Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2024 07:44
Behavioral task
behavioral1
Sample
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Resource
win10v2004-20241007-en
General
-
Target
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
-
Size
7KB
-
MD5
bbf16f6cc96daed3d907ca260f542334
-
SHA1
85720c94e0a73bc1c8690d3d88eaef9989a36bf3
-
SHA256
735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0
-
SHA512
85480b003ba7d3b848cc5cb7949c6955adc9fe119cf62f5ea4163efa16390222cb14fc5ee4512a37d5e385952673ab50dfeafb2ca5c019d33423e3508b4fec87
-
SSDEEP
96:1AZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExAQbodG7GqqKZMUAi:uzdrr1FG1WDCgmjPZA2ZpZMUAi
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
resource yara_rule behavioral2/memory/5004-6444-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-6443-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-10569-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-10877-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-11192-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-11195-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/5004-11198-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smrvolume.inf_amd64_1d430c5b72323a1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
resource yara_rule behavioral2/memory/5004-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-6444-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-6443-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-10569-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-10877-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-11192-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-11195-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/5004-11198-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-125.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Microsoft Office\root\Office16\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_contrast-white.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-400.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\10.jpg 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_05.jpg 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-white.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-200.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-100.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-200.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-336.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48_altform-unplated.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_LRG.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-400.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-black.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-150.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\69.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-32.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Snooze.scale-80.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72_altform-unplated.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-125_contrast-black.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-150.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-200.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\weather_2_travel.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-200_contrast-black.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Windows Media Player\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Microsoft Office 15\ClientX64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_06.jpg 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\MedTile.scale-100.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-400.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_29613301342ded65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1266_none_ab5bdb26141e0be5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\tsfileicon.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_ndisimplatformmp.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4678d79cd71162cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..factory-handler-dll_31bf3856ad364e35_10.0.19041.746_none_495490621a6eb2e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-recoverycenter-core_31bf3856ad364e35_10.0.19041.423_none_e8f843a4b932ca2f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-200.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_10.0.19041.746_none_ff7e6acf5d4db486\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ation-mfmediaengine_31bf3856ad364e35_10.0.19041.1_none_c09ad1a240667a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.117_none_5e3309e281dbf6f3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\500-19.htm 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-voiceactivation-hw_31bf3856ad364e35_10.0.19041.746_none_42bb68bd810a9055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_dc22c8f6a2b16b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\StoreLogo.contrast-white_scale-100.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_dual_wvpcivsp.inf_31bf3856ad364e35_10.0.19041.207_none_e90623c3f0674d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_it-it_bd0959d543d529fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.84_none_04b8b1491897f94f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_44060f38c5cef92a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_es-es_9961d6a5ff7c79f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-telephony-phoneutil_31bf3856ad364e35_10.0.19041.746_none_bf1f8947412bf622\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-terminalmanager_31bf3856ad364e35_10.0.19041.746_none_dc766e62362ad6fb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-serverrdsh-license_31bf3856ad364e35_10.0.19041.1_none_5d5ebb89cb30b1ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-perceptiondevice-dll_31bf3856ad364e35_10.0.19041.1_none_51b0f1e38713aa1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-idctrls_31bf3856ad364e35_10.0.19041.746_none_809411394bf77629\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_system.runtime_b03f5f7f11d50a3a_4.0.15805.0_none_9472c4c85467e5d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_dual_ntprint4.inf_31bf3856ad364e35_10.0.19041.1_none_003f1b632195ba8c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-n..ofile-cim.