Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-2wmahswakp
Target 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118
SHA256 55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9

Threat Level: Known bad

The file 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2208) files with added filename extension

Renames multiple (2188) files with added filename extension

Drops file in Drivers directory

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 22:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 22:55

Reported

2024-10-09 05:37

Platform

win7-20240903-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2208) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_neutral_c763887719bed95d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_neutral_e204d4267d752eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\IME\shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netw5v64.inf_amd64_neutral_a6b778ba802632cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Windows Mail\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Windows Mail\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignright.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\background.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Java\jre7\README.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR14F.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e79d65282211892d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_67bb8f2ac4cb86bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..plistener.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8e703c5ae3409d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shgina.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39d841713c093a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_846207f778a0759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15edb5b7bb076ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_ja-jp_4da6291c32d478f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_es-es_2fe9f2cc56fa5acc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b67185739e9df83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9c6283a2a059680e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\Boot\PCAT\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\ehome\es-ES\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-access.resources_31bf3856ad364e35_6.1.7600.16385_it-it_94c40b9e8d1403f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a62f813d95c00051\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_bthpan.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_465f20bae4a53506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_34a24d8db984d377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\msil_aspnet_compiler.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_eb85d64a5a9a2793\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlanutil_31bf3856ad364e35_6.1.7600.16385_none_3aee095e6f5dd427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-winmeetb.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fed09bde150169f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000461_31bf3856ad364e35_6.1.7601.17514_none_4567a10a7ad7dd91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-usertiles-client_31bf3856ad364e35_6.1.7600.16385_none_858ad50b329f70a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4b9211cefb5f8c80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ltimateed.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a8168f1f37f19c7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_hov.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dcff36a7a96afa11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9244c0bd2ede2f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\inf\ASP.NET_4.0.30319\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dxptasks-sync_31bf3856ad364e35_6.1.7601.17514_none_ecd0036bc4402d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_13fb90a2252bc889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_41c28e8fe07d5202\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_411ad01ef696adaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-uianimation_31bf3856ad364e35_7.1.7601.16492_none_e50fca9f45c5991b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_de-de_58902cd8a80e3dbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.16492_none_89a132998a8975e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_67d36f4acc4427bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_de-de_389c460ed817627a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_af53cd57f1549d2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-fax.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1fd723a6d5ae1b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..s-service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96324fb8194ee294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6b71846e7e846523\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_269ffdbfc2380290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.aclui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_24e91008880b24d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0da30b38f15a6f99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbf3efde2dcc956a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e0c273825a2e0bc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_487ce2dd7a4d13f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05323992bca82e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4ceb9403830c3d91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-tablet.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6ab8133380b13ba8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b64abe881b7f09a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a06db0f4d325aec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ce981992b4865ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_372c37e840df1158\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-btpanui_31bf3856ad364e35_6.1.7600.16385_none_6c660c48585f04f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..t-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ebb11065c82663d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_69c1a6bca9b7e0cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VJCRLUFDMKVPTIU" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe,0" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\abxd.exe

"C:\Users\Admin\AppData\Local\Temp\abxd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ftp.gtarus.p.ht udp

Files

memory/2172-0-0x0000000000400000-0x000000000045E000-memory.dmp

\Users\Admin\AppData\Local\Temp\abxd.exe

MD5 a1d121ab07f4a1aa4b616a40a2e9d9ca
SHA1 f01318ce084ed79c39a441b50ea6a5a960e24afe
SHA256 bcd79036e5b04304f16dd88aa5f971fe07b17c93607f4466b476ef79cfeea518
SHA512 c009d2ad02ad10cb1991859e80b95ad8191e864168b62216ee3d13efa5ec416fd333c1eaa6cadcbe94269fa398d9ca7340b0d089cc7ead8d65acc382076a5787

memory/2172-4-0x0000000000C50000-0x0000000000C5C000-memory.dmp

memory/1148-14-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 90e1d1f0d1fe153315fc40723607dddb
SHA1 ba93dcad39e699dd5dd99643fa105dd3237aeb32
SHA256 66ad45695d485a905e74df82a43d6e8fedeba94cfde41bf53ab93cce21194a17
SHA512 f5c7e0f0e474326b4674770ec9a78efd6a9daf52de72cbbca72d7ee49bc568ea86e3f1d0e3b5d1b1a47957b1495e462f4d99642d8b9ca8792ea99ff2a9763915

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0d86c6fe0d9ca1838909bdc3fb3ab026
SHA1 5f3d9ed880f31e48fdc03b6887c79c9e7577c002
SHA256 28d8eaa5dc0a0e02e4fd4e1028edec1b34618647a28fb39d5dcaa7d950806fcc
SHA512 4dc4e0d58fa1374d1ff49bdedb82027d5e45b069fee887a085dafff91575af712731833746d66bb285a8d76a51d282a51e7b2c9e321c0d68f3ef1f9865d438fc

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 390584453519eacdd971e591f05a180e
SHA1 f9b36cf6334ad840e49952cdbc5258de2aee9441
SHA256 ef383fa97ac19cf67ee3d278879142919f56e0406c9bdac99433864d6c95677a
SHA512 17e661c18fc14ca6bcfc616712df98f31f5db3c2ab505fc9feaaec6b183a757860bc71a7fc2cc25036315093117f9dcc5253be75e965ed1b7d39b83187cffd7f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 e21763425a0b97c8c11c8b7f31620881
SHA1 053b9d4747c3e1f43aa2f5016df8b552b8e011d6
SHA256 b1974ea8b541101ed4ff7d0e2552eef1366a91b766f6389b2584a9c112fe5e95
SHA512 712ce0129a64654367b5eac2ea6b27d8b8d10d3b145d506495de9c07d1f75f8029fa4501fbf3e6d4f09e4b00e8b399d9b4f7bf6e191e1e7136845d550027d7ac

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 ce45dd0c8c73da40456b654a6e16f458
SHA1 dad7ed1a1d63824ae326e21791230eecf94cadbd
SHA256 57d08ec274bacaad4a34ece2d957a2b6e8fbf7a773a90d2a0d1ce24838202162
SHA512 bbbcdac456fcf948b49d78f5bad728777410cbb9de199a245667577b24a9a1a7004a10afd0a3e11544e20314b48d92cefd64d755cf2d6f4fd76f8c0214e541f8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 56608895389c1c2470830f860f443f81
SHA1 16f6a11622761d41ab6ce381e604a741f942c254
SHA256 b60cc3929fd19be1dae665741e1c8fa979cda5167f41dc1ae7a35810a6428239
SHA512 5642cd402b21fbb8eacb463a7c90a19fdc0be47b172ba8b17dfe33b140f92962c90cd9f5642987ec41a281d5224f3bfdc1c2c2f0d2c7157b0a2427123b2d77ee

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 bb8325a1082ad647c48e3abebb965df6
SHA1 8a21c0abf705b1cae587aec13032f1ea36c7cc26
SHA256 a94a9c55af5fd6639a6e709e7091c86607df71c7b3e0492d65021d013a8baeea
SHA512 dbce7558202ae7db7c9385c33b5714e89fa78e47f96e5ebdcbf04e1e236e6fa645a0b37bcb57983def33ab63bc865f6c69aa13d1b3bb84f33c94ab08dd1864bb

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 24a005f5208ba1bd08320fd7e98bbb97
SHA1 a0ff9205647d246fbd0f062a37ada2843b6878f0
SHA256 d49b150e65291f6bc829e15a61f6f5c84240eac9a823f4c938d358bb463f6f9a
SHA512 97c8e4eb7e09487db823bf7881a5ed83330613f940e2602d157277bf7f4f2d36faacc03adc69930a209b886807e481e3b32beeae7bf6c137b368ac2e2681f810

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 c342c6a462d95c20ccb8d36ba10d71cf
SHA1 1092800237b0b656dc5089badf0d88ce8875d075
SHA256 0fb48cbab518d21f77518204d0d4ffcd9a26fdcb121bdfe4fc70a9cdc43ca3f5
SHA512 0434aa397725e9bacfad67a1a8b2984cbb3e7390b82405a5e068ecc5564efcb37152474336b0ec99c77a811205c6eb859180478d5e22c831bf3c4b31cdd7c961

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 c27dd0754c1ddea7e708dd5a6d3f5cc2
SHA1 41e57981d242ecf240e8a7003d3850858e11c731
SHA256 c7ab64d88d58b4cefb3149dbeae865ded008c4e9468445bcd2c11530ea52350a
SHA512 c32b3373107d874ec3a9923dc9d86897167b0767c38252962802291dcb68e2e6e6fcead05be6e534afad89ae988b62a1eddcc0a5a80b17bf031709827f6b639f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 66180136ce25013e2997e6b89707327b
SHA1 c07fce2aeab0c02b9602463fc827100fd7d4621b
SHA256 fb82128e566cb8c02b45273b371799897d1b0c178e469710ac2673ff822982e2
SHA512 cec4cdc698f21ba5d5fd341eb37b7115a7513a010dd0cc62879ce1fbac1cc0def5525c0ec9b8a1b95dd52addb06538e7c7cafd41abcb22760b74b53b76ab9485

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 3d4a4d0b6997e79521a8fc2a27f9c29b
SHA1 5db40f1a54b9e3a76fd7f3f280da5fa61c94e76e
SHA256 ad096ed10285a6e6780a7e329da96ee365ef04c92350c3faa64eaeb6c8d160f7
SHA512 14c7424f191c45c50fe2bf78ae01fb5ae5c79ebc2b4cda2ee3bcbbce848db3570aa03eb6ded8c9500a8382a7f047f860916613fc9b08044d3fdbf0ce429cfa1a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 22942e1fb7afbdef961cedb96112fb5d
SHA1 2fdd7bf18fdee2d1c6732a199e7ee8dea573bbfc
SHA256 62d79d31fb82428ec10179c3c063cc011cd6177c8d7503c559a98c93ac7a3365
SHA512 dd4f95b8331e182ed16b87cb96c7efc5f9051b55423c3872e91f05b98c6ed8850bbe84622bd251a64620bde844eea641c9b6eccc557b376e805dfe34580bf569

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 eeb40d969c97d31f5a970a6832b747bd
SHA1 ef9d27b97fa976573eb67a5ed561eef9d596bbb3
SHA256 baa9b3589cdbaf637e3f59816bdfd4de73e8dac094aab8f89c86003abd300074
SHA512 6784b4d6a6332af9da1457fc9084963bf9aca165386326aba70d99e41acd79c857d9ef8762c323683c76aa9db46cd51275b76611e1432d71fb26dffc79e24cfa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 21c4b68ea4f848c312ab1aa642dc3722
SHA1 171f4136ff6e9e3af617494d6a672c5a9f222eab
SHA256 1fb438c3323095836b737ca1ca6be9b3632a586378a7680bdcfd68444d6524c9
SHA512 eeee58d495f0ebbfcd51107046d239a7101d1c8d3fcd4f43698b59bdf61c7e6d925a7edaf515a40b59209ab73291753b0f608717e35e0df8d8f4cca324b60cfc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 d4bdddd47c31c53c740c35f5d97a1761
SHA1 40e6f0cf6dec357e17dde4cfc4be0a68c9d70572
SHA256 0ebb3a18c9b527aa1029abaaec98280f4af78d5eec4c7e3561104a3a9e90f180
SHA512 58a0d0d5f56a4060cd9c0ee32a30f365e00dbc7c9f9cbbd7efc08c3339b35f8c4b40a39a0842d79cfedfca84d03027e00c64584a799f9cda16546bf2bff37611

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 4fcdfd7b01ed6c257b33d011af1ffe3a
SHA1 6df9addb778e5d0ae92bfada076e4514bc211175
SHA256 4308118e0f1dee7dc6f56d3e6708eb9ea8ea59d752818d29d2c9490bc24b9af6
SHA512 761365b8e429f8a854af8e2b1e9c9d5876a6c0e4e782a507e95633abf0112380409751dbef36e06f343902361781a4f221d8be6f698d01e224576a3dd4a565a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 91e59c39262e5c3a2ce3de5997248319
SHA1 91d31772da8a427b4a507b23d48e67bd7f3f4414
SHA256 62b4e46b97c7f07fee2855f38d2e4872572f3f614c78dbe5c151df1094b1bc12
SHA512 bc53e936b0cf969f9949405cd9b49d3a9f97054530a448118d22cb4084df273c761546f14cf2ba1d22fb0b064c130d181ae97812ecc5197c9a7096ec7ace02d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 fbe79e194f0be8edae5ee5431ff04c3d
SHA1 534cf612d19c018baafe6605cbbe0808e108e60a
SHA256 b194c2231d4238249171ec43d41bbdea1e48e0d42bc78fcfcae7bcea68b2ef6c
SHA512 50a4a99033bf554072b4d5d3f4f9374ed03d6915267566084e81c11b232316ae8f792c94537abe921b1e90c55ad68653f08f55360210c446a025e064dfae1a44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 442aa6af760d6f95c3d585a37025f301
SHA1 5187fcd3aa700f5d1dc9e7a10ce4f06a6e0d6a29
SHA256 d79b354352996965584c1ea44bda6bea8b676fe5a7d717bf5229e11ac4ffed30
SHA512 f57d4d9973b53cdac50530065a106768ce75b24a4518e8c1e9790d7919e1901a1a9ace4c3720716b010bb5166a46db0d9fd7167feef789f0003ad4af35cb4ab2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b5eabbdeb9768f8216d6963abd339e72
SHA1 9274578b216f30962cc9b3d48f1116a6ee863e2f
SHA256 664b70429b4d466c6c8ec2df0f50d158ae5de9d7cf00b0d5ddbac4cc2d6618c4
SHA512 70fbfe421d22b9d5c2f181cf9ba1d0e0d76faca1061e104b76e5e881fedb214a38de49d088ababf4497e6b56efdf127973a42e277f08b62f69ebaca6aec4a77e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 73d66df543c2d3686acba210558b3c75
SHA1 c82a454c7b3fc90a9cc02490bec611331ab56084
SHA256 11ad23781cee934b00999c61f199480f4e375c6c6e37dc8450752d7f022e9328
SHA512 373788f224fb14652080d63f113475b8991e465ca97d89d555cc448952d0c9aab9d050ad621f38242fec114d64ed251219bf17c6e8f0a2d9a7104ead95da793d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 77e762a64ed8fee9d0d5a44046434a6e
SHA1 04ccc2ea994b9b358f5e3ec8b5ea39a1a7b1c293
SHA256 11852e62a4198a3e3405440642145f637cc8f2a8ea884d9b22d0cd33857d1614
SHA512 7f0ee12cc233a3b82440e229adf32f5bfc0281446ecf6a72765bed3d53425f6241646923da91d9ab58a5c011f134ec478932b168c1d22ef7f4a98765bf34b904

