4cc61eeaf39b31367151a8880219a10aeb86684c28827b61
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5539476204abbdced910d6047c2742ebc
SHA1c96e563db64e6cb4cfd3b4defb3daad06bee65c4
SHA2568e44e1ee51326096a72a1bf324c76df2c0b8ecea6e4117c9794f47df68d0abc5
SHA5126c609703320e23f9bda3df8459e552a8233cc81787b675e6d05b904ae4fe560a2e3a1d081b0d185652fd608c5851babf8b018e0a6ab1490c5f61478cb59650f7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD54c634c6293e8d675a4745f48ced01184
SHA19d2e9f97e34add7f7e41a3bbd2a25aeb96fedd74
SHA256f68dd975645ea208f3a80f7a796c0130605666d94c17ed5a4f6658643773b5a8
SHA512449a18dc1456f9e1b3ccf3f3aa86c501eaf0338e895606487cbaa91a9d0222de6645f3b4403e01d8c96f5826be2a3714f3fd499d2c1abe03508c71303552f453
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD51b925bd43997a316cfb3b503f328925e
SHA132ff0988e04991d05db245e704d91aac734674cf
SHA2567f76be15ac17cd80f63690dd9c4ba5bec0e0524a47507dfa0378217a282faa00
SHA512470c7797a993703436cd1d9273d9dccd2af77411692149f5947eceee5d469acd33b575122c98d081b2527ba6000a73630f131c8b581885feca0d83c27be02cc4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5f8effa6db93be715d4d2caeff7b9e6e9
SHA1ba674f1182ff66562ecb1e35bb8250320545cf6b
SHA256b23f336c5bf9b7baa46a2d51017c464a45c9eec0d0bd3269368ca85072001e14
SHA512347e12ca045b81691fbbe5cbb8d86d74907c3db8f745a5360aaefbed7c64409d355657a15d3fe4a3c268f2b11bde60a5f85b284b90018f4ecb899195a0d3c359
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5a435b7dd38104281afa03fa750cd01ad
SHA16394190fcc451db1baba266ad2182693427549de
SHA256776302b9f15c0f79c94c99a8312ebc190e47b1a672a12f81c1e65a1a21ee12bd
SHA5123c87df44d519d02ecc93b1969d6b3f817d3409af7cd8205884e5ae37f83ccdf515e41ae06548e5ae951331f21d2c3ce20fc89a5008727c049bad0927c5fd9d70
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5e700f2fb8d36ac90e0e364a05cd8e78f
SHA1c11691c4f2d5a57f1d5cde868ecae9ce931baadf
SHA256908ca4cb5fe9cdda999308763f57f20ee135697b336324cbfb91c1c253372225
SHA51294893d7c2e2a3efba80d8f445560efeee721dd3d31301fea3019b65d8d9330b2857e0cd3b987cf5362194f2aede44f68ca0cb3802426a48ffe700bafd7bd62ad
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD52eb6cb811a948a629d45ef34707b19b6
SHA1fa06234259920fe1bbe742f4545af7023011ca5c
SHA2561c47b0e8f2e99ba3bcacd2533261906824855e724afac2c9962e6e6ac9291d2f
SHA5127af04634f81dc54b2f75ab7e706d65100286351f44bc298c639fa9cea07840aaac81023adf0dac0e6c4701e1542adda9ad031ed944a951f848d8da632653c6b8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD503a4972da91e69cc89390b296fd1164d
SHA16276fbddae709cb9fa3be4c8a5a444a01b35a497
SHA256605c92b400e95f296325871cf80be88ee2b8d1bbe2396e8485f8a61f01170eb6
SHA512483ccffb957c024c2e87216b1b84a40c2ca8e2c446539528ba08a2f4520e7c79446c0d9061a8d9ae15b4d91ea77dedd5ad00ca4bac5fd948da2eedff56ed8a66
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5ca872688ab5ed8df84f4a39afa6ecd7a
SHA161d375286269fcfb286d90c17689e5074085294e
SHA256b65afc4d615ae4c500bc51e9b0920800233996d1b8e4e696cbff6f927b746048
SHA512ea3aa35862c2a097a8f246d0bb34006efd925f1d72ff1ac31a182bcb9f24f2ba4db649503cb222adae21a0e7df96bd7639c0e0655d6272d290ee070221e11acf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5f04a48a71b7fe09ec1a23b69557932ac
SHA12e490433a04e32b59fe043dad673db4ad36ac4cf
SHA2562e1c0598cd092cbdeeadb2330efd56c8e0053d94887bdd0600f8a7d25286744d
SHA512aaa51b3d0bcef1150c62cf0abf0ec90d9159e59d2ac7c4e1447b9b7e926aba41b254eb022d733c1b253e3ec8d83fbca06a5ca473b606763b5f8a44f04cf54367
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5738292bb14d59040a39c8121f8d0bf89
SHA16dfaf05ee71cb3c7595bdd64015ce26a2eade4c9
SHA25658aa67e81cd48066561306f6538ebb3aeed8b4280186f9ae2d5c2b92729bc8f0
SHA5121327b64f261d00c9710639d0718dda944a5fe045741750bd0716db46c8e5240d938523d09e12f50006030a98db5390e7613250354129471ba08e54a037ab4f12
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5836f3e788d9ed953148acd1f11224016
SHA1ed72cca3be36eb5521251975c418ce86961f71f7
SHA256b3e790a2bad4ad9299f148eb036027282242d31a1d90849961e3b60abf41695c
SHA512071d70c9dfd0beb9bd67f5b16e8503fe709ace2884313f9947c3f55e8c8fbc7350cbf5ce36883cb0dcc83c523fbf66b60b8c47110e942bc66fb8fc5160819556
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5493a877cf9d5e753ddbe8ccba63d5e59
SHA195fd0d109005a55a75ff282cc10b4eb30165f764
SHA256a7d85b602650f5cead5adfda64c0e6877f2435ebbf03a17b1045ef002c6c1878
SHA5124b844c0f80fb208daafcbf639fa322404c70106991ebf48a338e7e89c2a81e39217ce062cc63f9e5e771c22975b496995c0b392c0ae3ccd8372fa2f692453c33
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5cd5ee4fa36d499a838f7de1fe3115d7a
SHA13d4c81fd997c4f16d343ee30ac1a2d12e61e3dd9
SHA256a4db11b2b7114bd3b6e0122c0bad51b1a654976711d4704d3d17fc6ec46956d9
SHA5121dc777f214c1f0dca74785198a88af19e008b0de2004e06abacccef32ca5354cdf7a1a0226a227130b2c0db68efd766edd1ed9ce4864c6edec9d82c8b2a874a9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5e9c108918ae49a0eb65439b5ac483ed9
SHA171a308c859c662d7d47cd70dd4a5a36f85e6c090
SHA256bc5bc6685952a2681568c434cc985fcc3f95c7b6fbf24ef864eda70eb15e4e39
SHA512b65a5e879b1e24cf276bb0b3880490fd18319bb75443ab4c592c946259b298044210806f52ce6a4d3f01e4ddea537c26b18ca5a7a1aeed58f39dbb3663bde17d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD51bfa3b878ce7b627eac74591d7892dd8
SHA1f0a9bfcdecffbd64dc4ca2977b2fdc28cb9340c6
SHA256dac8b7736e547fdd0e4a456d27b6c921aee16287a6443a3fab56daa5a69fb9bb
SHA5122c44c2857ef245ceadce70c6a821bf50ad6eff0a67d96aecc50e153937c2dcb3ede794432664c5caba678de383bdeac945138e2a4e394f4867ece84f797aa48c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5e4ea25414faf0b6186146ab3a203c7d5
SHA1436af5a8f10315ac46b78de3466f84dd6fa079d3