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e97f718823ac7675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Routing.Resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ApplicationGuard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ratorcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_af404de46a9398e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-themecpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_a61ab00c3295f3fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_de-de_996a620ae260fbb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..cknotifications-adm_31bf3856ad364e35_10.0.19041.1_none_41bf6d8cc2a455b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-machinelearning_31bf3856ad364e35_10.0.19041.264_none_de9177187385f109\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_de-de_b782f28207a4635f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_dual_prnms003.inf_31bf3856ad364e35_10.0.19041.1202_none_8b568f04f79b359a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_cc50c0457cadcfd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.1_none_6851b34c2f697a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1202_none_f4d88755d85c332f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.19041.1_none_ab1cdb679f059ace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_10.0.19041.1_none_2f6d9cccfb410134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_ec940f9ab15de0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_10.0.19041.1_es-es_3f352b467a8508ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-cameracaptureui_31bf3856ad364e35_10.0.19041.746_none_560e4247164f8aa7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_pt-br_35e66098dcc078f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..lter-mgmt.resources_31bf3856ad364e35_10.0.19041.1_de-de_26ed3b4fbc1ceda4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_it-it_45d91336ac06fddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1_es-es_17643393191b5c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_es-es_18ff78bc4986c4e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_de-de_240f2e28a3f2c5f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\StoreLogo.scale-150.png 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_a86a789537648b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_10.0.19041.1_it-it_deb1aded688e56d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.746_none_c44b2d48ea3fab3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\wow64_microsoft.configci.commands.resources_31bf3856ad364e35_10.0.19041.1_it-it_e0e7c3c51cd78f85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5f1f08ae6fdc2272\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe,0" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\ = "CRYPTED!" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "EGPKZMQGRDBQZSH" 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5d65d54f98e8eb235879550e82505a1e6
SHA1cce984fd30d92219004c63da4fb4009ef5e03038
SHA25694537fce208a84fb0c5e77d12af811a1cb698cfd57e0e7112ff40dd2c3e5f20d
SHA5129a4642fad3ca30d8dacd0f25bc6782c9ace4352b0ad93fdd8b8a350920e78c7a2ae59b52f765a96aac36f89f77c00796a94579baadefde9d7ac4448a0494f8dc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD55fa1bdee6a9f8000b6a347cef16f76ed
SHA11fc30d5d1cb5591ae330308f7708e7d66f203488
SHA256426349fd044aa1fb239f43347e610403f5feea4c22b8f99025add1c06025dba5
SHA51228070d69d94005551da0d6eec9ef17c05b0cdde885a4cf45590f72a10470f38830f2ef13f3604b379c5ccdc9b34d82ec17776aeff1ef1340c4dc6f9e6b85743a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5d2e00ca0c2975077757a2d5a97ad698e
SHA1352f66d24a4a804e4ec9083b86f17f5bac30be31
SHA256fa7f2130f1cbd6aa017d38c92bf32d86bf1c64aff6285b82b5d2724c50d9c92e
SHA5120d11fc92a8035deae9b0513cb16f45b0878129a14948b3841b84bb03f307ef61bb27b1a1ad060e15d6829596eb7eed47a10e5354c62fbae90188619a346f7c8c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5d4b72e97cd63864b10964a7e28bbd51c
SHA1f28b81b85a345b4f0850b627d9fccd1b4b21c0bd
SHA2566dc16d0b0e61389bb03ab10d528768af663875a30f9857f4ae141f9e317b3af6
SHA512002151531f7dc387494a73bfabc315db89d2774e5c9e00bf06eeb5ad7bac45831cbb82add7829a4e1a7c503ce6f6543fb91113f2ef522ac7e5570cc0817d8547
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5c55fe55297352f23ac37dd0577ad1180
SHA1643e2972a72d523c63a9cc616beb6a7e18171243
SHA256e10d4c56e497d3ca8a34f18315fbc53fbc64ee91abccb527246ad6db948d8b39
SHA512459fb7baad651d81064e9f0ea2b75848a7fa838195f169372b66e920ad8aefc764186dde28cb0429cc442dbde65201598e58dc4832155d1a92e55d162ed81ad9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD55e320a7ff8f4f3cb0c824796a756fb72
SHA104c598502b4d35a4b1d85cadb7e4302ef659ffb6
SHA2562d0ac2b07d0aa8456bed5986d4598ef0ce0c46088c757220a34eaa12ccc4dddb
SHA51245b3766c192c846e6a8cb8f9c1556c0a72e0deb5e79b04fe228fcbd2e129e830f8f3b6dd1e17527097418504bfeca74cb89479107fef667e925727748aa9bc0e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD505c5943c83ea138f3aa029d25fb65825
SHA10fa44ac0464e2f75005caabc7482301816cf0b58
SHA256c612900aa76872f35dc643029747a21ab5adaca9e13d9a9a05c08442d466179c
SHA512149427703c45b51a4feaaeee887cc839e4f8979ee1f534ddcbe3ca3348a7f896692228b1fa2e114adacd8467db22a4dbddba8492dbce774e119b9de102f0724c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5679462615f34ba5b34e59fd1238ba737
SHA16812f63fc218ce948c040f04794d9e8c386f2bb0
SHA256673a21e31091df4aadf8fec3f6c7d453288dd306fea3a70b9d5b967b0dfec8af
SHA512bc674b91759950bde00fb84176417f4971e104088a2ffc7821d3b5400c7e55dcb9b832edb26f9fa66040e82abfddcd3ea3e297e2cea058262a15543e8db5eca5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD54c7e5c7bf7de4fbd4e4fde6d91b89649
SHA14a089c3843e5bbd8143de9b9df7babad2131cf9b
SHA256835a8b580459fe1b19a9dc1efd7bbc6003086614b7048952948e6e6c4a41f31f
SHA5120200bc6728252a5358511a87fcc70085caedc18f06b6968c3a2552304ab1ad5939572b1aea0a09282eee21dedb1effadcd84cf4c7276cc524ef66cffa0f9042a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD59ac8fd4c4a245353892cf13146eb41d6
SHA18753a5ac27cc1d62980f7f6b2f5e2f427155c3d6
SHA256ff1f7b75b5a63dbc5e913ba45b8b1b22e7173443e357933fabfdd2519cfacf04
SHA51208be94c6a83681a5749f0f5582e012368c8884a829e06b861f6871c80b6529adf237c645fd9f02dbfbec09b6eedabe7e10dee129dd78ff362d7621c6ab37390d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5c40c8520ca78dc42e3c0eefc2738ff7b
SHA1c8a608fad3a0d82ec2a784d80c925d04ba433b1a
SHA2567b66ece93a24b665af0263291782b3a8cd91e81fbdbd67c28bba5981b82351b8
SHA512a2b156997441defbbb802a88731d340260a3faccdd1ce7732ba897a51f63efeea8f35f40ab5750c07254f5dede83a690e99d90b1a5745f94f2ea942bcdf75958
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5a96673054253eef1ea1c89ca58f45318
SHA154fb60f8f2ad1aac12550b517e5c92ef5070af05
SHA256187e82abb533f6f550c0fa8a888c254ff55a3994e2c55da10cfee71df3da655f
SHA512630c650f7c8786f255f5d3d46a418e2abf3275c55a6b0c8f877e4ed225f662f5ebb5b222a6a58887a67bdc4de32f9eaa77a78add0bc5cd8c8fcb205144c19878
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5010f950d261b03a8675cc73526ae8b61
SHA180a72230ca4a59a89d50c312549b698a5b3eda12
SHA256ae500e1356059f5276b3a77df6591418506f0ed530fc0a20e8c35c62d0fcfe3c
SHA512ec609d152a010c00a104a1e1332c7f03862270290e70f0cb36d021ec651168cec14fa8d16928cd6d9676e926024fdac423c972426a1c76c26eaab664aad8d9da