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 c3439cf4990eed9e24d94ee0978e76b9
SHA1 23cce76a70d0a9923c81e727b323390c93c4759e
SHA256 8349a7fc042823e9fea9cd4a7ff8b1b3297574424f34c797c525f4441e9576cd
SHA512 df2c9d057b38ffae915a1b303f784e9d8578749f24889841bab87792fa875e067a8ac03e2019900d2191b90f350a0c61c19ee0f4d16bd74c48795e25548b0058

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 97c2e77cb09cb876c03d0dbd5f990303
SHA1 6f4299b7f567b9ffd7515751c5a7277f928d9a3c
SHA256 77e7edec898dd3d8fb1360df64ff3344297017585180a2685c9b71db23875dd0
SHA512 1276ac9851db10288583f21ae2c369c4158f14b80b01df289404104931431e7969c6ca01f70307936c4d2d1770f4c77e23af4ae2ece49d8a5751c6eb6f89392a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 949116bb7e8cf6becaac6284250559d9
SHA1 9ea9e3228bb42184e04243a21ae99cb77ad93ecc
SHA256 58f6120753a40996df345e50e53133048b651881f63dc6bc57169f20e0184351
SHA512 9020c41ad9363a91b45304a86434ef2bc13cdb0485bf0600332deb3efc1290d335f6d90cccba26e84f5fd91b6bebf15f5ff1e65d447fdf4be332fe7bc3db55c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 1cb64de5c9a5b36a654d2f2931a81dd1
SHA1 f24f33ca33ad70f3ef0179b421d6401898076184
SHA256 4402d285974e7d660418d26cc463d14999fa1d3e740b4ca9a47ad1a7632a2d3e
SHA512 ac4f965e340fe532e69d83bfdddb45aa30eeeb9b494789bf906049ab25cdb2570051c5f87b7147754f2fd5904881af63d34a84eaa0c69af6a80428df3879e2ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e49772fe6627b4db825f870ddd77e602
SHA1 c1ff9b2c0528e1bb7ecb0a5ac2314f0b4d573b47
SHA256 d4f4ecef9b664d3dc5ad0227da2dfb88299b178428c226120076f77dd82c54e3
SHA512 5ebcfb670e8fb632049238c1f1e613d450793b06bf59da83b5cf632351ea669db64e54798970567d2e535bf1f354c564e7e4edf168bc1ba14c9f7d8e90dfe41b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 dc6b8369c3a4071ffbc51cd78baef519
SHA1 765c898544e426622b7b9948891c0d76be525806
SHA256 33fbbc9f38b315ec1652fbe33380c5fdcf511f571c132bd7942192e9bf70cedd
SHA512 5d09b41216655c9a0fe2a7d901a4328c40d83f5066764c8578cfa3ef6a774e5a9fec0d20e2e841f8a4432ef57e63a755586eebbd77f76a5371135fc591f33aba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b0ca3058b304af45485a0916b9b49d8e
SHA1 c6469684f8a72192b372a1218487f5b8d3d024ee
SHA256 5b196a38f61762f26e4cb40d1516ebd2a9ac6d12ae150451aa8a1c01eed6e541
SHA512 64880d8b99c26eee1179f30e0a581d05fb32f9024ad69f71dfc26acc4a2b6a09beadc491bf4fb6139608cbb1a941c8277f0830ccd0f37ad88d62ec32df0e0efc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 d678553eaf13b16a775e48b1824f938a
SHA1 7a658c7f4927c8afb71c45c4a8e112a5f5611782
SHA256 a7c34b27555e969cbf6cf0a30b139a7b3e9165b91e70f19e4e1f14eff279b5af
SHA512 5e85f2a403653aedc49dd526c167f85ed86670a0d29d4966aa85e6673854f92d9039966f752bd0bb062ef557bec624b0412f24c133f5f10e2b4fe61458082783

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1065c7e45087fe0db9a488a2f1e0f017
SHA1 07aea79da364bb36f9881522979b3ed7aeca83a2
SHA256 e8f504bffa5c1898650c402e3c5d4462e0a8bf13957056efff6a8d9dec217893
SHA512 09d866281e164ce6d5f85efc3623c0abb720fb96a3ed911bad420c73df56e3f48c0d025692ac3b401fa6a107116c7c1fcf8c5a873da3a4846d8e05ac90aeb051

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 f2ad59c4ca000c33e62a14a475a5225b
SHA1 2da3b171ebcd5d44d4140efe19372803a058b39a
SHA256 4aa8b8f30032d3981717ca018ddf5a164b0b552c849b4cf29116be023b251c8f
SHA512 dc231e9a281ae295afdc161431f6d4d6bee738e3b3b055d4d2f6c79388b34f5d296890f87e558cdf1cf30b8ebb5c5f386a0284fe5f44c735dc2de183324c7a6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 7ff1d2d7ce8930925406e7f9cd0826e1
SHA1 2899770de2b48319946a6fd63fdda3474f841a88
SHA256 e781c7ce32c6c77cde0c5217d0d8f2fcbd66f642aa46f97b4e84e405ba5ad2a9
SHA512 a24a6c124bacb6ee2bd6b3a778d4d6785b0e030ca2d4d70699584ab6e092cb379586befa62472766b4fcf42585261e9150fe9d3ca14175231ed69c963feba0db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 a645506ce0517db02c59df5ced1f26d8
SHA1 4cd7f81bcb01712e3f288f4ea960119871cc4885
SHA256 8c4009f3f320029569fbb21775bbdf8c68dfb756c1b554e8364e48c7152663ea
SHA512 d544cd57885f07a0ebff4d92172ecac6cfe7ecfe53ddb654a63f6720cb513bd894b453a9e6b91a172cdbfa0b6324a2d286386e175ee14beb209d5ba76fef1b8d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b91f8eef8acf9fb4632771ca4a632026
SHA1 f6ad4f1fb7d87197cdd5dce0c0396b1539378181
SHA256 5fe86615dd99891c7df07495dfe0b1e4ae856b59d53634aa363cb403785fe7b1
SHA512 7f36ebd6d0333ae37d2eaba3c015b11eba7d262256ecd60cabf0a2276b938d37f6db6a6e39fc7fc4d35d5569263c1811d0d08d15ae24de2c2bf6d480b17917ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 4b4145bc37f651d1a98a44c7bceccd1f
SHA1 cfb9870efe3e1c604e5345ea1a4e176fc1b6ee00
SHA256 de7423a4c4bb216679bf819578c2e2e2ebc759bfd572aab1700283f3860f1a26
SHA512 06ef74036f8b91ee1cc23991641ea9c97f4585bc9de50d744706c7e41b1dfb3bcdc04808ab47c0f30f439e6d381db6a826a4b7460a8c8b7a72ef9d73918c741a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 bec402144f596ac89e371e99654bddf6
SHA1 821c9c53eb17d3d57e29d8d01044e3e672a993a6
SHA256 29f172503881e61d124d1831eaadd6d753eb96133a8fdef829407cef3a8bfd08
SHA512 c4b4adc26c3ac20707df116ae826bef15a3ec2535d1c49e62168bbad8f587e80782ecaea7e905f2e78c29deff7a7421018202ccefde64f8813b2b4d22811ad98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 e4a35f042a20a6b18702bf40b3c72c70
SHA1 a1cc0c2d864b225be62c3a6629e71a32a4909dd6
SHA256 99ae728580e40a5bfb97191fc05e45724bfd7308e8cbb7b258b800ec81ed1613
SHA512 2d16685fd5b8d75cfeba5e829efa567ca6782f4a33ec4f2f75112cdbd76c3ed10b74d33dcc9e1196287d122019a4b30c8510ed1769e3fee7d44053e4387638de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 cc35468d5f11bb1ba69830ef426ab1c9
SHA1 ac95a3ad816962d063889dffc96fe1ba6d3ee31d
SHA256 88c45089a0cf9258b1d21b268dbb9cb82aecacba757d4b59e9459a10d8f2db7a
SHA512 45d46e4f3714f9aa61f2f73639289e1bfe910fdbe1803f67ae5e1caf104e27064d09c2994d64b72d3a027afc65ff33569e59d09f6c623fd2852f703ad6f29f28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 5bcf3969ca2b730c03b62f00b51ab57a
SHA1 7b10eb0dd8b88bff9936ddba1baa5181be972825
SHA256 f9b17cfc693da769968bddc12ece27507120887295ef38395b214ecb6df8d356
SHA512 a53355a84dd6fcd3e45550981ff0070a8e303a70ae086a4a0dcf9194db78e99bb72524c2537fff903500394b233347a542dabcd84604dead79010fd8bd5b3e43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF.EnCiPhErEd

MD5 710c5e1f0df38c1451d6071e8b174be3
SHA1 f05096a728c8d372aa4e548fa38e523e51cd1304
SHA256 3d36774bd8927f9845937f48bb3949e4c6c3bf8fdb82ac748dbe95a9e27dfbeb
SHA512 ba317b9f73f7e51c89668e832980332814700cc3fecf8ca5d0d73681fbc6d0fe6c4d1d4ebc037681780b3daeb4d3ac31690be11009e92766b04a916773a8b04e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 9084001020ef2383169f1eaa84f2b5cc
SHA1 6eada6221b5cf0c5d53798915c5f62a13722d067
SHA256 efa9a74b610e914432b33aef7cb4e452a69c1a042ee94ea90780c8656d754fbc
SHA512 b3eaa83a8a263a11331b28ba2e8c690ec393c8e998ed908a564ce3a05986e0cc9c7a0ef39cad5a9f023d669e82c0718d548fe837f3cbd30b7a9455cfb88c6ddd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 eb0d520283a2e03ca29b14f42688997c
SHA1 089deb9034c89c53a5b3d3398f9c82a45eed7762
SHA256 b633489e437d0452df5af6958fb03833b064e18fe0c9d09d6a5a1232a82de159
SHA512 914f8d96710dd68dc1dc05862b9d02823384b0538214b081794a83782901ff3e519e17471bda0db0c6c0dd20f43923c45393bb6c0f639285d9f80bfa94adcf73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 8b0aca537669c441cf75d2449a274f4a
SHA1 f91d1daa8f2119d2e9b0a2c758ed712d045f00be
SHA256 68984170eb96fe380dc12a9932d4c803113bb357ffc5ad27290bf262ba34a35d
SHA512 7cf31d04982e3476f8d44c0f0e6eae276f9d0e680bcd5ba2aa05b7e356e092d3cb338b1b6b855eaab1f97afbf4bd146aa623fc7eebe90d85c0e6fd8c63b8eac2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 a75d33b9392e6b60acf5aa9001535301
SHA1 1d225ae275d7b740ceb9cab0f784a458f0316a15
SHA256 023fd62ef10427023d500e3f0604cb845bfd18310c28d7aa9c510236b4006485
SHA512 3cfdfff68373f372ff7473ad76806f6acb22d09acc132eb6b6f615646a66193212b7f69ef45443a26112fb32120fee9d19f4e595939ee28e6acac20c344a19af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 3c6f6c860cf50ad5a6168afb13dbf975
SHA1 9baa33ba0c85fdd62141e6251af3386bf00bfd02
SHA256 66fb580531a63d5c6fb8e6d0ca1391af6135c730ea63f0aa831def1aaa328b65
SHA512 1b2c83ba9bd04bf3f57adb8df50d1da0a0c81fa1be5727beda4d66c2789df8e495ef168010f162e74af579912742a02ea0351cf147464325b7ba3280f1b4dca6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5c05468c29f36fb3200983af131aef95
SHA1 eddce97c7f6fe524167aac2a8ba470ac89a2fd5b
SHA256 06f0b0b02971304f3ee0576f463b2692bcfae55e49e0d5f104a9673d85bd0d77
SHA512 bd3910063722f4e76aaf1eff16eea7d4922a0dd116ee0a94778ef307f09b55c90815531ba2c171e48e5c09159d9b8e8545b98c8980477d6600454e0347b58051

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 1391d0e3acc6624fa703dffac298b306
SHA1 95e724ce67484be29b9fc93b0272f4026e6b4982
SHA256 c53047fe31afdd84d9e54b2f79a9a340c244d79147a77e59cee5fbc5728677c9
SHA512 97ea3e4475629a136d5c8946206fcd4d291681159f060efbd98be0a2eba524e39bb31819543bc67efb0583bdce4d4e2ddb6d0aa95383a3eb8a4ef94c6b985eb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 a3f2bfb3284fab740afe1b16081b12af
SHA1 03612fcbc780552eb102911f05212c81e21aada1
SHA256 3021a3420af6ba152c4ef3cca2c8b1aa4a27bdf41e370ad8f43a57a06e3679b7
SHA512 964061e62bbedf3a7c47f6f1a4c03a6fc80b1bf78224c38f5c7d4f8a7ca50b678e28e024a851d0fc2f32c300b4155bfe86023fcfa8c41c2ed4897b0e70012867

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 5e7df73e2245427f66249850b6d6afda
SHA1 1f0cfe8dd13217f99aa18e20ddb22d5ca6eeef1e
SHA256 ef34cde669402db33952be4255f6679816543ebaf4c47e5980c3248046e11c08
SHA512 9868c38b179034830cee25376ea3b3f3ddab03c12dcd1a30517b43c45e6611ba20b106977eae82400ad111c5c4dd69f9d6dad45cc00b36db2ac57715f83f9a0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 6ec1cb29fa2e744d43f7fb451a86a1e3
SHA1 b0bad08b33f25a5460226e2540f1caf35fc2b4dc
SHA256 b7919c214ba0497e462c045ad3a6c8eedad3c6957024e2b8c259a7bb34a76260
SHA512 f971ce371a188c9d99669c994bdfc9c02aec9ee5afd146c59322097b706e44986b50996f8fe79519464a7222fe6f7e3f3c18d5b0b643f69de642faad86f78016