SHA25666435a7c5333e93cf2b5e7023b0d893f9ef61289e48d7d197cc2359f1d3e27a4
SHA512d927194b3de8804ba7ab2eefbd26d661173b54e6934f99c04220457a87e568fcbc751079de77f1af6ce6fb7d14c058eba4aec377aa7977c3b02a32e831fdf87e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD52a07632e426d381331b9beb5242cbcbc
SHA112cb8b73c2cf3b8484d134f5435f4d324c1c8fa6
SHA256fd890fb2fcb21ecc614b0eed0dedcbdb376c1986a2c3b731bd07805a2ac145bb
SHA5124fae0fdd3a87ba3070b5a2e46addb3c4257b4caf6afc0c656ba97e221c2da99b7aef877379fc88126ab26280906681e0160e6ff21da81135eb047525bd59c898
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD59a0e67e04ebf7c7ee0e6fbea934d513b
SHA1f96900c4675814ba13d97ada1f100a3b3754249c
SHA2567e6eaa279767f210bd6e68e13214c85359154a814b9c6b212a62dd8839a6bc16
SHA512c450366676c6ad3d73c674d657d8c2d33a1b13211e45386d02584ca9116612052b91272b46eb7666e618fdb456671f589a48e29df28d9b25b3664d8c03cf3553
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5e6f244a980e08041d0a4ced864223a21
SHA10dbed9e37887744e34306eb1c46659659651d821
SHA2565126010c430b44fab2a6e3b5fc35a3963cb45bc691d8e056d146c91fba71e9b5
SHA5125089a3c0d5fb111400c8d68ae22bd30578f2a9f9b5630f7d73338673f0dd6cf70c848350b389514684bc1442f2e6e75bc62bd422954ae847e0d79fec29db058e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD56492b3163010e4a06f7f2f82f5b780b4
SHA12e6314260127b40b067b7fbbf9ab0821efc04377
SHA2565be15d0120648a732f9141f9aa780fb8897c14e5f67a604cf9a231cf837b78be
SHA5123529f1199ad8b03ddcb5479738445524bf4f6fdb35ff0050319f58f0f68363e62cb872cfd043ff9923113e1526b4a48f51bd0f475928b27af2b598f0d54cbbd1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5845fd6d3441a30892a6987421ed462ea
SHA1720216b475f4f685f8cc850754b064cc9a02a423
SHA2564cabf0970c104e853e8aeb68099bedad32dacdef350ea0b969876e98fc4e7a0d
SHA5128e9069125d3f8776d1f1c55d497b87fe2bde34c294cf06c0d1b3d605e5968a0381a27c6afb61d3f9a71f06dabff5e35a93efcdd78b6cdd2847226db894619346
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD57546efb1cd576cb8db077b507e1ceae4
SHA123670a46c0372e40b88aac84e8356eef6a1c4855
SHA256063502e47837abb5f2d188cdd6d5efab406948622c3b056a173824421e88a5de
SHA5126a37c7ee403a37c67182dc112f7561a30d2dba1ff3b4c46025cc8ca15d55b7feb261b1289bf1e639d563e5a847528b9c483ece5b3172a6a49898004b27ff6b37
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5c9058f9c017b5e4d8c933ae175aaec4b
SHA1216a07df39253ec112e64ea3ffdf92de0799da33
SHA256c2497f77c0487a53c22f830fe17a76fb5bd7131593977019ad6ff36907565560
SHA512edb548c5466acc17ad01f74620fe7c0fa1f412e8b89f025f3f6f70cad7e85a7772df500416eae9b01ffdd528744fdaf5f0b40636b2695984c6fbe1b6509e9e15
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD51bfc6f3bcc5a2ae8ff04c68e5ad43cce
SHA10b66879e101aec5d2b573cb98ffbdb5cd2343c33
SHA256dcb960077b32aadd693c005b9eb828a23ea1aa459309f7eac3437d8859448c5a
SHA512203d6fcf41709055232fd400936cd02139d698c46cf16748292bccd0f9fd302811ee8bec321153a17a1e0f13a9e1f21b982637b1cfd570239cabed2b3fecbe2d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD535ce1de6aa57d9d94f0ed39aa027465c
SHA1b27034a6e0eef992793fb2ca7900b29e48a7ae16
SHA256de00b9824c03f4c66480308c82a981d8cfd33a7c80746f099424cfb79e8ccbe4
SHA512e79f6c2c0eb8e3966b036b25346da5a6118e7577e67169c4d6fb1a8084c029e644e7f351ab99015c90783fc96f9f6c31295d5a557212760345dbbd5a20be6846
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5f8c377215ff4d743609a1999a0d10ebe
SHA1cd8e6ffb06b6659c64896f6e497e8e63c2f5527c
SHA25642e28965335a643aeba4da38ef9614a9e9da53bc69c6032627ec9b8315796a90
SHA512583c8207a0bda686cdfbfc071930d75247e7645d9b78ba241930aa1da4ae7c00f9d8fd0f620deea9ada77afcd6bf0870f9393975349779fa2381963282704090
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5a44c45266c213e6b1ac46f527da704db
SHA13f3bc1d445ab55c7395575d6e1a0c7b190b87705
SHA2562ede9889e0331c2baa1fafd9711055a674b7dce483072a4cfb1b518c98a791b8
SHA512179a0a39f5d960c83d7be77dd7bb949ce1395b34984a503cd77728a1f357c5e29b9e60210539c6128f5cf4504c8aa669e5d325e6ed7e119bf40d2a797ecedc50
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD586485c4c587155d6448843b11b93c81e
SHA1720e7f137a2aa6fd0591a040328ed81a2eb46203
SHA256c2d0e227b3732680bbb18b97ff14f87ec930ce3e5fc1b05e9450f809e52c41c0
SHA5120ffa5f8a384ff74c25b5d3175c9965d65c6a5bacb549e238be2e8e3682c012b51fa45b99d9b0ca7b8a7c8e3efad2f640259b3c8b0072dd276886f64f2b0319d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD55086a1e4fa009df7e00e98b54db49450
SHA109bb65f1077f397493bd0e919ad42f0f913857ab
SHA256467f04139a05a8493d1f2fdb9b896293f35bd04728944be668cccc6643b4193b
SHA512500205c3e57191c2adc71eb5e0dcbbdfa7aa4732f4d9c8428a1913a0026e64adeff21b19d9a96db6706e91219d8f1aac76559adedde114a7e36261e4620e0bfd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5b10b3c1bff9fde1bfd1183c5a41d874d
SHA16e27427fe1696cf87bde01159530463c3526bbc9
SHA2563cd479758d290bf86863bd5c1855ae9df1769d2f9e5f39a7e077ec2749066e9d
SHA512596c2b6aed869d0f379ebc4c23a713c5f3960072bd372a75e4bd4cd9e148a0a70eb764d3b8dcc280a5b907a0811aaa27f9a870362d09ef51b52610f86bbdf548
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5435c6647b6c51ddc0c2ad42b74f19ea2
SHA18f0db05cb6259c72b91c8466843af73f4af07754
SHA256ac5c7cfdec7983952f67baa31b14e8b69a9bff7f9b088698ad47bea464fc422c
SHA5122099b18868649345ee24ba01d2da8f817d515c9eb9012ab9199cc31f27d1ff1259e4dccfe9c67d62bb9717c4027c62e5fb04d864f1da9c3ee8ecb859cd6617ff
-
Filesize
286B
MD53f8c536ce623f82f49206d0e9a39f839
SHA152a97eb8ce4deb96d648b0080dd2b5c305cb5af1
SHA256adf8343e686d7f8829c758facb4f14c703bd5e009eae121247a85d018bb71055
SHA512785069185a0fd33e3c168cef58f54982976f621db4d3f66a7e91f778a94782349725900a1910d8d1607d0ec06b774536215604b005fd4a3658e3843c338b2721
-
Filesize
153B