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5bf59819bdaf990f29dc9f81e7dae60a1
SHA11343b014c737ebcc3525243b0bae38fbe3a3b4a4
SHA2565e1ae300a6b3b7fec798a9584e0a1d037ca3fd96e06d34cdde6bcd919a8ac686
SHA5124d0c5d36725f7651be648a4ee5d8c3d5fc6e364595134dbbb96c5f198e28b14e25c0fb0156a8593affc7f222adda54140e2315b7dec841f720c3b5e683661733
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD54aa2671ec8a7a5f739a8968495eb78cf
SHA16aa181397afee807a68053a37be954299e9a1b92
SHA25615a8e64a6a887833d8fcf56ac26d62122d4b290b2ad547037665d639fe73ed01
SHA512c2ba77445c90f89d321292ebdf5e4c369c99a2d68fea14a853bd6b78c51247d7350509cbb58d16473a106a378c274f18424b0f3384ab8728ed01c6a0fd76cca7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD50af11e6514152dda6d9ecc764b0bb112
SHA1e7bd04c6d83a4c952b39b4ba3d9711b15b8e0c00
SHA25606f7044a312a8cc20d7f394097df5390a4ef4c36f4b4ca6e56babdc8ced748be
SHA51266013d8f49e50b583b1790ff247d4735b146f5bcfeb41ef20e77b7eed4d632cf55240f8d1bb8b7a18e81fd016b6f2b494ef58b9ecb6b5ff85283587810dda8c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5aa55ebc904e5f5a5fd44375431582788
SHA1d37154a6ed3b37729ce7e105bb5b853ad558dfd1
SHA2566baac410b211e5f8b7b6147cb899a15236094bb5e2fbcdaa6f0dd374cb81b75a
SHA51214ed1eba5e91f63c89225a0c9605a2910753a4b64357fad51c1fd87ec6e572f40e325cd2f6c1e09ca9c3243d0d5adc2cfe9d6e90dd0ab24707a1c8d6f5248105
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD505a8b88b36fb5b6e5116707a597c499f
SHA12e3084d2c4209da9bb35c0ea0603edb6b4eeb452
SHA256f40fbe5268fbead2949e7f095b4e33a46cce9c2105aec1dbba627b0d97518a6d
SHA51245f78dd831fad878825f027329edbbc94884a62af97732498194dbe0d6027b0445a873b855c083ae5ed20fe0b3f389ddffd719c619534c3c07e45d99e70fd230
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5f10c4945dff4e2f3cf9380584c869280
SHA148747ea2bff757fd235e3601b09a9a09153aecad
SHA25650bca4529b1268fad836feb2c6c8dd9095acf5fcb9de412c6bec7bde3d102d02
SHA512f939c2c6c91d54273057399e2063b3ef86dea3a73e3fd675c3b09fa2e77370f0420b9b8a265ba79f081e9ac19807a5804e7d6d6e8ae17a933cc35f8966fa21ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5526603807c853ab6afc8493110f30fb0
SHA1516cf196685ba646c6c8ee1aba6c1a8241544b21
SHA2568622348bf084a09f2f46a8fa79c9c3546b0346d861fd3da8d5861c4bc799c953
SHA512b224eef87b0601d965b5181ff174965f05150881a701c1a92ea20f5e7d2fcfbfb6a6100334927b41c4af3c67109353e6b46a026dbc23c0ae80f7dbf8b5e50dbe
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5d4d26e0293b9717bbd3cb77be8aec87d
SHA1c2ac29f28db998aee9b59002a1dc1643f51eb0f7
SHA25612df0009168235b38cdaf4a978087dc5cdaaf972cd29fd54bff0e3d523ca681a
SHA512b03df6615985cb4ef787884efcba0faffd1d3bbb8d48a74dfc7c5bac78de1a6086d8b2c19d94b544441420aa0a48f2858fa55b8ab9fe5dc3619560386a0a5311
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5494801992617b179527c7ad905c77823
SHA1d87c3bcbfe61d8abc1b4798237db4aa469154ffa
SHA25649b6cd748c10e6437dccbe9f1cc080fb9632dfb7ae1aa6706ec9b8aaf12dcdde
SHA5125705a493a9cce26db8deb6581a1b4bdb562dfe3d735d436c36c83ddf06cfb5421653d88447a410638def5f01d8ce92b1a316419686cab63bdfddfd0648b4b144
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5617792ebac4447fee64807aeae4aee60
SHA14c69f7d73498ed4a665c10ccdb36f5c85781ae58
SHA256176cae6ec83c8022be263f610074d136ccadbecba8d2e7dab2b5c20a36156abf
SHA51207e16b53940289b911cafec4044bb5ed07e6b1773bf6a95cd5268b887ebc4a251b0734527d2db5a9134a10aff93d621ef3b08d4162006df349b98f5c62264240
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5045cd635e6e372a624de76172464d19c
SHA18d1caf8e572be690617480944d3b7317f86f1489
SHA256824aa42d6d73a7a89fb6308e34719d420e92168650475a8748b91fcf66b8c676
SHA512680a1f62719ac46830b529d5f695de458e67791e87473cb77100a957125591ed8db6df7af7be5f4ab8e7305d0799982a52d3f90eb80e4a8004ce3415d46b6409
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5938e4a30075ee0863b52e52dc8b3e83e
SHA180fdf2d4d820651705aa3e92f958b7ba8d03599a
SHA25671679be4b3cda15009966fa7ef004b557b2c6e9e0f0baafed9f4a72d9e3afe71
SHA512916b29b9eefda5d592a1b31635ffea5901d8a50dc6c6e8c0d92306e9e58fee65e774779b2a047671d4e334b9a69cfa60017867ec7a07e25c13d5179616e17e03
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5efdb15070097a0f6763f9d8cf2cba347
SHA1f2f1d561e596a26078c9feb5fe839852c5f1dc77
SHA25605a7edbbbb4a29e6db9c0f70ca2248e1cfa5a4e689b82f76f71aa66b2f9f8f4b
SHA512acd257db865b6e5194dc50f2aa3af4c90de7219824e8ac509b5d5feb00b730b14f30b1845712d83fc1516201583457d1276be7ad3ec6cb2e6acb7cbe2d952e23
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD55c1b8265f8602cd1edc9fe5ae7b98ee6
SHA1a8a64bb9bf0f93fc4cc36754b79597e41f6b1d73
SHA2566c3de54bb848d2ca67d172d381d3ffa7fff60fd982b019532e6d9f0886fb612c
SHA5123353c81cff709df5e2a103c441a7b12f05bb85ea9a9320862ffd3fae92f180f31c02b7b1f5d598a36bd112fc889d16eedd2db69ccfd328688cbc5e4095e35387
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5b861d6734878db9906903a396592d63d
SHA12d8e5ea9f00d9073c69de9e5b935c030f368b9f3
SHA256f6c173f531190fe3aab89154639111f3897a6d1fda4bbda18a391a6177f081f3
SHA512535fd478870d0a89731153b4ecd9ff4e1d00d0b252315e18df3101c48fbea05f101c1a2623a731a33c9a7b0bee539976b789e121f07483616bcfe01b2000b762
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD533007f3e25f43c986f9756d3e3d82214
SHA17d488958e633cbe4ba1c1cb2646db2b3dd689922
SHA25630556f35e2cff1a3d04173c240f5b439473d4e62812430c2caa301aa9feaa390
SHA512728b68be74668578b0389aca3f31de35f0d2462c6547ddff54b7cb151537f45bf084c8e336eb8a7dd7a4a097e01bdbbebcff9568a48026a352e0443c3e0ee1d5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD59799ea1a799657be154ec755af9dab07
SHA1ed4b39b4d36b8c6724e0c8987b2a9c33a636807e
SHA256ecbd78868d45d71a10e116b7f1a741601fb9a01b80e5e0d5064bf69b39d393c5
SHA512229230f45e1db869ccec57621aa5fb32a242ad1bd63f50aaf08b46fdcd3e46f1365a857f61ce9f73c547055ec52aacc941fd9ba0f0ba6b79bbafdb384b3c2345
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD56153bcb2e83dc5c66442a9faa1d0ef1d
SHA130983f8d306e458057a5708880a42f8d9c9be917
SHA256bc98492fc614337331799e6c1468801698353a0e8ae8f8f2a48ce1819bdfb0fc
SHA512709333107fd9ec0563791a109e40ac18978a126b8bc90dfa6ff7a6274d117cee377af31167c22d46cc6f545fd0ed093358e499dd540d1309ab76fcc60e545b3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5d88325d98c2e77134c3d7cf7fc0910de
SHA1f28b570cf3fccc7514e79b5b68b0ab982edee937
SHA256691c2456774cd8c9f7ffbae2c20756b96a9c56a82cecca6640a690daa0aba36c
SHA51221a830fb2df7b172faf8b299f81c584929c8cd2b904fc198d2f150ade5c28e166589829399181e88c482d4b6e0dffbe6b6e7342cc281eecc16aa1679010e3c6c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5a064a5db769dada413e9b16d4704105a
SHA13d2747f487854119eb0f655ea960696beb084ec2
SHA256a54197b1b6152ce8ae269a7cc95138c6b2de71321f48fdcf032403a0dce1b971
SHA51287b5d0764b95cbfbf28e5d927aa04f7088d23c2512e762b144b9d5e4585b788fcc17989ad0abc0b34f664cc76a9254351fd589cc9bcbd80e07b0200d51d35672