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 ffa16f1c37e4845286b479033a730a1c
SHA1 8b38b7ec62d860306da1b6f81dd46a9299507893
SHA256 6ab689b42dcc9e5d81ef286f8129baebc662a613fb6d3f3d5cefb5c02e546c4a
SHA512 7fb6f4425ecaa17770a918361308fe176f4fcda0b7653c471adccca5e71521f6c19aa0261fc98e463575ea8b23564f8bd969001140424878dd33063d73fe7837

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 43486e85362c40127fc6b376454631aa
SHA1 a17d90633972456861e4a6400cac119186cd476f
SHA256 eb8f4a290ac2bac108a101624563bfd48b10864be6af944722c7f4439f52165e
SHA512 e7daa6e0e98b19e93951b99c00ef43adda1190f67cbaa291be1bc2bf7105aadb355288d36cb741d4c0ebb31cf4fdf558c2bbdaa1bab9e5e21c49cf7d97f81808

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 32a63bd1d15c4ccbe47c5ed46c95bd07
SHA1 0f1d9b3c9a06352537e1aadbe3d81c1342fd8067
SHA256 59fadfddf61915bb7d62986a2220b2b4ab41ea1debfe13e70602a1b79fe3bb4b
SHA512 78a7db94c698dfea4d6a9d3b8efbd92cc6a0d085bed2e47ca132d448a96e173e96fb733395c4b750d7beee8491fe763ff9c9d21f22b3e249da0396a81fc13cd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 42196118f77c3239a689bc397a7995a4
SHA1 27d01b2fbd44794822f208e42a08471cfe822fd4
SHA256 53f9cc857602dcc1090308397ade5b4174179576f49bfb17f2a3eecf32a79c8e
SHA512 77e29f3f5d78e02a0393d6bbccd259ada1950e44e27aea3f118651f5e3369746c826ea86c143311fafb83fefe81f1c350b37dc5882aefa07604a403763cd02eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 998f7f1b20b158fc3947094cf916a22e
SHA1 0fecc083844530e8fad655032daf79c9c7ba9077
SHA256 cdb0acfff1ca8883c4ed548edeab63d281b28eb545dc1884a9a4bcf9f31d1a7a
SHA512 e28749cd402e82b559dc59e60438b5090de5835f4a0b6ba24b9033e41c09c5da9810fe4b66ac1280b3221841170469b0b82ef58a4b2ce6a1dd1b5bc101ac0c6c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4fc0ba45a38bb26fc20cdd1ddba6e8b5
SHA1 65f3a78f594b6a215ae35e33387b8fd5dd75a126
SHA256 8a435e3a071002905c11fdfecdc32fdb972d04e5ba7ba1c743d5f60b991e97f5
SHA512 27f169d51bbcd7a152fb440de14ef5537310f40585fe57b955ea9ea4c938b96805859e5c1242b2f22d8d829001f1f76b34de8c45a329aa9975885326fa48d124

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 1c1524bf61f015904c37b594fda0a223
SHA1 3c4651018d5dcc997d628ee233bc10dbf64a8b26
SHA256 437b18f8515ba5ef93762f87033d50137e57f1588e83024123eaa9969651f62b
SHA512 3b217e39ebf96f3f24b100711883146816e95cdee087e1333b6ac6822b48137b6ca1a9a9fc3324e5ee170434c280cea563b2622b46608337d6cfeea222b7e24d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 2060b7c3c9ad57aca5f25724fae348e1
SHA1 e69ed1890f390bd294d80ddd6ff0c6efe0e099b8
SHA256 d53567122cdfaab0ae87b0e033057474b0d29a6a07301d368c031041342e8439
SHA512 b65891b1f70656eca89d3012a732c8395e4e56a570f906e16c9f1e1b9037bf274b1d10613e68b03dfb3e9aba89768006acf2373261547238fa530ca88d13d996

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 07bf74a2f2752e9ef1abd26fe7d16723
SHA1 aa4610a5ce12da472d7b1def060bf2a897c5a70d
SHA256 2bc240d4a65762bee29201741e5c142402a018ca4fe783cdc4eafa1b8a0f4f92
SHA512 01991ae293e39ccd263f6d0f43f0beb71c20b64378149b97c544ac21a4fc55a3ca914287d64036dc09ebb8fe217d723e06faa85388cb5b894599174ceb253460

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 667de05043dd703692e739467337ab30
SHA1 a5fa9911da9634960127795f946f086d09e3e3ef
SHA256 b3b4298cceb3e40896ae2fcb0892cf6a9e868ed7dbdb0973a9198086a3acf37b
SHA512 447cac3b9703a420367b125c3a18dc965026783c6b1c37b6a5ebb1050245fd34c117f8ac334054468ea4397a5c5058576bd18eacb1c296030395d2ddd2898d7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 fb38400572c6ff0e0800d9e3f70aff92
SHA1 8679a539ecf738cfae85aee5805da997eb94c0c8
SHA256 c32ae800ae863b52b190ff0b34eb80e8a1ec0c5dfd0290abfa1999c04691f371
SHA512 34eba029efbb1ef6a0058ac3787411f36c2e353c9d351547c4b75430501190127bb3246b297eb287d0e129dcf4535fa6eb78da5fb9dbf09a59d4030a9168363a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 ea790ae5696ba97a1f31c900b4c3404c
SHA1 49fef0f89b74e47f70b1c0a8feec9a919eac6cef
SHA256 d0207f89b5e394ecacae3d9f9fc22a4ea1f9b4500fa5f91f87da14e29e6b122c
SHA512 b10a5d2612b36b5203fbdf9c8bd95bda00a3e747f95e4e5af309bba96d6a3ce889003b61687104ceb3684c30c95cf3e49caff9afaf01ca1c36dfaaf3ad8c34f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 671564d1faa7e376594784286b194c21
SHA1 9d7befb45adb2f079a97f1d84031ccedffe63c0c
SHA256 28b0fa19a58041e2087b84eb901d57df0a28d9dc3917e7dcefbb75b26ed258c7
SHA512 1c1448fd3febf72ff2ee11056ac0d769358d87d4f3d2e1417724ea8b25caa4ba5779d20764cca0cf1a028f459204aeeedfa4a8bcd079ae81f5caf160a865a4fb

memory/2172-5725-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4e33e87180ca69b06048f908586b4bdf
SHA1 e07501cb774653018953a33edec12a21e33c68c7
SHA256 5a09fc7109819ada02e4c799e8632c3b5b0bf63cbd7d7afddfb15cc26308a0b1
SHA512 b37f3bfaa3bfbbfbff51076273efba149ea4bdff021d3eab7d9a2c19717fd552c8320b8a4d0e0f11b125c585a0d81a034c034ae1592ed1d79edeebf3787bec18

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3719dc15cbf9a76dccf29ed12e10c2a7
SHA1 5dafacd01e4b3db9fccbd6aeeb1979835935a43e
SHA256 6b151e3f151397dc31e943e37ada5be155659d30927e229919c702d78db85cf5
SHA512 7f6efddfd8231b674a7f8968c9832967439002df4bfb5fc9cdfd133231efa88395a8aefff028b312918c5976e6469b6acb1a371f1a20c8abd4f70f65dfbdf4a3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2768a7a4be7f853cf817f85cffeb565b
SHA1 f1d5d65dba3fb1db78d1423be25f48d53f04ea63
SHA256 5441debae8f2221f04e5d96394e24ccd385a3881ac250d234170fba04c7b8914
SHA512 4a65a9543a03e4954e5565f4a85306714d6340a92489525245458c4a701bb26ef227915c720dd35828e723c3fd1cd2b6e03808f6a3204b93f690da8800fc69a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f76936fb112568f14a9eea6225a12337
SHA1 9da1c8fdf9bc8b4b9031f91dddca325477787034
SHA256 47dda8e08d709d130d092bc8d186ac5341a76e6b3acde9874b54f45be0898add
SHA512 18bf11353287c897bcc3a15468c764b004090793e2c3f4d4fa81716c24a8713f5394d1dd1b63e6237fd9e397546435ac0db523cee8c4ca16d50b9d67b2f0a136

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c97ca4f00840f401f44cddd424ba5cf1
SHA1 0c8fff2229036eb5af11b8d3c7ae040789f08758
SHA256 36e27f2944ee5015ec3df30d053e9df1b5cdaea9b65057ec1d6f5828f0bd52f2
SHA512 f0b5f2812dd6ba98af0e1b05722f76ce7bcd918361efd74fb42ca253a67ed63aa38ceb06856202cfa67b0e72493ac6ce3e11a927fd9aaeabc2dcad460d34be03

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 74f40ed2c15071e54bd7daa5f5e95d76
SHA1 04097d123f44ad7edc4790c225d2e3b182e3ccec
SHA256 55e77829039bbca8283824b658b6c7e8988458378173a1418b51756a8311f2b3
SHA512 4152b300747b4cd608fc9d2747e255f96bf4a7e289cefc6ad311dadc7c9c860fad92c7467c370e8193c032382fa66ef19c72f0bd14997fe25ec3d4413e08cd77

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3a78e5aefa5303792743bc55683fb3d4
SHA1 28e3b6085365c1038088522ec273ffb708aa7fa0
SHA256 de51c18aa28e808c8fcf9d033f4a57b0f5667ca5c62ee3378aa2cd338efb7fe3
SHA512 495de55fbe7ed2b1c211876ad692ba67dcdcc13dfb93cab546b13be7b424e1acebd6e5e15c6df04fd518b616c13acb25067192391cd40588cbae49e69e1b9365

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f328e703e45b6eae68a1918c27591b07
SHA1 b99d060db889c8a29ca0b9fe722ccfa4f6da11ff
SHA256 2214216004aeaaeb06a4517d2edaec90f0568038e67ce881da6187d2e076e5fe
SHA512 f5bcb5ae05ebf503973a615338ffdba0f2ce70df8bce80c49b8113d02a3b8658d2b699a144e62c3afd9d806f77e9b1e97581c56f5beaea148228d2c55cd93af0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3a3a0a236f4b3bfe956d44e1d61e8c2c
SHA1 70af6da4d6039ffa2c8de4308c644a086d180971
SHA256 871901e9c8660f05b9300ecf5e38d7ec1b5e5304be1eb608080f5669a609dd25
SHA512 a9891e91abf211c8cfc5376ae2218a59481837c2c11df0e61205c2ac676f943bc082961eeceb62a966c2a3ca3605ccc3d1a1470180d0fc359e0166258f1daa57

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8593eff0fc9b3de9235dbcca9b054448
SHA1 ebe7be8fcf85a003792c4e28a43aaba3af624873
SHA256 941778d49620920f66aa90e5b7e5bf92fb9f14132c38bc2cf90b3840ca1a93b9
SHA512 48059656ba3675087c8d4e57de1fb5c1e8f2a36cd4d8a5dbc3f1ff7ae187a09bbd8d698984b05854cef1472267621c6074915a01d40140ffb2edb1cc487f09ff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 45c9f2099b4059e29481e1c7fcfbfa5f
SHA1 ca898f50242d75ac8f4cb0c2b1cfe185994c743a
SHA256 6e95156a78e9503501cb6e5607700b91ce0c5b603b49f15c84bc628b57990122
SHA512 8fbcdde99e1ca2d72f16ac320003b8dc8ccefd2ee548054e28726723b131a5676492c6d1ef8e7759fc21c8f5535a9844eadf8b4fa2f2bc1139a36313b25cb5bb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 51b82c874f39b8f498e760d610b206de
SHA1 d8f14e83763f061494f85389fc09f817e465c36a
SHA256 d0f4491fb7cf0ee972948fa1dffa9b1905029a50590ee0acca047bcbb0f9c644
SHA512 308838610d8403a5087d3e11da7b468b6786c2aad224e796a383a72095a021850c65c5ff6861c3b78eb51d62cd94eb64c06fe5eca0eb5ff7c68e3295f105a4dd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e7c2fbd6f49833a4dc1e44dc253f8a8f
SHA1 0bf12d8b09094053355c876f970e5f5c43acaa82
SHA256 1fb6bebb574fd45bcb432609ffcf7f1b1a67c005349cbff05359ee60bfee5634
SHA512 58214717f53b4ef8799b58a7a410df6f2ace6c116b22516881a2708e81a13d18527443cf1802116ee649d44a6b7ea94c8f1ada79767eb1cdc2758c5cb2bd69af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ec488425a145c66571e6acae5459eb5d
SHA1 f1cdd1727929db1ffb91196cce3e7f60415f0398
SHA256 47c8eddf310347816ea57fc16ba5ed84c4646c04c665c3020aa18e9d6bb97d4d
SHA512 4aff26a1c2d6f47c240f34bbfbefd5edfa9939c44531d4a413a8d86aaf57ed835625dea3b44b291a1b3ff99b007ec9bb2c34e7ffe2730105548a706823299e69

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e0b1c87d53e15a6216290456af5a4f55
SHA1 1a3dff0f38222776dd6989aeb8b9fdedbe29b005
SHA256 41c1f950a7d7fd53a037c0f468465a086778bf48d0571125be91a82885b81348
SHA512 cc87b8b8c1c76445d39237ff9aaf82d4b5ddfd367f717d6b1f25a7d3947d61614c931e2f27bfa35a32ab80f74212d0ed2fbcb78853836024a320038aaade8cbf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 aecb20258b55aa32f7d9f74211179f8b
SHA1 66987ebd8dbfcf82538c50eb5317824f26676b43
SHA256 386cf93f756f95f696ea0a364a8a116b17c3a68179c14f9a31695f0ab8eb9c69
SHA512 dc4c926553db9bb0a915610b8a62659c2d0757e6935d721c7fb13e8862fa5f18cb182d437eb6e676464d67a91ca032959127df1b45615589e9febff5d6f0aa33

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 19d54cab01a9f98395493a6dbfbde6b0
SHA1 cbad37eb8be4409d96f6c26d41de8db20f635dcb
SHA256 3c20dc5c607091dbf9ec09c58bf74b0bf2bc8164173043b1a1075f32f8e4df66
SHA512 faa1a117778af4ebcae13ef641b356c5574b9d394644122ea89daeb990b298be71a8f798ce35ae519f2c5ca228301498a8d257c848e231dfc488eb60ef0c2b6f

memory/1148-8881-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1148-8882-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1148-9116-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1148-9117-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 22:55