MD5176d5f85b9c69d42520d8761025ca156
SHA1cf033f551398bbbb420ecc7b0fc72f13bca38f84
SHA256fb0eff8033f2bc96573a1afbf9c2d0bfbd1106eadf67b6862397942d566d0399
SHA51214cc7acf7f5cef9b226a9c8c9489a176e12feaaab0df736e3370e6e248c644000e79f9618d11f32ad97e06c7680d67400c7bfa0071904f10d7483d3d88da36c4
-
Filesize
190B
MD55b189a5ded3db35f882f0b231070c32a
SHA13b9449350a217132dac5150a0192b539a6b5376f
SHA256b59f0731af9d14d8c849ac0e3a033ecdf90d13f944ca2af26568205e0b08e128
SHA512f7ceb42c7e685ff404f72f93894b5020f6866b5a477c1c61bb77d39a9af6ac0a215981fc6bfb8ec00d64ef832a5bc9a6afff273287e91f304f77f76930385083
-
Filesize
190B
MD59e9de69e016ac97388db57a2cbcc0a39
SHA1ca2bd9543ae9c2ba4d988527fd867cab90e1e07c
SHA25635f5fb962a340c00e7b1d1ea26d49a7eb8209859ac451d6a9a0aca1ca57a9c0a
SHA512c3fc6434ac3c097c3bba43e0636c565a729739a1cef196031df5477ad089e84451af827068aee03a49c1e4bd6df6cab03412f0c33af77c8e499926d6173cc8b1
-
Filesize
1KB
MD5808e1a74f4c633a2950d4fc4dce79a88
SHA172ec5ef1c51c109b8f02137dfe9d73a250baf60e
SHA25616d25c7349fd10bd84c1decfc85279b49617938f917da6844ab5d206ca7ad8ac
SHA512874157c288b199cac8ac57bfcc0781fb7aec8d0e6ef94702ab1690b9de1a2d5a107aeaea3e5cdfa77d58c3fd0321b90125d9ee42accfce7a3100c0df72da81f8
-
Filesize
31KB
MD5478ce87a495ad1e3157cc34af8c64275
SHA12952dcc18db067f996bfe25c47a0fc94334a55b5
SHA256135334295d5ac06762b2b9d472642882847b3f995ad822e990ff5d558fdf1060
SHA512d761971ca36b107bde2a8d613037ffc7dad18306863976c5135aa485fb9c6ffcbd64fa93c5864e5fb53bd09049c9b6317ebaf3fbea6047ba35375868115fa5ac
-
Filesize
34KB
MD52d97a466c748d8158795c4bc78e7aa6c
SHA15cb7400c2324bf90b954ae1c9bd85a22c5ec27cf
SHA2561113bf14bb7c649efdde372fbc766d27e16520df3eeedd65a0b31b1e27b63e85
SHA512d63f7c4a6a4297ca8067bde46bb3ff7b3d421ca9f75bd344648e7becb85c22519e70724ce2d2b08bf00624bd65a22af7b2a8714e86a1429077c4f572438193f3
-
Filesize
23KB
MD5aa943c708fa3a16f08196d2f78a584d4
SHA11165de0e7e74249edbde6553a6bd59be2cb61fd6
SHA2561c441f9b52b1e4401d8133b2643f63ff83e4a0a9abb18d40a332d7697c10b776
SHA51287f71b0f50055aa9552c0d73f10b5e95d7c4b06e51a86810d85504becc86c427f30e98b18cd3ea4d55a274b0d9bcae05738e3d81dc4bcf94d9556a607346c4f9
-
Filesize
2KB
MD5064fc6f23897bdb648aaeeaa7c776607
SHA1d36dae329e3bae68e4ab793d9b8a2b79fd29b42b
SHA256679f7397f0eba07f19063a7a55ae222c0be0c76f070d95158d5033f9bad6b8b7
SHA51295296b709030ac26070a7207a366eeaf29a36ee5cd1f9ce710477cd9fda9a0b582e13828996f1d2ee1018cb6610da419849c1f556e20b339cad4791660fdb9e8
-
Filesize
1KB
MD506deb7acda5905eabc69547af5f41517
SHA1c5a711430cd3a335668e9050074fc3607e401270
SHA256c95b6af58fe96fc2bd2cd0321f5a80941697f9c9e65378809ba34a11d3b62721
SHA5122e4cf16947a1f8a2864f5933c391317a66016c839638b5fed13ee549d436466297951ddc5091baf128eae9154ebceba7a8cb70d646e4df2d4176b0bf8f98b17f
-
Filesize
3KB
MD58b294a33e05650f2a0ad050f38a23f03
SHA143bcb28109e9c18cad7d56766a9b696ea385b3a2
SHA256ad979e724e6b4760333a79611531071ff7bb7979396db27e7f93bacbc4beed0e
SHA5122154a430bfaa0970b11f34059207b8543bd754dfdec52c607638d9725481d4f48422162d7b54691504be62a7a1178a19acbcb9c522ad33ee2964ff7c960b0dff
-
Filesize
2KB
MD58f25c41d544c2fcb27193463b230de69
SHA1cd3732b4704c01ae74f284699b5e5f2dfc069eff
SHA2566e37c017b253ba73952d0d1fd69c0186dd953aac5198e8a83e7b3ca6cec7388c
SHA512f45a61936d72c74bfebfed35044211c3ccd65b9f4ab95b6ad39b7e34ac5c61bcf5b06e7b24e674c4edffd1a3fe358fa3ee009672a051f557e07f4c20d2f35a7a
-
Filesize
5KB
MD5bdfb30822b5232df43df303e97a45c0a
SHA16581262e705fd74e53e4f5fc9e021d4066b2f529
SHA256d2f45ecf41d244acb22b14dca309f020049051e46731ac1afdbcbb790e49cb1d
SHA5122436e100fce13f6a9ce58e025e5b51818600ee15c48230e4e2c5a79eabd6ed41b547570ad04711014d80eef2fa6e9eb2e159d5417774f37a19d18b5af73cb7fd
-
Filesize
17KB
MD5608d84452f009299123ca7fd93e3812f
SHA19df2ebb852d22bbf0e14649116db9db045ea5ca9
SHA2560dea901eeb271d31a168107835ea68de1800224abb23feab355e2d066ff2d862
SHA512b90e6659f7bc581f38d1c59c3cc672d06912ec73f88ae8cfdbe6fde7abc84fe28194797aa449cecdad0d555752cabc05c84b5015c0f9bb317ab985446263c18c
-
Filesize
320KB
MD5c7120cbd340a6cf4d164bad40a517f5b
SHA1f756947ec3bed68dd44d53c94651644536fa09ab
SHA256105ffb2c1a10efad658cd214d7673bef513de089683624d177bb99120e3abdac
SHA512386b18be426914cb887317af6f17312c15229a63fefcd779c590a3e258581d8902a16cc7d7887569f3a011195514683149e1aa39ee5e844c08b96d9d373c6620
-
Filesize
1KB
MD5b1f67a1b655f366c5d452d57dea26a9c
SHA11ce1c3a31d2d158c955bf785ea6da1568ff780ab
SHA256bc46ec3c4e58b0e5f656deba46f41ab8544c4950388460cb0d3781f5a3a4cf99
SHA512025968b933256bf8bcdad427abf7c3f6ba5debb291da31a65fbfe4d7987d390fdcc05c07559686d44fc809b635b36bee2d42de81742ed2aac55f635d7aeefe46
-
Filesize
10KB
MD56511b8895e32ddfef355c05125add358
SHA1c39c65d6ecf09c4933ecc9c2bed5f054ba0abf4a
SHA25652fdb7e2511192b56c5521d5858048190213c827903a742b31df5f569a0d89a9
SHA51282c157a06c9a8ae2486bda8d92d605924daca65b6a95a2d7af99027e8c9dbdab323aa4ea28d9d4593fe6105161eb6d0d64e55831426a1e056f23ff7ae29cdc4d
-
Filesize
3KB
MD5f8f8d246261b347df134dfaf54224432
SHA1a25342ff1dbcdc071fb15eaf867cd7e3d6a9ffcf
SHA2565f3ae62071feaaf43f6cdabf3fd0d8784674fe03039a27b9537790a01fd59a09
SHA512b3517d0dd6fa025a4c0112953d94d36887febc90bee5dc8a819d4c2e467a8c5a8a5a07083bb4b31e97ed32638fb613e7ce944ef3c0ac4953fcffc8d3aab68d7c
-
Filesize
162B
MD59a4361367c2023f0a3bdca0eef6030c3
SHA18b671eaabf81be17408fc8ca8ecbd2f8516b6254
SHA2566f28ea37c15a09d56aebe5c5c0982496df9dc76c611ef5fd8d40ae219be1677e
SHA5120f2871a5ea20ae111a24ed7ddbcc536e43c16c11302ecd4e96255efc19552fc8d4ca544a8dbcfb247b6f46b03ad4119f310568f4bbc62e77cb694296215b7f7c
-
Filesize
1KB
MD54caabe068d12775a336067281d836548
SHA1a82b8ac23f66d0a3b5c8031e244c99dacb3a9dbd
SHA2562b10067319cb4d058f7ba71b16f97402d4d67f9c2c2cf04292f2db179f4b2f9b