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD54b1f1073d1e85a35a766b42a28d44a8b
SHA1435fab273c952a08abe4b01e9375e1a3eed38e06
SHA2566f32ec39b32499416266a0ee1f75b970f02dcf69cbc2ae23e754f8fb2c26cc42
SHA512ead57c953cdd4f2902dfc5589939c432d0a82a0c092b9274a7a246e25a0819a35b4996cf3ad02669bd8716444ed0aa5b2d8afd295155030abdfa6fff04e1f599
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD578be5353f5f594487b901035b472b268
SHA1a2a5e92034c4d50ab47cb1d7df609d2863213fd3
SHA2564c80a4a6bd3a1a8242afdc0083c9734fca4358a0e7bbcf7db41a2df90a2ac87e
SHA512bd836656d1a054c081c023695e7a63fbd5ffca282f78bfefb7059d9404470cf3c16ce809ed7757e05bd2e0226648d4e8c7fd25caf860cfbbf995d38913a4df4a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5b7476582017c67d4855146eae80eb507
SHA1a4094bb060b6b90c7d6ca53808602c196d343686
SHA2569baba575e88a00e4664d649dc07b279dc70ca06b098f3036d5a309ea5f177eed
SHA5129656ff9d11c25781bc714f9223425b245774d9a3269f56640077c2e2c22f01ce0ffe39f4748c9b7a69678a31f75e4ebdf1ce67bdde6810dc917fcfa08a7e9d89
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD594af0e31d7e5dcbd9160d2ddbd822b21
SHA1cebd67e9ed7c47cfea7f1572f9017324f805060d
SHA25615e9ed49c17def52748ce3b3b5705ecec6684bb9995cef7c2c4a2562f3768073
SHA5126c6706b6e4d323554033ce5c9bebed2c62e22206a775cb0e0f89be959c2152a0d09062dbb0bbf32f345afa8516c24439b7da915ff2b4f7201c74e58ffb7e54a4
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD559616ad5226c1ad7eff6e3a70385587b
SHA1925d5703602f2c2be574a0a233ea5fd3d75cdb2b
SHA256ddc27f07a57287e219a78475e3e0bc150ff5237214f2a3529e2345d4b23565a5
SHA51251e8b3d5512ed20c74676ffc4c1ff7b83c87f50139987cd7675a6b8579ebed179f96209ef33a140a058fb330775c01727f64858def09a64c8d999c4db6da76f6
-
Filesize
299B
MD5b28829aa51a24c0452689df2364c7430
SHA11765a7cdd572757ec40616946ec022e75ca77c7e
SHA256b0ab3473bb61bf150b9112814c51895be2cdc6284a1a0f9e8c04ab62367755a6
SHA51257e6c8f60dbe1c0e2124f918bff16c5b9809be0163cc646f86336f612fc087e70f300e3c80bc3ce2f81c00037cf1bf47ac24f2172110e1b20cb104a645f1caff
-
Filesize
153B
MD5c41678dd684bf06e53a6245b53968128
SHA12a027bf562fec840a1254e9ba4c48029ac7879ba
SHA2568b46f27c26058882537eb34553d3d54c7a8c31c960286c16c95b6d90fa81aeee
SHA51231016a9419edd42cc14d1f4e002380ac65c6d686e62ded7ad1e61dd507ef81930ccd2946f3bb54d0b2de16722e6b707043cc7fa8cc4f7b9aba93ad0f6c92de9d
-
Filesize
190B
MD59bfa586b05c289e4bd89fd6187b97477
SHA1bd1ac61ea3280670dfbc7e128cd8c960dee92aaa
SHA256d25afd5673543fe366e41e0fb9266cb19273d69376166c34333b61eb92496e76
SHA51260b7a6ee279ad5058fcc924fdaa76bf2ca4637e394edfe2ef3ce28f14ae2d051de804ef3fe520a12a0d7a3e9d406843c47a236806e1eda97250acafdf1085f86
-
Filesize
190B
MD57b0928fd776037983263908b7a28bab9
SHA1c99bdb01cde5281e2b4e0edeae59c6259305e451
SHA2569f0cb784ef48ad2ce4107b5d052c34d9fc3a3d30a64d3949bd1ec36691236472
SHA512ac093364743078e35033fa5b373d778110777774ef13151a81e8ca2b7f412961542b6cf2ce704c6062c9f3093ed0d283f1bdd375e04423f68a3ef74950497211
-
Filesize
1KB
MD51dcfc3fa961184bb7a78e0cfcf1f0e87
SHA17e89cc6f800cb7365a4162f78652c33e0ffa0be7
SHA256c5a87dd949287ac9a6752ecd5cc43ce6fcac11a2a5b91a7cd24c828cd41bbb8e
SHA512e128a2838de2283cadd59a8445acf17f909818502817be2ed94db5620942a8e1ea3a16f7ee3dbce6d201798be6aa8dbb543c8946512a2470bb9de1009c8bc2c0
-
Filesize
31KB
MD5cd69f12ff5ab2aae7cbc52fe67348c74
SHA1b9b745eeb3c0f44b7cba3e374a7750ad83b2d0f8
SHA2563a6d61b276a3724e929ab2140f4c2fc435ce9f4552840aa857e4c7dbcb562d5d
SHA512ff4cb13a4af948cc2051091e5b15ab9d0fbf38b1328451eff661117cbc470d4d24bd013800a0a98dedabd81cae14f37cb264dac1cea77952d2915f197b9a2836
-
Filesize
34KB
MD52b2fb3cbb3c4a44e4fe076e0dfa8d833
SHA10f6a768c780998d33e36647b823436608de4ab00
SHA256824ab515be1c643cf15c4067883a471795e6ec1b15c1b187dc7ed4093018845c
SHA512cfb5a8b956ec5c37b3787da6a553cd18f4b65a3a1610a2725ba0e92ed2c4dfd84da2da3b923cb62fce54f3fc6c8dd35ca3b432e975de3db9b787069a4eef26bf
-
Filesize
23KB
MD518deb01769cd0d87038d6b11205dbb00
SHA1fe8cecd94d6c641b95744429875ce7c5bb370fbe
SHA2566a762938542548c9ab4feee67a1c661553dbe7f214361e28849f5bfc486136ff
SHA51284aef2c7b8f9017dbbfd61b79cc6aa359357053b5560bf43cb6a8774b25b0838f75b563482a035725571c1ac3a47d7df9fda001114554e11fb0bce10195ec0e0
-
Filesize
2KB
MD53e9eb6791a16d9fcbbde27330f810360
SHA1ffcfa429f3d71274f2e318b15270cbf1a7c61faf
SHA256756473d5a2641f5e6501ebafcebedbb1eac88361e178b8185888f8940265d1d3
SHA512ba98461664ec0f20e92056a86c322b1c5cb0ef00046cfc4a64230f74ab9b71474bbc928d356fab322a2c6d7cc96d2067557bdea29b13d0160cca2a6e41e47191
-
Filesize
1KB
MD5e21a69c25feb81b9b909ea133f34bed8
SHA1c7c99781bce576649a384dbe2c6abc46bb82b07e
SHA2561682f8400f94640bb31da0ea6ebba53dcc12a0cf1b06283fe87b240ee1814890
SHA512148e7dab7c5d2228a5fcba47c55a10ad1d211e2608475c64baba9a0aff8e2e6abe3f630935f2b09b22ab63168e510f514fac0f414e9d3885b971ad3b9e355c8d
-
Filesize
3KB
MD50979ec92e3f17b172df8903bb7424211
SHA1fb1c8aeea1f06598124d4a778d96f444ae4d9e28
SHA256aa5559c38de91859f0f52a915c5cb7e5034ecaecc7e8577cf6bab50e03a16574
SHA512aefa34186589417db3925d2461f9615e28f20b5eec7a6c9e380cc682482ed313bf222733ca644dff8f7fc00335b76ef69c63cafb48f634622aebde6efe677057
-
Filesize
2KB
MD541c052088431367430fa2b583b04e008
SHA10339347db80eb27d378bc40b6195036a8a46f4ff
SHA256968bb45bd5519b043a0b691914df11ed3e9e88b581836602da4bccd212feedaa
SHA512c259eb7f2e342b2ae321141c31f77f83ded3515c4c732f49462be9c94f647a18e5a68a33cd8f5b959213a5c0273c8b31e466afa72e49409d761527593a55644e
-
Filesize
5KB
MD5d35bcf86f09ec70e759a1fb71efc60c7
SHA183198bc523a13794387737d0062fd92c3a94c782
SHA25699d29f97a9230f03be8de5f79ff3d96141664abf9478620811635013437674db
SHA512f7dd9f3d6937dc74a4176a0b3212e4c7e64007cac9f9280b6328c4bb1285443fa5fc326ceb07c6829ef2e0f756b1021755503343a64279b001e2871756d851b2
-
Filesize
17KB
MD574a6571cec5571c8e23bc258af4af803
SHA1d2ade6e6f341a975c3138927d44ab584135d707e
SHA256027c46bee3bb3df267a7bb5e03fabd0af97206db5072466a54f2581c5c58afad
SHA51214e20ac20330143a1074409e4191674f0f933031c953d72b8cf617b296bba78b92b0d28c831b7cffeea5d4da7cad305af9c21cee2c99601244516897c98e5181
-
Filesize
320KB
MD5164f23ca48a11840aeb1c5d1f2f68360
SHA1b5cf4aea2a363e2f76822a25667798d076274ad7
SHA25632453cc3a871d7325065688d1f158b820c871adceb7034551f9ee3bb6fc57626
SHA5129561ed3686784c55ebc6a1b970599c7311e0d0911b0f2724985517dbb62d5946205fbc916c828e8e2eaaba743e115f6152abc9c19d9ed7267e828f169c16254b
-
Filesize
1KB
MD5116305eaf305b60931be52ac7012221a
SHA15dfc3f783c6823ab0fd240fbf92b8b347cc1e02f
SHA25688ef31b9a2d40738be672cd58d66a303154aace464a9fa0afba5334d83e0640d
SHA51266684d982583780bace6a283fafa332dd90b41e09eacdc434d94bf664e20b98ea2519e1bbf7addaffecc45f3eae83a2b77545f458de107ef8e75799eaa6e79de
-
Filesize
10KB
MD591d77ab9c693803647adca4d6b666eb3
SHA14c95449b0ab58044b4b49d2238b261b5bd5f29e2
SHA2568f0ea4bc855d969f458a86ea4cc46a3850ac7220145cab59355a0047c4666407
