Malware Analysis Report

2024-10-19 10:43

Sample ID 241013-j2p99awfjd
Target 3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118
SHA256 db6caf0d960158ddea58014c0f62e0ac5c7a5ffc147ff1b71af479324c1aacde
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

db6caf0d960158ddea58014c0f62e0ac5c7a5ffc147ff1b71af479324c1aacde

Threat Level: Known bad

The file 3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2181) files with added filename extension

Renames multiple (2218) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 08:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 08:10

Reported

2024-10-13 08:12

Platform

win7-20241010-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2218) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvfx64.inf_amd64_neutral_194cb6d2ea3a486e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_neutral_34624840c3163a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_neutral_4c78da9e48068043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_neutral_6611a858035bf482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_neutral_86311fdf78a07678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\ReadSubmit.mpg C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2F.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14531_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\System\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.htm C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-time-tool.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d57b51f142dd7423\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehentt_31bf3856ad364e35_6.1.7600.16385_none_8f626e368134068e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..httptracingbinaries_31bf3856ad364e35_6.1.7601.17514_none_8dacedf8319144f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_6.1.7601.17514_none_9f04b3924a232af0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..input-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3c1b18d940d45d5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_sffdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_25582a9ff58430e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_998776b7c69522d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7c0c8fb2a1b286f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_040b0688a7f1db42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..consumers.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bc0f773a38ccd97f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.1.7600.16385_none_ab5096c4554b074f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2f005af71cb5714a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-powercfg_31bf3856ad364e35_6.1.7601.17514_none_5faf24b6d52ba3de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_34db1cd98c89c628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f1407637cb533c29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-security-vault-cpl_31bf3856ad364e35_6.1.7601.17514_none_f97a44fb99cf439a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..engineres.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8284428e57f97b2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_ja-jp_c8307df51ca42b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_wcf-infocardcpl_cpl_31bf3856ad364e35_6.1.7600.16385_none_995999a75e321914\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e54657ea70d60e1ad13dc5f818f32e90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_6.1.7600.16385_none_087f597fb956baeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_lsi_sas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0b2db5728648fbb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5cbd5c8d449702df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_11d53c9a0172c986\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_de-de_775e5acffd45d164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ee0334ef82de12a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\msil_system.xml.resources_b77a5c561934e089_6.1.7600.16385_es-es_4bd2e4b0dc5dce90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_52b12736cf5b53f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_it-it_86fa4eb7805982a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_be006d4ed39bf5ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2eef63283cd4a887\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-ra.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cfa6c4733c3919a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_prngt004.inf_31bf3856ad364e35_6.1.7600.16385_none_a0b67189fe7a0ea1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_1c63e5913f091747\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_11b913172f0cb26f\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..c-usb-rpm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bcf8a48bc045e3c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_87cba9e8f27bba0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-diskraid.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c07d6b063fa38eb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mmsys.resources_31bf3856ad364e35_6.1.7600.16385_en-us_06159aac83a1ccbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bade742ca09c2c63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d9adf67a3066dc98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..elsupport.resources_31bf3856ad364e35_6.1.7600.16385_es-es_25f9d9431fe950b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_adpahci.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_155a3270ff8e0e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_6.1.7601.17514_none_f7f7b561fe8c0735\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_prnnr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f6c3c24af2d49226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.nap.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cd913dc0445afc9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-duser_31bf3856ad364e35_6.1.7600.16385_none_5a4b046c5dce176a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_29d825a7cbfe7e81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\fcf5142785d58bbd7833d24cf9461961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msftedit_31bf3856ad364e35_6.1.7601.17514_none_33f6fe754dd11735\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_718373162933d652\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5cb1f9d3eae4d4aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4ccaa83004c931fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbec3ce8a9af0e4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IMNXWSJWGOEPHMV" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe,0" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open\command C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\abxd.exe

"C:\Users\Admin\AppData\Local\Temp\abxd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ftp.gtarus.p.ht udp

Files

memory/2032-0-0x0000000000400000-0x000000000045E000-memory.dmp

\Users\Admin\AppData\Local\Temp\abxd.exe

MD5 9fcc91636fd031148a85843248208e03
SHA1 1810fcdd967f80b71de48bde2ddc379cdd55caee
SHA256 028a6a1a53b8374a8dd8b6dbeab68c86b24e277312d6c62846a0404bc8edc78d
SHA512 52e75ef8f1de6ca7e02e11a3053109e9c8dcf514a83d75a826456a7cd33a65942baca27b8381855df72d8bcada1cd18f3fdbaf454fde53f1007f8fe10ca95278

memory/2228-12-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2032-10-0x0000000000970000-0x000000000097C000-memory.dmp

memory/2032-9-0x0000000000970000-0x000000000097C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 4fd7af8890656b6d8d33bdb64d1a7d86
SHA1 86904845f70fe0e06df05274220540219506877d
SHA256 4407816fd216281711386bf1d73247b7753800f7a3d87df82cc38a42121fca93
SHA512 cfd5e0bf9277f0865f59429e998fe1be9c1bbe6576e312625b03f4070df5a3eb810dc0c4eafc3802b4200058d950bbeef16c1996033d8b4ebba7d66ad416aa19

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 099b66a06ff1d191d0d8a43818279416
SHA1 fc15834b826fc5a1ca8133d7de8fca9352b76a7a
SHA256 fe2910fabce298d1ca1b665ef2034ec5121c36ae561a655e0d0556363a4c83ee
SHA512 e2c5c2e42fd73e55f2a1f97badb01918b681833d615b3039ff25336b846b5fe4a83875b5aab668e05dbc1e3510a61c536cf113d20cdd4c44609bf2ec577229b7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 5ea75ed82b7f45f0eefc57f290394aec
SHA1 0c41170ad395179c432c1119397d6e1016642586
SHA256 359c0265a73012160e043d70d9a4c51fdd1006da754450f1c2c224617317f2df
SHA512 c82c3eaee35a550db6f1beea656af070e0b6941db635f6bf8b34a30d8e6b94b7a004ca106d3add0344e1dd42c888d83e0ae0f09ad4089219b56c5ccdae441ad3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 6c9f3b00fb414f7647d08bafd137522a
SHA1 e739c7a0c696d9a3620f3f6417fc5b6ccdf7f97f
SHA256 087067019863ce2627075bbd2a2fef4c4e48cc510b6f2442731b5e39637ec01d
SHA512 2de5f5eeed46ea34b1f8c8e505cd8e373fa1200e87f165bfe218fbee66c7b74d8382bc783e42d0b8696ad953b8d9ec6ca56717654bfe7d1864cdf991aee86cc2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 3b770490fd2865c75aca48ac88f1b8a0
SHA1 e2afe0418745249a822c3e8807381edc974237d9
SHA256 2254872accaa193a9c63079f721dad9f0d6d8eb1bdafe9e42ba4899af22ff212
SHA512 e78e56ff19087d6c32371b2278d995d10e78e7ed44f80e23cebae4077d9f80011f8936150939b8e5f855a463907d27e69c43a6ab3f16e84b9014f31f13c2917c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 af37f712a622e5aac94cca11b0e552dc
SHA1 b99c32b47273e3ef4ce60158d15980e305aeb7cb
SHA256 a2a1340cd4caeb58b003df8eee4625b7ce78fba71250eafd9ab96a22a3900a6c
SHA512 eda3db2d0ccf66d0ad2b0ac57c97c419a11585b8223ee72c41ca21749c4e6d876b5cb6be55dcfed854c992b1bb1a1355c2ce8047309b692295bea27a592df6a2

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 5269d8df73c0c50ebb5fc71697dc9181
SHA1 acb7241487b2d3f8f3c8260bbbe0a86bb816de67
SHA256 c0db332b23813eb56abd9b2575347b7e7c51384a4de363860c04ea3f96e2c0f9
SHA512 e47ab07dc201dc7e538b9e75ceaec24597b52f4ebd331570d632789bc6f3845720c8117fa785fb2a3ca8d781bf051a511397fec67d5a4746095e9c9849c20eb8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b15d489471ee7666ef38b74a35c06f7d
SHA1 dfff1cd2c8c28ef92463df55a39157b7c5c53cb0
SHA256 bb79b5b7bef841f15466a62d36fb164668ff7dfb8a0742a54a255b78a48ac96d
SHA512 5b6116c68223563768b79db2bb23f6ccd7459708d38ed4f892867564b82e79ab1288f0e9aedb0ff1ad4c6e14873f4be6fa5aa34f8bc490b656dccd3c9d6aa64f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 df161723990ee0e1f753cb76d002a9b1
SHA1 21bf779ed44881c5df6cf4b894f93260ba928380
SHA256 b70a085700cf8656e78116036144a7b3bb7b2bdf209bad92262d5ee287077de1
SHA512 e9ebc6d28f1b42bf94b5122f0daabdba5db9bc8341fdcaa66cd802ff8df3790c2598b46ece6a2f2e1e0de5ee55af9f2d5f34650d3e25eadd9451ce6329f5f808

memory/2032-3603-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 7065aa996ea456d4aa201a3cbd64f914
SHA1 d46d93b93e4a5c621d8541052d31327b814c06cd
SHA256 265405060ea8f2fe076d3360ad7fda4039c6dd2ad3308f8dc6703b2f6cffe9b9
SHA512 b43e3adda87889c4c198b4afacb6c1312cd8a986ea45fdd76084a0bbd911efe259e0b3ae22d7a9e702f32ca22b499f984bf19347b06a96779afe46cf373d0d47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 26e411484bd47d5b7d45d0a1e766a328
SHA1 e9221b794cf16b072fcc5e67998094a3401d30b8
SHA256 d27fa3e6735df7993effd1b375512efe6e15e0b702f787ad2b34d1e0cc0b3d6e
SHA512 fa536903d5957ce9331de2a151a0eaf56770fd564cfcaeb1e02129d2e279efefdfd40aee421e671a1e8f9c7b27fa406d88cce2d4bdb625bd68e9e3deb2e76e9f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 2f184825c9820df27a689fa6fe616c0e
SHA1 2107f831ab489522937545bf937361ee40d40444
SHA256 c1184e196851eafcc1106ce0894227c45af0852c547ee32cbc73d4d98a3cf462
SHA512 8d2c4b7b2f72440c0708d1026e203ffbc6894f76ebbb04edca60b7fc23477678255c65a52e1130530483e3bac77796d6c5bb62e653640991d99b5b3d5a3bf948