SHA512de3ab01cb46e8aa9a428fc32a99cfb17b89a73e43f4d87a5d00134f2f3886db9c9c9325fad2f1db5c4df58a997bb8c0bf8b1b50c8006541727208356907ff340
-
Filesize
3KB
MD54d40405f83127a048762f25965bc8fd0
SHA1ed859fde5708e2e403c359d9ad444a5faf29ff18
SHA25646c738f31ca5c4a6b4d07fe9c2fd129457032cc51410cc88b1aff9421d6ab50c
SHA5121a63b8d0e0868296497eda4938821226ea1e56057196e14a06ed01f61dcd7e94c99d6ca1f97e53f38e1e3811d3aa90cc5e08a665c51c1b49c9a13ebcdfa77063
-
Filesize
1KB
MD564953e36c3947c3ddf790beb0381ede8
SHA15343cecba352dc8ae3b750071f1287081bea68ca
SHA2561a5fdf48cf78180689525677bdc02190a9c6e882492f0e31819ebceb1a5eb4e0
SHA51201f09e61d688fbbc430df97341804906646631bddcd7bce96033e8c81f5ba764387e7e59da89d43b29ab97ee623416310c9fa6572cbd36a0e5cd4c32b7fd5d5d
-
Filesize
28KB
MD5323c7569b1d01e2bff41eedf07a99def
SHA17461c82d74abe7896927430e3dd137bc9ea77646
SHA25699a6d8d3efbb7a7e2e031464e877c057c608bbf5e1f9e1b5605f5d3b6f7459ad
SHA512446fa3c9935a4031932abebe594ed4150e88df3685b63de39a44b227b3023464f6bc5f3b3346cc38fc0f1501b0d45d68575e29c5d0cdd29fe619d06da23ec986
-
Filesize
2KB
MD51b4dad2161a0c7cdd71700413630a529
SHA1d6a6724887ae4388ee032e263695750a5c1e73f2
SHA25661202e5567c3b21c6baba85bb2482a6b6462fee653f8dc0eac43a809e44727e3
SHA5128339f5b9a026c7932ee21951ec1af35c2a16663851fa67216e9a9ec0254aca86f9310e613cbd8d5031fab33967f5850f2106cfdef0d6798f695c73f2c525e68c
-
Filesize
1KB
MD5e3f2d458caac9e7a614aad110aa528b0
SHA17642a48ecef53c5fc3784aff1c7232ed9b5c954e
SHA25608d66837e4817d5925895cc597d1b9fd323d4712ba878e791a59c5f8158f03f6
SHA51296b85f9afebcbc21da34dd457ccd9ca49b0c7738ac595b36e250a41820ef6718b6bb20498a6ff0b6a75b50b14e3636a2a6636a2c0e9ea6a239f24491e538394c
-
Filesize
2KB
MD59df16d2f162bbfa6a99390cf18071437
SHA197ec29e09a2e3bb8769392a83366212a0e14261a
SHA25630f00c22025a36695627728ea3f6f1ac67cfca42bf960dda8455b25fbf7c17a8
SHA5126a658fbe4aac9e1978db958abda0fb89a4b9ea94790b72a39e12a2d8ad5d34170ed617feef4b1f3ac02abf167601af860936fbe5d199b79505ea7a6cecdca9ae
-
Filesize
1KB
MD59a98fa4cd0bb5fdee5661193ff587a35
SHA14e1ed403b5c877118586fc12f7f0379f75ceb3ee
SHA2568284d477a94d4e30ddca079e6170c1398ce78be1af8ebd2d9807596efd94374e
SHA5125e4e1c934da319f6558696c409a6748863ffd855ab979117b4d97a49ad3d7d36d08f9cf9785f5325022bfca57da1a3195ccc8784302bf9265e86f6988e727ed2
-
Filesize
1KB
MD5fcf985e308e8be946941aba41a64aab2
SHA1cd333091959cf738922143d08a8327f3ade2b5ce
SHA256a76361dce94291119937565c1c21658200836dc3f02c4bfa4c857a4833e0292b
SHA512d40f3528ca8cd0c47175c09a062a8336eeb428559dd1cbce377b28a2137a911dbf0f695b5d9fe370d8332ec2adff3acaff872d3a69f6c39d661acd73d6b77a34
-
Filesize
1KB
MD538577bd4917069ad9ef09633d6aaa00b
SHA120d3932726e2ee43f30a6c659be0dc17d5ee4f4d
SHA2561acd909c960403d8f86cc9e6cacc89e10de865c416eb1ca95d21cbda342138d5
SHA512bf928c858f9f025fceaaaf90b37c873a2283c419cc14f895f8465e1f0e6c5bc4059af221544dbfc402286733bdf0f5be9439c5becd283e8e8732115c75313ee7
-
Filesize
3KB
MD5dba522a6d7d916fc6c714afe304bde4e
SHA1a3a00379beadc68bb440ab805f299d2280b6bb5c
SHA256321c8fbfdd6bc456e32002daf0e796b20007fd4834bb6d7fd713edb451dc073d
SHA512ab4cd4971efe792b802792532d39613158cdbfa7cf58b00d57591902ed4dcbb58471ce67c33ca1d874d861e509fae14bcfccd0dfd93d9108088927b75562a34d
-
Filesize
2KB
MD58a8e9d6a223041d04b5d6ac0271b398f
SHA120588cb05694c01e1a3fb0ee18cff76f674c36c6
SHA2561d2dd7ad618efca15eec4fad935c3661126493bdbbd4302ec87d408bbbddcc96
SHA5124657feb3c5ccdd64f6ff73dc0503842c50b03cec1c0f03f6a026239497b5160072bd987983dc8dbe08985ad17f6084df9f6b92419ea33f94a9391aeb6f9a67e4
-
Filesize
6KB
MD5aee26211f62cf07de9d7f82b00a58b7c
SHA16531dd0f62ce0f3584480271bb86a6ae4ecc2103
SHA256869aad0c2f428df95bb9fb189b210fb00c68d3590d33bc43be611a954e755cc0
SHA512cb8cfed7eafdb205c391a1e1c3daf3225f6c57e5510a5e6fa3678f9e93e7dca5cb9cdc54adab621eaaab24c6bcaec19e9ca94755dd98cb6106c49ae8a67cf9a5
-
Filesize
5KB
MD5c9bb3d6298295b6771b76ec382102639
SHA112a9533ccea9c2d3a6f2eeb8ba3b03c66fa63042
SHA2568b724e632daa50c0aaf4b4e648ec63eed059a19f2cfd1bf7ee28c05474840d8f
SHA512d9ec0d39333f0039ca922689c08dc4b29ea5251655e4722de2f02aa5e150c5262791a263a141510bc9fb6832e060f7884c144abf0fe053d3d0edeb0979f50b6b
-
Filesize
3KB
MD5400c0dac81de3cdb630ede595a5cc50a
SHA1b2bebbe28b96a4d9342c56fe11cfc406328e932c
SHA2564e9d208ae755c190e9be0a96280420af648c864c21eb996e94e42d158f1bf3a3
SHA512ddd02bd0a98bea58487faa4e5e6caf38fe43312039e45466bf3a251bfd0d88e00a79e53ab71d38198c94f7c80e5a48a63f8b3eda00de27847c3533f27960c886
-
Filesize
2KB
MD55ca9e8cebc36777fa5bbfbc6464e32f5
SHA18f46ffaa13bbaa9dd91d9914ecddf035c1dcb915
SHA25657de46ea48746ea1ce779aa250a8ea5d4b24b6f4bc9012bb9248231f481ce593
SHA51259429a049c4cd9fff6aa6cfb4ee4c628fa9f1a8edf4ef4ed29df7465002579ee864412d0bf294e9696e38f712b064f0655d294017742632ef53bc223ae250535
-
Filesize
2KB
MD54169a97de1c8c82fe3caeb6faab92d4a
SHA117dbcbc5bd64370177fc4ff4b424823da845fedf
SHA256f4b888cdd194516c5bc081892acc9d914d4a099685585574279fb06589cbdf44
SHA512615e17cb9308cf068b5c5ce50b6be331472199037817e50f393df8e8779613792cd9769145f352d11b0aecb769806697aedb658612241c0b8cafc65ad1234089
-
Filesize
1KB
MD5e09a2ba9b4f0adfd8c52f08de89d08db
SHA138f0c0b2ed7b3481f50a91b0acbe8defbef8e338
SHA256cb2559c864bdc4c5ccd79a4177bb8069db7c93c27e2a55d5877632c98daa8f40
SHA512299f90650bb2814fc265eb72f81a589ceb4488348b6b606569b824b28b69b8c807351a6f0e239cd123863017a5f0c48767ff1c92c61aadc00448be1650ef878c
-
Filesize
1KB
MD5da578e5f8b7460488e776e1d89e8e429
SHA1873b17b8045c5def5661b4e74ee951dd709f7abb
SHA25677a02ac12bad93811ea4c66e5ac0e12337d85c51b7adb4effe9b933cb830d982
SHA512865cc44dabd65d64cf81c60fcdcfde0c3d1fb6047e53f70be51a15891fcffb007d15ac81964ca0dd125354166cf1acfab1c06d2fbdac370dd725a433329bae0c
-
Filesize
11KB
MD5e3b98814b2ff40efe038c0027d823430