Reported

2024-10-09 05:36

Platform

win10v2004-20241007-en

Max time kernel

122s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_printer.inf_amd64_cfb2c47c5677c442\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Snooze.scale-80.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-16.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up-pressed.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-400.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-400.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlConeHover.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAMPLES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalSplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Ear.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_edge_permissions.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-300.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-p9np_31bf3856ad364e35_10.0.19041.1_none_60162120b9e13b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ctiveuser.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c9e91af8cf22ba47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_scrawpdo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e86a866efa478c5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_en-us_88a7ebc1de04eda0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_692636fbc31a23ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_f449f22ccf00d90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_system.data.resources_b77a5c561934e089_10.0.19041.1_it-it_b2d82e7d20a24f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_10.0.19041.1_es-es_8781bf6ec208f12b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\takeSnapshot.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nlahelperclass_31bf3856ad364e35_10.0.19041.1_none_540c3170674702ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_10.0.19041.1_none_c1594f70200f2c03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_netloop.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f2c2880b1d471f94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_netmlx5.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_5cf6007729d53372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil.resources_31bf3856ad364e35_10.0.19041.1_it-it_63cb55b80996db5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-xbox-shel..-gamingui-component_31bf3856ad364e35_10.0.19041.264_none_de44ae6704f37eae\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmtdkj7.inf_31bf3856ad364e35_10.0.19041.1_none_742afe83f8b2a24b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_10.0.19041.1_none_e8fa8c5c27595c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_622340a725d0802c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_system.servicemodel.activities.resources_31bf3856ad364e35_4.0.15805.0_de-de_3494882f1a0c7a85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.hyperv.po..l.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ba97628b969f9c26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-execmodel-client_31bf3856ad364e35_10.0.19041.1151_none_969496a90f08ec6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-wmssharinghost_31bf3856ad364e35_10.0.19041.1_none_b870259d909f25af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_dual_cpu.inf_31bf3856ad364e35_10.0.19041.546_none_2c9fc8ea9f807c07\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1266_none_c4b179e0b12fe4b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.Resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_10.0.19041.1_it-it_dd32dfeed1d422c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_10.0.19041.906_none_9477737eb02808ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_netwns64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f2cbc59bdea4f497\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.conversion.v3.5_b03f5f7f11d50a3a_10.0.19041.1_none_4cfe57a80d9253cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_10.0.19041.1_es-es_9f0d8198a6a614e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_10.0.19041.1_en-us_3dcd06dac89576b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ef70d2d2f309f782\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_product-onecore__mi..sport.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f980d1844e6ea31b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_ccd8bff775ed21d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_1d6a3b05b050dc29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eed11ea07bd4d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\rescache\_merged\3031988681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0c4c3e7ff2123896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.19041.1_es-es_4e86b4697508e210\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_10.0.19041.1_de-de_af4964eab4357bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_10.0.19041.1_en-us_a657570f05ddcdaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-portableworkspaces-sso_31bf3856ad364e35_10.0.19041.746_none_f65848af5d6acbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_system.web.entity.design_b77a5c561934e089_10.0.19041.1_none_f45997aab9ae8119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..reportingpowershell_31bf3856ad364e35_10.0.19041.1_none_2fc9857a91205630\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square150x150logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_751f6042bf0e8082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e3685f97b198e2df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..extension.resources_31bf3856ad364e35_10.0.19041.1151_en-us_59dc8487c2221556\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..oningcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_c773dd84a226e905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_10.0.19041.1_es-es_30ffea7618681dbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1202_none_0d4ec65817505096\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\pdferrorofflineaccessdenied.html C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ybinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_4f8cb68726b837d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_wvms_vspp.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d4c2f42d3ccb159d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_51e6855ebd920709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe,0" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VJCRLUFDMKVPTIU" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\abxd.exe

"C:\Users\Admin\AppData\Local\Temp\abxd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ftp.gtarus.p.ht udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/3140-0-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\abxd.exe

MD5 a1d121ab07f4a1aa4b616a40a2e9d9ca
SHA1 f01318ce084ed79c39a441b50ea6a5a960e24afe
SHA256 bcd79036e5b04304f16dd88aa5f971fe07b17c93607f4466b476ef79cfeea518
SHA512 c009d2ad02ad10cb1991859e80b95ad8191e864168b62216ee3d13efa5ec416fd333c1eaa6cadcbe94269fa398d9ca7340b0d089cc7ead8d65acc382076a5787

memory/3788-8-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 90e1d1f0d1fe153315fc40723607dddb
SHA1 ba93dcad39e699dd5dd99643fa105dd3237aeb32
SHA256 66ad45695d485a905e74df82a43d6e8fedeba94cfde41bf53ab93cce21194a17
SHA512 f5c7e0f0e474326b4674770ec9a78efd6a9daf52de72cbbca72d7ee49bc568ea86e3f1d0e3b5d1b1a47957b1495e462f4d99642d8b9ca8792ea99ff2a9763915

memory/3140-158-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0d86c6fe0d9ca1838909bdc3fb3ab026
SHA1 5f3d9ed880f31e48fdc03b6887c79c9e7577c002
SHA256 28d8eaa5dc0a0e02e4fd4e1028edec1b34618647a28fb39d5dcaa7d950806fcc
SHA512 4dc4e0d58fa1374d1ff49bdedb82027d5e45b069fee887a085dafff91575af712731833746d66bb285a8d76a51d282a51e7b2c9e321c0d68f3ef1f9865d438fc

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 09d30328f900c24419d39dd6d9bc45a3
SHA1 f02bef7b4eed27a3cae1eff66adb4708ff2d1fc5
SHA256 8e9f5359aab286b9c6e3ea338435262aa33a858a46b45cdf72aea35b3b859856
SHA512 6a6f4231e72c972e9a0f513029c4b9fcf0a9130637c9f1883c027b57588b4ff1bfd80dcaa76d5e1b4487c4a33ddd2860b080788956e6e5db1dcfc1c6cec52660

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 37df87f3e454e1f5e2c5d936d0cb5ab3
SHA1 b9ffb94bfb4a5916be19d12b488a5e5650eea874
SHA256 c5234e2d41da3a0a15d09738a628b32f550b2ee868ac06155ca32c3b5adb38e6
SHA512 82c9f882742326b375590e78696a569996e907bee4d802017a5842de64e5ff9debff28621c27ea10c7ba7024c23e09cf867af65d321a3bdad42d0029d8b74aa3

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0b22e4a8cacdc0690f8b5b34e0420fde
SHA1 bde34594840e6d53f524860bb3e9b03405b90970
SHA256 3b4697834f19b0b3653a92dde8bc83c4b57230aa373e4fe5c62611373458087d
SHA512 c57b56b700dbfd24b9b61fd1316605b65bd2c9720055b00118dd76cc552c67c365002680c00405b375051c84548e42582fa3384e17617f72300e139a893d7d06

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 7a021194c42e7b905a65c0d665000697
SHA1 74bb728e5e22387877e0e38df168569e265fb5af
SHA256 72a818ce933d75ff090f6f9c6650a019192042f3ea4faf3a9763e501350ae278
SHA512 18e265e61d982998d00b7108e071830fece7f809af695dcaba7801673563eeca845e856648ec2476a74365e410dbe695f67b9ab6693d3ec59634e92287c44ef2

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 255b4358bcfcb72319346c6ea9491be3
SHA1 6e3253362d878d3cbf993f969dbf15af2f4af3ef
SHA256 3bd079fb120c9e573502306f4a92ac5d639137f4e53beb43dfd5bfb9e5733d34
SHA512 faa1785efec95304a68b927d3cb472e3c88d4b68fac63547ca792fbad6a9de8517f846bc4ea1a7e41590678ad0100baaa0f6d4c1325192cfffc7eb5c490ab917

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 5877c6d55bcdffdcf734a593a4838ffc
SHA1 fe1149bac89753ff2ef41a0976dfc29a9e0cd757
SHA256 b77da9d5edcfda94afa6846f753897d3cefff154ea2ff7f6aa64e375a299eaf3
SHA512 4e6edb25fe38f3ecb5eacf56ad245af2292cf10c2e3d0d4e082bfb42d99ec503f0ea22877ea8949b1254b291b5e8d87c6f099d11dcc0464ac6243356e16f4676

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 8cb1fe7474669e3fe32d41281f4d3e4e
SHA1 8ac3e87ef33f712e2442d04f927f34e4630e05c1
SHA256 77bbbaf5d5bb2e4fd05e5af8e8cff9710ba22020eba5d9320aeb097c6895cfcd
SHA512 f1f6f90a9b7f113ac89b87278f8327d3899d765d6cefe8eb4e4036a8997316425116b87b4faf83cfda0691fbdb315fb8745450dda9591c653385a994547a672f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 6066871cbfbe34fbdfd6a2b13398e55f
SHA1 298ee27eb63623b10eb5ed33ec1cf5b5407fb7b4
SHA256 560fa6b4e6335ac0e402cbe98ef45416f1d616e6b8317631056084906fbc7815
SHA512 6198a700898d2f38d48cd33f3ab68bc9911dab136ba0293f2e926e062d05ed2eabdd05910403e126c9c40984dc28aacfad5778072a9b1bb313fae28b9554e74f

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 aaa97115254e558eb676b62b639860aa
SHA1 a40d4bc6ac6c807c11d306d8236ee80f7a9e0cff
SHA256 06c12a1e8db1f3e7dd58d3fce6b052e39a005d33712ff73078379635ba49987d
SHA512 23e9d984c3a52a6fd2ef6012e7ddd94d62fd36c1507296b124af86df90a9575759f1fe7656350e1585b77d64101e59a89477ef2c4aebd4be365f0791d7b64b4c

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 75cbd8778d8e19207d8181a89ad61fb8
SHA1 a1271fedf2e61e389ecb3a712282d155256e4dad
SHA256 3ff57ca94f2ffac1a7a4e5acd375f039b9f8f23e40a384408dd59355b6988dd3
SHA512 0999d9f1eebb6458e43cdb72693dba418139c01544ebb00090fafa276344d62bdc7160508e432caf5f8fc2b078febe8fa8d82d6c2568d849dd134ba14dad5999

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 cee03d0d0f6f54d25e9ed77df7f0e616
SHA1 f58a35d65a702262cb1e28f910a40a9a11419a26
SHA256 e66962fb422a78e0aa4dfd01adf67a09dba5d70c463454e99849e7f4ac3171e4
SHA512 e7b81e90089ea4875635cbda2804954cb735953c2b262352425248272fb0b94367c75426b3584e84b087f45a549139cbffa89a04b6844ae355ec984201d166fc

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 37d97722d405045d5a80ba4e7498e111
SHA1 02f00b67f610659f7183d151015b565fad972237
SHA256 8e2ae58abf3df3b812b4dd26ef2f69dd0d9709b8d9c56764865687613d9a21e7
SHA512 b6ce812d1eb18b65a4f740b99f917337d74d810fd0caf26e5df3be733961da891349b940b08d0e1caedaad43eb710eabb7d1c0aca56a76b7a13e4875aef2ce0e

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 385da9e2db4d6973302eb81b6678594d
SHA1 ff6ad65cc6a23e8730a6d490ebb4e571cd856739
SHA256 155bfc38333306346e5d70e64a483a4fa54d032e30ae63a276840018ca20cbf2
SHA512 16b45d994694b47999c05ea0d3b432481dfb191423fb6b87540f0582981ebf1673bda3d6971751d916876e6829f8db2a670c70251f001ea635f50e7964774c8a

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 22215ae083f0871b2c6a0cd1de9419f1
SHA1 f1943e83261d7b1b839b2d324c41b5afe57da3a5
SHA256 940d49d6df0d8e71da65232228385aefedb2b3dc88e11738471a9e9b847a953d
SHA512 29b9e1adc81e9c734a9b1e14e4055a6aa0586f87a1e57ad0878ec32091f89945066ec96cc3afab4c754dcfa2eaf6cc6198f4b7aab551e36a32d1f1f8e10db0c2

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f0291584e5d7277bb0ca0094e3f9bfd4
SHA1 bce58e8da5daef54044eb0084e9d25395570c1b1
SHA256 2e94a5ef70d4e771b78ee9e2112365625cef6db96d909318c3bbc2ad5a5e4fc9
SHA512 9a8ed1b4de0a4fff106e2523ccb60201da211037cb9051ddc69663edf9dace3c0be37e39ad0a22a13de561b4708aaef068bd5484419bb499b68cdb63d7d6f338

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 b40ad001ffdd73950e7181e087ed4db6
SHA1 e24d8c800e90b96beaa1330b35a4b6299398eecc
SHA256 c2fcba3452dc94fec740651225c9d9381345ae26b0c713ad69a90653694e5985
SHA512 9ff8e31c4a54411939c93239cfe769d957c339b93f17ae49f29262181a3b23c171fe9507ff6806d29c3d3879eb87d83c0881e15d175d3fe46a565eee9ab4e248

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 cf304994952a52e3cf8ae133b3817dcf
SHA1 ecddb688d92e324cc265cd6a38a711d2cb1cffd9
SHA256 5ea56201e002d7852e17fe323296a5836d8c74f4600e6394d2c77c8a635c24a0
SHA512 e942b04a14ade7345363968de7bc62de32e50d9f40fc3b78733687137e431fdfb7455e3708191122848d7f89f8708eaf113ba99726fa7f00295bb8cfb675155d

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 473f2c1b9776702760ed0b3a11716c92
SHA1 bfd05a34f2a81ee04cbf02c352e7d52a89a280b8
SHA256 2a246d7db0a06bab8a9e976f28e0762a90eae071c7f2cecd0d2fff75307a8547
SHA512 ddb855025bda96053193ea21271ed52babbd4408949a4c590c41e3c610d59378d21c0194f11f2fc60c059776201c4e020fcee06150a7315bf1dd5ed16951abdd

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 28d8bd3cf08dac1e5aa6dbc4e735375b
SHA1 d0490445320350faa672db3939527f78e3fa0a15
SHA256 945085f42a32804621d490389265b785d0da6371b9c09aad58cb094fad461f13
SHA512 5c87e1493eeb488c7c792737674bbcb2c36e8ff78f70e9bd3640d3ca500309bf90eb1906575c7327b5d6c139ba80349df1e97669c26f644f70072bb99f2bfc79