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 c8b629207427ed7cab9ccc6be4e5e547
SHA1 44157cf0ab528e41055c42e173e135b643403496
SHA256 f8f00c628263ddb7eec8d0ed9680b0eab71af954d4c255e2ff723836dbd9e606
SHA512 fa35de2667dcee4697b3f15b455bc42f3cdb859e307a3eac971388d4ba8923548ca528f006345cc829e75612035409c65c7fe176c85c76ea99ec854e0901b1a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0d0e3827f23dc37fcf000c4fdbbeb322
SHA1 d93d261ff660afdef9e822a469c879746d21ff0b
SHA256 1cc9610d38df1798c1cf6162209808454cd87124af9d39ef3dec9c720ef03883
SHA512 959c8b63467803a2670ea88dbeb605f9a0dc8a122e0d07999bef58885c3c07004dba3083e822710e8f4d8d7434473812e6db03af7f9197bd6b1fa362c1022bbe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 443d0a9b68906c2ac2132dd39f91a00e
SHA1 f18b1c6f48f8a9f0c876f8f93b6e5f885cfdebe3
SHA256 992dc9155437cd53dc1bd093dae132cdcb3771c06fcfd3016bb6fba0256c4eae
SHA512 01a5e61bcdbd48d5f6aa3a8ca45a3800d2d9f23e03200d1e3463bfd24060f0568386116c3f7f6a8cff9a3203fa49473c89fb2ee8d83fba6870ab2739fa4f41e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 3cf229e3ffbc8ccdb13a98ad63e6461b
SHA1 d2ed1780df7d9b7ff4896024f442b52160e760d5
SHA256 b64941adca6e3b6ff59f4afb0ea8508e166b093dae3e9948a40048555d34e067
SHA512 6e4f7e3ec62205b05ee4f8454145c695fae786814d20e406e7d49a8610d560af8a03e90bcf0dc5f31e472ffdee4c4f9641e5083e9b3c16580a73721b8a50d1ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 b4446bec522d72288bf150f24442dd29
SHA1 b60a940f25288677df770dde305cee79f2a37e8b
SHA256 e96b3251c5efd3345395f1247319d8806706fc313d0e8ab6a667d9ab7c763e3e
SHA512 a124b41de20a2614b24639920afd24ff4eb1c96309aa40239b300ab595f670ece3a7ffe91c89e891ab4088c04b64078ba2fa4054e2b90a2b3d663667a094bf27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 3df0ebca59f482cb0583fbd2c1109f6e
SHA1 b8d6def286d6f200b9c9f7c6147f04d81de0b96a
SHA256 c03a42799aca6cb13074b01fe03e8be9799a282b9e996f626d69c6dee57afbdd
SHA512 156beb3ea9263316a8c4c277b2ed2f95f9edb4c74d2f7ecef1539bf04dc2d4a72c019a1397e9f8effbb7378aad50348311a1db20155f2cfa51e8ab35bb270a96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 7d6da6f1b6243b1011810a1edab2c9da
SHA1 d64e62bfdd15bf039705cd5fd37a30d48c440722
SHA256 aea5aacf04deb76be85816d79e5e15aadbdc1e459e3dc3bb87a6d48b873faeb2
SHA512 97cca723141c7213fadf5dff1c2d7914479b57abc6c6c003bb8499d42bd3a9fe6474603f271513559e3fa6d93a9c726bf5d31bd40b0f2c638d950982d84f46c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 7c9586c3a6fe96bad6a380fbf1b56d5d
SHA1 4b075216aa9fb9061c2ddc9ea8ce3edabe30edc2
SHA256 61f2156048ba397c659b635b19bcad7e58271e40b62f1f056ef8a144f0edb26d
SHA512 af06bea8875bd684e4dabe0fa581d6974c703f2dea58d52358d7b635ecfc0d4e40f5cfd196a6e5a5289a8924ae4dd096d3692fe2f09e1763733f0ebaa1b6ead0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 07e883a6617fad59f3159a614ee69909
SHA1 9edefdc8f2c299af87ecbbbbcd6253c6c5bfdb27
SHA256 696d68a2ebc057248604825dbcff616c0c83c8efe593cd20049c56355cb96dc0
SHA512 9d94500aede2b00bb6c0ec097620bbd0e3f27acb72cd5497f37ebf29c1e385faacfe347fbb7c909892a33dbf04a3d213ba8ed6ee72757ef57d00fe31cd1fc75d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 96332b79d3c0ace468d6ebd907834ec5
SHA1 aaf8779bb73cf426c9fa3443e2b1f2d52e1e98fe
SHA256 bec8297e3776e5f8d3944ef2e51ba91713a824e6d8d947b8400c27d3cae9eeda
SHA512 7128136a30de6cb7a2ac7d32c2eb0c331746cf0f0e246448eeaeeed9e529f50cea57943276dc67d6b5f074cf38906b93bb976d63443e0dc6fcdafe26f9049a08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 f78bbfb96f25e7fec01b8a0b78197c4b
SHA1 734aee845808b9e22a2e02b43a1cf2dd0231a64d
SHA256 f38273024f409644d37b22333b94877e7856807865e03b642bbd4bfc4091d402
SHA512 194428480073d1dfbbe5564bf4a003c023b14c84ee5b6fa30a86cde11ce4df3a0ac1efcb8e29b27a80dcf228901a2bbb3b6afb4bca0c3ca2401939736d3867e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 98f583753e998f033594a69b18d9d99e
SHA1 7116986667a884330b91622bc440c04f65c300ec
SHA256 40da609d7051937cc9cee75f9fcac1b5908d57353cb33ba63d9f25ad08bb4428
SHA512 77965ed2011707cb46d23770d7fa76f906e280d6b58238fa0c7bb2bd2b9b2254865228605c7a722eb86ef1a0b24a7d4abd1e2713ed27042b9237e5c68c4c423b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 728aa5b2ab097ab3bc1f8771dabf9716
SHA1 95961657a6aa6114833bfad254bf16bf577280e6
SHA256 40706b65000dbb038fc40d6e208c7ef25ce77a097023246118faee58fabb31bb
SHA512 120be59e3c980d756ea6b87b8b0ca592710f50522c88b51d09c4b4addc9781d08c9b80da4015e1a62d1b7ceb54039b4f1c05388b80d7349cb3e9f2baa81a11d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 0aad8aae1f8394fe8e703f8be28baf3c
SHA1 30f8072b7a960251ba47a38305c737df306f3b9d
SHA256 c856006d6a2f80ef38be56dcc90cde44b033e729fd6600af5484516792a2125c
SHA512 2fcf7777d4e503d5d0f13d415293a909d90f9a12d7569a196fcc2116b0a74ba28afe8aff60409cac184e971dba5b52f3b1265d584c739709d6a78c9aa57e8751

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 36b420fa958daf1569b5cee3990ea081
SHA1 f51c8bb36872f8375553333b1518c73ecec25226
SHA256 8bca4b92407ecf5b502c27d0e7623719ad357b7d144df68f2a2ad3a33c640a0f
SHA512 a56ad84be89b0bade993c4ab1dce8b77c66eb4c20d4bc3166e7aa8f6d024a43f828da96a06ede6857fde31fd5018c9bd60a7d4443a3fe15e7d9094f74856979e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 dc495abf98175504fee3bbda9a4ddafd
SHA1 f5dfb5e834480e81d3ba057e2c129b6a783bd2a8
SHA256 e3a9693967240f3b46db2a21f29508a3d4a0fce4531fcffa549d2e7ac3abfb16
SHA512 68973b4f63692def25bc3ec995d4cf52216cbb1ce47ac34822d8faf97376fc25f8e834151fb14ae79057cda08d188c6cae8f697d1d3669b31564b56db406d838

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c044a43ac714bc6708100eb0b28561ba
SHA1 8dce30743665f824cd569b50d91915ca6c6fe4a8
SHA256 05afc95da418a15ac5d5f07c52a2f57ebd5aacf4558495f599598a62d4c1f766
SHA512 1865ee6a55f39bfc1fc92430099f23e7b0d521d38785554353d769ccc479917eba9003b2c67a79fc455b3bdb9c1f6c192f9ce8db6a6edb433f55e7b4d658fe5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 12c5d4c50d4cab13e7393b8a378ec3bb
SHA1 c843eada8ef6d793874ffda66f768ced54e633e8
SHA256 4f73f1e3f03ef8dad805cbf50b917e181c490a784eca7bbcd01f429383a230d2
SHA512 727b7ac8a6ad34f75577c86d3618c6efedc2deceef227aa9006700233707a90bf29c89caad8665f14a0089944c450ba4576b1fb2c33eda717f54ee11fdae7702

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 3d5c3a40ebd99a83e719820c82c24501
SHA1 910f503987fc4cd85ab0402f42d928694b5e01ed
SHA256 e8967cb16cb1355896a601592c84d0d69edee8e8189b827f9e704bc33beed815
SHA512 3af75f9abe72cd4b9d62543eb287b9f6990728615bd771f818bae666ada76df57e9ad490ed419c8aee0c41a276cb84616833fa796873cf74a85e649f96142f6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 9546f7743cf36a10c52ac7df7228ac9c
SHA1 dff926af5d86404d94490a0620f7eac2fe3cb290
SHA256 00b2d618405f1ab8ced51e0052f72e84ed5dee489beee01d2439fe8f172aa0c2
SHA512 33668d6f430a79ec9af95e98b31269620badfa44a686a78d78439eb827c96f0567e326f058e44d98137aa311750b86dd98d2c82c662abf4775753474a2447251

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 a19e33630442c5a545355a83ed82704e
SHA1 8579428c2cb25b60f69a0efdb99af3327dd713e3
SHA256 61a3c4088451e1a5b2ff6d6c5caa8bb8f149656a9e1b4ac8bffc3d208fbf0c54
SHA512 6141d5321d46e104518057cb593812f0fba902d5110bed11cd146ade82218304c17f15099bc7ff6af39a7eba87c8e9faaf3c54b1471bd0446a346666db95323d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 fde89ef2f18c3756dd50804b5287fc9a
SHA1 acf60897da2a01859ddd9ce3e551eb8481116ee9
SHA256 851b6e31d2cdbadec39296eab5b35af4f1ea84244f6cf7b3edfdd79942b811e3
SHA512 32000de977041e1994afa75c5525da03894f0830df88e1810552e538def7a17465a06ec98dcc896b1037dfd6e9bc2d3f7c21d90df78cb3772cdb21d2748c3924

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 04c384238551ca475a05688c57b0cb18
SHA1 e439537aa48887d2b6c4a9228937c3566c030e18
SHA256 358a8298d7e0c8cb64b34d978aa248f074033e56bfbaa964916f7efe365b0eb5
SHA512 6ab7ae3ca00772a72edca58ad66c08b3be3801e59849ee29bdf8d4500e1d7fa9a8f53cb20b665a01426253c424f8273be8e78dd54dac7bee778db0d21547eaf5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 d52aba1c9865ba7bea9484d9f5cc8acf
SHA1 331bc9b7bbd46f21263cec1980f87a737fee3feb
SHA256 25be25d5f528bf0d9fb378a62aa41ca06d6fd124137f6ec1f29787f52dec102e
SHA512 ee85f10a75010f22e1444167dac9195fd39749822a6bd9aa04bd0278ac8c4c92de5aa9f7cc37d2b6da6499cf51e604283f94fa855bec42a55877e7cc7f38f047

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 06e7e7055e5c4175d3d6eec354555e7f
SHA1 a81f31c8a11869140274aa21cc12a3fec1987823
SHA256 0aae81e3cb37f63f4c5d040e9abd557632c18d19fa391efe4130fd24ce0acbc5
SHA512 6602e59d60ca5601084719a80d5974aaacfd12ff6313316ee8558bb1434029570c2e9355b42d34508ed9b05a56e6e05a0eaa9b962db8af9a3bddd79c77a1dc8d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 e0d89880809971774a9c1ccb5549c3f2
SHA1 b10d14e22ca398c80393bcd312b28729798c5da8
SHA256 fd4e25e11c500fe022224f7f7be83ec3e76c461317424b18e41bb51675b43ff9
SHA512 2d9e72e9e025edfc8a301fe61cc4a526a5033d523b2e7ec51ccaf2cb8a62b2ed38c471a584ae46c4ccf2c48d80b036733fab34005f3c1f92c83488edddae2910