SHA1cb56cb223a673af5bbed6ae681009ac3e378577f
SHA256e04aea7a4d2417252e2cd87179f3c0831e793dc7aa08396e7a18f9236998ec38
SHA512e62c0cbd1f91cb53e0966444b5c0a9165c2835cdd813f56bfbd352f5a7c1334169c7f6d7abdc2bfc113e5fee7294b874e708f53398ac34a446de1f927b94cf2d
-
Filesize
1KB
MD59244fb0284e04f9ecb64c22b33154010
SHA1b8f653af7d47153bad933e6a58ba06e206c0ed38
SHA256ced75541bd8110b4923268b9318bfc01481a36a218a59e161f23efee6d94742d
SHA512b94c8970357741015ab8181b43cc63b3a55c8c44f2487643a5a883a3ef57fc314f3d9733f45d70a986f6ef9d9c0b04e18cd56ec2bf2d54481081edf84b97af02
-
Filesize
2KB
MD501672639b797b3058fe27a13eef5fb17
SHA18a8111f0be872d3b7df5a7e3ac2758ba778ad98b
SHA25638e0064148308b57600762cd4c30fbd084241868b7506af9853b4722b5345602
SHA512b9935f592c1d5da2ff0a6f8368490c15cba56e5847d59e9cfaf33d4c88a28bafe36b5e6b8429a4bd703e4a443fc9210b73a9b6d431d0c65be3d4fd8609d75733
-
Filesize
11KB
MD5de281c50b50488476653e4705c716e29
SHA1131115c1ce0a1cccb326560e7c304539856ef757
SHA25600788e64f26c7d4d417271f160d5698ff77f820f819d7cd9648612131fc51adb
SHA51247519321cdcbe59915a017e226f155626d3282990588f9350087194027ec59b87a51407d8847eee99b5b7a293f4c79343356082f9dc7857889d80f30441100d1
-
Filesize
11KB
MD52f4b1d3e18ed236e0967c33e2b16d144
SHA1dd66cfeb29b9bcc0880ece25f012d9ef67b4cc16
SHA256badf7bc3ba61634048f866e93d41f056cfe7965f35c37fbef03592507754bbf2
SHA51216e11d164a2f86683ebafcf1269350b78e74fa9bad0ac15205b269f808dcbac89dc02c0aed6358cdd0d6f7c1b6fe584bca27cd929d1cb23d24022b7bb98245dd
-
Filesize
11KB
MD50083bc69dc56c69f9d134307c05d0cab
SHA183e26bbf800c2faf8bfcab77b5b31645acabfefb
SHA2561f3767af6b810345bf33ab8b8872c392a57ac2c10ec7d8b38769f9f79c3e4851
SHA51205349c1d65829382c0d32f151c189d8bb3557f1428ecb54d4cb408438d832c965ff0c4118470af0f1c5fa911e75b0a3a11507d094bcc3f7b92374006835e66e5
-
Filesize
1011B
MD54c5fdbcd40d7c7c29f3d1890a6c80f70
SHA16c85166c633b5c599a64c12333dcca7bef3a6cd5
SHA256ceb023d88aa41f703627fefe7c831ba4949f822d4ce14f5f37e581757e58bd36
SHA512ea7d4d87d1bc3e7024370dec050947e0b24c536000ab8c0ac8a1872d17d897f5a2ef66cb719cc6b4b8c333b7959b720080282482094fdfb89fca54fc47614ecc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt
Filesize77KB
MD5e73f63c74017bcc8b670f490fdb8f4ac
SHA18d3bfd2b334b6108e1a2cbe11ab6c624fe6a1200
SHA2561779cdd4a735f3a3b18c8c506cf7e8058a74872914bb755276f1a4069156b110
SHA512e54918428bc6a81da02c4313615b204e3de4eeab480938638de0783b6c76913731e8866cfa0c0be971997ac584892d00ee909ff4fa4c75df6073277a0c43394b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt
Filesize48KB
MD5f78f7a9eeb371b3dad58e18cdb540814
SHA189610326342c5a15e236153c048815530be4f4aa
SHA2561a27a0d42d33506054e7bbe20b521aed5c985bb4b78be01df049e6fd90d80abd
SHA51285a361a03e390f72c87e8a242ff4596be3f8156227080ac9691c8d322971cd1775fc45cc7089a77a6ff4da070f4963f3f4d7fa97f26d477d9ace651384273080
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt
Filesize64KB
MD5352d3a1c503c3b4a5403e4819ce23c52
SHA121588d0f49677c2db8731d1ab83defa16e5f6aba
SHA2563ba772254ee46e8388db12457f6e68f101fd729876f8330e2083c1a16467a19f
SHA5129d320ed6ceb1e00330b595a9b891ef3b0ae5bf2567a6f6e0b937c57d46f1f7dce5b4da1253ef8728aae02c21f1c8d73da66466146cf6858ee0aed8ba081dbe44
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt
Filesize75KB
MD5662f810b7f0a45f01d13ee58d469a4f1
SHA1366ca0c2ba8c8711bfa75896395e141e7b5b040d
SHA2560e280fb6b9ebe770a35463fb87ec6a63397483e62c6a0f0a4017a0c8e925e537
SHA512e220e088890cedb2bfb74c9f3c448f87a9e55444719378f773876ddd250a7f9106bba294bb3bd53e3098acff662b183c70f8b2e403ce7816defc0c388a044316
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5174bfcbfec8fc9cc285d83ff65613474
SHA18ee50c4e4fa7e7cddf1b1e4c6e4b9b1d5f3b30b3
SHA2567859c2c272cfc599f9f395b474272237bba7158953636184d83df6372e411809
SHA512bfd5bf9d1feaf60916265daebb3e38cfc202932e751deb3bb7a2f3723f3c2f22151056423864a9f21f6fb76afc68fe70483438dd6373d1e7613e64cdb3f35121
-
Filesize
21KB
MD5f31bd3bec4e83b3cea140fd944cfb0f0
SHA16a337bac75573f09c773705dee6c4b3da9faed35
SHA256b39855fab149e81bc269105fe1fcfb9e2b76d5ebe2b0f3796e03d192731e566c
SHA512908dc6ed114f275c0e2631d04e160f484c6f28e03af49eaed49f1a3bba5307682e13de9f2c4ab6ba5f877453386be4c414c8880b58ca3b73d387ea47b1d6f364
-
Filesize
1KB
MD5190c50569c1675d75c001af746f23c8e
SHA11eaa9ed8590b2158e8cfc7596ca9b14a9db7aa8a
SHA2568d9ca111202ed4dc262e0640d3476e73f5bfffa2c34c05861e26df655bb4b41a
SHA5122bb0d5d4ca36f3fd536966592abf938f50cf6d9f30976cfa308e84116f7e8249163313a547a242967fb1dd7b699f6f69d7d863aa063b82fc2a60fbe6f2128032
-
Filesize
952B
MD56e181d76605f123bb90b49289ef7e0b0
SHA11d68d247957e318014232623f93e324d309f0771
SHA256930b18746bc3e3a575e0b067e57476163ea1a7efa5e72a2defd7fbb451f6655a
SHA512502dcb8f8b21f5d7ca8f40670ee041d66a92f5912462ab3171000548e54ebf6bfa8099e783c66b6392fbb44cf52f5b788836679c6098035ca46b0743694c6be2
-
Filesize
121B
MD5946fb25bc60fdff325bf1365a2425dea
SHA1a5745be44154b558fe793b5204f85e87a003721b
SHA256635704a65a56082d38d6c2d309f8516287d4173c4dc1f4ebd11ecc4955b3320e
SHA5124b6e1f6a18541d1600c2239a8f492e0d033e378f7ccacfabf15bb951dc5e3e9440c24ec96d248e4ce0c6f8484e9b04fea74b08dfda222e16070cd0a06e3c1f71
-
Filesize
1KB
MD576897bfba85f9f42f729503e8af324e2
SHA1a3eb3069360cfc4cb48038f0b722765f95b525c0
SHA2565d75631cb12a1acda1d8cd9dfff2006871fc02a3d92f6bb352db214ec9017102
SHA512b02cdfd8b7db90e6ad2ff1773830785c70e7a1a1f0aac919d005bc1c40fefcba6811705ffd72cb4db6996ea2383406209af95b153c899872d3060a57d967b284
-
Filesize
8KB
MD573751cbde54c32154589c2bf1ba05c4b
SHA13c98085c593f393757775658117ac4287158b1a4
SHA25652e51059e85f4e0f7d43f013a3d2b0b6f2f73588553eb0c74e430688801bea44
SHA512aaa8edd8b9a214392ff4cf6e33e39d45c248718c72a0290c0aeaca89049a3f7b8a39af8f041fe949659fc70a759997d446d1f0fcc066264c797dbac447d14150