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 11b2b4c0a2b5b0acf6211639a87153e2
SHA1 4e50503f1435a92a307c460b6010760194be0ebd
SHA256 eb8190d98161523a0875380edff11f9a508480c57591988643d53b9b2a468c2d
SHA512 a499376bdeb6baad090938482c8ec148c43223b23648d65ceda286972c70023e89a64d4003aaad36d7cbd297cb11b74074808ead7f2ddebd91554157179f8111

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f319badb55ea46bd12b073d9b7cd66b1
SHA1 9904a817ab5a15c45504848c3c5de40e9cd04002
SHA256 58986e822290fb0be349ace966f4e22135c205cd6a96200fc364b444399028e3
SHA512 c093ee2347bd81ada05374ec3dce26ca0dad98734c16586af38b204bb033ffa912f43fd049cc5eba513c091fb6f6cd3275c3779431dcf2af28912262d0bfc71b

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 200845800d73a3fc0f85c3c8f551c717
SHA1 139b7079c50ec656119ab85e98cd5fe9ec067898
SHA256 564ed9ca7e751557adf8b1a134cc1c3c63ee10e6f6c235456d129e3dc421b643
SHA512 99a47a20d768e78e5e0820bcf6c03f66595357431dc4dd1b3b37896ef3b715af1f37d1ff8e7789949e03c5926aff66bdb8270b1593cceef859a20092b0997490

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 48f9bbf1894a7afbed02d67570d0f3f1
SHA1 d2356b650724db032c18c8ac241cecedee88ce60
SHA256 6719ea391072768cf2552376bc4be9d130314c928c9bb14d260537dc81bfbd05
SHA512 554542c7770dd36b85bdb459a84dab103add075355004563f865c8609a7e6b051182564b6376ff3276118868739c7dae76ebc8ec0da75da9ba855a127bae7142

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 c86228e434755bb09f39c3b22661c174
SHA1 1df325742ae963215013a565260f57a2f16145f9
SHA256 76eca00f9cff8067238c9f6d9ce85b924d3bf4501c8f9e84d38961288a3136fa
SHA512 9981b795e6fba1aa3313b580459ff0ea46418dd0613eb3989c249dbcd8f6078225733cc4cfdc874af736f4d06a457765219229ab76f7f389ed05e9ed40799114

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6e604924313c531e61d486b85f85a9b4
SHA1 1f3f877ea18c557a72946d7a1ad5a744d38751fe
SHA256 2ae2c641f75c1f44501d7d6eea9cdee7b99f05d3cf035912cb70df95e6e0d067
SHA512 e9d18a45ee3d4840454b061e1c74dcfd5abfefd6e29e3ac7b63fc3466e8577802c5f892de88cea16586c60c142a4b8477756432210e2ec20552191187b22f5af

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 90f366ca1920e22a064bb46c37e50bc3
SHA1 8ef064aac0ffb69a4e7d7bc33442d37dbd56b4e8
SHA256 eefcf208b0f50dbc3fe71ff344592ac1c5a5ae05a6ea6b6a888828a3b467bbbe
SHA512 fe99ae524d3c0d78c0c40bc20bc5a49bce22390e6e66a04940bdf9d81ceb5860010912c2d6bfa91f008379467b73b8bb5d27de2a4e9adeb63ea1e92cede614f9

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3ba1a78841982455aeffdd4d1c42e60b
SHA1 8433addc9798c9926b150959668030eb8214d9e6
SHA256 a55761b91e2db403af6a9e464a4a818672a6154cae3e093e5423f422eda505be
SHA512 a57c5dedc521edba1bd25ce4e8ef988d26ad41f727d75cffaaa7e13f6dc96d6ae8947ef08eee91b0cfcfa627cc485bef53ea691ee43850583eb6213c5c7d99e5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 62bb178a8bf2aaf127df3c3b8825fcd6
SHA1 a0b6632b222011371bf82ec8aacb4d05b5628f7d
SHA256 da81658e118a14796874d2eeb56c77a05d1ca85e7f84b8947f59e5a03d27c268
SHA512 4e73f826dee06beec68e1a0eb73f5b30f43bede6bca45689e85377e2afd7f0ecafdf77bc51eaa555addfddb5dad0b12e87ad4ec865f96c67d8b31407a4c4e1ad

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c91438abae283fef0847da645f011955
SHA1 85084deea415d52a5d8cdc7ce4148b26462b7803
SHA256 0ac24707e72e58d3945212809648c3d4564a7ecdc4eaf68f9e95630352cac328
SHA512 b19b1e402b4fd96b0f84d77ee64663ce16a88ddb79b53889b79225e22d9643f4f689ac6b71406be876e569e52f5694367090a5c5edf4c8128cf9916b1afc663c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 3cf8ed7f2edb56c23a9d0542779e7d88
SHA1 dc6a2a91adc3668bf0335c3f6a7be6a2e3e76a6f
SHA256 414ee32d5e3fa86b4a9c33377f2a98ef254cfc0c922d9c43656ffeac498101b6
SHA512 1d04b3d26d7750ef13b490025cd5a929b7ed7ea2e8f12402868c6fae5e213f13f8b47ce624b3a45e80371ddb9782f9776b19c9ebd58f5360d7272df332e91ba1

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 b563098b3cb8e7550911664d71ea8dc4
SHA1 0d6aaed17ff84f835309a8c8547f7bd540c97fa4
SHA256 66f59ca6ddae02f17c024bf38193f37183ff4b6aa9ef7eb87bf8bdec45d86b81
SHA512 d910c1febfcbd336ef11232f559d5fabc187154d04394448606a0409cc3d222eb4ee915782bd2db6037e0c520f822359fbb2c69014b385b596b002bc48951aeb

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 4625a037e83b4008ec8237a66a523e4c
SHA1 535e47a0a0ad0ef3f255908622c18e12e43ab068
SHA256 61b719ab9561622e8933eb9aad706d87d7af1b9252365b6fca3c007ffe332630
SHA512 2ea29705d375cbf337c9e2616e4d03b1b57d1ac0faae8ad8649fd35b6466ce36bc7b2fe8ef7ab4a6bec060d7bc5c0a3ea779f325df8152ba0e7647d655fea455

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 1700f012afa51263034ee4cc90e5d202
SHA1 4593bf601fc0723cfb236d0793d285d9b9d7419c
SHA256 5bcbcbefc2cdfbfc0843d2a9c2418cdcb5ad2aa4ba8a3749185186ca894ee176
SHA512 0c5ceb9c4d9a80e3f7af1c6e5e63376f74d3a23b81bf0ba97a3fd8c160a7171ab72004b41262128a0ccdbb3bd4d9ab0c69f47f7a941b8c3fd43f38b12261ab17

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 15dfb8323034681435686673ca84b96c
SHA1 ccd5ed8963eba0001c464c7d9a3a98c9430026c0
SHA256 9f13017fd74eb756adfceff4d5e1d71b0865c345527d530a725e0f278b0a9167
SHA512 4134f7b984c5446c6c6e04ce21c0095443904607e0d3fc8ee9f830ed2d3221a00e824b08a261c96925348e29c85ca6e3f0e036136e8e36a6b394e8f8a4ae0777

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 5c5d4ba396099220e277f636fa809693
SHA1 57aa22c57b599909aa985ddfaebb60ef242725fd
SHA256 52d11f772269f66fc8de3cc0f39f01c461cc63b3dcf2ce6e53e238b82cdce0b2
SHA512 002b0c5c1d1228de32caadc6af572f822bcb9ae94feb89b22c3010a1085f32bfcae25ac726e249033e114e1fdfa40e7756dc1d1c885952a647c26212175d1def

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 f83fcb3ab40ee0bf6a117515cea2d9f1
SHA1 3a75e249203117b08ebc38293e7f73d1c6fbf908
SHA256 d0cbf045595432024dc75fb72d34382643a5c27e964b1a4df6f9f9f289e60b7d
SHA512 3230df11889e7eddac405902b8444c80ba95a9d86ba31ebcd9227d7e93ab90e902e9cf2bc6ea62e4e9d8a6cbf50d7e12da8a2f8378e67550e55e2dac5ca47977

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 4b68befa289034efcffc27bbff3bf4d6
SHA1 1f2c5008f58895e8b2ef2e1d7e9299f69931b925
SHA256 5c6fa5916faa28dd0ba5850f15ac730b5114c0885cd549bed8855124aaea589d
SHA512 2bb5e7dba71af619f29aeac0c2e0f3dfd5b4ac23885cea76350b171584a94b48e4b664fff6e8f2684d77d01cb1fbd473184bc803ca76038c7e0c636358439621

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 ce396937f233b8b8022a6e5eecbfa23a
SHA1 22159c9dd36fa32bd6ff56ac224665922c77ead2
SHA256 6665936c8e81d23afc14cbc40a243bfe55e04ff2cc58d4090947637684e36d7a
SHA512 d4117db4f938418f7a9edac50f8e9b6b5f2be35dca3493ff21171fa2fac9f97ccfa30c9da9b7fa8d4ab1be861f474260639d58a70fe3f197e249d141ddbbf0a5

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4e37726cf9ac59097d7d718415953a8c
SHA1 f919f5652ec44546e2cfdf3dafd81203d11e463c
SHA256 add23c6eea9aede6dc7939c61ce7804febb536edc38bfa5699b572bfdc6094ca
SHA512 f18fc9d6db1dc9de3ddf583e685e5d75d631dde934d78a42bcda7f3bb4ce70a0688915eaa573ebe40b52edaa0ac1c7ebc4559a1257c8030f3bc8f661ac32fee0

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 0ebf09a17781bd67b3d2cf22e16d7f1d
SHA1 14501da765fadc074d3e0cf2b97449359e4ebe03
SHA256 f0d32a125d3550ff86753a154e48f1186ead35fd6bf5649ab140de37ce32c5f4
SHA512 6af1c12bfe56ec9f37a33c260a1c51dad97658883fc58b197663e486ce6cb2c5b81825f689805a5fb14f99d5737d4810c63b5f7603c5f519e5721b0c7fdbb6aa

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 554b1a8ba78463a4719e821e598414b6
SHA1 4cb54199933b6b2235ee08c3dd7971a8c5d47061
SHA256 77573046e05d1c6a4db038c6096f11d9d30144cad2b225b003064af3eba55067
SHA512 6e41d3ce878795e0a3955d99cd4693b871da274b6dc685c10b98e3d96e8852b46846e41c831b2b042e976e72f57e6188c1be01c672ab0065e98daa0b0d7b9665

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b4d841a1af1f098197df64d6af0e7b20
SHA1 9e71d9aa24489118a1897c57f96cdde45543c2d0
SHA256 fc75a7733c902a9164b500430bcee1760b7405b41b2f044af70a6a34db813cd8
SHA512 73bdbab14627510aeb2e4b125123a033f9e36bc4658e86300c39365414891bd6ef9550feb29b23c26747158ec2aec573f8c80736f14847e81cf09839f77266c8

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 76338948dd6e9ad047095f41d3f9bab0
SHA1 747e1bc57134d3fe5f406c6586d6e954626788dd
SHA256 c9f939c5a1d2885260180e68a0a00a9209cbf6b5b4ef01581144029186b369f6
SHA512 69b4dd336b224641cd29d7f8748a09bb61f56153130b51e1c7f616fde75168a94a8334e65fc2cd254f813efcc0816b3709dbfed9ea85e5ec0bfe03185f3b5c1a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 f57e62da6c62f9a0d5567e1d7e77708f
SHA1 fa598a60748b7b882cdfc9e0772c2e4a0109a9c6
SHA256 28c7fa2710584e24ba42399488174ea6ac391563c9e366e07b0ff6ad06ba30cc
SHA512 90f6e41341f00dc05216cae4f9df4a99d63cf4205b105f53b69f1b0856191cf537afa35c1a8e3a01e7a3b8136ed8db9ee66ff7c0bab57100290fb0f6e5c07e31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 7c82cde418d7839c79cf8b97d201b659
SHA1 913899126f9b71164401d51d738a690aa7f1fea3
SHA256 3dbaa240a4f98caae19aa4fd36ad99f665d28a22db03817c7bf55041564ce371
SHA512 6d9d1fd421667c9df35f958707241cbdf1379c93c0783ac547df61d6b873fddd1d06f36e0c1944f3c035073ca357bf7fe45031450b7903da02429b677722bcb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 70afae87710c77a4d9d85cacdf7112e0
SHA1 fa4610fb8a9fe87a9e471bf3c274ebb233677d53
SHA256 cc4f96a098c4a1f9560f297423ad167f5cb2e4bad9db0abfc7ce2e4589fc2f0d
SHA512 f71f3bb16eeb18513ad1ac8f7e88d7517572d5746cc4ff61e098bfc985eadebea21716b9326a75d4986a550bab6f09d00bea62d9a43b7ca15cf5bff2b245e660

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 05a0728045338227cfeffe950b584cb2
SHA1 88904339b32531967f2e0141434aa6fbcf71dda6
SHA256 b9a73c03d6de8fed50ecd2c43ee6ca508231840025d932ac913bb2ae10274ab5
SHA512 bcca9ac35237f0d7ff44583215d86a378866374c85adf8e929091c7a68c82f970ccb2cc53f964c6d6d77085f6f8f0004e91964615d5e236918d9dcbeceb98a2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 9004f4246c62c3b89b134a3e0dd9979e
SHA1 9d86784fb650916f9f4e3b5c507f3067ccaf4f1e
SHA256 f5c7bdba0ab455f1e102699c9adfb56d1ff61990be56f5583ff599e79fba867b
SHA512 8a370b9a4e28811d018a0ef75b6fb7b6cea07fa569ee23a3be495719221edfbe6ed37dcdad0d2cb55489991d4a6f6a1230c9e8e52a1cfdfae40a0fac151a108c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 78fe2c428698d13077ae4fbe9f09efcc
SHA1 052cb69e4a891fd2f264432d497dac42a14b0403
SHA256 739462d187effc995548a08b386994d7431795a52ef9d77c0f53587cd5aef728
SHA512 aab58e8cb4a58672831db74f6403026e91ad8aceababab3e0b1b1747249b062476f92e43f750aed01217e4264862d183e8a8940f2eb179f5991ed4306089bdd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 1f22b2bc67129708e2c6fb39a8a23206
SHA1 901b8f9dcffa38c8085bd7a1d52520b01ad32459
SHA256 f1d951a70c5ebee3c1f8da4b22bdfb8d5f506d04c58ee3fc8d02ad0664d88349
SHA512 219bfa80dbff92112f696bf74fd79fecdef7e27465ab0bc52c16919009b1966a4ef749a44b02bd51978ffc990d2dec6497371a45200e4c4900cc9f14b999c9ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 34e16f22a2aad337409126849d8ab7b6
SHA1 b49ccbf2351c2e92913c78853971d388a40e99ed
SHA256 b0044ab3aa4442dc06272511d40a67fb93985326703fd6ec41db1b5ab886bf2e
SHA512 48b2fdbdad0c82dc17a84db69045ed3000c2bacd3fade9f4297e936a86dca73ae1aca06d9237a21c289fcbdc4430048f3c08766620b0187346ebc8779a9f9745