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 044fc44264f9943d2fd507cf42000c58
SHA1 be56b005a12916583bb40dec69143a773a17f78b
SHA256 e3c62f46ec74e92b07e8b28dbc490b869a7a71127982e77cb73bc22669db060b
SHA512 285f730ec746c42740e437cbcf8e7870be06d8f883fbd46b977eefb8807d61e5362dfc53ac6fd1a4bf2b427aec10a448ef4e48a5b6f2f632ba162cae4fd01aaa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 144d58041cc6bc35daad50ec2b562e76
SHA1 1c40a657651462c79ec0a345cda6500baf64faf6
SHA256 49a3dbc4ec3c56f419d8e9f1ba6fd45ebaf2fceed9bbb1986dd8bb8e7366914f
SHA512 0a6ff8d6705ce5453eff827543981dfcab275cedee575b466ef3d8f3fc8b1a094b22709811745832e3d7a8257516238ea3d298354f910f4d6487b82eaf295e31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 276f3a885d4db363093da4973d9132a6
SHA1 39d671f807f7504de457f476e539b72a7c57313d
SHA256 57683a2ac55ae769c8faf861c65f3e21e925053665216f23d2d69db2e5d31fc2
SHA512 615394ba4b6ac684af7f22b70d3f61219beb6f204492be9aef01024d3aa4cbd85d243bc779b241dec23d8ab8346aaefe44863eac24c60a4abc98047a915626d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 54c5a63c37c9f567717e05aa4d435628
SHA1 c3ccfe631d80daab2a51ba7ea37f4e0c4907d976
SHA256 d7e7e6864a5c7a48dac3400ad57d5e83b1f465666667f24603a62d21f7cd8470
SHA512 41be69536b7cdfc6c87ad060b831e6953093a91a39cdf36537c764d9089e74e3887d4b22de140b6198e406470a7b1945a5d0a46bdacbff04a9d1944b922b4da8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 008c19a085936e7caa63b90dc4489555
SHA1 5885078949bcf66694937759f943553f7042da33
SHA256 6ce72735ca196ca0a427b696e29c3a45ed4d2cde84706388c4943ad2272c33cc
SHA512 146866c64317b7703ca8b132f7123073e8d139552c872e5407c78911428660cb9e4c85a94bea0e433729cdfc15b74d6f02a95305896dbda5b872f9013f2dfe4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 d23004f096eb305208a2893429e155ee
SHA1 3b254000e7e927ee31edfab3568bb1df94f165a0
SHA256 ef7525cf3be92ca7ab2faba9fee83affb1c68315833c207522498aa16bb6ab72
SHA512 3983812e7f0607903ced8de9d7d4ea21a3e44dfcec4595b87e296201f1d5792722b93c57d8ed12e80013cc45acd3e517144c407bfdab679ba9a7aef9b1568200

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 1fdec7114a4327d5251390b9f13d1ecb
SHA1 13a430d616cdb7428cb2c857ccf6371a589b3a1c
SHA256 85bcba9e5e9ab4bb0bf2b3277be96b3dded5dbf08c921dc45839da19c04843f0
SHA512 00221bc8aec44c771b4f3e446b3d3e4fcc3e98a3b6473549d4b68df584ecbf493bc2ab2bb8174755e982ebaa62e75708663ee8e6a7302859428869ec501ae2d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 fef892a647aafafcb101eb7ee3c6b961
SHA1 ae744add95fcc35afd446347663771f9b852a8b6
SHA256 8324ebf082841d9f01df26f776b17365039542926768acc95a4f98640af24eb9
SHA512 6dea2aa44fe0b7c18d1abc18fceb78393bf9bc95e66fb2d43cf84629cc7883d634c319436202c17699d3a1aad1ba0fef8dff9a25fc2326540bb79ba593706ef4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 0cef1311c1ac67920b60ef50bc35ffb2
SHA1 cdfd987f69a17ae249c248354b757494d1dc03be
SHA256 a316b5c665cd33876ca933800932ca6e810996dee68ed16f6327b55f6e85f533
SHA512 6b808e41d365377a6a2e7c4a48ae8547e280365e8aea2d587e20843c3a3a594f50a36951d31a0c323994ef8fcca1c347ba07ac804fa61d06f5ba3bab320be23c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 abd86392fd45bd392b3a3bca063b4437
SHA1 b63c8430d753b987ecc93174af60f1b4f3058be1
SHA256 1dfac7d0784b2bbd023d4625600df0ecd9ae278d7ee1fd24097a2bc4462ced2e
SHA512 72b6ab8ffe18c39d128882b572fd1282729141675bc3ef898bb68b5873e014b2c5b9bf1aeb094a0554c4acad4ba40248d3d280f55a683b7c701034c35b069baa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 8c1eb6328a428752814af9bd066a8037
SHA1 fe03db78e8146f6fec5527b29e07beb6d178dac0
SHA256 a21cdd7927a6dc5c1b179d132543032cac82b157332b9594c966af59baacc6bd
SHA512 1d280fc19025411fb21763cecf5d861dd3b1724c2f77f0cead9907b0daf6aca08e6d62c04a3a2519c98268af8dc2faa6c2cef9ce338ae16f0820534bdc6ed347

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 ead2563ef9ef4e4fb8b83c587808fc76
SHA1 d859b34ac8056bada1a55579f514c3ee3e1e04e6
SHA256 fbd3a44c3988f89d677a3dfa796dd14829144a9318323fc5795f25a39d4037a6
SHA512 23e441ec03203db62689986155b982db0ad240757954e1578480ceb1af7bd377915ffd70a3e8d7df349d44fa5ddd7df7106f77e04c66e42e07d238b5b42bc047

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 6bd8f61dfb99adc59e3271755b2167a6
SHA1 08acb2fe6f84aab992e9d0290088b34b011b2404
SHA256 47f9feb7297b3891008d73238b0f1317c1f96adf952cc24f6504ca55ef926f77
SHA512 cbdc6cf51af69e14211e3743815a3e763857308635aa611b0bb0b0d97d8298324ed3bd6e403877a14ddf7d57551b39122aef77a651aea4625c46270c4dd6b2ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2eb86138c6bad336b818cd9d6066c546
SHA1 3067f654a5ef762ee4d911b53511bb828060ca95
SHA256 4f17cf364963d0ff5162e026b94fbb52c24bc9694449a7e7bda0d6f2944563e8
SHA512 6bc56c0269c71685df55a71e21beb5c0b8ef1689c453b3cdc3d382ab899eca4778d5e88a821a970ee4e383dab6aa30363ff41df8cf05b028098875029d174dd5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e9182b02093e4d06b13bee10c0ca019a
SHA1 9667768e55b8eb590e830db21471753506255da8
SHA256 ecff16b0c075483f8e3adebfac6d19377ab92bce43e83473b41a3da3273032a6
SHA512 fb68f9ca9ac807e16f7fc033b67bc00e45c79f98b4fc7f8e91830c876fba185fcb619985dee11616b86e1f87aa9d5a44bb37c6084e80483490ece7bb69ede7ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 852e4a150876631c05ef676791044e77
SHA1 2707b3802f45bb4a7e01332fe73ce595aa7abd1d
SHA256 fcdffaee80969c12579e931414e733bb70a8ddcc71f588a7b16a77fd9cac2c5c
SHA512 c3ed33d15612ac2c97b1ce67659654d2a725c8e80f9a9a3dc198a88270e29e439b402b8ec0f0ac6abdcf0036185b431fe98616cd78566321454bc1134d5787ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 d204b478d8608e362a4b0d97e318b45d
SHA1 7ec70ea082974963c7368d1b672cd97dcf28b07b
SHA256 ad393ae317e86275ac2db9cb31c9db3dc08fe67111c751374a15cdaf5eec3a1f
SHA512 7e478e0b411b185067e010b5f243c0ba896fb6c8ecd72ca225a4812208b32315c25f06d0f1e34610317f7d926b4931e7f220f5d245c4b6d37893e54c373d9bde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 2e5a8e7f81d7d0116836559146a03d23
SHA1 9a50b6940db44b9df6a7d664fed296b151c17be6
SHA256 9cff8bb6d60d1df25bad981613d4d79631bbf49780cc2f72af67d17befc1c70a
SHA512 28e2e7cdf530db6018e118d11e9587cf2879044a0507025eafb5b9fe7e9cf86fe85fd97b2b79dc4210a9ef9af5dc8c6b4bbd8b1ad516b3c71590b670965c5562

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 7e8e20b6bdb66c7b318ae6e3ce0cf618
SHA1 e05af599deb90b21c131818cb6fea0038bbe8255
SHA256 1b83f28f4ed4981d56e5e38e0b628a2e8a6ce3d87aa93ae597926a2756e23f29
SHA512 16e8431efc501f3f5b79b05f2fad74e8c65e2d0626b2e2ba9f421a67e8ab07672cf881c74008b85acfc6a5f4cdc8fd8b85f4b0f899c3a78c066363fa705082ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 1c206f28f770cbdb6e1696569f16cca4
SHA1 732ec56c05cc7d0ef2f280fd00d571b2f1d7653e
SHA256 5d122863d14dfa1083a88e8348da76ce3096a4ab9c671033da8043430bb516bd
SHA512 9ef022c1a591356c2bb4e8bc3f87f83f0a128247a65bfea541f7f0507beff3dbd557a0902026c73fa21966bf90f7468a7c3e4ba786f36fe079ef87883924103c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 262df9fb682f9c5279c9bbf4a97d86de
SHA1 d2ddb255846eb56b4b0e6c5dfeaaa4808e83e4b0
SHA256 9c911b81d918598f4abcaf99d94d021344bc2b32cffeb53200453ef1c052192c
SHA512 489a17bf3ac11683c50a117991c203ab9d85f886c2ac5188a2c74380fd2c6eff0df65ae63c33fcadd782f408c9ce854ed53794de1741312b53ad80c288a5f090

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e4a223412e5fb63093e6d840e7a148d4
SHA1 bb4b3514e5b1732d082e013848362b485f03e902
SHA256 e130fcde61f1d3cbfcbfc504f8ba4d1a2f3344a86953e268e184809bd5436bd4
SHA512 21555edd626bcc5d5b01439486a509cc3ae0c4d89ae9e2a7faf81a2a438efd20c9edc65a8a7ba3423739e83dfe178e48864d81e6223bd7e5b5b00320757fcf3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif.EnCiPhErEd

MD5 67b8219a255a701ece6d3191cadd67a2
SHA1 f82055fd1a97234b2fcd8a61999fa5e1388744d2
SHA256 6486961ebfcaae36d6f6dfe314365eda396bf99f329c69ec09312541aeff6b05
SHA512 1f4a4c7ae10dd28b97da1cb4a08921d181d211ff7e4a1eb933772c8da853d4ca7543da93ebe09fdec7e65a7cb63eaa169a82f375fcca0563c36b68ad6ec194a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 4fe1fef339b0f033881e267c4252331d
SHA1 7b91134a7baa1682318673b4f6d58b124c6e3253
SHA256 9c18e3aaed23c8d6fa195449a2f0dec794d5064b3d355edce9d9c2130f391074
SHA512 3d5be9b812d5a1ed39afe01a173195456d2ed8a345c1d7e7474518f9f8517d5e5396cd50bd0b777f69e34ca95d63fe2c5b8b5d28e85c49cd56d9a40071561bd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 843e55afbab5ad68e23f0dd6fbf432ef
SHA1 30c18fb1e2c4d90a04d708799cc5f7128b93fada
SHA256 54ed85d60660fd6e7e3aba1c1e54a5068e585a603df2460f89c529d51e945f32
SHA512 76d4f447691b6ead015fae8d6d4e1ab7a5f6cb63f8cc4b00ee3aa0c4024d84c1e7b280bf2b1191a0e0d6f2bae4700befe57725a3ebe980feaa7d758cba1c0813