-
Filesize
61B
MD569e340e1c8cb50056eeade264b8444f2
SHA1f87ee8c362aaa06c226dde199d4ea46fd4d378d4
SHA256dcac981d84d0cbfc32fda974d40968e59ef932825756daf43f5d25a93bac3592
SHA5125548412d3dc5fd5f6b27912c0483a2fa9a5b4092c8a020085005270ae3a2943edde1a5958359f614c0e8dda1beaa88dfa8a9ec062767f8af5126aa27c86844a2
-
Filesize
914B
MD50efe1112be7a869d755f3af0ee606cfa
SHA132eedaf97b0626140f1c0d1c284bff08473e582a
SHA2561b29c2274b608d1468a453375202b426cfa53367b8fea357ddfaf0263cf82027
SHA512ef93bec42a428b98bdb656a87448237031f82b953dc39d28310bddbd1edbefb34c5ea35b171321d56ea8b4d37c4c622500c2feafe64ba2d64538c6202fcf0d0e
-
Filesize
90B
MD51370ad9dd9b11f7b87d44c621e02c6e9
SHA1d798a3951529bb39a8fd0b2a17c92848507ff609
SHA2568e973061e855174d463f393cd8abf3137e89c1cf83524b4ec61a5beb477a48f8
SHA512d0c696e180e48972367078405dea6d2411222375297ea96f99dc8a800c2cdbca77f0a84b55ded78c968dc4321b34bc778a74311df73b35f2d48f89aee90648f1
-
Filesize
90B
MD527df5b551e5456e09f1cae41327fedcd
SHA15f88625a6583ecf6a03f0371f88187f62a4b9ac2
SHA256f60d073397d8057a614df597497f723fd8a5637b5bb7d29dc7c6fb9cdf3ebba1
SHA512d2ac12a35eb0a70a929b8c9e2954851465c608a7d82125bb2d819e19974785b91b741a1832f9501b3190379ac7a6435e745ab3a2a1708e9bd34d38d2144d1740
-
Filesize
328B
MD55d21590742c2476bc05c94f0c89e16c3
SHA15b1f119802a546903d114a1cac68f4190f97e449
SHA25675e63014b3bd8a91f89d150524fbcff4fcdcb069e0478f4c43f63da1a65339df
SHA51276746ba34b45ac1e4e21d35a81b39c11bfc4f8a319ac3fc648d90ace1ced01327a63295edffef9eeecc6f50379a9441bd7391e9bed15247dd2aacd94c9ac4ec6
-
Filesize
1KB
MD57d766639b6336e9477f8eec2e715456c
SHA13445f66f3c441202ad8185998cd730ba8f77d7c1
SHA2561a1ff0896e087103070bc78e48187f6a7c2ed7da2a96edfeb4a81721d97b07da
SHA512b3caae50aa1da0dbefd8367361d81f5d5f213ca4ec90d4306eec525e73931ca912e7dddfc462960056c800a277fa84fceefc74ccaf0597d8ca3f5a4ef7c57031
-
Filesize
162B
MD534282eaa1eb773c6b2e47a2f1f277d0f
SHA12a87e94ed4ead66ec702b99cc0bd4daba3dd233d
SHA256258bc91fe92b5650f91ca2413f31dcb66d6e7aa4006bb12365ee1f30e059dc62
SHA512f0ecfcfcd27c45746b6ab951729badade1893ba8fd14730deafc1a098a5f94a63b1579bec8d00bda8525460446662c999c0e6dd1923c897ce3b35f10235b8e1b
-
Filesize
586B
MD5e2e990b0c00aa032c6f4d5f6ec2061e5
SHA118114fe00f679c34589c37d46693fe70f539a959
SHA256459a466836211c994b695fd20b825c5e4865c39df937785b46a2d1919f8edb68
SHA512f255e299dac1cacdfc0a5e7e4c15308958d5d5af4dc578c1a6788eb2ec1359d0fae69d0b98b5ca2f1a4409b929a47a8c7c55df6e7cd96b2b1429b1921179a25f
-
Filesize
124B
MD512e59171483f9656b9fa4661c266e321
SHA1d2097ed73a624c2944887795ff50ff7689c0dc9b
SHA25681c23a4a0c4b4dd89211d18454e3885785a6066b74a386e60fcbfe3bbf178d24
SHA5123e1e986938964b76e285b1ae7626750eb908fa3244d1b412a4df7e604424fbcc12a2d6e2821b7b2c7d07869c5e6b9c2f772aeae4ddb2b4a10843ce17f3210d86
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5a25edfab6f2b8f3ab63379451c79f24e
SHA19076ceee65808392dc2d12452289f510d145c04a
SHA2561342aac2074796e50bd82e4d4e0b090e2f69077d421dac0355d7e3ae421574aa
SHA512c41db6febbb52eb4ed5ade0cbb35e97eef1dd7052866b3dd5582e154e2c1450766ae764d00d2e5f3e6cafc8b34b170ae430aeeeddf52ae9fc58c6b9932afe28a
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD52667b616ec8c047253b9327532ae2fc1
SHA145ca399a4bb6328e1fd9345629a04ababa17c19c
SHA25625858cdb6f77ba693dc2a7231cbd093394c1a117f602f02120b99c1efa5f4d53
SHA5122d70c77c00f459af80f6b6b7bfdfa2c11abf235d422522c24c7eced7e1bba83c31be18db8a76ee4e47332960ed5cfa62a987aa56394d8efc56c428cf8e0c1a0c
-
Filesize
8KB
MD5ae1b3d40dd08bb22fee268eeaa135446
SHA1293923534c02e0fcd0f9d0851d7b52f8ba512634
SHA256101009f3fd28de75d9cf8f3ac59ce91f2b6a5ee2189cbabfdb84a7ed443b4db1
SHA51238dc7510ff7dd5a295a945b2e2af1a56adde5f5760dab89ceecc3dd23ec7f6a51c0cd4cb52d796561c743db6e7d7bc095dd583d9885c01383b8f7f82207125af
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD579f2f6a70c060739e95bf36e570ae03a
SHA16011025072eaabfb4f0f7d371f37292ba8ba8c5f
SHA25659429c8721e1ac5b78222ab4eddd4964fa7a91e55ec3b228ed21ea1d91b5a74f
SHA512e93c8eb1e5e777e33ad869075f6223b5736f2596a14849ce768119c6fec8295399e7feb5f98fe05d7ca169086a14203148f1ee59f4275db28b15003b0ea28a23
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5265494c0a9df5ca61ad1e63ab8f4b3b0
SHA1efd7d68852859152f10bab885a2364370c90f787
SHA256f124d984f07017c6f76fe0e2d1b2f9ed0dc85a779a27ac10e9b245b6849a76d1
SHA51251f8c6b27a05d07d4aecaff4a6c3f2fdaef3bf57964d6d45a0d575bf72ff9a933ad70cc721e6fa1c37377ab826aed1d0b64569af77f0233fb1ec3c6504a5502c
-
Filesize
880B
MD5893562c6dcfb2561f1040a8702a5b838
SHA1c8d0d4c2eb147619e672b7bc55fa9a4f62b3d84a
SHA256469ee031bfd14e3da5ebb27f05233795d9bd4adc3274a2a440875dc85d449cbb
SHA5121552c469676ce75a800fc71513abc9a3d7c4b6f82f60e834c0e8ce29acab34abfa39cbca327b4fdbb0e296e00ad471f29fa0972d058f4dd4252eebdd8983cbf4
-
Filesize
1KB
MD56d482bcbb70fbf368c1e849670d7821e
SHA136014a042d0165ef07f8b9beb68fede26c5ae112
SHA2562405714f67bb65afa9241d863ef9d861eaf1cc2ab041612775df4df991a994d1
SHA512551db328f40994b8e3060d23c4e134238c8ff716b6229fbfea2fe063b79a168b5551cb094eb8544739e8b5e99850e95f53a1e8abbb607d6d1db08c5de1b114d0
-
Filesize
1KB
MD52986fb9e6caa23a85336efe8fd4118a3
SHA1703393f7907635db9603f917e36bd06a5e416ebd
SHA256b37bf92d69c52511c8b89dbe3bccd9f4751d8cf07c2204ada26254b52c19f6ff
SHA512b8a0cf43c4e2db4857585d88318cb6592c549887e2bccf80bff797f86a944b77f1674afa2450c476d91ac052325a88ab78d7cd1682482d8c96e97c7e3cb16374
-
Filesize
1KB
MD58d6c5b45556062990fb2f32aab7e50be
SHA1c647a72386973076b11041fc4819f9c06894cf6a
SHA25630109d0445cacf57430883ab5c4d019f92c5f0b44631fa8c3778f7fa1edc1b94
SHA512ac2740fbdebfc52a550c37f520885644fa8b79cef1ab3f17cccd020c48993b6744f65ba08d5a19edf9122714a9f08bc7d32292263c28acd44b3b1e1bfcf13074