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 0373ff24b1b22dec66474fcd49682a83
SHA1 c63000d50b22efb3ac7f2bec4d30e34f480d52ec
SHA256 3f276d9e85dffedefede33ec2da80f58f70880ebbaaecac2fa37224204327e52
SHA512 c878cef45f45aac5ed9180173b988a8fded8279843a98c0a2fd2399399c97070720d684166e9d1149d0cd6cd027abc7cdf42f58ffb8e32e5cf93ad7d4c077c10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 36d87c77e7be1d9d2c065d142a75d64d
SHA1 0acc315f11107623fad881bec46dba2b9d3b48c2
SHA256 08912f3ea1f74654519935c83e6f1abe176bdca42bb762250718482b1abfd64b
SHA512 e6aa0caf26cf492879f92fdd452b70afff5b9e23b2424a9a4dfd378fb3199b184076c3adbb23bb18ecaf00d59494f7a37c4e3b6761cdd32d670ab6ecc4c55e31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 a5326e37a6e39094e9cd2731b511a79f
SHA1 bb23c73eccad05da6480c96f5a5d047be73fab3a
SHA256 e684ef70b3461de0a379e825d5887101cc212f5b1b26e2b03e197a4e92faec67
SHA512 32b3aa07ea2ffcd6a905b30450b7834b6c7b45721c63d0659d64e3f87ffccf998479590a6241e2718cab2d0f764c84d0d38f37662714a553486ed9a7d9f389b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 fe0e5ed557d70c84ff668152dbb8c2cb
SHA1 79cc162a13132fc5a78d1f7fb4a51aec46caedfd
SHA256 8f2ebf6a95974e9692af914ed1e4eef48b523f9431ad39b0391cd2b13d209580
SHA512 d702c1db94d3a9b701f06aa203a43bc798096a88d82d08b6376d3bdcc37070088d272fcdb123a05be1aab3c3fa60914cdf974a0ec81a0e43638e78beeece7b0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 b14c5f4cdcd1be278774631acd2732bb
SHA1 62b54c6c2d898406d4afd9267fa31570ce080900
SHA256 7b7d09c814c670971bd6f8e11dcb3abf20a12d568d12500a9de9196952e940b5
SHA512 575d8c596460d959974b1fe2afb406b161c622c16abd79f2958139f4f1e6ed4daade7d0b5d6101e4a2f27df47b1266fa9816016b392bc65edd0025d84d5e2010

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 3afa367d93daa1d601dd5e7e800675e1
SHA1 b6345d090950ce3d3f0fd5e77796da2f86eea549
SHA256 7498edbc083215918ff3674f0d5e75e1a8936442ebdc187aef7cc82771b8734a
SHA512 006dafb9d76b460d4275c081c241112a9a3abe3d84172f1fc8eb3b77e6c98eab8d1a41e9f6519e7b5d549c55b526ec399718291c0f7676f7abf98aea84564a65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 44bf3b098c853dd853ba0813325ee2b7
SHA1 f8e4fa0564eb8af68086d869c8b298d60946463a
SHA256 20203108ed0b161afae6effbb027835369c02c20a2467320d8eacc67c4f0c2c0
SHA512 16dbb3c490829b1da7a93f13195d34cabd02e8555bda25628819d57ab5fde367021efe4b62144f9071eb692c7b7ea6716c94cd9db6b9c043fe7eeaf1d40bb915

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 c12f77d0fccc596498ddc7f2e39823ac
SHA1 cff0de400217368d835e8eee8f0794a7a5a5a3a5
SHA256 d4a9bf0bc6f8584c65efdff78cd78c1f54dc681111c8e1fbb82d4de0832f8ec6
SHA512 e38f094decb214051daa12ac1518af7666c0e254a49f91e4a0b16000facf79dce3b9ae7b1691dceff4851d9e10c1857974ae00093ab166dc8961757d2fca0af5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 a0ca8d6b72ae1f9dee74203a6f281aaa
SHA1 18d032011101aed9c628cca003a689db70e28ae7
SHA256 25335efb97f58f49322454af568aa8144b3744ea786220c9ca649cfdca9bda5c
SHA512 6d047d3dd8549eb276c979414ab98f5357fab5fc8aba8e4c568edea9007fe83263770e0283ef33cce31ff05dc078de1aebbdfa58a52cfa443be6326478b15154

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 aef9847adee0eee0f386a1455ee1aae6
SHA1 6900030308325ac081b3487c4043a7227a8200cf
SHA256 efc521bad4145aed24fd4f352444f9c1700a8d32a1b419291ca869ad387ce556
SHA512 20faced1211a7f4bcb122a8c15269be779e958308af222b6eaef572f00e972c9e448a53527847c0601d234b3ee2ff86c48d30f45cc62344e90d8efa237a68f16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 e951ab40e17a282fd02a6bf4c80d2386
SHA1 8badc45720d88b1018adf1b1d502c666d3df7445
SHA256 96c3b81b1ca92c3460f3746446da1ddfdd8c1f4ed560787a2fb5a83e2eb17722
SHA512 a16b8a2e02f55ba8134755740dbdc531fa607cb97117afa4a021883b54ad4818cd00baf8dd02aa6a9e87f80d280a897ad4edd0e6c648d8dc46362c2430a9a4aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4f0a154797f58512efcaeee8180a0a8e
SHA1 e8046c62829ba3549c2fb658808042901e6a3cc9
SHA256 a12e22d6eb5354f97fc71a0e4e6f14fdaac6f47533cf36f3b6b840e74b1edaef
SHA512 04f0631898e950e2bb2d62d4e891060a0b1a521057463be2d184db7ecba3f8e2f8739b46b87cd1118b5a17a6e7d30adeeac766a1fa635a11866bff8ccb5714b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 c345fc5c914f4cdaa6d35d077558257d
SHA1 c5a50a1b8ef220de07ebeb3b9cd6ef6d7f6d16d7
SHA256 3ff8b162acf68e9b9ad435c83e31ef5caa320b917f08727c9426627556c60f4a
SHA512 a54e65575298c5db6314deb7d57433e3150f27968467769336d373b0f0308fcf7164c873b07995e34356592d14e0c0beb2eefe909b4c55ebf4e0a81a68bbed57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 06f4649571532d6b22674408920002b1
SHA1 9eea719fd2a1f23274e305393699516f39f5b1c2
SHA256 d779cba51040a5b401ce0ea494ead152cbb5c1383fd1018d5c139361551ce233
SHA512 fe179c7e4c7e0207bb55bbd821e3dc3309a970a398c01ce2915a9dd3f7bc030735d1454f8ed64bd0d09183f5d1285286e9d99b9a002d5002b20409cacce26224

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 27d5dcac4a6b3062888bb84063925caa
SHA1 bdaaf803964b7a23b4138f3878de11794461521b
SHA256 26421942c621b861de2de4b9166e2f4a42f8e4d7aa73c1a11897db03e83fccac
SHA512 e08cfeb36d0d885449d281af0a4efa089041395cf7e4c30c5d6559a551b9a27bfe19197b86ab001bc12b438ee65b9de4f7424463479777320fc392cf6f6036cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ce276b89a0e17a3c98e53b297132efd4
SHA1 c1e39e91c1e25b8c6d9e0468f11a290e12462824
SHA256 fc0bfb6834dc7514a493fd8ae9f12f628da4702c856855187172455afed23ebf
SHA512 21c8944f939c6e835b1438d4cadc5d2290c198b1ba180523e7bcf27b1ec856c77da41b14d2f37e7dbe22c59a6d24a179e38ce552124fc7922895d667ca25ea5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 b1d82e75e7fbb562de97d6ff0c57bc58
SHA1 8c38dd3739a5f70c38dba6e4471c2875997e9212
SHA256 5cc1712c6d2aebd2ef34337e7ac34b9f0605d4178712bf66785599cd902e5fa9
SHA512 7512fb99e51d17c27409bf0cb3b080a23e70b102ccd6ce52e2133446cd601fd7a722cb2b7ef8810e2bf9dfb7e23b30daab9c52c17d505a34be34c21fbf59320a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 5de785df6a09bbe054cfda6d45021b0b
SHA1 9402dc52d0b8828398078ea9044d86ece38c073d
SHA256 bacb9ac031040131bfc8346239c75155e9d6593d4337551b623a894a22bc1848
SHA512 c3798159b9687ccc83dd62c4400f77a59897c461987da52f9ebd7496ce3bacef681c2af62d4de981b73626bfd36fa06986c8df5793a145b2bfb1bbc1427f7c1e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f569e6d4dad1e3009f3b87d1259f789b
SHA1 7e88d2375bc845b45576201a3479a4181f984212
SHA256 f9f51a1b7bf4d9e818c7da33a322cbf3697206d434778a76b97c71ba39178297
SHA512 ed97a11a70cee25ea83b3096a24940a00cbae9c0f267b72c517c5b984c4c517858dac33ba669aff45395310704c3730b14fc7de81128a716bf9dff9a5e0066a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 ff90586ed315dca8a278e8089d1cc16b
SHA1 d8bfd30bea8076b9fd4217c30b43cb9cd943c27e
SHA256 7c9f9ffb70eea519136980fbb8607547fc233f1532acf85ed0ff556f82f3bcb5
SHA512 be7c588b2095b6327266b7a529c9f249d5058472f3e3ded76248659187a582f4f81b8e2ccad5bbf0ce33b94d8283509a92613bb0a3c35bb68a0122b10eb9da24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 f2d81e5cd75010e414d7c6f2ae94fd0a
SHA1 3e0c3416c96e47d726823fda404bd4dbadeeda25
SHA256 5415decd92e0e0d59975c3bad18e1f91f2b34d146b86eb9622baf65911aa3f80
SHA512 db9471da5a114a538c8a2039a08d1cefa46c772aa107887162c77fda2e7370d3ec4b73c04040736aa3aaf51716687a8e421d25ab432d26290382d5d60b104ae6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 ed7584d2ca13f6c369785fb111d89e90
SHA1 43779359eff5b3f782ea72f47e7e47919833aeee
SHA256 dd7dad66f7aa8b73da641714c64931e41023692ca367f0bc4a4098c02d76b37b
SHA512 bd0bf0f86691d527d69389d7494acabfd6e42339ad84e55cdd4289914bc36f5f94e57913fe7097f76be5fa1537df043aa02403f19f7a3fd59b7bc1499d4ee5c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 aa50a804e82d4f5ddd4834791b0a4a4c
SHA1 d88a5431e98fbe67474cec1e29b0146b10e535de
SHA256 386c5afce6cb65f41f3112472b6e69b92d33f1d0adcbb917f0250c077fc290e2
SHA512 baf255ca96ff69668618ed52d44b9c0f0f47904feaade8f9bdc07ef5c193e84dd44f9240e7ac8fc2f60a2239dda4c0bc412a39f3e22af070c89176cee5565b8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 b38c1ec2e7f892c910248980e394ed51
SHA1 e20c544fcbac1a237afee28be1ed1939be73abf2
SHA256 06a71b8e61fb3ac463352bbd7090d28bd73ec1780c2f598cedea0011d9af4b2a
SHA512 c6f152b0d5b559588378df9fd8dcc96f1d992f25f2e2cad514b00e6156cc030ec785c1bbccae1d0477302c467d483ddeda4829cadf223250820a6be7da681ea5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 72ced2a41a1ac4968d4981be13715fe5
SHA1 d88014ab16a4befcb96baa7a6a68682647cb9a41
SHA256 9fe426e2cf426ae5ff615e99947e56757f5b7e474ff19a525b056bce088ec9f8
SHA512 30233733481e5fe57d88e3c8476aa375cd22f7a0a9f37a720aa3288914aa8c440469b6de3af81ddfc4fd32ef2cfb3c7f394ea3eb8e1410fcf3103a61e3bdbbf7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 203078b447d3e5b987994f7cf38c17ef
SHA1 116e0de61fdc5278a73a35006703661a0c07931d
SHA256 59834dd8ca373a630057949413db30fd7dda1cffaadd242f1445b7f8b3e7374b
SHA512 21a7650e4b2a4420450e1d079e0f83ef42702817e1ef0bb6b47a6b5d12b47f6fca77c92567ef495884a071303b5fd2b0d32e4cf81f8a1fd2dfc1c37ea78dd874

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 c4122fbb2c070f73f0a0eb38cdeef8c9
SHA1 67e813fe9997bbc31e53f0768f1ddde19be92a47
SHA256 044d314bffa85bb6d02b71025464908453714f915a5a1579130ad70cd2a909ad
SHA512 200ea9d9cb4e852097d2b098b8b5a06468c771f2ddd5c23761983855b331df3e081b0172eca96fe779e453c628f3a6eb75cef46193d43a78c1e04b0ba8324fb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 81cc1389471f185074b8fae7312858cc
SHA1 8689cfc7119b1067189c40e6e57c11f1c3b70108
SHA256 76198b3b81e3bf6778debadd091c19bbca321f5a02acce8dd21a2439ed51ad64
SHA512 66b0346eb424733e52491ee4461d79f15cb78ddcf8e75d98786369363d31535477c7109c85422cb11fb9598eaac5dd98bab2ce8eecd5883fed9cb93d125edc6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7a090d04619d9990bc1460f9009e744d
SHA1 7ad00b577fcb2f3616ce7b5ceeeab6349d453557
SHA256 5ff5f77f3029302d1d3c7ad963db74397688a5ebd773ba648b718045bfe5f8b5
SHA512 d06438f42e8bae5e80b7d439bb8373d87532028e61423869d36e2e0adc5bcac719638ed70a53de87e669c06b6d3806c3a0094defee38a6d273c6dedee7fa7bae