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 11613a22f6d025506fa2d6ae2b1f898c
SHA1 6307f2f3bd4abb5c18f5cf3a873229b86de45d5e
SHA256 0b509f2b48ba3fdc1ba3900e77beb93d0e5466e3137173944a67e6c899bbc7e3
SHA512 1cdca6c3771fba0334c99ed6ca145c47a70545824a16d1c48207045b6697ed3582c45a94dae19cdb89fa2f8fadbf91bc8ce917311ad6a6fbf21355f1ec5bf05f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 2510b66e2d1e52cd3781ecd44fea8080
SHA1 af62bf0ff347a8df04b818187273e4c84dc56dda
SHA256 ef41eec8209b067974233abfb070f7dd9d90878c8acc48e3bd26a06298407e0e
SHA512 7295119bbba98bd5eb0eb350d04b3650c0448e93b28c41714c9148a0e357d74dc78ba0d389c31a8f8e1183e9ef84dd78cc72aa04f97b01ebbd3f04d0d876319b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 00947809247561ebb525759a65e0111d
SHA1 eb25052ca098273a2bd3cf40a67dd1b36c407181
SHA256 cfd67fe0a3712ebf3bb48578a45aca9614dbfbf0cb59bfbcbaabfb1c0cbc9f7c
SHA512 bbaacea78843720d0c3bb0ba24738ff988476a1c489a85ade4ded46eb0ed0c8d72d72a18e1685dc2393f43ec0ffa9f2bdf3e30e13142138ed16a51079d31a848

memory/2228-7004-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2228-7002-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 6537e77afa866b2b0a58eb904f9e47dc
SHA1 176926b9a20aed2441c0ae23bebb9b599559646a
SHA256 218fe92c9016d2063869ef9617853203158b3bb95a80a3ba52fec942c10def0d
SHA512 0622d39dd895fa099209f54382b584b602b3dd8ef17bd0c1cc5454875f225b3d19dd861d4ad30bd04a0c020503172ff21d93f51a6a175b79b6dda1ae6e530c7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 46835b517e80ecd0d9e805d17dfd1f09
SHA1 4b7708995d4d152512f73c0c7da15b8bb793df54
SHA256 c21954bc50c73174037fc33e2099436c2efaec8ce702ef4302a45e6e429e858a
SHA512 f976360a7fdfddea9f47f455fcdd6632abfca803f6f167238ca2683d1bc94f399f72054d717321f35f47a7588499b30b6e71a6c1624cbe19af6295d7447acc23

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c41fdf5bf71cbce5374f4eb6c16b8c84
SHA1 819268fe4f6d558ce8ae27515de5606e172c15e7
SHA256 36cafa3071d2437de08c4279ed5d17bd2aff088b9bc8fbceabfef0c5f91e850b
SHA512 b477998439731496caff97803af1059750f01e842d57e58de11b9ffee87405357cf0e497146171f03285e0700c66922aff13af4922b5d8dbb9e20897df44b6a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 64e321e96a8306bc4425031605cd07bb
SHA1 459c4e7484875bdc4eb885a922fe9e6ea77c14eb
SHA256 77a7ba1230f44e9d26bf7ec8ef2966aabb58f778666e972b53203b27e0f15627
SHA512 03dfc84b08222cbe5ae98402f3b8a6711c8a94cf890c01605875f6526846f57be90c48efc5ee4527c6ef96539f49e5beba79eb3b0e9d0fb9bc2106a190ed4d42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 829c49494d82b40e73d69f6e5eb9258c
SHA1 2f894af5c5cc08559390212e93183f01e39d3f84
SHA256 5e50d7bc2f8bee52034641225eb51b75170cf150e5ff07bc38ffa1b4cc28b4fa
SHA512 af077fdbc1a78ee836870c13962ccc23c4873a29cb011094f0bc721186866389974befb18c8cd025db3be4258af47c0b250451d1aa01a7a2cf386090cca27325

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bc753382200e0f04868e826e42e2ecf8
SHA1 2455946c22780e16ed0480f52ea8439db8af2ef8
SHA256 2677568d69a768ac292a8dc71ba5a34d3de7f22ba7d75cc1af700bd9cd4fcc38
SHA512 2a561738abbac41be211a8d16f9f9fe9645692510b431843d29fe320ba05d61a2c9fe69bafbbac2b3158f4578dc91c9ba4784d383faa9f8132eb9921779c8405

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 1d0d6cde77e02003f3b50990b8f26435
SHA1 d0986c81c2f286f5e92e7d08d3ec7eb9f14deff5
SHA256 dc76ba24331427f9534c42175c36161da0f44d59211ed551644dcc97915d07ce
SHA512 2144458d334677dac0c9baaad3863ee0f5ee9876067ae7e62c98341273bc312c7ecfb793ff761d7623dc31181747a8812650f460dafecf316f09959f6397bcf7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a6d98c999d5add17802b2eb97a5801bb
SHA1 be7f7b25f5149afd25d0fe8337cf08803c84c120
SHA256 bfc4a1123b1a9ee79acab74de71e067b87d108b2856f4569dbf84aa997762008
SHA512 b9a36c27f198798bdf764135c3393b00a101b154e03f43bb35f259269d7adab0067ffaeed58f8f2bb4c2fea6913b7ee0d5a25b8c1667abe298cf8802ef031531

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 629e6db6e5dd4bccd3afa64d54767954
SHA1 8ffa8e8942de3bd592a8961e2c8e4e0de2507d11
SHA256 9f6c1aa24663b9aa01955c1f37b2e3315638ba681e6febb3db74f4661523bd32
SHA512 199030f1b009a541885cec712f36376575ff20053f4292c0787a3f50603c0d1a345c2695d900fac86e02f2e83b8d65ca04b0ca2e2431abf57c02656c84c333f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 4f558e9e3f1c38fb97e79e86ec8a1c02
SHA1 51602ea1c569d4b35eab856e34563cdd787cbf83
SHA256 aac2e7b4840ec450f74d53694472064ba461dc27a7fdc6d5f4bdc211ab3f8bc8
SHA512 6d32d4f6b374d0b8eab9fe24eba6664a438457cb3dcd8822c3cded073c2873f68f8958e41bac9c4823cd3cce0343f0fa6a45b19093a5db92dd7b7229148afeae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2677049269d8b8a500670c62d3b35bde
SHA1 d54a7f6c0218c21517babbda89245f7d7ebe113f
SHA256 311b756233f9430e5af9dfeb6beb57444994796334450bf61f5f9a5176ff3d32
SHA512 454580bac7856e3f07dd28e07747089c34e1e70c55515dad002ed9bd04a90b05a29de0d3799db0dc451fa5cddbee01675afa6de75dc60bc6185af9341b5d97f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 33fcda908388eb4350863595715b7b76
SHA1 c5ab665d808fe8d7e2bc3c46fe12d03bdbc08128
SHA256 4eda2b78c5e6d3b138bf960b22ddb9cbf5b1db7cdaea4f9e02f79875fa4c6cfa
SHA512 b7d85ae7a096596bd0558ab739de14d7815d9e981205e968ae4395da81ee57619d4b9cdda1dbd63ae62b895b09c23895867c5aad6c69857da14437aac12cddc8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 4f8db507e311e2dbfdcdba07769a6a5b
SHA1 02cb981b165c3f9a8c4f63dc92845d6d73d4ceb8
SHA256 333b5c75c451eb5d2231098d08e72074a7902a71928975fa4875a7985e8507d5
SHA512 bca9cc3b99003e132cea6b753ab1977a8c17038edbe39678884bf0370f2292c81418e23d70effd0ec7ee84a58fa33ac7bda4adbf5c00ae7caff7219c20a3d41d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 798823ac9a481218737e17a5ce3e8e5f
SHA1 329741a10d6b82089912c2048e4af938839afeec
SHA256 fe46012e87aea5c97abd225855c583e803e6570f2224cd263c952800c12736a6
SHA512 650d09f21e67344020e5150417676e4eb45693eefd91191c0fe4ebfd8907b36a2cc61c768ca788f4853f24fb81e792230305e80f5f32d3dcd3a04f957d327e44

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 ca5615de6968111e37fc17c7b18396bd
SHA1 e56532336584876ce6408720e6d6616bc4163830
SHA256 a9594a38f5f1b783955a30cbaba3c65356d99f8782180569b411dba9bddbd030
SHA512 e488528380af2326647cc07e24438942f30b1ee3c8c958ad170ed8e6c5978a662312f4f6c4e28a21f578dde81b5080c057429093a5d56abd34de324513e7c7f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe88f6ae3c5aeaae9902a156d70c43ce
SHA1 6bcaf554bc42ccb9d5f169ea3b91e6c4e637fa2e
SHA256 ebf52f305818e41442e49edc746df24d258b74fdfbdf41a30059108a3a1f4fe3
SHA512 47fe1ca9fa5dfdda472705d176d5afe352f9133f307befe9759a12d15a30bc4c08ed3cdc3931ded2ac961129fb74ca3c4ec21caf08babc0896d6d156b9842c0a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 07232397bd5144d6df309e79d87cc0a5
SHA1 9dc486ff623a717d5eff99896cf9fb97c7f3b0c2
SHA256 94e04608d55128f741789da0efbbc182cb9f25b9d52dc41bd12a1270d53a268c
SHA512 a2ae5e4718a1fd327c68fbc617bc741c49ff53ab3994ed2daaf23f092bb23c71bfcefed1866291036b0328392a3a1a65146eddffa019a1374878d605a59d8525

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 52a021c04e04876cfe6801e6e0438018
SHA1 c92a83daaa236e01ebe2be82d1164d524a42eb6a
SHA256 6875c9a601b708018b30ddc32913e2f73167f53ae383d116cb65bc52ef41f07e
SHA512 a1602648debf7b329e38e9b666d6471f6319440fd7c5396a42f9225dc9a2ba58cba624422b4fcaea451cd208985f8e0282100163c691e06dcfc754731902a308

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1f39e2dc51557d985b24e1f9fecda134
SHA1 c78186faa931ce82112f2b5fc0dc6455d35760ed
SHA256 1d53efef128e163152319c9b1b572a0b8a4d7f8a422854c2ddd7318f9527ac02
SHA512 42c6f586411a7bd976cfe96ba5b37dc2be4c8dc2f09b134a2865d631625056f6ad5e63191a116f95fbf363a0c6f0f88024dd2fb3f5d15db4eef88b2c2f6ffd72

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a4d9e81ef95b60ddc0b257f5102d6f9e
SHA1 448bd380f4099f65dece26336f3e92e3eceeaffc
SHA256 7eb89e635be73402fbf1d2cf04f465c176d109cc4bd42789c897af51f99e63dc
SHA512 4cb82a44702f6254196520ec46c39550d270e713f3f95ec1ea4991726fabe9f49af39ff978ad926752acb44c162ea3915b953bb406a1e12531924efa10115d5d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5bd52af9cb3b203e19bdee273d3ab3bb
SHA1 2215d425daa402e6c5d6174d55b2c3ad67e388d5
SHA256 46accba73ea1c30aa708483756b9325f3d5d9c689ecf46d1f9d57e84a0cb979c
SHA512 2a8509d2c96a4cf0c5470aed26cbfb0d143b57d7fa26603592d351e248bbe449ee60fd0c55bb2fe9132aa02ab5f8df76b144c14115aba52771ceca454a2a03cb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 644fab5294f9d7f5e9e6fe7b0a22655d
SHA1 0cc4ddaddd3b82cb6e1290a43935119e6d338ccb
SHA256 e8405c04e03d72e1ece319a0fcd397421885c128aa08fc2a394e9d90038d3381
SHA512 0011c99ce881c70cd84231bd054a6b874b84e6099ef5b44a62a4e8816d45b910c4d14832c576ce058d4f2a61a86d9dbce1a51292591df294ce8e6d71876b0a7b

memory/2228-9216-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2228-9217-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2228-9218-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2228-9219-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-13 08:10