SHA5127c2e0a1588cca1d8235b6cda7d556494ff2c290523363507514aefb030e2f99c2ffb3097aaa7b5739df0d8fca12306fd5e656744bc281d376cb9cd43ce0e0c43
-
Filesize
3KB
MD57749c8f18bc81f0fc5aed71cb645bd2f
SHA13964eb5c505e97069090f8ea765bb7186c77d8c4
SHA256c31f703329249d2f3e4745638864b1f06866b97db2e76a1ab1b1166cc3624e5d
SHA5124e0781451b101e867fcce7142b96cd6dab81f7323fc09bd693bb297b347198aa027dd01fb88884bee9b225cfd5448e7319698625a41dd0349aebc32582f08b33
-
Filesize
162B
MD59a54ef67551e6071fbf294efe8ed21c8
SHA1e1c675797de1fef5ee5d25148fb33e36b954f1cb
SHA2561917826ad226c47fba3d735b6558dbd6f9026c3badbbb5a394d49709d088930d
SHA512373630ca5952475cbd6853ce8c41c0206ac4da674750ab9ea5912537e66b0241e4eec4110ff4864cfbcc940bd9c6532919ffd45151ec09cd0b42a4a0c80974a0
-
Filesize
1KB
MD5da0899df0fb11c125d3928029344ae00
SHA1feb609e9bf51cba79370b623e59c32fe1c21adc3
SHA2560a7886f6cc5dedb8cb57b1d43e1e0950c5b3d53e380e16f1ef2487c9371d9387
SHA5124f437bc9bf46b2a5fdb597cb31f53216ed8fdd20bd2bfd5d60677ebf4f3b8d7459ed320fd04c8be9a5d3fe1369312242782d304e56e87c89b59b160c9ea0bcc6
-
Filesize
3KB
MD5a435cb0138c40f7d932b83f6fda2eae0
SHA1801f74b06ed80615322cb834a47db84a37d449a2
SHA2564cc7f51fbdc1ee34a95f34ff7ca4a9a29214d073baddf66efeafc123e8153612
SHA51207655fa2313a952ac3f4265ac431f0f1cd0315facadd17038e2e79cec016ddcf8ac5c2b2d37c7b2cba92a626eb31e980813a57a46afcbf624e19db12d016edaa
-
Filesize
1KB
MD5fb6b12b130573b1788ae99bb4f67a9e9
SHA15d1891dd4d9617280bebc586b708324724740ada
SHA256adc70bb18ede2e05ddbe6b80b15683b124e921dcee9d5d5be75b083d37556f6e
SHA512ff5cf7b41020cebbab191b4c6487483c211078293bc0433be679c61feae1fc5fa3b56cc1bb74bf1c5efc854a1b62e51b0e1b6d69f0e4cc124e3b5c87657876c9
-
Filesize
28KB
MD5a86261513de1611de0069ad26580a15b
SHA17c91810441b11888a2e09689fb6159410041536a
SHA2563024dd9f170889348674624815224a7bf1305884abcbaf4466eef24ee59c95b0
SHA5122741750af64971aef230797b680c4c461fab7101635f25145813d56255d8a6f120d1251399b4f5c9508adc518455b0ffe916ecbed22827be50bac211c76dd55a
-
Filesize
2KB
MD523945b49eafa249c396070f96c11bdfa
SHA1bc1b463a618c92d931b63f944d5a784f06c442ea
SHA256b101831e3ea455cff2fd22c23d901fc5641baf945f0ae04f6811c59dd79febce
SHA512bed99a82c86305e787d2dc9b41e408d5b92d1a23a0170137a0787960d07fa1327094475bf2b0023d4c0d7982c45cba1debe4d4583f28f7b4932bc23358aa5e14
-
Filesize
1KB
MD52b902c14b1638a0d1ddd0fd6ae951e80
SHA106adeeca63f5e3a06f82258ffe92dd7dde47a33c
SHA2567e0a463fbf9169f66cb6238a26984a4f49f335fadb863406e770bc7ae3111097
SHA51258462a36396ad46542239ffc9f53af098abc5c7eb0715aa845b6ba93a8c17f4e96024d4d2d3eafd46842b1ec2ac5e367bad6c45291a392171ba524487215c119
-
Filesize
2KB
MD573c669e39144a92428111637a6919718
SHA17744b177d3153a32240180166c7e01b55b30b4e3
SHA25607addd7103d76b2bccbd40149adb8f69bab18c20032f35fe0614d5ffd4c06b7e
SHA512577deed428d3099029977b74d8658534221d7efb63725975988876cc16ad6ff8f931305061ae56992e08e96164d99868500013f184e3f965f1bc2b4c5f7bacb4
-
Filesize
1KB
MD537140374ea72adf361b938e13539ff70
SHA14123bf1bd4de7fcb31a830088783c3ea28e1855c
SHA256197bdb2ddf1f64b26d420083c3df4f47a0bbbe496507292df98b68ab445d4d74
SHA512f5122dc67d1fc2ebfe7938d9dedfa71d1e5b4bb28103521bc73919eb395f6c55e1556236663ae4a31a4e7953ee6aac0746e858cf2b61fe4662c8e63775fe97a5
-
Filesize
1KB
MD5524f4f3c90223125a934c140db1bd4cb
SHA12507c31306a394855a360d4294a17c02a8c3bc5c
SHA256ea762162db04a8e79e8fd6269437c7e43d2c24d8880985fdaa6df3696b96945b
SHA5121324547fdd48147f3cef7f220b6cba4d81365ce944229d26db3aec08e0ee372882582331ed1593a1d71e2cb0fa60e8b3ec33e152c8ec2577046e2409705e5b16
-
Filesize
1KB
MD597c3e335b6c2472214a54bd30ee7780b
SHA117925c26a031df90bcfa112603775df23f737a01
SHA25610a29752df987a575136706bcef9bf62e6a64f84fcd56357678948c1d68b50dd
SHA512a2de61c278e68bc6db0055cadd6da58f79c23913d444ef12791a104d3c4c38eafc8d3cd73b7f2bccb79b214a67db1f334ee4b24d94c06196611b8963f59452ab
-
Filesize
3KB
MD5b077876cd032788fd466b9d3a792c0ca
SHA1870d7f547efb8ad14d9e163da6eb174fae77ae62
SHA25660812dc3ea69adf7a5f82481b818bdf834e9b866978af5c9e60ecc1ae81a75f2
SHA5125401fca236e898eab784f0a0ec28c71e8d929fe3d237574b6254ab110ac672a3b12f8d14bbc1a102a99a903a1d02b2fb1304c7fe9cf3b35ff26ececda3370593
-
Filesize
2KB
MD5ca47f259a1d4c6684ff83410432618b2
SHA166da06b5a8caf9544bade5a9bcfe99a646003da4
SHA2565b839013c1bc2a4a24f4e5587833ceb09b3a7d45c93abf4d2b2f9d37014115d3
SHA512226f9d6aa5bae2f8e7d7f6b6b8dc183ef86ab69bc63744f9b9aab0d5cd202b24a0a1b6c9eeb7c79c944af7603e8a7a28a018db8f9ce06fafa30b2c284f935579
-
Filesize
6KB
MD53039ee7c958e68131ba1097746c3e1a1
SHA18edad278bc3954f19877e4914d454118aaaadc78
SHA256a967a64eb565310084129163ef988a61468a6c71b59579383b499d729df26258
SHA5121000855c3e22784d3f523076aac611c8cfe20b1d1d2de6b7ade4e6cb7c23aebadfccae2d24fd7bd854228c539ef8d4bcdc5ec6731ab705b615fcc496ba9d5880
-
Filesize
5KB
MD5a94ef89a5258b227aa1520f0505fcd39
SHA10466197c633b6dcd6ec2aa25e1692c79fe5f472a
SHA25608d9cd331bc0a8592843b8e7b00e6da660a8114cc11e8b3ca26da4d71fdf7845
SHA5126bda7658af734906157822d69cf4fe103cb008653e374bba8526d201d04359ee09bb5be3ff81350bb49b2a23f7950f7c2e21d8707fefa0dff8a2db014df29510
-
Filesize
3KB
MD5f82b2c03e0629824e4839ad65f16946c
SHA1bba2c14303e6f51a15288d5cf8eacd985cf50809
SHA256bec7a88ed64356697dc539a1a38e5ecc51f4b739dfcf99213babbb9cbf335978
SHA5123fa79ed8ded925af652935653b004a37aca4e5face960449c43ec56dc8a41e97693124ed4ad36a69cf064bf1bd6c2de00b95e22822cdc4cb7c5edb614c51399d
-
Filesize
2KB
MD52678330b22dc201defb9f037191f7bab
SHA1a26c6200e309f6816ac40c0b859e0123ba5a2126
SHA2561e741c864782d109f508f9c72cd10b7bdd851f77010b3e0420217c3054412a11
SHA5129c122e40f398c9efce586bfed1794be2af911558620691f1ff6a9d62af826c68a8b49247ca6b2cf83858da2599114a32c4fe228cf222e671c190cab7d65be42d
-
Filesize
2KB
MD537e9a2495c0815f2c345272eb60690c6
SHA1480bdb98fbe7aed13855b96bbd6ccb51f2c0d2ef
SHA25662927ec2fe4199fbc4d7c9c5fcee970933b0c9b88d17d3ec7202e09d23679e4f
SHA51240b420d7e911b6d04bf39ea1c19a312c57a70f0358ca2c5f32dcc6eddec7265436abb19761ae1862d68197cbbfb9aa9333b680c149c84d0a0e37cf8ce71ff290
-
Filesize
1KB
MD55fdb9a5b933462d3844e55fcb90e6c72
SHA1fbbd4b84005fa42f91de1a20bc0c02c13933fcfa
SHA256514c6f9d6fe1ebeda5be212acefec5859b91c250d28751ff377369de788a77a6
SHA5128c35f638ae25bd60052dad16f9f511406e5b64fcbfa321faee9595ffaf48bb5803b8a01321f7ed04cccf73581efe64809009cb9537b5e6b450043561b0bda697
-
Filesize
1KB
MD54d2dd2df509fdc918746ae3e1d7a83c3
SHA1348c03eca5fc5fe84a7d309e9030bf7341cd251d
SHA256ebfe54d0f3cadfacc07641cbb4191cfff81cf04fcafff50acc94cec89aba1898
SHA51240697672b84b834d3bc3cbf7fd67f88843bae86668c9b55385ce1ec10b9dab288f00608fbd2ea213fda7cdf1c63777d054c2cd7f9668d3003b59508676d1bf47
-
Filesize
11KB
MD5dbd61b1f72433181de79284e9f0bbf45
SHA1bb4d13bc13db34700f75839162c77bc00fe68443
SHA2566f0dc47ffd443c6bf5d798208d6e8c4497ba4163f3edec5260fc524aea76c56a
SHA5124adcfc36d7c1c223c2b07a3b75daf512bb35ab8bdb82a2b5108b04687a62200012f66ad1db1019a0f3924576dea30ef31153e0b42e1beaa4e3c8a61e3f5b368a