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5a8691ec19f3f22fa561ccae350761c06
SHA1f772f67e834029374a8ac907d033a6bed9a90690
SHA25645d9faedc0df757d036fa148b17094be1947ceeb01dcfdbbfdf912c63cf553f8
SHA51223f0b3d25e14c479f5eb89a9f2b7fda47a1a056656c23419e0e05d62fce876e12226d963944e0a942293758ef9e4309b6ca840f186bbf4fbd3882cc2a3007bb5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD54f97ab7cf8fc5b0e3901038b781c64c9
SHA1f76aff1567bb9c0f1e934e989bd7d441b0b75506
SHA2564a35d529e07927ca83b8db049d8fe797124ab8a59a7b6abe0262158a60e9dc8e
SHA51299daf7d0cdfe1acf7d823754f791e88a9cab6bb6b0b894d0364f874ece8723b7fc36c64e7f7a0642fd95817189a06203ae7ddf9ce6885a3992f305ee46e2169b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5a6bb0fc76b1c374809389133fa40ec32
SHA1cc0fff00c6d8673154fb6ee8efc796a99ff45d6c
SHA2563773083cc1b53f7ac39186e58153db4e6d962b6e77cfae5772efd834b9a42122
SHA5128dfc3fb316542461e3888dd722b19a2f3c691e0a5a12712121d1d0d013462aa8a3b94e2f1259185d4351a2c8f9c2c298b346bd35e5209c680c41fb2954aabb7a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5ce835ab30c36e4fb4bc2784384f74850
SHA168fa0b5481215965970c67efdc0ddf2d96690b98
SHA2561878673a83204351812315c48ae4ed439ae4b4d5d991374d318fbbdd8c5b2b0f
SHA5120b918ee06c67fe5701ed2cc1181092ca4e215c9e0432467931391189db01673be307d35c9c6a70f3e4408e03fa2bf7ee48bf0bed3c4a798ee578fd9780f89be1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD58080e4ae992c4f8226740200472266cc
SHA102a927485630380ca5186b513681dc8a397d1aa8
SHA256ae76b8ac29e51b92d81925a94deda0be60a8b15133d1853c1874b661d8f67f7a
SHA5129d9ee0c7530f47e05509a0d2d0e6ff6092b4796146182eef8f4f2be1d2585443f1128331e8633c0cb7e2ce3169d26f001d88ef4b4814c583380f72d94d8c15a4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5f21643d517bdea3990263b8128b02ea7
SHA13b3440a33b260d312daff53d9d4fe4f307eb44f7
SHA256f8ebd999ccf94ef6e40551bd807358e1c7ef447aa3fc5671b34828ead15c3c50
SHA5120745ba44a1bc17fe8210e811421a6e99047566534fc3a7c8ed8ade25345ef967e97ec3ef4868debe901bb01591dd0b6e6ee1709b00383b9ba732a64aeb7d743f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD51f6b32ef089d667579de7b15f148dc65
SHA1e554daebb2f5a688b777d0e7ad17d602765a9b36
SHA2560a281054572f86904239a6c693c25ae5159d5b68d1cb0b1c2279b27ee877c85d
SHA5123127c67ed2127d215677f10bbd1cf863ebf807b96f8c91993e0e5322dc87558cbbd5de69bd55b89e2c6c797012ced15a325929584fceb1f408b2d9c81f3cba8c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5156feb1541e2964860c6638116b4c2a9
SHA13f758d17c96683ca002e2c9efb0b32daf72755fd
SHA25649b01d09a621899a4c5a3654c12097ada2c9fdb68492ee9caa5a10fce64dfa84
SHA512495121e8e7cd4d4a944da85245d9a91fce18f5a2ab45992f7481c9203792a47e8cdd48231507f0e8f31df1adbc1f76c57627cf220da4527ddce5f2b4c4c56f1b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5d112f2cbcb86b28f528b3313f4901c9a
SHA1bb6030e99e1498fe26f2030e3116f9cad1798256
SHA256d24dd3100ce138768e763a6e1c19af5f940b82e587ec3ca1118bf05f541cf698
SHA512f72833e284ad690425208370304f87ff95532c74ab8851489a14b4661712f0c5e3c0bb3e271e6e3e4b86d59acce83e6693c5d6e20c9e5000715d2435bb4f9f0d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5f61e76ce9a0b26c50be0a8804af05b9c
SHA117ff51bc5e701d7df4004333c789a06593ffcd53
SHA25675ccef490f91c3b4559179d61d5d558aab047b3854fdb25a481d66f7848d1807
SHA512cc39226a47ce19ac27e0363ad0f8b0def5dcdfdc1f17a2b1f5cc0b0356946d2c9cf5549318785d8d253b44dd2926d8295630491f3bb8f9f203ff7e616f3aa092
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5441fe2d97d1f5dcb44a6c3a9463555cf
SHA1cc19d958340cdc5dc2e6354decbd99a6640be71d
SHA2560c30684f4ba8801d293a9528a106774929e73b0a75d876cfe812582be49b927f
SHA5121409f585bdf5f60f6c152638f8636de37be3ffb82b90753bcff8ec9ba17342e18c627114282203bd1a93ee238be7b07825619f2f9ad952e9d0530f708306536b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD564310f0de5f957ec79a2e96b5ac46710
SHA11dc7c358163cf15305afef5fcab4d0fe640f5881
SHA2561299c6ddd27793573c74a326e905663cd18236d9c09706b89605d5b8cb920ca7
SHA512d83b79904f19f98ab247d7f0db43aaa83ea80bc1940a11bfb27e995dbaa73125b74ca00ef9b5f9b859cf5d272fdf84a6222527e94a364ef2b6ddb293d2d9e8c1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD53aebaa61ad7ab89890a6b3a0a41ccb6c
SHA1f40c8f2d3b24ac96e60a2d190ac80a63f0f1b101
SHA256e6331ea5794c6d03d2b5c37856c21473b0301e906071158e13aa66aad454af6f
SHA512c0bae180c74d279cf7759a8cf0e96106a4a8f8c7ebd1027fbe7724daa25c47d5e7294b6e5182ae177adaeb88203c18801e19d1b92bcc1807a3d6eead13e415fa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5f278125701c4755cf766baaf6bd36e3a
SHA1d82e4bdf1fb4a55a00912700a156915e0166e12c
SHA2567efb3460da65ef8793cbfe1d29f5502d31df976d7d5d5bd299bdcfc54afe049e
SHA512565c239ed85dbc19c474f5c743142e9e9900043c7f73bb6253d858cb3713d3597bc160162dc1f3d782f7407f344d15d228e7b1548f5ca9f5880ee5f74ddb3b19
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD55bfd6d1804eb4cd2d25c07023e4a88a9
SHA1fd2900bc30fbf1d14365d827e08cb4f14801f01d
SHA2561c67506aa2e53324ba51e433438ef5282fb34bae966d3cb3d6ccf54d60f37513
SHA512d6cde9df01c36545064afe22873b0f49a77bd69b2a17b95d41fd1c51d2e60f75005a3b2fd8d46af916de1394f74620cce3f7850607b4cc1cbd023953c5597a9a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD571c8a42222e20e88488747abc2bd9827
SHA14b94937c1075153764997723728fe621b0e440c4
SHA2566faefe062cb104c7976f4de936fc3407580746ca22fe890c635b3bfc834ef4c9
SHA512cae3f3d93c7972b36773854dee18310c5c3eb68f11bf8ce4bbdc5f226b18a5f2521ed34f9968b7367e27eb8987251990c3329dd99ef3e745378d9d1ac4694155
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5a9358b5dbe5c97e3b2d4f2c51ee8b415
SHA1ea22eb4ad930cdc6baf7e2a8ac972efe72357389