Reported

2024-10-13 08:12

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg5_thumb.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\MedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\MobileUpsellImage-dark.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\2px.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-20_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateHorizontallyOverlay.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyVideoProjectCreations_DarkTheme.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlOuterCircleHover.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\CHANGELOG.md C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome-2x.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-cngcredui.resources_31bf3856ad364e35_10.0.19041.1_de-de_b041c00d5e52cc6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.19041.1266_none_3e00d223332897b8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmhay2.inf_31bf3856ad364e35_10.0.19041.1_none_8faaf87975ffc6ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_9b3cd3fa080dce03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_10.0.19041.207_en-us_034a758b1fbf3096\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..dataretrievalclient_31bf3856ad364e35_10.0.19041.153_none_a276f5a2021aca33\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cosa-desktop-client_31bf3856ad364e35_10.0.19041.1266_none_51e937c8b7fb1678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_fdwsd_31bf3856ad364e35_10.0.19041.746_none_65f678925555df55\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-httpcachebinaries_31bf3856ad364e35_10.0.19041.1_none_5b6af3f8c790a083\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square71x71Logo.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.abstractions.resources_31bf3856ad364e35_4.0.15805.0_de-de_d35f88f093a4a07b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6383ef34760136a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..outercore.resources_31bf3856ad364e35_10.0.19041.1_it-it_840c823d69f19ad8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..k-transformers-core_31bf3856ad364e35_10.0.19041.1220_none_e0f5f5b98aa564fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.1266_none_d0cf24ea634e86e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..datautils.resources_31bf3856ad364e35_10.0.19041.1_es-es_61c0d9c8cedf823a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..necoreuap.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_15f50309291d5a92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dataintegrityscan_31bf3856ad364e35_10.0.19041.1_none_f8da4d31ca450d9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_10.0.19041.746_none_def1e232a6ea43df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\tlserror.htm C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-display.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8039ba8a2ac82198\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-base.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cbecf1108d53f882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ionplugin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_466b14fa7ed272f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wininethelperclass_31bf3856ad364e35_10.0.19041.746_none_0329353d97fc76a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_security-octagon-enclave_31bf3856ad364e35_10.0.19041.1266_none_c5ebbfd4188c4c8d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_system.identitymodel.selectors_b77a5c561934e089_4.0.15805.0_none_06f4c9585ec64fb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fileexplorer-common_31bf3856ad364e35_10.0.19041.1151_none_ec76581f556a7020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-classext.resources_31bf3856ad364e35_10.0.19041.1_de-de_461026ec4b4014ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..anagement.resources_31bf3856ad364e35_1.0.0.0_ja-jp_01fb500ab71c0c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..es-fondue.resources_31bf3856ad364e35_10.0.19041.1_en-us_d2680162eda75da0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_d9309f5cc8240a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_10.0.19041.546_none_6d9bc4ac2b55c98b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.19041.1_it-it_9e04654a801ab7a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_46f2a11d47bb9cf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_10.0.19041.1_none_1120739e246c79fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.264_none_6336533b85d8e590\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_en-us_b5da0cd4eeee462b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ion_service_iassvcs_31bf3856ad364e35_10.0.19041.746_none_c075dca01e8b461b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-rascustom_31bf3856ad364e35_10.0.19041.1202_none_6dddb24371ed0da6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_10.0.19041.1_none_bae79f374cd70cb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..yoptimization-winrt_31bf3856ad364e35_10.0.19041.1266_none_5437753f697de5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-refs-v1.resources_31bf3856ad364e35_10.0.19041.1_es-es_01269ff0f751e589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_02abb9877c778368\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_59bcd3c7af8c3b35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\HCBlack_Search_TraySearchBox_Glyph_100.png C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.19041.746_none_e72c4ffca9db7315\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..vice-core.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1a36e4515ffeee77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_10.0.19041.746_none_6fecf6012ef3141e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_1fe8e4e720e2ce0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.19041.1202_none_41f8992b2292d6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\msil_system.data.datasetextensions.resources_b77a5c561934e089_10.0.19041.1_fr-fr_df35d2df1c8e2a82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_10.0.19041.746_none_fba89dce325efce1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-msmq-runtime_31bf3856ad364e35_10.0.19041.746_none_22bc83c4dca24ac0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_b817dbd29134ec4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2a4eb43040ddc569\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..namespace.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a98deb20a9a8614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-help-clientproxy_31bf3856ad364e35_10.0.19041.746_none_ad97f9b3a6e4b201\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..stedsignal-credprov_31bf3856ad364e35_10.0.19041.1_none_8ea8ef13ae7bad36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dafmcp_31bf3856ad364e35_10.0.19041.746_none_3d5e8baf52cfa7f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.19041.1_none_afb33d8068b0adc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_10.0.19041.1_none_f405f4e7c4e54d09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe,0" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open\command C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IMNXWSJWGOEPHMV" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IMNXWSJWGOEPHMV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QmdpTwe5Bw2jy77.exe" C:\Users\Admin\AppData\Local\Temp\abxd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3ebcc0ec24f4f883df0e18c4e81a8b81_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\abxd.exe

"C:\Users\Admin\AppData\Local\Temp\abxd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ftp.gtarus.p.ht udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/4808-0-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\abxd.exe

MD5 9fcc91636fd031148a85843248208e03
SHA1 1810fcdd967f80b71de48bde2ddc379cdd55caee
SHA256 028a6a1a53b8374a8dd8b6dbeab68c86b24e277312d6c62846a0404bc8edc78d
SHA512 52e75ef8f1de6ca7e02e11a3053109e9c8dcf514a83d75a826456a7cd33a65942baca27b8381855df72d8bcada1cd18f3fdbaf454fde53f1007f8fe10ca95278

memory/5048-8-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 4fd7af8890656b6d8d33bdb64d1a7d86
SHA1 86904845f70fe0e06df05274220540219506877d
SHA256 4407816fd216281711386bf1d73247b7753800f7a3d87df82cc38a42121fca93
SHA512 cfd5e0bf9277f0865f59429e998fe1be9c1bbe6576e312625b03f4070df5a3eb810dc0c4eafc3802b4200058d950bbeef16c1996033d8b4ebba7d66ad416aa19

memory/4808-124-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 099b66a06ff1d191d0d8a43818279416
SHA1 fc15834b826fc5a1ca8133d7de8fca9352b76a7a
SHA256 fe2910fabce298d1ca1b665ef2034ec5121c36ae561a655e0d0556363a4c83ee
SHA512 e2c5c2e42fd73e55f2a1f97badb01918b681833d615b3039ff25336b846b5fe4a83875b5aab668e05dbc1e3510a61c536cf113d20cdd4c44609bf2ec577229b7

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 98329b198983f51a5e63967f52de9b38
SHA1 82da4a1e9c0546e069c49ecfd48272c777dbfc1f
SHA256 dc04e657b093473b7286872ee7ba59b193eb46c641ba2ecb21b5c7e1d38f1f29
SHA512 83d28a2f7923b070db0cb06f169647f56e98ccd40669120bbd6d3e48d33a4106378502b4b5741321755aa4bdd80bab13cb6a57b0ee1fccc8fcc22cc88d57e084

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 82ec21dc5fd57b7c215c8c10352f19da
SHA1 ae430e9de0858f94d3055055ea9e8cc81f9a8373
SHA256 42235aafae8c14ad6f63175d429bbc69d2319f2737746e134462684ef86a36eb
SHA512 da895cb5e49ddd48853c500e73202dcbd7edffd95eb9a49fccdddcc1bd2764554c9afb1d9d6da3849a97d0b1822cd674a53af61b7bfdf7fbabb3025c5bb381af

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 95b36eee84515551def0f1a335221eff
SHA1 b29aed8cf62883ea699a92c5194dc3f683a6a4a4
SHA256 f9bee1d8727beba5a7438a3e9679f475d71410ccd4179a31dbe277bf849d2c2a
SHA512 1564040789ad1e6dc42c2f9683a3f4762c8b9f6ee9260b4394da84d3ef1e92bc758c764f44da364719bc8218e9e47ae293b25e554560949d5154cbdcbdbd8348

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e0afd9173ea6235b2399c86d2f427b2d
SHA1 d2d71f6008f5e5f9e31f129a934a46da6cabb0f9
SHA256 a51ebe1cc88c44709c5eb897c2e150b8250a9e175a6285af39e2d5a9ccebc26b
SHA512 793765827202442125ebdd05d19953ac36a94107228cc9fd8fa7ef4c2b6c29406793da57aa9623b0ecf8a8817e6f81ae55ed1d2c9b32f0a76085166c67caa45f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 fc7b450505428c91f89a8af2bed7e908
SHA1 276a55a56f6422a1e123089b3f45ede2b3b3c552
SHA256 bbd18b7f6839615bc204b879130e78c45b9982db9306d55be9f8057ce067bd3e
SHA512 482d5f8c47c95d44d16183d36a8ce6dd60faad2b466a0df824c02967f4d0cd7a0f5432b6e35ed6b8b9dfb57e7a71001035413881a00ef87cb7960a52e3c3def1

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 bff3cf26381428f9d9b74021214d15a9
SHA1 c19363f8cc032e54b56420c2fd1b04e54738177c
SHA256 eb78f094791e2aa00b177bb71d163e8fcf021c64b71f17299386306a74496857
SHA512 43de6c3d76984e719ac2ec2053c176f37df4ccc7567d72a4d6919e8a605012bd0c00644a10c30d7fc34e08d595fb51f94db477ebe6b19e22e1577f93936a9812

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 88e39009e3e656442e680160c4ad09ae
SHA1 56be79eb0661bb199db8d498193e055198a55f02
SHA256 8456a26a284bf30e0e78caaf8262f980a93214a9ee12f911210a98aa9bb3ec39
SHA512 6dba2bc5f11512bba051f84559afeb2c6fcc35cbbc01f513d78061f0aff430039c939c1cf4106ecfbb4e402f32689811adfc573ac6e381cea5a83350e18834a3

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 9e16f73b17112edb8df650a45e4e616e
SHA1 7cd435e277c198aadbb3e481ee6db2d26bcba1fc
SHA256 2e057fd1a77ad3af6f128a6c80fde00addc20e5e5bb3515e1157bebb52276c3b
SHA512 56aca2608a0ea051309a284008b929a9bccf3b09ce76e871ed6caede959129573ed434b9433099eb741d5a02b156b1cbf54a6d4aeeb55756915ee4cbdb18de76

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6e1dc2c7d6e68c5bd963ad9eb4ad2eaa
SHA1 b7b6d8a132d9e210e8dfba0b82210dbb9327f56c
SHA256 f5d6c442286ae9b50af89f13f46fad8362f0e861570ffdfa5df254db08600d5e
SHA512 fb61bf7ef1481a95e3c9880d8e24bf6e16b1b60d093a3a297c489885a30c8ff5a6f812a1db6560af96a69ae6ae7ee8722135d03640cf6160a8cf72356a3b15a1

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 83ddea4e37a3e129ec18ca9de64154cf
SHA1 3cf94fe4c1cb1e5224939370b0210d461e201cc4
SHA256 de14822ef97c721513f32f3e83a7e6ba41584cc871d9c5934cbe235f2d3d6323
SHA512 a67b77575da6c2e4a3c2e5cc5b3a4c51dbe27642a602e7a89bc0124c6fed187d4e5cc5c84e58b09088bd6a0866ad7b00fda32d54471d3f3e962ffae47badd387

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 66cb33af9d2663bb33bb4247603fcf2c
SHA1 eab80901609d320d2d90b4a0a45f0b0a1147fd5a
SHA256 44eed07adba34434234352ab5d58dbcf5bf41c0832967f6beb5619aa3b81327b
SHA512 e168de62cbc3de830f09e7449746139ae0f07a9f1b067bb7bee7e1a364e98c7e7955014422b758799c0d3f22f522466364dfd4b4f2044b3cec07cc43d3eda8ad