-
Filesize
1KB
MD55f5e88098583ceb0a309edbea0703620
SHA14b82a56e707c12356928315436ba215427f07c87
SHA25672a37a6ea82e1e51898cf8297d7de6a6b4e58a4e22974aee94713cdeb971e158
SHA5123aa6b4b298579c0dccaee355d06b6a049ea6f575ef1d51cf449d719a328d015fa54d406fb035dbfa27b6fc8b39822c87094177082f4cdf0efac7a2d41c781470
-
Filesize
2KB
MD5b98baaa9d8b46082cb8252b6ddf9363b
SHA16b1d0b2dd32ed35f329ff003c02279e8be09456b
SHA256bd637c9da7d67c080f70258da9c9c6f117ef78dff911fa0d9cf22e2187e7ebee
SHA512e95964e5ee8a730a883c27108b5f8d3a4490382f6f3128533496c9eb8cd9816eb7b4e0b49f18c36b029b272242e02bf5ba4781ec1bed59a8bf1a0d06e3f9588d
-
Filesize
11KB
MD5ad675e7ed2ec72c1906fa587d53bf14e
SHA1552d91633c7e11a3bf4fe9403027a8d07d92058b
SHA256e2f50e63ec1c92168218d56b41897d416cfeb2788698de8c0d984563565f7ce2
SHA512da7d7f47ce308c0d782e4abd4a036195bfbe9d44566bbc178cce28c534aa87ff69ab920ef2d6549605f4ed92b95533ce627ea85767a9ec832c604668b7f3252a
-
Filesize
11KB
MD5d9d7228d0922be95d9adeb3f24ec0b8c
SHA1340fac34e7e3816dba960f06f2abc7c4d91d4a81
SHA2567e63744805dd8462351a5469ba379a2f0ceb9cb9a1ba2577a4f291651348c1db
SHA512cee4cc64de9e9e761a7510eaec932a512925920ace521da0f8fa63a63bc5b57144b5a4b8dd55adfa5d4f02dc8e518d77e36c676e36029b2712a3094b65fde714
-
Filesize
11KB
MD59fd515b6401a71b546a0b2e3ebbf95d9
SHA17f2d98b4bf362d6110ef7857711f17b2bd12e66b
SHA256c1899b6d481fb18e82ad975fbc13502b802273a183f852271ab63a0198326230
SHA512cd27ace2a9cc8ebbeaa68bb09502a50b2381d8ceef57289daae66b108b0ba8da705595ff445ba2e2e6ff4ae3f92a8ca43f88dddea453507276a0b86807dfdc6c
-
Filesize
1011B
MD5bce3a1ac650bb4c551ee5984de07b67b
SHA118a833bcdf04cbdc497950a8e4d5455d50c3cff9
SHA256741dd73cb736eb6c73dddc8b062bc9856cea0f12e2ea1af16dec3343b429d9b1
SHA5126b0a6742dd23daa3733d8ede9e2c1ff003e5b2d970bd2812787691329641e868351e09d20b41c4c609e7c02914efebbd0d4b4f402b1bc6aa9678b9b059ecef8c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt
Filesize77KB
MD54ebcdac762ad250144ad04f5e1898bf4
SHA127371247005acbcd232bfcfa5d348e891f722da1
SHA256867971aebc39f233653c33efadd6f7ddf30caea65c74d8c405f7d14085f0abf7
SHA5127606c9dd79ab94dc40e17656bf8bf213181aa4ff7f7cef3f5ea8e325b76593500187871d7186f6a44242fcfc3d3881c024bcc81eef8697556639f02901095434
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt
Filesize47KB
MD5b6aeafd54307f2e2efaedbee25409cfe
SHA19cbdde9f84f6cd9d6543a78c109f7a844cde1f48
SHA256584909b33296d2618df52593f51bbe52db160fcca6c8e9a7d76631caf6919968
SHA51229fea50af732225053680a779d9a90479fae615116ad5ed03f14833e958ae78912cf65df7ba55f10e37a3241ce0dfa770980ecb341e36c7cda8c69062d9ecd36
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt.EnCiPhErEd
Filesize63KB
MD5d3b1b0c02756269e0276fdc44a6cc83e
SHA16eb4bc8972f33edd51b3f31c66fbd58ff1aed214
SHA2567901e9429d1c331b97beb2384673312500b07594be70832af554355fa0449e8a
SHA51242202c159842fac3d6d8df07f989b18435a29eca6ba54c7c7e682ed2f3a1db3b30e3b8810b3154fbd4ab0f689d31bf3fcd969a913ae31f581007975898ae4421
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt
Filesize74KB
MD59083e254f378f3f0d282e117b1b7e3db
SHA138150245e28d19e9d42ec6648d49b9ca4945aaff
SHA2563f6394b2dea8d94275b57d121f27ae4b152f71498697c9fa7fde3795c3462db6
SHA512bea19dd9054c20f822f75239a8ba9bbcb22f4b3daa548262a6668056fad3896d32741b7c1bfd9529ae0a7e2fef1625a0704e65739faed1a131e854d1e4571131
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD55cff226b0890ec2fb977c7ceef2d1154
SHA188249b74e08422f2fd6cec55b11fc9a4d9519695
SHA2561ba66ad37c86c36b8f4c71010203f14bd894edc9e6f77186d2911a217e6c922a
SHA51254abe92d06ccf8259450b1e6b6aa852fd5c41357f97baf8ade78904db6082d89f1d8f89150dddf31098e6aaced5a314440933043c85b5e031535891caeb7ff1e
-
Filesize
21KB
MD5215a0341a30a24fe9212d079a9b771f6
SHA19f3b1f436d9dec24586ea21eb8104d4619107e64
SHA256abb6067afa90ff3508cabd61f9ca121d0f9c90507fab1b76d10f6331999d5e12
SHA512dacd58c8c6736618e535e38d2e7161ffa010263fc1431626abab931623a5b203a1a0540afb0ef30bec06d88d3693d5602fe6f798b77100c24c0a80495e4a19ef
-
Filesize
1KB
MD57601755b5dc9a5fdd884aaf45b1153d5
SHA198cda7b989d5807347f654ad8cea8761531b5b7d
SHA2560c05e957dd1849724941a1e1e19b200de91dffae39a65eac2ee5a2da648646fd
SHA51229504f0c4cfd106625367d401ebce2238b2e7083546e667627dac42bc3b41ed326f5389ad2137821a62fe02fcffeccf856515cfeb6f4eabd05196c36393db477
-
Filesize
952B
MD5958ea0e3c3e4d9d1d0b14347588ad087
SHA13cac504e31e2873705bdf0ce0d2a037a3f842195
SHA2567b834141748e5b88b22e7481b2a02058875a3e784e20f773e04c676ac88223cb
SHA51284cad66f93a1fe6464b40afd3f6a5be62342e123e43e85cda773a8362594a7c6d0395eaed80fe3ef9c7e2aa807d4bb9539c273ea2aafb2266239e3ef97dd982d
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif.EnCiPhErEd
Filesize121B
MD5a5b2a9795e86ed6a3d1e0609abd402af
SHA1c4c26660daf86eb2fa74af68fde94acefcac13cc
SHA256a7c8a59ea1a7b08496b9214a33c28177f6f7c7e9749fbf0660527f72382f443c
SHA51245d8c2f92a62eabc76f5bb30da5b36ada7ad2374aa0971ec38b87488e9fa986ee1b61c18998015775df88048bf673e94fe74dca3a1cefa8e4ca6a9817a79c513
-
Filesize
1KB
MD55cf7971f5124a38214350c465cd3aace
SHA1cd4e0f6ff4e19d2475b303d8f9c5a186237b8af4
SHA256076acf7238d73824dbe55ab10e2ff8916a4e03c5205f46e59905524fa1650641
SHA512735fe04c4e0d436e36255b5f399f66db807d280d627e55ec931da7f022136b3f6cc8ea56102e46a674baf0d2b6844409bc06edb092128cc43f91bc4ddf89ef1f
-
Filesize
8KB
MD59a21d6541be97f6ae6b0ddbf5a39fe88
SHA1500855f31b919d5f10b46b2a3807c022e147b9ef
SHA2565b6af7e20b6b90c44413900234e9ebb461679e9017c2b52f2f063c416bfbb96d
SHA512eda142a3042cec239453f653f92d3a9131ef1de39a6fcca641a6480c92e1a056f2fd47d3c89ca2892fdbf3558425917b3746b25056cb77bad71eb80c547e5c07
-
Filesize
914B
MD5722240bab399566bc270306f9df8600b
SHA19132894ed87ceda4a1f66e6d89ee502d57bdfb08
SHA2562c2636a6c3c53631a37e5aee914478ac6a224187ac6d48be5a9b9baa7c6e5fcd
SHA512fe79a9826ded6be6ed8d848884dbe46b7402567794159b8112a549ff6a59869afd5ea19d7cf5a39b8423bc3ca57d31ad6f2a5ca4f72acaac7dfb60b8f9e627de
-
Filesize
90B
MD5435a7d0a8ffb995138b68ae1b83b0103
SHA16d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA5121921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d
-
Filesize
90B
MD5a4858bdfc6a8c2f77c7666b9cba76f0c
SHA13d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA51292d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66
-
Filesize
328B
MD515d544996cb9c3a47615f5de052ed8ff
SHA133e535373ccd36515bf12e566df82c477e413db7
SHA256b4e2bcce0b715f490ad5977f0bcffafebc9c1558c42a6577d2baa074498ffdcf
SHA5124a66a869ca1fac68aab8730f2bc559468db138204a4dfdc1be760960fe5d5a1fb755ffdde9510f748820b9878ddbe54be3c56365191a3cd7d4e374ba5cf4c846
-
Filesize
1KB
MD5fb15ada5b4f7cd0bcc8d0af4d0d7ef7b
SHA1253aaf914b4c6a5219e7ba6575731d6358cad098
SHA256c43e561058463f7264a3859e4a700bedef54dec862ac1d264082736d6327d933
SHA512fe1c7ebe96a5d65cc25c3fd2ae4ab311115c076c770cad3cd9cc25e9f7b294fc4ca4b2d7481f4516cc6b76be0b7ed71059be07694a4506f9665ef7dd41ee1867
-
Filesize
162B
MD5567ba6759c00c7773e2a2423da61089e