SHA256ff07308639574aec7e5704d91224ef178efea3703937ee9e16e7591fb5cff746
SHA512acefeba8592111a506c64c6f6baf7533a1483a22cb25576067bf1f9a7564fa971a833e34a1bb6785b1f4a00ef009e707cb42ffa77c0376cb943bf6adcf3a2583
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD59ffa46a6d619e15b010e84f62acd4d44
SHA1be93ca12ace7ece7e657681f5a866e90c4d00f73
SHA256129790f4b0bcff4450a8be9ce83c3cf1f68204d6894dccaad4815aa6eb54a1dc
SHA512ec0d17a451a0553b24c36ccdff24fefeb7927b674a79bbeafad36c1be13c6f39f1eeacffe07b413861a63761d2e0ded54a7ad4a7404e4c26fb4ee08f862796d3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD58f756934dabcf069067390b39f20cf24
SHA154c23228ea981fb8767fb9dc165d6ced66448a6a
SHA2562f7bbf2a88a521654c78087a0c833614015a362ed632f1a81dafdd736815a90a
SHA5122db9ec1825fa675a2b1e22178af9d94181031392f6139dc1f9d991017970b2c60ea757fdb667fcdebb690a0b4c6cd1a3fe7520c80a79e3649872b40e04e9ad08
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5b394c8649fb72d4e1db1c78f4b01adf9
SHA12e35f932bf0d5f0e21d7739a4e6e2aaf3e6c445e
SHA2560f95dfa7d194822de2a80c511646a809509c9cc2ecb3dc2d3a9d20e0d558c725
SHA512bae75dd959ae8eb1fe99d33ca7eb5c2279045e155340cea8d31c01d3edf9a1a78ecf054cd642f8ba2badf2b96ea08f7b737a2d1bcbb1fdb6efb5d7b7cfa0cc49
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD59d23f8838c8f1fedd97c7b0d9dd10188
SHA1c0f07f37232e8950b53e61ad80887b81a433a539
SHA2566c0668e179ab39c2f38bc46e58d0a34018fa73c45a9846a2c0f0c82fc3447109
SHA512455231b3a3bacfa731259db3f42a15c451233c965c2701b8027e7c7be677691b258504e995602e07c97d3abcc6b94e45b8240118f79da0dd766600b2b8d43247
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5da5ffb624c2d1e0c20f2aaa7edc26807
SHA1c61f83a94383eae6a49f8a71e4a2b57c2869ad50
SHA2566192f2c6fc6e1dedb64052aa14388147875918bc760755d9301a0c667380c745
SHA5128d532511925dfaadf39c084b1295f6d45e5f875fddfc6425bc793e2b61bf4853ae7ea79f2c280d5599e224d2397825defcb69b845cc562fb9fd08c8605c1387d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5bcd3ce176cf317b27a57db831badd6a3
SHA1f1812421d0de73d94eaa5d3f740dbc18f96f4944
SHA2569b2deb5dfe1973223a7c045732af83db466a9958f6c655368f5013cd12cda240
SHA5126a389a82f2cbb75a500f7cd7f9e090e469f2fbfde6ecba3c9b800de548d1223f6a164e8834a59c49c5595d8818822d1eee7af6311510bf0d67bba5af3d0ffb6b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD50b9d149e094e2db05c8690cbc8b37287
SHA19926e409d09dfb3522bf3311e4a080b286a242fd
SHA25668978f35ebc07ae65991babb31faebc068b12977f82f35dba10e03d469d5e1c2
SHA512d02b46f29cfef8b35531b71608914c082a79895576ad63314264b7957ad023302f53bf53fe5619c3fee88c4ee0d39e4af3bfeb3d96615c59a03e5a1f668830a5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD57e9613e5195770a596237cf9851065fc
SHA157ebcbb12019077c88f7f0888f75f0ca05bef2b8
SHA256a1b28de053bfbc5f3e474e79bb59f585d12785c8c88f8414c26ae699eaaf5215
SHA5122702bc1727a7b3a4c27d51cce037dc3d9e23f7df1c7bdd1e0736a3f0768975e712ad93927a1e3163f87f01a80fe93120d345ab1e7cfad0f8555e99f03098aabf
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5b4ec03fa06b1cb69cdad48508d367116
SHA1ccbce895b4b06f92abaaa2e3ac765c0666057158
SHA2560b1905bc0f58cc41960d8c4a5a60aeb5904c17bff44124e74cc1968b18d4600a
SHA512d9ff16eb110bd12966a47906d58d633e72c9247835687b8b958360967f65b1db0cd9ff6815fe5a7555832d1c0e807834807bfd698ad7961d1b308dbe567deb8f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD507e3a938dd87d405558bc0c7db913b8c
SHA1894ac476e94015f990fcc6e0ea4a3f2643a65bd9
SHA2566da98228a371e01bc72751fcef08bff54ad20d2373cffe59eed84d992a6c4240
SHA5122e6607afa7237600b7de18b73f1c7badc154743c98a8258475121fac5c24070c695554e87dfaaac9d3b7c7af04b63e0340e520215efe2faa56bbc51538a8e425
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5306c17897610a20faae1d756964ed8f0
SHA1fdbc081cddfd4f2f8ea271bb869ccc27d68e7350
SHA25611db5a70f0c4f54e9953235bda732ab451912a17658fcce15703687a87b21c0b
SHA5129be2adfc964e921eee4991cc1a2ede6f2aeeeb4a71180ea72b772a73b35d4ff5413d6fd566f82182a5b3032c0d345be6f940940be99dd0adeb9c0a5d1265ab54
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5a117ddb4bc75d58510c1408d55033544
SHA124959876ee7dc4a390723adeec104343dcf962ad
SHA2561d78f6a2838f67f867233f345729abd7cb65e1196b9f7e702915d94ef8c98755
SHA51208a1b32e1a376da2495e75bfbb0cc775a516674cb0a773d404105adcd6b1150e9b60067e2ef3eed7150ee3ea8be89da671f1b7b2200037ad81983c0be14118a6
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5e34da561578de28e2420b9191e7facee
SHA1c147a705b20cbdd34efd072089e775dd158ea768
SHA256dc756a2075ed9e63596eeea34df4948d0fb307ebf190090b5f33e918d0735a92
SHA512269c048e96bf263c5f2db6bc73f5f3573e82a0057bab9e4f3b6ba4e496b47d7277fb54bfbcfa737a094c6a62f22faa7b744bf6b86ea544eb2ad60c2680e028cc
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5bfb5c6b70f4edc9c18c0d109ac4d300b
SHA179fddbacd5135e6a2a342e1f266adb7e269cefa1
SHA2566218e1ddef6f7c8ca15d49df8541ada929dde05dbf6f22df7567d3456968a66f
SHA51299e9e3a173429abc5a0b6b7ce329abc32be665592966c5618a658d5c350c9c2216c65a161587859e37fc7256bf4b6e4c9c04c06ddf619b68017cc04799bb8cd0
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD559dd89bea5740f432ef391e8d2d95f89
SHA13ebbdce8bbf3cc909f9f08cdaa425b1361e80cbf
SHA256ef95373588cc7fb9935a5048aa55c0385c6e0f2f537ffc79b47cdd0a8d919564
SHA5122d66f3b197615877617f0494e6779ce27e0438376c9ffe785d664453d28fcf6a4b42e89744630d3714a33765b12bd10b521ccb7e5ee9ec7792badf15f7c4c7a9
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5d6cb02f2b5ce3dd8e5f7af0901fb36f2
SHA1932ca6ec0061648423db5eacdc72cab8f4002914
SHA256d1fe755e42736367d26e03c32fe43b520a10c71dc128f65f5510e1356b7db6de
SHA512733f9b73677606db3cfd457224c2dbe7039a58a5e7ae3e69e493ff88140b77fb2bb3801514e5562a09694bab80af5f22984d319f3af0ff9fa180678601ef85df