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 e7aef6907c553b542d0bf14b53e16a02
SHA1 23325da0b51e839c8d6fe2d624a7d032964ea946
SHA256 97c2624c3bf8cbfbf09724576a255852bc8f39c82238901b5b8632b746a674d5
SHA512 0d774f4e34ca2241ed6ce4692edb726e6f5d1cea3807ab3784913a039e18208d28e6c7f7f4b090dddb05dc9fecdd5c2e15033b81c5a2899cc42223b4e11b8bcc

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.EnCiPhErEd

MD5 1706b1c9d41f6259d73ced7abf585a8c
SHA1 fa218a78df131430261679bd2c10decbe507bda7
SHA256 980d2f5cafbf7ce19b417ba4ff282a29f4e8525d35b5dfcf7a5ddca1d9405408
SHA512 2fd7806e322f860ca2abd0124278593443ad7104bec09db401d9e44f08d8ee2b8caba9888fb88a5937996ca508aa40b318c2eb20aebf12b484858876e9dd1718

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.EnCiPhErEd

MD5 f1d4ba4241d4dce5cc1c9d78922d9d99
SHA1 ec31b3e61b144a929ded279f85d02d289b5bf165
SHA256 f79ee149b71931b970e4654f3bc63b7ca64eea6d29a5cc0a9a491cfe761c568e
SHA512 c4bdce7835e8044e5861e028df956cc8ef1325d64e5cc16ab605caf1376c60eaf1586ff201e2f9a330fb8b1987442f3e4ca5b5176acfa51eddca010b4bcb692b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 75582b4d1b3d0daa284ac0880452ab4f
SHA1 94087937e4036d7ad38f06064f2b0bb8cf4ec57a
SHA256 51e1e56c227019d262fc4ae4c51229b5af854b87b895a323c7cfa76235703dc3
SHA512 a6b3ca61122f534cc9e1a9066a1746c257e56f5a42d89e0b43ed56781c27dcb86213d567f44adb1eb704bd09c27432bf2b9bc597ccbd0ccb1f224badb09ee659

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 b1a62fbeef9e024740de43749dc3563b
SHA1 f3b2551531ee958e59f385cc3d1c2411f6cdb4f7
SHA256 2759d8fa15b052cbabceb5e5808e2a49ab42a8609b0771c8d6c9361d32da9a7c
SHA512 5c847ebb04ffba41879b5b2a63200779b6d0b71686502a0f3e5f14cf85d2f319daedcab4611dce693d115f6cb14d5af669dc4073dcc44a546daec42440c1376b

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 7e5bf18e32ad0f76ec237fd213975b1b
SHA1 3a6804a46d9f9bb399123bbad0204544e65ee2e6
SHA256 20ac44d0d16b9e56bbee3b78129ec420395b23034751faaab8c6db61dee155d0
SHA512 e677caade53d0153303d2e3f5efcbcd61e24f0cd9274e2c4b960e8bcdf62cd30dd965bf1972159847bdac01d389f00a66108a46c8430e4b97e40de1e84703e4a

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 b2ddef1c62ee56471249977d12443209
SHA1 149be5218ffba3258bac5ed42a3c8dc054a81970
SHA256 4f5f936871884371013530899a6ae21627fa05a0636c57946b17f5271ac2fc56
SHA512 3074a73737bf386e62f52d5061935fd8324606cea5926d113dec23acce816c838040eebd544c52c449a06e54bf6082c02e69374d8efef2862587905534e6c2c5

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 9839510c7c72a1ae2921401c05b566ff
SHA1 0fc3c0489b75f04464922778cce6c8d912468072
SHA256 d524e4aee4683c930e3448c7c3e029ae710e08746798d6eeb1d094a0eda9b04d
SHA512 ff9a99ab48c6e9ab98cc883d5d8bcd622c575add8776dafd55dd7e5a9a156fa690bd3267cfb1eaab504736093aaee02ac0960f6c8eed29a1c914260da0116e49

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 886aa69ed7726f3aede606ca2506c926
SHA1 509942fce5b7298220a968cffb3c7ed31b5be4cc
SHA256 d96db48ea786ee9ceb1c250c7497cc85f5df3e381df2a1805bf04967a3fa7c0a
SHA512 d7e0bfbc6d80ac1a045c2cf7662da6e15576f56e65a1e1230c78498ad17129d3bd761a6d2f1210c67ace8e39a642f014423d453824b20764e6018a1b94e47158

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 f6be35b075c18fa8c516992a10c1ef32
SHA1 fe6c13768e377b01becb683180e57e4601eab1e8
SHA256 e25cba43d15fbee21bee8b8c5148f18263f4dec39c45c381b475f86ea1f51d88
SHA512 d4abd861fc6271336c88a48875f0dcc0fba19b413d40e20a2352ecb7f2dd4cba88226b8c0187c5e1fa195d6b828ff550f5f175e5ae0118b404343f9e595d5ea0

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 6fb3cdd59f40747a6405a1538446170f
SHA1 428e0931e96724263622182f4fa695178d0d2616
SHA256 303a429ee2323cccbc0d0c4b44acd0a3295ec45ef5fa86858d7fe7e205f8d428
SHA512 63d040648ee72d69154e99541c9918ebfcd05d55da1d0783ca56b461786d271018c7ed8084ca76bbeb71f9b327327053fec65302f30a673e590472fb4fddd90c

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 a1ade4056e5f95df20e8dc2e2ea3d924
SHA1 08e736a73e5a1ac0aecc04704d75fbe558337976
SHA256 66e3aad21e72f067cd691b99b3c7473c1e1d2afc8d95e74dd78417d5ad00392a
SHA512 bd407c1dd6624cb4b412cc468c173ac74fc2fb5a80f30e42a017960c92ba39318a2728f999307033ada933e6f42fd132329b79a634f662e640868480d3acc6c0

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 28811a1c7f65693ba639f6243755946c
SHA1 b1d1356242d9a610411d3129b7dbc464dec07002
SHA256 e7486cf080ccaf5591d2ae128e386bbd05ab04ee510d2d4bcf71407c9375424e
SHA512 0ec2d69b651de1aede9d24d891c8590432660adb5212ea6e57ad738ae95ada7e579f977357dc1aa974b5ef4ce0e0eb8ccc3a4be9ee61b698cce7700310ed6dc6

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e656320a4bebea9fa675ee083dcf4278
SHA1 fe7f6319d12f2eb68f62855fc8b91f6031ebc3ea
SHA256 b0b7975689d21c80fa6331e22f9187d55472ba2e92658ed89c528693a62b341e
SHA512 2fd9348bcd33de4b4e1b770e603c79f137cc79ee4907701de12f417751ba4c11f9a61d3e84df742374a6b2e32d826b0edd6d28463bb915b32db4270eb4f498c0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 7e6116025d05084cae10664ed1c42ee8
SHA1 8019aa1914d99343e0754d26774c863215243719
SHA256 6a99f8275539681e75fb909a63ecc39fb06bac676bb767e3841b313eabefa231
SHA512 304eb8ab4a84b16bb6a1b25d305438b81d7baaef42b2ae84e477d5e424c03296e646c42c6a978edf27afff31c2d6027932724f4e13496fdfbcedc13138e90560

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 b2acbc32c070ae7e843e0da81f7e9dc7
SHA1 eac06a352f1fa3b983051eb488417c8f650d7041
SHA256 1c96537a7acce7d293d5e77c42496a8d3d37d9cbd31bb656efb3265fe37f03c3
SHA512 e733ce6ac00b8eed28cf2beafc9fc195a559a53c2f6331d24fc31c0935dc35dbb700f56f13ac8c2dbd351b52394ef820fb5693d212911525fcca62d78ad520b8

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 2aac2eaf443a64caef350fb420e1fa1c
SHA1 25a22413e06dc254bfbd8c4e7902906680df7c7e
SHA256 bf3681903d97ece1e88731d3d230727ea12dc323511e84ace5cfc63704b30d80
SHA512 ab2d70c6e15f2af49c386bb18a8b1caf9200ab0a247a845fb2672033064dfa08b94a2182e6f7ea786218bfd5bbd35d5f6d3d1cce92c7a4b8669993e430941c16

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 335da980d150d0f0a22d176bf9ef54ce
SHA1 fcdde6afee03039f9edd3f6056eb03010c0ad27c
SHA256 6aaa75ad59edfdd438f2956f86117ac67736600c476278259d1d1117734c8f68
SHA512 6e4f827d6012d259f36996c7683cbd52d975dfea1e288748225a75ff73b1a8e091dcc9f69640c9c6b494aa11fbf34a66603629ae25d5d11abef1614d1913e600

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e941e541c21808b29d07a54ca680e9df
SHA1 f5e9e2b3754481fa86e0c4ec1240076f20837e49
SHA256 b05c2b9dbe3d8bdb579cb8fdc9fff7d1e223eeeedeb2866883361ffbd906461f
SHA512 37b8e1170a6ef3a99087de57bd13cdee204e9703cec76218a417bdc5e0fe84982595be0bf66347e31dea898579e65d1813762c4f19656a8742cf386c460cfabb

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 e06f3cb32f57a1026ce3d6b56fad225a
SHA1 87b295d5aaae9eb0921489acdc811370e3a0fc6e
SHA256 14ab94bb6a40ce7132b50b87df8683efe0c4e66964a6090d64accb7e990e4a57
SHA512 91ff44faeecd118e14ef1b4b99c80ce8b2a3608564b01998569d5d0eae96045013dc630db08376d89343348e84f7fa527fce4eb7cb74049ac7fca747e48cba1d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 5a078cc48768b355527c55da1665dda4
SHA1 5a27a4c5ec8ceb72b9e0820d59ecd9ff753fa83f
SHA256 ff0f79b2f8616e064a42c5db747ed4925d8011d254ca73b8c3e6d2d7b1fe678b
SHA512 c90cd70148254fb7926fca9006ccd9a450a74b56a79a8a9e05fb387a318b19bf15dd82e4aac32d6b02d1dcf6d867ce8715fba5ba1603fcf95f2868038a33990c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 0039311fd7ab709149f6c70703316fab
SHA1 5481cd1bac98100ee312d3e27dd8b2cce9ef8dcf
SHA256 ad16dafbd115f16c1a6cae8a25b19f6534cca9d74ff9e1baefa98eb1d4a7e13f
SHA512 d22a6c1c03062a1e2e53b0629ffad55534937b181529dfc285b9b5b245c75a58c3e01d9b090e0fb193511116fb01f5ae90fec6ef27b11b74c31b507f9aedbbf3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e87fd23d9c9239d8f70c81b270d6210e
SHA1 7d8af6379368648152a5cf18d0c98a0c2d5ae453
SHA256 b5b61b38fbcede0ae0efe81307f40f90c4e862eb4384ef301059f1690b238ab5
SHA512 3eb8078cab4772c0c60d61186de638da012c0871cdee6c00d0ca67f91c57742634d4326fdd6607458ef3dd77ec4df240c5584cf2a771c8220d6d40afbaddbee7

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 fefe94fd7b74b1dff7f0f3635b44acce
SHA1 a10ddcc8b3c3fc86f083c154434fa53da5d452e9
SHA256 04ebcadadb6ff715b300ea5026d0c940bafdb3e949d9faf5d1977905bceba0f3
SHA512 0cd2d234292972115132961e53dce6e0d78ef0b2a7dfd1081c8703b7594e7fabc4c680e4a4c895029aaaf0b6091b3af9690ce6c50c3541f70579723945a89436