SHA1cf4272372a4c1337abd399f17f051f9b6e20d846
SHA25683a5ca5ac43f9ccd9c705802d8134cdb31f6095a903d4b7b03381279c0c542ba
SHA512cd13dbbb01b5468a0634f1bd406fe65643dde862259d7008433894275d64da1985c9bea6f69656611a17e5cba0694e336be84bf43ede1ea1a38ee0f78454aca2
-
Filesize
586B
MD5fd41b5253c55d14fd75253b1e2639e88
SHA19fe76ee44322b2ab4908ba50a286fa3baf2b27fc
SHA25603d00a628dbbe8a63f9948ecc618928cdc37fe818b9b2208fafc6cee31e191d7
SHA5124a8d49245bb7dc3b86ee52bb0ec9fd4435150d44700e94d650f574a77857a91f4af95d734ccb3bbbfc54fadd0c0bd76960599213441bbb3e57daeb3cc26794b4
-
Filesize
124B
MD5171a23b90edbbbc9781182967397e2c6
SHA15b0f85aa42410d06e375888ede0c335deb8f2c7b
SHA2567bc1e27c44ed401fddf1b63799e45107c830ba8bf39d0eb953614a0c4991b47e
SHA51216fa5d38732019292a329ced8b136f30b482c449fd2c28b8519dbd848d12bef66cc5abf6e8f30c1c65f9fa86447a41a92e10d6c6e04ac7631e8997f1acadbf68
-
Filesize
8KB
MD580fd59f8c4eea72d54b11547efc6fd88
SHA121149de9c5e9b6187de1a66b7de1c8670ad0904c
SHA2567094c18efe63460741857977ee74b454a0d7eb7238d9f1761a9880f9313cabd0
SHA512dab9abebae58b1e55e6b083cc0d471cf07e57fbad7f033a5bf62796d5921c1fa0d8d3ca863c12983c7fdbd00a4681eed6b9dd08de79bbf9e914cc2d8b49fc300
-
Filesize
880B
MD5699f2fe8a792fa2ab89e49233d47875c
SHA1ddb5d48ccfca7b02203038c68db3e3e50d66d655
SHA2569477a12bc94c0e94a243db6d5de6328d3112759ce45b10ff7ac34ab0fb67441f
SHA5123e2d15ec534cf8e1e4ce2c7a4ee01b0e7c18b6f6ce0901e59aaef3ff9bcdc70516f25672007e919464c7285a47efbe2c8a25bf3538f9ce0645ad53233a4e8804
-
Filesize
1KB
MD5c33f3baf00dcbe6dbe06bb56c74e8342
SHA1f09ce7f5f9265fe43fbaf49dd67bea725c0d09c3
SHA256cac410164eb80a26c02b7553dc80af2b5fdee7f3ffdeb75f9834bb9b6cbd0742
SHA5129f4ac57c69ea30199a9e08925333beefa7963959c477427851e0e51fe2003f9c5988aef336cddf93e34a381bfd708583781e198b44f3963176dabda0d5f5ba39
-
Filesize
1KB
MD5aedc8615d16bc3dd4aa38ec5fe56765f
SHA1e4151e733a0810622f56157c5c65a32c70343423
SHA25623d7667b68b6c79b630784950e7fa796a47b9fbd02c154448164a090b2635756
SHA51284e704730a674670777d66846b21b30955798ddbfe39207ae3f924d4cc0e972b37634eb9f870005748a7ba5d93caa494f1e751a57b9070537ce40b27126b88d7
-
Filesize
1KB
MD552ca14f6c72d55839c7426d8f0100969
SHA15b78ae0b47747a24dd95f801d23061fd109e54a4
SHA256e37edc607abb0b2f5c1052f240e5f693b65ed6ef3ccfb52d190991490abb42ed
SHA512bb67eb100946e9a6b4abe1713ef45400bc661a076bd0467408defeb4069f6bc5f78437842a4691ff4bcd726814dbdba2543e9f9ad60e682b2bfbcf7c2b64a115
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5331bf478145159e38c6101ddf954c80c
SHA1c6a162d8fb3f9d71b47466ee8337a095c10eec2d
SHA2569b01d197f037a2a1d0fad35940eb11b636b73e0de763431b1ea5798a27828298
SHA5120fd993cee69611b45abfaebaca5c1d13196450b4ba0f8ab69a2d0352aaf20d82d38275afe94f9febb668f9ff4a1a664b5258cef1352adad500eef9516b42ce69
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5cee4323a18e591dd6f80a831f626feb3
SHA141842c1391f298d71466ebd51cdcc9b376c62fa3
SHA2566284574f712e23eb1fc6b296913f892862e8e5be51bca037369fdbf56c03d24c
SHA5127d99a964d5b930773583973baafc0f91029c529cbd84a06ead381fe5598c346753f961f2ef7bdc82f2cf200a39d51c0368d12651297a02655fa9afc7f146bfc1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD51698b6b7520593e0016c32d228eb6ba1
SHA1a33462f875591b2ff7e3ae4c3084719cc43f23b0
SHA256aa9b499f6cc1963ca88406b899aa9f39fb5d695351818dc7dd72ff9a482913b1
SHA51208e82e6b744f029d2207bf89a9063e409967087cc6efa1ea2ae6b39522356a0ca0fb4d98576de18c2fbc9ec45e342a69af8d21fb1db9f999741c3794bd638356
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD50211117477a4e292d995ac147848b2e5
SHA105fb3691ed9d043d599d5b3d36408e3d3e3f0120
SHA25600435c9ce5cf31800e5e2a61d71a32168ca008c0f813c926771d5c86243a058c
SHA512e878c530560a7226954b592d21f549367fe438abd6204777985eaa2ac3010c0b147021773d03016bac97c918adfe8fe3d33a841d9ec752917e36c9c9b529d290
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5537a39661d556b9c5c83df1b40f2a2c8
SHA13dae2714e1f771e2d48de9d45a8400b96a0e672f
SHA25649f73cce1f98a9870d83fea3475413e5708c381b57de0277122f02f133ff4431
SHA512f093c8088710c5bd22b171000e344ae89229be906e528ee7e325b0bf6ee6cc5c3b2a67ae51c1afaf0c881d1e4a4b62705e98b7f7bb682288d25eef1f6cd5f9d0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5864ef3eaa0b72299d2e3d8cc2826b6c3
SHA1a5313d65992b3fb708832313b9cf56f34baabf8e
SHA256d40bbcb8b5162793463ae7321712d9501c5e1a8e5e1007148b25f55ec1330152
SHA512d817c724e20dabafa357ba8171b13264c594735e9e7b66753e24104e773b00e08fa431bd28a132b67d9094fb7661f9593c40256f0bef6ee5d92054f6c8e13817
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5f999bfe1583e6b7e341afb5b1a07fcf3
SHA1a62ca12916833055487befa17b26520e22656449
SHA2565d84cc43956c329ce78c3d70ec49144c66cac51b7e404e507f0c26671c819ba4
SHA512529eeb0131529179659008a4fec6d508d6db1b0ee60c84cb300ba7d2c9d05f5a3210e8bc2b75ea1928421010b6fad4002bc2cb495b71e5c959a19fc84e6a272e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD586372a36bede652e5c00644be3a44c3f
SHA1359ca0a2f8efbe25d46cc604906e02baead2ac49
SHA256c7cd24cd954467bddf82c6bbe907656c30d804452dc4aaebc5c188dfc58443da
SHA5129bc869a1543c170cfbb83306563fb3072d07b6c3296b789df91ce6b51e787b3e605bf353287da60ab7b36064bcc3abe09d97ff0c373cf9d65aa1219be7e1d4f5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5dcdb3c9297b4dcdd8099afa55c35bf92
SHA170c5316c10b479723996b5bec13cfe7691be104d
SHA256e9d3825c9db2cd50d3fb5437ff4aec78ea5252cd98efc1e53b88c5a9b26cad3a
SHA512435bc4e0dec24f2fbb7b6c520c62a7cfa9f1d199224df0779cf2a66e43c7a89f4b287e52b1067ff7739ea0b34c9a815619112b91dbd4e67cdadd551c8a74dda9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD58158641425c48687ef62d3571c010633
SHA11b3029f6303656dbde1261382d1ef4315e497be5
SHA2564519e9cf14218c5c429e5d67bfdb41ee96fb1437beec48068a1e4f12a7e3ce8d
SHA512052e5f963510cb2dfa3ebb668f22287b105fb7cde946549953c74b2b08f4b24fae6782752a3dfcff22a3cbe0be280f730a2abd60e201b460a84ef466f2000f9c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD53b73deef2db58d1b113ff6790e923def
SHA106162356ed8a217cf008601c202d4297269d048b
SHA2560903d0208108a1d0921b8c2ed0d41303b4138e95582c00a45525dd8380dd9e92
SHA51266b320fd0ed6ed5ed97324aeee0b9b3902df6b5a35012c5b6c2d765609cc90908d5de0ccaa8407c2629912f9476b58612529441d1ba8e080e4f542f43c3f26b7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD55f56928a3234523a6ad04a828768fbbe
SHA176cc34121d0ad5a23e669d6170f3471b97c204de
SHA25638813bb5aba709a23ce12eab5ee872f7f69b81d041d50104e789e91cbe50c177
SHA5126c0f667c1a8e5c236e335630f2bd7591dc1e95bf0a87cc0782fc968cfbf31f59b6ad73270b7a663e54855bab1799d58738a3cffd710840513d6480eb1dc24f90
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD544cff927f549e011f43881969e319316
SHA1b7447cbb6fe7f711908d49f8333fc6168f4f51a5
SHA256d221e81fff63cbcaa5724dda9e0a9c778432cf29e5cfd45f817061eea2ade936
SHA512705ea9de3d4756b536f8f10405b303536387ce4ed5cd726358d0de0b47ff618d7f0d589fea4c45eb16d35316cfd33a0127a88d8b7627eccfe1a5b50fac22c95a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD59966421fbd53342b04fae851105a1532