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c5d4cf989984ee3aace100ae6e2fb8fb
SHA1 2f036cf1a73c1814a09bc69326fe4849f6ffd206
SHA256 0d6be4428b9d01bb5c2dc32b7a83b0e490d4056e9c25565d3cf0c1545ca5549f
SHA512 a5aa1b17a63f9b9539768af863620f0f61e46a25c958d4e9b1b0cf00159722eb0595c5816e4088125ec1e95cc72f2ca1168d54430bb5f4471fb9827d22b54bc8

memory/3788-5798-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3788-5795-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 5c8b6487bae272e77ec2abc3bd776474
SHA1 e68d4230cca2cc75b5c04659d60422ac001c40d6
SHA256 1f80311f4d85ff4715a9df27477bd99caaab30d7414f859e8dc6596538adc2bf
SHA512 a4cae387008bb7e9b4213b5a81be05f1a64dba677af0d46d0317a957d95033b77ad76f84bded191910ab21a000c5cccb2292e38053ad2623a04917062eac4b59

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 7f26a983e35a54a447c968de9c290d1d
SHA1 e0398ab369638805c1da9ad75576b29c8b845688
SHA256 0de9c48347c1c707595f557bce8fce41d78dc2065e7f0bcc88b00de9fd3394cb
SHA512 555742b233c1bab6d1cf550d2e36d0e0c101efd24518f63c7729140ef87db33444b8f03726cc5df6eb2a63c0080ad4f2a10ceb992387bd64c5615d5b677b2a94

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 a437a5fb4b940afb28450c5a252da793
SHA1 e93fcc96b2c313fcf20878c4bf1d513f6408deae
SHA256 f4ac4b801e0f4eea19e236f69446b4c543cdfe4512d467a082a31a8c5977adbf
SHA512 3c7c2e24b684de16571a79957430ce1606eaacba6bfe5f52cb2d0b8e7194382bff49e6092472f189a3940850ce31a53bbb95108914ba136d72b898ded1205019

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

MD5 56901bdd19b84f5764583ad6ad11c1ec
SHA1 aa5bd8858a7fd7e9e3dc1d35278baf563304ae0c
SHA256 a184de8997f713901acac4c38babc004858da3df5d24a84e3def40182deb5742
SHA512 c5d2a12d4aeedeec5767ab2d385ee8a41dbe5db96f8654adfcb74e31175c54d6108ad085e6b3c99cb58c4fb29bad7ab2dbbcf0cd21fcba59674914ee8ce804f6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 cb988e77ccead7cca5b32edc0754b02c
SHA1 81334eb4d6d2a601e8569dab9c228b289211ad47
SHA256 90d7832544fcb3e37b1e0e975d0399ed27199c4b72d16d9cfa3334cd74f12847
SHA512 467387c610a54b8c55fd0cb599f3aa8202da28467ce8a7465ea22821db64f8808b81f54942e5dca1a18ed538acd7ddc3106e86c3543497c7a862dbffbad6fa20

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3719dc15cbf9a76dccf29ed12e10c2a7
SHA1 5dafacd01e4b3db9fccbd6aeeb1979835935a43e
SHA256 6b151e3f151397dc31e943e37ada5be155659d30927e229919c702d78db85cf5
SHA512 7f6efddfd8231b674a7f8968c9832967439002df4bfb5fc9cdfd133231efa88395a8aefff028b312918c5976e6469b6acb1a371f1a20c8abd4f70f65dfbdf4a3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 74f40ed2c15071e54bd7daa5f5e95d76
SHA1 04097d123f44ad7edc4790c225d2e3b182e3ccec
SHA256 55e77829039bbca8283824b658b6c7e8988458378173a1418b51756a8311f2b3
SHA512 4152b300747b4cd608fc9d2747e255f96bf4a7e289cefc6ad311dadc7c9c860fad92c7467c370e8193c032382fa66ef19c72f0bd14997fe25ec3d4413e08cd77

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c97ca4f00840f401f44cddd424ba5cf1
SHA1 0c8fff2229036eb5af11b8d3c7ae040789f08758
SHA256 36e27f2944ee5015ec3df30d053e9df1b5cdaea9b65057ec1d6f5828f0bd52f2
SHA512 f0b5f2812dd6ba98af0e1b05722f76ce7bcd918361efd74fb42ca253a67ed63aa38ceb06856202cfa67b0e72493ac6ce3e11a927fd9aaeabc2dcad460d34be03

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 ec488425a145c66571e6acae5459eb5d
SHA1 f1cdd1727929db1ffb91196cce3e7f60415f0398
SHA256 47c8eddf310347816ea57fc16ba5ed84c4646c04c665c3020aa18e9d6bb97d4d
SHA512 4aff26a1c2d6f47c240f34bbfbefd5edfa9939c44531d4a413a8d86aaf57ed835625dea3b44b291a1b3ff99b007ec9bb2c34e7ffe2730105548a706823299e69

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e7c2fbd6f49833a4dc1e44dc253f8a8f
SHA1 0bf12d8b09094053355c876f970e5f5c43acaa82
SHA256 1fb6bebb574fd45bcb432609ffcf7f1b1a67c005349cbff05359ee60bfee5634
SHA512 58214717f53b4ef8799b58a7a410df6f2ace6c116b22516881a2708e81a13d18527443cf1802116ee649d44a6b7ea94c8f1ada79767eb1cdc2758c5cb2bd69af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 aecb20258b55aa32f7d9f74211179f8b
SHA1 66987ebd8dbfcf82538c50eb5317824f26676b43
SHA256 386cf93f756f95f696ea0a364a8a116b17c3a68179c14f9a31695f0ab8eb9c69
SHA512 dc4c926553db9bb0a915610b8a62659c2d0757e6935d721c7fb13e8862fa5f18cb182d437eb6e676464d67a91ca032959127df1b45615589e9febff5d6f0aa33

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 19d54cab01a9f98395493a6dbfbde6b0
SHA1 cbad37eb8be4409d96f6c26d41de8db20f635dcb
SHA256 3c20dc5c607091dbf9ec09c58bf74b0bf2bc8164173043b1a1075f32f8e4df66
SHA512 faa1a117778af4ebcae13ef641b356c5574b9d394644122ea89daeb990b298be71a8f798ce35ae519f2c5ca228301498a8d257c848e231dfc488eb60ef0c2b6f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3a3a0a236f4b3bfe956d44e1d61e8c2c
SHA1 70af6da4d6039ffa2c8de4308c644a086d180971
SHA256 871901e9c8660f05b9300ecf5e38d7ec1b5e5304be1eb608080f5669a609dd25
SHA512 a9891e91abf211c8cfc5376ae2218a59481837c2c11df0e61205c2ac676f943bc082961eeceb62a966c2a3ca3605ccc3d1a1470180d0fc359e0166258f1daa57

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 8593eff0fc9b3de9235dbcca9b054448
SHA1 ebe7be8fcf85a003792c4e28a43aaba3af624873
SHA256 941778d49620920f66aa90e5b7e5bf92fb9f14132c38bc2cf90b3840ca1a93b9
SHA512 48059656ba3675087c8d4e57de1fb5c1e8f2a36cd4d8a5dbc3f1ff7ae187a09bbd8d698984b05854cef1472267621c6074915a01d40140ffb2edb1cc487f09ff

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 45c9f2099b4059e29481e1c7fcfbfa5f
SHA1 ca898f50242d75ac8f4cb0c2b1cfe185994c743a
SHA256 6e95156a78e9503501cb6e5607700b91ce0c5b603b49f15c84bc628b57990122
SHA512 8fbcdde99e1ca2d72f16ac320003b8dc8ccefd2ee548054e28726723b131a5676492c6d1ef8e7759fc21c8f5535a9844eadf8b4fa2f2bc1139a36313b25cb5bb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 51b82c874f39b8f498e760d610b206de
SHA1 d8f14e83763f061494f85389fc09f817e465c36a
SHA256 d0f4491fb7cf0ee972948fa1dffa9b1905029a50590ee0acca047bcbb0f9c644
SHA512 308838610d8403a5087d3e11da7b468b6786c2aad224e796a383a72095a021850c65c5ff6861c3b78eb51d62cd94eb64c06fe5eca0eb5ff7c68e3295f105a4dd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f328e703e45b6eae68a1918c27591b07
SHA1 b99d060db889c8a29ca0b9fe722ccfa4f6da11ff
SHA256 2214216004aeaaeb06a4517d2edaec90f0568038e67ce881da6187d2e076e5fe
SHA512 f5bcb5ae05ebf503973a615338ffdba0f2ce70df8bce80c49b8113d02a3b8658d2b699a144e62c3afd9d806f77e9b1e97581c56f5beaea148228d2c55cd93af0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e0b1c87d53e15a6216290456af5a4f55
SHA1 1a3dff0f38222776dd6989aeb8b9fdedbe29b005
SHA256 41c1f950a7d7fd53a037c0f468465a086778bf48d0571125be91a82885b81348
SHA512 cc87b8b8c1c76445d39237ff9aaf82d4b5ddfd367f717d6b1f25a7d3947d61614c931e2f27bfa35a32ab80f74212d0ed2fbcb78853836024a320038aaade8cbf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3a78e5aefa5303792743bc55683fb3d4
SHA1 28e3b6085365c1038088522ec273ffb708aa7fa0
SHA256 de51c18aa28e808c8fcf9d033f4a57b0f5667ca5c62ee3378aa2cd338efb7fe3
SHA512 495de55fbe7ed2b1c211876ad692ba67dcdcc13dfb93cab546b13be7b424e1acebd6e5e15c6df04fd518b616c13acb25067192391cd40588cbae49e69e1b9365

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f76936fb112568f14a9eea6225a12337
SHA1 9da1c8fdf9bc8b4b9031f91dddca325477787034
SHA256 47dda8e08d709d130d092bc8d186ac5341a76e6b3acde9874b54f45be0898add
SHA512 18bf11353287c897bcc3a15468c764b004090793e2c3f4d4fa81716c24a8713f5394d1dd1b63e6237fd9e397546435ac0db523cee8c4ca16d50b9d67b2f0a136

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2768a7a4be7f853cf817f85cffeb565b
SHA1 f1d5d65dba3fb1db78d1423be25f48d53f04ea63
SHA256 5441debae8f2221f04e5d96394e24ccd385a3881ac250d234170fba04c7b8914
SHA512 4a65a9543a03e4954e5565f4a85306714d6340a92489525245458c4a701bb26ef227915c720dd35828e723c3fd1cd2b6e03808f6a3204b93f690da8800fc69a8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 0f4de9acf6cea97a252fad4e26852309
SHA1 2b06aa731849e37168c181e4c29ca129e3751cef
SHA256 c603bb78c078ddd6382dd27cb8499d0ffe878a4d9a78d728250c356a394ee016
SHA512 2e5dc397d5bf380a6604711d7216291d72e27bd93b9dbdb9ff77c6861bc95c3d1e4baa82fbbd0b8e462ddeb767e54b16f8feedbebb6c66faef4e1754a0c5fb22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 4f325e48475e4e3ded7e4c917ed47a13
SHA1 47eaae757bc198e1bc68bb237a0b67d9bb1782a5
SHA256 8e5f8b96325876a2c17c2aea4daf98bc9a5a39574aafbf775121523b839fa781
SHA512 46849c9231d2afb0fe4f03f9b3b0729d561871e46b66abd556cac83c8386b7e6dd96d1f5cb34429f4cf7c75729b197915e2a374b0a23aeff3b39ed1e624105e9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 fcb965b9a1c691d38cb664aa72eff883
SHA1 9b39397b6f7408bec40923c9cbf20ddedabf27a4
SHA256 0023cf1b14eb9791d1fc3765777556ca698606bd67cd03b232a06fae44410ae1
SHA512 e32aafb4d21e71d7d7f1c1e324b3dc0a7d370c4a9afc3059e1c511f4544a431c31aacc13014f1e9e3c59e9faa97b3bf511fd1f6fb367fbb5fe110374fb91ed87

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 981bfdeffabd0729c45f03d4b894bec6
SHA1 9185ebc2e6dc3286eb79fb9d0b28419e2dbc2885
SHA256 ec7f5bf7c1637b4a701d8a90aaad55f211fe426ad63e7048aa1b1f10e28b653c
SHA512 f37ad249e8986d70307f6e5f7f45d1aca852541e37ca79d1656a00eab5b6e3caac8680ccdf5e4cb2ecc31e4104b16297697bb11a1637ba508b7bb9765ac3de8a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5aea7aea5e9d5983316a81cde2efc44f
SHA1 87b51d0edffdc7875ff684b0a3cf7b3a010a06a8
SHA256 69dbca5077ede14a50f207b11b15617a3483ec5f6f075d3024c11964a74c95c9
SHA512 fc5c583ba27aa756d939dfd5634bbeb1dd6499754b48552de2b9efc1feda44f5966479b2b2c563f892c1b34cb69b59c88f6c76db321e1204b7248401ccea75ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1bb79a0ab156cc0cd1d47dc6170eb26e
SHA1 f327920d55b8cbfa641dbbcc45fe143dcff182f6
SHA256 b32ef4e41472d5dece4c01c13d105c61dc368786af8cf8a508d52466ea020130
SHA512 e3f72e826f637baf56abaae0af6d3a4ecd2fdbbe07e900da0f642fbaf0ae1794b8cf5dd8c95cc03aeaec1a4d14c265b0a95321e01d3698b11725870f2d3acc3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 4db1e7066b6f146ee5bd67954c9476c7
SHA1 f0c275b719006661ff12fa078c3b0c0c2e1f344f
SHA256 987b4173555db682317a289e47fee1636f464b2f89f3d2d1780d7af1773d5afd
SHA512 c8feca954d9588a750a91c816f2f29ccc65e312f84a625252ca83529baaded37872a991d7cf8c1d57c03c4f3620307643b307565ca23e02c9ff0c252a060c74c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 9a38fafc10ba1438be469a1a2d79795b
SHA1 c6c548a12d6dd48b38eadb6c5e948172e77f2f2b
SHA256 43a93ef35a8b5f41d9f7ad0560a741e50575383ba9c9597151656aec199fb1c1
SHA512 e00702975fc41708398697dee4eee546a98340740bddd9df46429aa7c4b49e1694b3db914df698f5f3693e4e8751c62c0f9b31418ac38754250fefd60a313da4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 36e193bdc1c2bab6231b01e8bfe9a4fd
SHA1 5ac33161e19ea9d7768d5d557f25deb6b7aec814
SHA256 c00dbbb9aea507a1ae8a3b015785e358f23904ea7b3229b02c2b06078ceaf162
SHA512 3d33f17f5b946897e52d47cd90ff42c09260ca3129d23194f0d12fe7a234746afde6c149ce07fae85c7871a52a2f78cc3fc93bf64403509f5292a76f95986c97