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 fbdee758feae9d001530eeb23cb0b2d4
SHA1 b25791ccb59cee714d83f01674599cfb6bfc3a7e
SHA256 3071fdad20aa974e94290238cf51b701449af802f7ee3a76d37e41994e52fcfe
SHA512 0105426c2e3f39a10bf409e93692d0ca9da58de1578ff85d31125288647383985a7aa026eeed29316799c3f0573eb2413ee60a46adf6b32e13b216b6e035f329

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 36fdfcd5928ec24e15d58a14df85b5a6
SHA1 506f235308152abcc2db34299cff1cfc990db22e
SHA256 33252a75f8d36c185b5c797df2b33611a0a16208ebde5b8bc4cdf768fa9d4331
SHA512 99dfde3cf8a75773f3d26e8a959edc3aaccc46091edfd7bac1619305b3cc88f709008b6ff88abfe4c2be948e0a9f0e74cb2074a8b1a3f6bce8fbda6e49b6ecaa

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 ca71eba45b7ed6b9990d6ca3f368cfa5
SHA1 8125880a89c0524ca0076c20c0827c2710345061
SHA256 13891b7576a85b1e0faba86e2fa02c21fd71572acf6ea0dd7e5781eb4dfac803
SHA512 339e1d477f0191205364663d143db8e0296e12db930fe5cb919af138798631d84ba83c5a2a1b2aba1ce2c60311594605cd5689a9ef8f75c55c46dd03493a38b0

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d4a4c6461d8bda107796be3a9df6783d
SHA1 2ec170ebafb854ff36acb6bff761077b3b8a8abc
SHA256 d5cd17770ec3f0010d218b3308553c346d04cf15ef7c24d73f14a9eaa8d25ea2
SHA512 31a7c0f82cf7254e8273b4c3ffeb82fe8917a85372588f9d69e871df19611938c42bd38012c262eb67394503c703ed1ad0fe269e179e9a917c6f77f070b30f88

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a1bc830a4c3ca9310a3f291b560d19b0
SHA1 e779254284f0092c47a0c105c58543330f124926
SHA256 eb7da3b380f143ea530f1e4d1df59fce3e5c997032a6a4839c83d9af13295f45
SHA512 95ba00ca98b652504b4418481785a6865f14fa27618461523297cc214cd9c36c3cae74bc8ac261cb29aa9fc8091b2d08f33a047d6969ef15c233a686858ab9ff

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 5d97c73a84ec4a9c80796749439e6991
SHA1 b12b12c6ffb04352f260e65bd3a7d767cbd406b7
SHA256 4f290d33593fa460dae6b1bc3a1857796ec009272c31eb8d19679b71c692dd6a
SHA512 744739436d548951caf63b881131b5882e85b97e4221ca9fb54c4452d51e18c7444b218ef049b5156f1edd7302b90e272a41506673910437d0a2554123d1ad27

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 994b2fb9bde1428762bb78d8e420a0f2
SHA1 d5078c50542536b4546af7f59f24939a1c3c090b
SHA256 04bd1d7a79404080d78d08ca9e7055dbfa4e2c8b933c555fc1c6854bd4135170
SHA512 b044bd5d152efac2597b4f5f86fd916ffe057cbbca4e00f3d669df580b61f435a16e8213135149f099f8c65fa619397f30c0684c705e0fa44718aa6c80b35245

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5f16dd620d6c90d72dbf283dda01913d
SHA1 13a4b77d88d44960d7b6af3e367a893cfb9a52fc
SHA256 9d7d2134aeff39c8cbee6869920d7b35c51c15530e8bee720b60dc5c64c87201
SHA512 16ff5f23a57c335de4a68bd59c7af2b4c5274d0c166222a590dc66d3266297a8297cad2783bcb6824e9365dc608ccaa88696c1879662a29ffc3fd0ccd261fdee

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 ac154d8a3b1315e61e5905fc6fcf547d
SHA1 a50f49738881b22bf11638420bba2b73b2c2368c
SHA256 07fb57b9dd876615fed4efcd8a0f138e69c935e952b87ff2f4115125e06a88ad
SHA512 8a31afa3dc49ff3979c1c2b5b46aa56e4dd2edea918d520c4f414839e6d9bb852430de0c18962480e17b3748bcf7f2c7b0d2f593d70e33be11366fc099acfe0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 fa2040971692ec8cb73a240f0b694fb4
SHA1 707a128797ed6f874ee73c4de35e6d2bc88579cb
SHA256 a473b089c407091786e9ebf47b0ae12c8a61f14d694d6df6484391cc967ebf19
SHA512 2b61a93120e5d51c4f5335f0c8f0b7c0052c40e5e62e619f570d9addfa09fe5bc60ac62093d817b32df878eec9c41e8d736d6a2112dfb4c665fbccb807335db6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 e66b7438318a57a886fbe8aae50d6ba9
SHA1 7cb46d4638e39f3cb0c3d9e91fc4a130cf9dc0bf
SHA256 9c4dad2161ebaecbe0c125862b75541a01f61929a8f1c8f56f69b69b52e5e826
SHA512 3d1bbe467b82304678f1366991e1e7842d9de6465c2a2524071d950e4c333072db3dfc3214a6c921a7950bf54b4a178b735c8dd5d7e94d13bab2276e429ebed1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a9ac8b6bcc7e7d579cdefa9f99beeea8
SHA1 27ad1693a6822e8929be8f15fd8ddc5e2d9a6155
SHA256 62d39fddce7f111ec26b5b4ffb3125200827735e59eb81d78ef354da0fe6f191
SHA512 bbd7e5e1e6276ae0307eb655f75395a75a00ca187041ccd492d899f08104a1b1622698e23b875dec40c34c012e79d4abebcc542ebd0776ae42babaf964a3e438

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ef177051a18d9ab6fb1f6bdf33cd9ee7
SHA1 251ee649502cbd4bbc0e67a5feccec8bd802606c
SHA256 f4c61ddfae665011e07aae388f39de0824d373b8af360e1788e73ac0d16a33ca
SHA512 6f6004905717369fbd17790098c265450764d06a502e0f48bef7d1739ecaf15a0cdd5d3c6df234002e8e6ec3e14244a07d10057e6e9464311ffea51c1558f9ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 5591e64b0a694d73206ca4e4921d36dd
SHA1 5ec21d8194fa6dac3522f769a2e6e9d6b5f66956
SHA256 78043322520d067512e293acfb44ede83e4d243245330f3df2805f554eed7fbe
SHA512 e4539102cc5e4ec6a80269cf75224c830e35d72e35bcdc088c5d2cb0cca369ebcb854576e9fe10e898c774af62a563193ed0d09d178034324ec8e8772ee64c4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 dfd6aaef2900a2dd41b3ceafa637b190
SHA1 21462cbc4f0dae5f6741cde0316c95e57d131afd
SHA256 013643671061a696466a61496f9cc14ab243850bcf997b2e2e825aae3a7cae5a
SHA512 11ec9f40aeebed7629c396e2d3fa2fe63c83a7422890e276da0973633dc8846f3e5791e01662dd8e27bd29b767932377ea8488aec5bb710398a6d88e8b89ac8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 2da027a3f2e9ca27e07ed6072efa1d2d
SHA1 cd7ca5379c6f2c2bfc0e906a49c27041c2df0fbd
SHA256 e6634b43ac4b8f707920196273eb9946a18a25fabf4cd649608d102948cf2274
SHA512 c86bb122435bdc7b716642b02512cc667428abbd6a75242cfe884570154438ddf412ba91918c20aba6c2b040bcd7d303ca1517abf92096d540442771ec5adfbe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 3a02dfac1325e5474cd874b7f73148f2
SHA1 5b01c1165fd52613c5210a47a3d7be86297360ad
SHA256 081c3e35ccace4a0bbdf88cc8d6d359b377c16f5bf06d01a8b9a4574e6925edd
SHA512 0916cdfe654981d641f03ab9c555f7f4eda4a9f2435d0fb97d2bc0e38c38f6f4019bbdb5b72494fa7e25018191b1a2f77c97c8c96b605bc2a05a5a439b478baf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 a4659f00897b57363a60001ecbd9ffe7
SHA1 4062f6540c384c5ba7aa51497deba85ad6867f1f
SHA256 7ca18d8ad4ced19c6b03035618b3905451724396eab53db95f3e730914f7972d
SHA512 8c66da0dd75a77cdc86330ab8395cff3de6113889f60c6704135a40bf99e98649acc6091bd619c461071b7a849fbf731bbc7afd343d1591dcea9847778d4bc06

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 578c093c2b80eb7e85e1d52d564e739d
SHA1 11ac6e1c359aec6853ed5c490bd9b8f5acf2d636
SHA256 99c16031cb561a214dd616cfa568be29fbc02db2307e222a0df31fbc2f273e90
SHA512 764f8c0604d8e80021ddb4356854f198a76d9beb0ef240eb1bf3ad52721afcb94b77368be44dd937c41f2779ecec6db3daec9f853c76cc49e12f8092bd75fe22

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2494a0a10a3548e205b429686344ae28
SHA1 39bef12368c6dd9da93fcc2e60e2a2e8dafae94c
SHA256 82fc0a8a339744884554eb82cb0d5446bdc2a050d6e3a55472ebfbf563c52f2d
SHA512 5462a835fbb202456c39d296ebeb592934f5dc6038f91bdd6d48ca6b18c65a2931db83784e30cdd46bfcf23712a89ea81adec337a96e4b436052a2d5e9b91b9c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 20c5a1ad1027dc09cead39304c027988
SHA1 46ab56aff73d8e9b77218b1c43e155c38d5caf6f
SHA256 4f0faa7c50f539086aca705d010d52a8a3a804e108d448a1bdec5c7cd945b043
SHA512 b470af422faf4612e76932f4783ecaea6847e5d9ff27cb33eaeeb6d50de5e3f407247f1c82508f71844550720b1abaedadeffc736e93205f31e1188659a803ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 7249b77c3695bcc1d93e0a195f7e77c7
SHA1 f98522549e2e910a3711f8485dd62d3b167a99c2
SHA256 6e8b05838978a0bc81605be83c514481f3bc1001a6c526d6d569b759c02e18e1
SHA512 da50e5bd933d72599df8742bfe295c134e2a033a6064670d5fd9c15d933cfb452a08f9691f12c023a71e32658c749dfe562529daccaa26a9c37823482f2da243

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 0bc31bbfb00d865562247b739fac79d0
SHA1 4d0ee186a7ae84af342b9070b7454da332edce6c
SHA256 5aefa4f0212191a1a4db0c88468e28d98cd5fae1dc8928982d21dcd9ca9fe20c
SHA512 15095ee433cda5d331139ae4ee8b1ed669b1baf3fd74679194376fff838084d3dac7eb95c432ed6043092992b548911bfd4f7277c57e18c9c5cf01aeff159316