SHA13ba2d7c44263f7f724f3bf8d3fbd093ac47e894e
SHA256512342c6b3e0321c3db67e487e9afc110b40ce5fb0c212f7c7ea392513d20ba5
SHA512cc6f24efb394a592c8824cd46dcec2024cca7cbe6eb8292aefe571bb249d95633c62f9736a9db4021efa6228d682d4dcce2342a18ee2c88cc59bec7ace931849
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD51245a7ce9c25bcb51851a9ad1bb74c52
SHA1d09b6cf56538fe46bb1350e13140fda78924bf7a
SHA256dd61604495421d9da15ddf0d4f757e9c51b5184bcf8c56fc9beddf552f11163b
SHA512659b8a56fc21a031fb1bdcb770812a35de0c0ade9feb712a76c8ca2c7c1d2edc0fb29b5422ab9349df374221d1a3ae1253a1a61b521d903f7a68f7eac36d944d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5dc3ec6e83a0a8c34d1a81394bdd397fe
SHA1164962e779740198bba71532b7391ff34658322d
SHA25695279c01f3aa85814e26fb2489c5febdbd4c2582208272d4a1ae5037ec7ac695
SHA512a940a3fc1ead46f7e2077edf8fdab78fe1750d8ddeb898fe0560228afccc632e265e0e6e4213ab2e4a737efbdac8e2f93c0e3361f542b592e7bf7f534876827d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD57bfdad03631a32a93ec9cfeb29bb52ab
SHA1e84906fb48c7074bd609d78539d4180d62943da0
SHA256b613b78428944ce862996efa8cf2c0c1ae8c1ddcca0170245baf28135694ce30
SHA5127a9940b35382a46c3f9ed3c4680183d06cda42d10c90da85608f46106d876cca9fe9531659e16fb1321bd5f77faf9e17c38202d58e8bf8b625a68dc9d50632c4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5db4585b7253f88cddc44688060afe1ab
SHA1c1514ce08c04c94b93c7d3173cd7b0790d33bd69
SHA256e1c4a01ada19fb6cd1c3c18bf6a14d0984358d5a1ae1827665f6c28f1a4e00dc
SHA51273e1a3c96903e0e97638fc39a040280ce0ec67b42fac0af6b28674607fb8874c906418917276e86473eca106c27bb3b08f052bb4d31d5879b18af8d9a2c22730
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD55edd74ef14e683342f8ea644116072d1
SHA1d6c489ad8a301845aef5104b42ec067ad3aafb1a
SHA2566ec7c521468586192cbe2adc161e4c94dd3f2199c22ab7f24fd036d59b9ddcb3
SHA512eb07fb5b9f0d67c2ad7e8e2b5cea117e78dfad61cbb35b80782725215f720659466784ca4ce38e08728d7128c08c573652fe5822a46bfcc022ff9ce312c02253
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD568f3aacaa662377b62fb54f4d7850739
SHA100b34c21c9ca52660c73f7d600fb23695d28a1cb
SHA25604a7c279c1b4c0eec3a40fcaa7692856e97c23172190088c89315cec80f62576
SHA512c7a97119cf49d2ab006e6c0ddcbb8f99c1a65a2880a1856b2f5f9bbfd6a7a4fa5646285301999710b0ed8cb1926c57aeec0a3fafdbf584ccc44d7efc0c96970a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5dae9c786aa0fe7b4eb3061c93d30e957
SHA19b03d81a2651a4dfe38c9c478fd734e02ba64f2e
SHA2563e2391cc91c167337886766446c874df6dd3367c2196caddfc6831a36966dbed
SHA512ec7f480d2563ef2c3cf5667d47acb7270fd0cb45384badb2d61e8c37fdd3a2ef7dcae624844fb0c87b54c52e6d13c178b1fd1e1dc0085672bfe4cd706ca9a520
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD519b196fde0c3a4631e70abddf899e764
SHA131ec44a39899f30880e367cf03c3214c87c8a444
SHA25618fc79afc6c2ca415936b9d63b5ce355ca0dab3391d539a84a9b48d80d7d4be0
SHA512c5d44575c4745701d902d48175e8657fa624ba08929a91747c5985e66d2df53910b3c95d5f3454b6e9b7e6e896ecfa060154aa9b9c452dbde2fde235792d62fe
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5dafb0c51184745f6574f2ddfad83ab19
SHA1717fcfe8c7285b99ccb425903469317a3067c80f
SHA256d6b5eed56eb13d6d1d7b259795d4ac178123b552cd60443d7190d6861cbfe139
SHA512dffc68520482a0ad3b72ac5f68b7ea5981a02b0fb4bd9e27bbf5358b08187d411092bf50c40a8f42763009331adcfde4d2d7a2efaca7c557163e018002daac06
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD510c8dc3687296e9daa9934ea7cd2c7a3
SHA14d7d131906b4e9ea89eb1df16a026f652ecf8715
SHA256ccea27744de7f0244401e37825ca82c242d277d89a190c28ecf876993ff5c7b4
SHA512c46cecd3ac512b886424c6ae17c878fe9efe48b3ae63e6fb77d9abe9f334bac9ab99ec739b05a9501269687ff717b5b8a586c2edc08b366a08906a72e773e780
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD56560acd737e677d5ad7c98a36704f9aa
SHA1f32db55987f58e5c65adf7b68acc36a500386eea
SHA25638f3cda839b9da80d51dcd67aa85c4da958354a9d4d5ac0eea9c001584718f7d
SHA51259ccbb6d5d1d3767018e10cd6c08550692dc3562d29f314899affb972001c17ad553c4f36d7938a49469a15b3006f309d2c6c98a224215403b63c40e8c1e77c8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD51550921e8ae643fee99b7f9f0178f288
SHA1623521c41d9921ff558728e8305d29d4a446dd5e
SHA25633a2c79ee12beb8ba54e52b2e15b50bd90aa29606967bb67f3e2b9e5d0c08a09
SHA512b2eb096fbee8d30bc715b5f37f09556fdf4db6fc4725d9dd8a91e3193256bbdc4fc0f2732dd4e3c9d89071024b2470834fe860c95d47244a098374a9689dafcc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5148cc1c79e132be581e88deec3ea8c4f
SHA1bfed8a513cc06e2a402e527b4e257abbbd8fe34f
SHA256e030e7ea0b241831cb5235e2e66c907238eddf102bf151b3b324244f69012203
SHA51216f49aa7ce0a97bbe371b6ebe0e2a70b3eb338c9f4aebb0e5afdd0e5c645a2e6e1496608f7488bdf7aab2c3920c4a435335379bf050818e3fe8dcf78f475ac07
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD585d6bea4cc03d439f5d6aa1cc53c9ef7
SHA174c7e9fb96b0716529912a59cf642f259ba02a36
SHA25673d0257a3c7527f3efcc68ca901ebd61329a034165c17e00bb954828b7615143
SHA512bf629a3f0d4bffe47bbf97336a8fc1a3c11fd541b2140f62e06a4b4ccafec13f3b0cd786ad05de9ce6324544b1128f4db9edc555a562f614b021726e1b598895
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD55d572ffcaa443966deb92d0c69450d79
SHA13fb606e9b6faa544c7d0a2b11ca56f82202ce6f6
SHA256eeb0dfb5cbfa114f7a5df530250173b51de6d0c85658fa0a14086292f95d8a6b
SHA512ae27f92e087be5693a7608e32373d3fe8a50255d60b4f245c458dc556152256226bdae70ba792e534500fceb943795986686c067b601954734c2be96609d8fdd
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5a059bfc78ab352c123d3502ac2223944
SHA128c19b005ec89760736164fa6022ac2ab3dbba16
SHA25629c8e1789a47ecd2848aaf4f3e2d36ea2e4a0116d097ae9d9e2cdfe5cc3ee171
SHA512a6517aff09020fcd6a5299269f38e617e7fde4ebf6b97e674cec697b1df2ac955891f445c8a6195f2f43a5e6b6fa69b83a50bb01d8f9ac02bad89cf5b5a82f5a
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5d0c7c73eae30ec93c268755695eeeb73
SHA108612c06e9f288ccfad6e4122ae8287fb8f8c68c
SHA256ffbc7f5ffd680b72b4c7ffe7f16dfc13dacd40c279d881e0c38ee34db4f046ba
SHA5129f88db71aa535a81571c53e16d63ba9aff96ae38a77fdbf64009849b109c8de182728a686ec23528462dc6503940eaaa5dd70af7d45758e6cc1cda8520d295f3
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD57a2d10f86f20c7bd79c9473aa2bc3d97
SHA15e321968bccccd08e48fc9ed930eeb412787b163
SHA25602c97cce992133b60115cfc1b740eed852f33b85e3ae0a9f23c7703fc219160b
SHA512bef5425b42de012f48480948746eda02d4997b22cda07e3c727eefd8cd88a597b9475b6b116142f93a95727f687fb2982080e0146a831cb906e6f96d8d05e2d3
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5cf1e9fc41467c687c1b7597dbab56c93
SHA14c4be43c0d046eff78d9d35dbad3ba632539f1f0
SHA256b863149dbaf7aee48216fe00dbbb709535fad30f6cacd655f777723b4b3c9de4
SHA512ad6a074bff32247d91398ecd61efd11cc76809a6aa1a7e8aa37878e48d7ceb9d6490e186e4b6845ed17232110acd877c5f10e2a30cfd29a6a17aeea9746f3268