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 e5b15d88f655ef1001bd6abc0896f4d8
SHA1 04efd255a04ead941126a9e09a297979b6e7dfbe
SHA256 3d16670ab716fd6b8bc4235a78e1224e0dfc48ba1ffb7a484e5613be8a7746f1
SHA512 4d2d368a383a5fafafbd9b9e0ce7bc955effb50adacd677e36ea5ed35275e93e7b917a4bf744b2fa33c80fdc0b7c1b812dd298d9b68bf69902aab94b19379bb2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 ae7a39217af965f193cf04ee8b307e5c
SHA1 c0bc92d0a3aab99ff0267ac797f156849b7db013
SHA256 260f41ae88512a48cd452a2dc289b5b623213f7a6e0400ba5cd5845c2646adb9
SHA512 944ed7af82eb6438bae841f04502c9e27b75dcf00197e5874189aeb9233dd5e64cb3f005c72cc574c25cdb82d654c62a7015e028c23d2b1914ea4606029584c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 393eb2ba2bd8f8d38a896593c11046de
SHA1 f5127da311fe687ee27188ef6c5db5634f9ca3fe
SHA256 67349244acec2a1a2ecb0d8c06b93edfbfcf45371192427922cca83f3fc21109
SHA512 38953e1f25e48b8499d0d49aa7d4c16d5a3dd8421884009cb4a96946d268ec034f91d2297ff830c8bf858f9298df775a67029b25828835882de3c16a4711e3d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 3d5a43cfc7b5c4aa777f60dcc148bf64
SHA1 66411d64987402c768047b254fa61bc4e9950032
SHA256 6bf7b89290242ab01ee505f781bb969c9057489f530bed8ff16af1fbbf9b23a0
SHA512 c8461d73a63c43c856fa297965ac368fa476aace9eac4dfdb34190d74e3af8f810609fa3cd09d7aa97b143ca6af1b9b012bbf64342236e3337e884072a5cdf2a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 5310278c3463c0596ba08ec2ce70d1f4
SHA1 f0ae6f987998d7b0f88579d871fda49d79459a4c
SHA256 0bd58dec1f2908327e6919864f5a3dea83e31e9c308e8db4a69f761ec4fb6165
SHA512 4a2bc7b8cb4b0fca0d51abf5e14cf4e1650f609c4e45057c07ce2a5801fe1395dea0f4f7cd3a69e1a6a4a8b9fc3ba5dfc3bdd3b0472b6f3320eb47328c015285

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 c9c758c64f2abdd7a131c571ba6e96c4
SHA1 320cff0e48d35ee09f85ced089a823a3027bdc23
SHA256 fc3e44b355a58c471c3fc2639127571cb75e303ec3080b79524bb847dcea59ea
SHA512 2282e1d840843f640125787f8dacc3526ad3ab3bab2f26287336a6675b963394cd2a1afff124dd101d19b26ebcac8924ebf23fa87a404a8ca9d6665a76892dd4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 e902d5e699651763eaf6429201ac6b52
SHA1 b1df862eea2cc5cc3e327081f77f56a7fb5f7af8
SHA256 ca6b32ac2cecdb65a0f7741e0a6056f76bab7cd7c8107259547d924307645d2f
SHA512 a359fe16583a532a579177f0eb4e2bd8e201ba3dfa180e2e28f23cc4deb9a4794c837e6302badc9aa9f8386d54c3a6f5662b1973d8dcfb6c7fff7503cfd6d778

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 8f914bb74e7bc7de7fed2a23ebce80a6
SHA1 ea02b39e8e1b58f95dcb742e30a97332c1064840
SHA256 6f7450343d9c6567e59e4d417a184d768183fb8f1ef086f947d9ce1d195fa8bb
SHA512 5bc1bb3e2f77913ad1ab66c22633accc51040193032755176c5298211332eea18944084154d5657bede2aae3cc0e1469cfb2dd17319bff1abb7473d99494bb9d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 ba29849d9a38155e5b8a6e22b761fce0
SHA1 9f069bae7fa34b0c43910bf974ce03cd1a494734
SHA256 96d91323ecf8459933d934ef36f09a621b3d432192358e2d82b959abc288d6d9
SHA512 c29a06600a1f6960d5e60960a775e7a751f512b89000f0785180e18db90329d85daa56fc9944bfbc9651b7fbd7a96222f38efdb3da9ed1ff5654e8aa0f636079

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 2a3a10cef990918cab2d75c2f2254cfb
SHA1 f2d4eb83f661bde5f2aa16eeb32ec851d2c068bd
SHA256 e057a18ba2ef7c839b4f0a18b7d03aca5803cd357341e0af84225a5f79fb3682
SHA512 a6a80b8faf9159fcdcd0d6b9fc520ad4d1f610669dce4c58b280f866dac79703bfd18adc7dabe3b938a05cc34def8e934e17927d3e4b11ffd9f2aac764ad4395

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 05d7382c199d6608b7c0567e65a044c5
SHA1 2a5b521e97a829722b7f397c2cea2b3e21c3db22
SHA256 a0c189884f18cb679d45c746cd883028c4595ceb13cdeb67acc580e288cb3b78
SHA512 a874fda1202a24090a3b28b8bb16c439f4298d7b7d4613697a32b46cb240884b5f3f80766d1334347302a79cbb57f94390e4ee3b414b52e557d0c3a1046dfbe4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.EnCiPhErEd

MD5 c2161b50cc492cf58f08e6dd81a06815
SHA1 b30b1e8ede63a5c3039bef016abcba796465ffa5
SHA256 9d2797fc6a15d1bf961543da3c5b57bbdacb0978bb759045a7a60467ef2095f5
SHA512 19fd4e3aa44bc37f759d6fe336dba2979dc28b704d5474b60a8bdd71ff19d57ac79210dc5eced0c39659f01be9c649541d5e9d04b94f88550d3448e9125c0799

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 a50cabf7c89d60bb4e11dc3c5b1c7fdc
SHA1 7fafb8adac6255f213374274835b01637bae522a
SHA256 8813e7b83892b63539c93f2be1cdfca9b71c9dad4edee5e83f33af4e65ee5438
SHA512 7b2d05a223bcf9876527cd82e5300259a1f8bad38d07dff3184d153a272c534402153a68fc56fbaa91eb483f8f63b32303aa4ef5c711f75e24aed7f522d567c5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 18d943ce86d0fa9cd8fad6543f932e52
SHA1 93d604d4152f7e097e130c5cd6ce4d3279ba4b2a
SHA256 0b5bc361cc58ef3d055c010bb013dc8e5f6c03352d05c62f2ba4b31441699ed7
SHA512 84c03268e390f840576e5ed718e234602207f257b11b65aa275d001514bda46b67f2812a83ca46c58b342ae21bcff7c7a2b4d83c6345ea71505d6397f33c6978

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 c0a961d5a0351535df923296e227639f
SHA1 e152ccf3ac8809701144ac8d2bd70613f6bfc901
SHA256 70937a114b9f0fb46d7039fa290f92dae4ecd0928a96bd9c293ae0fd9234725c
SHA512 da20c16c66a85882f6afdd90f4936adc5c3c53c38ee3f9c9ccc8f3a5b2fb45e85b02bd4246a00e010e36622d550e87b2836cce5a60f656049ef86f9091a3506b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 400f3f5eb90212d78d64fcc2502b7f70
SHA1 7e184bc1b36b186b7cb1ea3908264f396526159a
SHA256 d2170addaf791b45ba71ebb25e8539d6ed0c9df9f7e73b61ae423fb28baaf6e8
SHA512 e029377e6aef4d1ec044b1d3ff3d5150d6e2e0119db8a0f26d525296cb6a9425d2af190f31d906e521ff6b1b134826773149d183f82f25a8e82dbf19a4d8d32e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 494328388138a80bb0f883d025e9ee10
SHA1 8f1761c49b22e1ed5415fc2ac8a2ce9b60f42803
SHA256 c08ac6c27a534ac39a3d5a30f52f19b23018d4d12187cce3d5030747da34a7fa
SHA512 407659ac1a749e6a5e86603a0ac31889cc5afc17622c08c2f0ab7662f059f8cee7e6d54985e3d5ffe2bed97136527a22614fae2b804aff0a3755ef6c90fc0e75

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 93c5decbc30c84756bfc3ba6791e6dc1
SHA1 b916f2867b2ae43d7995575bb7cafd1c5d73f677
SHA256 e945b4d5927331f6f9bd73510596a0845c1f80be840fb9021fce3ab01dce2f5b
SHA512 9d4ab5b906005715ab17abc3171aeb744db97673f60ec78e33f889ef4b122d361179c5d2c253874db15f7c78303be735f0c18d10eb97f4448fb86f60478115c2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 2c3c99986cf9886482b3ea3c885dbfdf
SHA1 d0ac6308c2ea831320e654ed315d99a4d724dfaf
SHA256 161197b1461d7232cf8c1e013488d70ae8a2c3cf8eca45ce6b635d3e3a0ceeb2
SHA512 498a52cd9285ec130c561771b387ecd4437a2c336bb61050d92a8894dc5943f7e285a735926baf9138847acfa28e44b627cf50220e181cef89b1e4a82699cc2a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 f616bf0f81c01c97b60125ed78057bb4
SHA1 4ccbac5bda192bc660281e2fefadbcb30465a542
SHA256 7c0e843e50b9463f830ba1cacc5d8131b6ace5a589a26f728e891aebb5d78117
SHA512 1dd9356c2b54c53465013b1a7d30bd8813c5efb568c32d30af64f484b2d433e0296027824d29cecdadf5dc1e47c974279c6eb7157927107ea3680594d3833719

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ab2dcc37fe7424007756ed99b963a124
SHA1 a98956749819d4f7c36976b0526cd093b2a88a0e
SHA256 aaf0dfd408c5505faa00873e7d33a4a6cb2b3f32a27ec2245312f22025383cef
SHA512 9aeb76f97a9148c0b725bf3bf14c2fca5c57e0722e47c935d350abcae242c1b79f984e322c61944d5eb42f6cc2ee2e48b94f1f0b651d0acde74403e41d104e2d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 1d3b7544ac42b00316e6ee42b4bbebbe
SHA1 fcbe6be030bf80af7ed16fecbb647ffd9e7340aa
SHA256 c8a0e5fab9ef118f5ca9e8d07ac31bb78c52b673b149f0d6c8d0b9c0fb860155
SHA512 e32edbf71bce6633929ac27d7577b5a77b95936c26efbeab9f23cf25f9d9bc13d7999726e9ce0bf944c6700a02ba4deb9f3829ac9c0e8e2576ea3cbfdf37e3df

memory/3788-10167-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3788-10906-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 1fc72f0d9352377c911d18a5de418dcb
SHA1 1ef59d00ea7d49d8dde1828e43f55ff311a8e2aa
SHA256 2c6aa482aea7a8360d016815bea73d2440b219f1dba305657b2fbab36d965787
SHA512 9ce02950c5de83f5e157c52b49f0c382cf17ea38e965a8ab4e26f1afda8712f62db61dc99d09f304e7d0390ef706c7a5d5579b758b31bca018dc6719d7e2dac8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 978ae2f96130c2df948843d136e55ea4
SHA1 a3cb18432500bcaaf326dadda6e558f070a22b3c
SHA256 cd19d77c6e92575eaeb1a829acc14f36477615cefdec5a860c8e0a0b71ff5637
SHA512 15f03002155f9e50459f1d4f9e66b3b561c915da899a95fedeebf54b748b2401ee77b8ba0fcb7185402956fbea286fba741d144858f53f8180fbbfd695014406

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 151742ff9354d321b9ad0ed845b91c5f
SHA1 ddadd739beab70d81b357205cc2795158ac335f3
SHA256 8e5dd3afc21295014ad4aa307ba65ea81538c516bb973dd81687c8fa29e2af98
SHA512 baaf52be6411a00652bb86962dcc705ebb1b1a1f20a8b21964b69d811a29134f811f8be3a2b4916698900de142e749b2a20e9f634dc5c34e7dda967c7bfbf5b0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 0e4fce14d9cb7b71369a4a3a6fb296e3
SHA1 b212b77e4ec51c6c541c1ae0fbb36e572ecc2225
SHA256 6c0311f83768b8f5238a126a82c3af2dc35d3fa31d6753f1aca496cf0a985bda
SHA512 284332b5e3a3b4a1ee2074b76a16decf047725645ecc6c03c4817623728fbe9472bbe493b8dbcc2758809428796f0a4f37b587dba686915ce2419863497ddb8b

memory/3788-11241-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3788-11242-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 5508ebc2d0cf46b7549df20e7228a33f
SHA1 fe7cabb50ab14c97c35a72f07a5a6da3a4e43eab
SHA256 553b85dfc8d765aca0e39f2c257853ce67255c02399d221d409b3c40efae29d2
SHA512 e4d9d42dc9e6dc8c87604a6a1a6e7aa0e9f1e083fa39f0e506c0984fd77eec963932edc099d2ddc0caed81eb963c93b7f6c09aaf27e3c3e7eac0e0d9873cfdae

memory/3788-11247-0x0000000000400000-0x000000000040C000-memory.dmp