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 ba1a8bb1b64b61dee2a43fda8a5e8ec2
SHA1 04835d2cbeabd1124c6e9ed6f1b5eba896c1aa26
SHA256 76a661e1ee861c6e83240e4c35c95b8a9dbdc8523a043d5f8c9eb53bba506b03
SHA512 1d8cf93f56bd922126e51da8b4168c998aaab5ad0bf02fca3306d7ce6f2a2dcc8f9a8cbed0d8df5a2f3f32dc1763d35bdf74b3a7e63c2fa88e25b0c5bbe7eafd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3a3f142d07fefe3f00fb9ddbdbc90712
SHA1 76948958e0a776776b12b9026d48e94e5961f034
SHA256 e008fa9497158cae7682a4e2020233a41a92019967d924f9deb5d79d097e674c
SHA512 8ee3047b38bc7956c5e74d2373c620c96f735f2f4cf09dc1c867b56c20663bfe196ef025672992904490f12696d81900c3d817f58f6b5d24df8c07abb5f3bc58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c2cada3e609a786b7da73c2c208d638d
SHA1 c1c1a7a40202ba03fee14574acd3e37394a5b5e9
SHA256 f4ffaf8d2418203c3a40e2a0c28567ff226726522d10c2eca82943ca2fdb1689
SHA512 4b7fbb675bc87e730318406a69e7f52cc9267e2d7c138058664920d82d89d24ab9e010a1440ca2eec5554ab60bfde8717d98927fa92c3729c33da2d4343c417c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 959a4f5841bdbaee487b9b477989b1d3
SHA1 239a964ed0fdbe9a3ca4ac13ace99651c7e68b36
SHA256 44d0997300986f3e62ec9a3d1dac68da13aeddc6d7e0740354e387375ec94c0f
SHA512 e4e758520c55bb971b066d2f878ea7a190f9976e474c879ea9e6f07524880a3e297e26b644a1e42fde29a5bbcd1dcaab1a9deaca97e9d3b9357f0d21e1915d12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 c9753746473dc95383bcdabcdee77d78
SHA1 c1bd6ac33c886f37efe67b9c525aab33e3fa11d0
SHA256 e941fe78195853ee0443f2deb5274f6ae5fed577ad0fb81192cf4f3355429640
SHA512 024fc698af33729373604dcb5cbdc0e4d292d234347c08c9a837298630548c36af5bd1fb00a5488bd51ab7c5ebf5b4d9438830d61caca539d8a78062e6a7b343

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 625096d704de79bbb89efd6be87bec15
SHA1 a1b472efaf78bb0d16a0e7cdac177d076753aa1a
SHA256 006f9bcf21a7b17581ceb3c3d9843a19a8c65f7e565769ac655b67e791999a94
SHA512 06520b7bab2714a91207f86420710e173398befe849543617e1b6590604ab5dda4ce3b3a952dc5f80eed900891b0d29dea68f1bd69f04420beb97cfd87fa13bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 1c4654f9edc888de99f0eab30c6edfdf
SHA1 2220bded81df50cd8da3849269e2f799d0b6b9b9
SHA256 e1b322e96149ed7f58ab58c271cee1d7ff4a3c4d8c7b3ee8d8ef039d78a9d29a
SHA512 72fa3fe7d3e998a1d9e27e29788665152c1ffd8a3f37499f432423a19d1e2644e9434b3c9963f3c12498170aa425146dd9c8abb565c1a8fd918d67c087332e75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 54f08ede88d300465ea9d2254bc26869
SHA1 3c93e4e397c7b7c43f4535cac0313682587c54b2
SHA256 8ae42061047abecc80c209534be9efdf0686c80176fd7ba9e929648807021654
SHA512 0f7400fdbe8080b9f561d9f8c4a0a437ec8a09b82e271a0e5dbb9a84e423de0f2e27efcd98866187aba6e847c35c08b3137896f9d5ca2b764261ab890a9689a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 4c1aa99956b098657389ed4f0e39000b
SHA1 6cd69145685b67e30bc65eff6c85ae20fa404d27
SHA256 08cc944f45615559d3e3c1ca4a247e214dd5d9cb6893d93443d0e209a0b5203e
SHA512 ed0e9008bf2459b16ae8d7d8bc201613d793e11057d20a69812c1ed95f9048b4b0c895cf0e5cddb6ac4a86809f09624b23d154319fdbb736179986a990e6a1ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 9cb397b68fe188f955502acd0e11d89d
SHA1 043d212a1e252e4faa54fb0246cd7d5dbea7b48d
SHA256 597e816ccf9c8ea797204db2a239fcf52cccac0da04820864d1fe9a46b5b7c9f
SHA512 4fb3d3adaa8ecf639ffe76db931a60abfc168764e4c8a63a36de7bcbc5ed52045364ce241efa64f9a4682208b6786de91e4a6e8f4b41d9838dd639efedef3ba4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 0d5e658f12f214b6329a44d148eea140
SHA1 8240a9616f1ea57ee8cb72bd02b1ae09ca503bab
SHA256 71488a5864c049613281391c7aa7947479492def50c87f2a0b03c4a0b919bea0
SHA512 0ad4963e9a47dec1227f6c763072784d61d9e73f1fe7cc16aa12a2c904d790a63a1ba952ccedf93bfd3e097bc1b3dee0547f459bc8d4e9e8a4d2d81eb6781fe9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d7abd63668bb65194b5d5debc5ea1a54
SHA1 ecd75b14ba5e14bd9bd8858b64aeab779832431d
SHA256 6b5305e9d6c9bd91f14962991bf58c43ba6f8bd1aa30bcdaa8260997af9c8bd6
SHA512 ccd19c8ec0c7f6c38287c43d5649c4e4888ca7d9187c4ebc15dd3f12322585d30216dca6e89b15295711eefe94d8cf2de4fb775922d4d3c61abfa9c9c1cac452

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 1b6765da8f9257004f4b6b850d634ab1
SHA1 63e64732454b1ef3d936b7d1af89cb5547ce62ac
SHA256 e662952bd88821bbc22d1f0f04862e9dad6054373f3b00100ffa03bb3668f663
SHA512 7b98211de3a75ec2e752958ef231a49705d044ef0096aba7ddd08df87d2e4d4d3c88b60406475ff550ea35991952d756703f9cac9b88e3b994686d47567e9a2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 0ec702c3826eb9e6b99b55ac6ff8a105
SHA1 f6f7ee50f70054f50f2d9c78600e50b7fb3f9f8e
SHA256 a8347b4258279a8f84db6e1a3ce166493ad8370fcfb67c47e2afdc84def32972
SHA512 97c3dc79aa48f41148f07158eef19666d48c2013afa960a8751fd598d3c96187042977f4c3762ada0648670355151bacce927b5cc848c5c6b4f674d26f58e839

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e0860355a2c95696b6bf63530f65754e
SHA1 fcac18f26e75e3fec8a2121fc2f5b6985c035a5d
SHA256 78849a4ca68dd14509caec60f5471cb4ddad02b36a2277b49f6de2161896bc63
SHA512 b64896cdfb785351b7cdcd33a7f5d23d451e63c581c9d377395983ba6ba4e6ef1e29f69751c1796209eb6934d8ad0c6bf0f28b4820a9e8709996b5985513a6a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 8d189ace8e311471538d0331fb59653f
SHA1 a8af0fe28b6d6a3f54a85555aa83c0017bef179f
SHA256 cbffb496f98791524695b0e4f434ec3917c04246cea4bc106303f3e7766e58e2
SHA512 0a065c53b693e567cd3a430d450aa0b631e651d342a8cd718f871c6f676efc8f5f5c28ff3cf32c850524d2bac6f89453cd4a96fb36c872efbdadaf7ed68865b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 07ecc16d0c57e38b083e650b6d67f942
SHA1 b2cd289f95fd8ebc06a3cb83a5abff2a375bdff5
SHA256 d367a19a5ece99d74278afcc81b272b420e1f84873316dca64434563bd42dac2
SHA512 9be92e50f4885682eff19b2fca9603cf30fd4f2227490c2b30aad584a2b62153a69bd7473872df38afb9f1a18e84f3cb2d2e2c5d4233729c05a7a40fcf285a78

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a063a89ff2f6d2478812dd189f0bf3ea
SHA1 4ce8b4caefb0b405cc2080823c8ba5ea417ac7c7
SHA256 93f758b06cc6478a3706923e870f5166182b6c9d56765571b89a2b53d90fb151
SHA512 e2515b79c2478cc26c030ee80388207971cdd9a7242c73370f9a0883f2653fdefde277f0378bbddaed907f9d0119aff7d0b9d18d828424b045032512cf856e4a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 642a3fb308373f5ebfbdd945c70bf7f7
SHA1 ed24309c49c53ecd53c32f23a9c2baa906a86803
SHA256 7cbb5bbf4f7ad05d8d22762e02e551511dcf1ecc1d461d01a7155e37ad41390c
SHA512 3d037d831d00fb5453a5af7c267b6a57edff96596f4783661a71a5eb19aa45f348a6a292818460ac905ece2ea005ad716b0a14dda7985cb7238fc73d6adcd39d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 a346840fa77f52d8d67fcadc82e11ce8
SHA1 fd7dd615b12aa7380a0f9f1731054b6397d28df1
SHA256 00bdeb6d3f941fb70388b82cd637bbda573bc773bed9625a8fb02d46600672b2
SHA512 80b0ab788172e309f9103c37bc2f93932c73f093a7d9769662f6ee69d9dc8857f25efe892980771d6e82d907bb595504d8113b0823cc8b67b7d6a594693b8a50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8ada74c319fb19d6e8a499b6fdf450cd
SHA1 6505724b82e826fef4dd5ef0646536a0ae997807
SHA256 c254e125687d21ab63b27c4d170d49a653c66dbe6b24437b9c621462d4894533
SHA512 9dc80a7ca95fc1eae4c0fcda09a626b57d1e22b981043aa85543daff16bedfdbeb1b9b9fcfc653020dc8579c862eec528c54184d2211224256edc6df872fc33c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 24f49a5961df019ac3e40d896c106431
SHA1 0ef29559fb7b855fb92b83c72d31e49168267656
SHA256 6f7b505fa5a83bc296e0013f592000ecfcba5c8c563fdded2737932d99d2427d
SHA512 41b1a66f64f902397701a20a6be6f66dbe067cef767424c0faf85679f234cf1a24ef6ee57d49da6dc73dfdd2f55f2b1f602415162405f608ac341fb37543137d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 b2ec5ad74c6d679f4dd7b738c5bfd4f4
SHA1 9e53076306ccaeaa501d66b162b6da1ded4377b4
SHA256 a08982603244f13e9f9c603d04341eb0d39e0ee3d4923435636c6cb2fc069894
SHA512 e690c998c74cd7aa585f2d2cf98e8b0eace0a3b86aa57ca0acd44af2c531ffafb6b492ed9a8d9802365012f03e2a5170bc670e3d8f10333d5007431ac97ab8be

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 043fd5244b123576dbd3049802d4ce05
SHA1 6defabf764556a7d8a2403b8747ea111d5f1b736
SHA256 d5b52a0ae4865cfd071a33c769192f80ef27b7de79a0bb835a18036a9a113c39
SHA512 19b939de8a9564da6d3f38b9a71298f9bede0aec048cc2c31cbe94f98211b1f8d0ad0b1615887d988550ca2b0ce8577880eafba2c14e293178810fb751c8cc9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

MD5 fef99f650e5f2c8130a27640203f7849
SHA1 70dc51ff85ed791eade8da443b1742fd9d52e656
SHA256 8e19518916446dd905f202d747d96a0dc9ad5dc26f7b5bd60e2ab454da219ee0
SHA512 2356d2a354652712e1a77ad54dc3167d9eab0ecc94bd0925507d823d52de5e3ad12ae5dc8cd5b350c0187ffadbbdd059a5a208638ab1f9bbda28b481e544a500

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

MD5 4b85e6bcb663ef5ce7c915cd31e0312a
SHA1 c4bf7597740f3cdb63d3731f33ef06fdfe92bfb6
SHA256 9e0229d559f564e510c00b68e7675c51bfcc933d781d5a57118a72e68b179960
SHA512 80a547a206ad52acca3cff055f72ea2c1e1eea1c4857525898844df7ff900aa6bff0002dd69d89e6bf51cf546b5a5d552d9bcf0e743ae0f3973bedf16c3b7fa9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

MD5 a005054fd0d0eeb5eff4ca37e0520ea7
SHA1 490717e6140693d1e0a20dca82f1f39945b18698
SHA256 b83a30d48a4573daefc6e87030a08e511e44b589f9f8ae374398dbb1aa4d8ff0
SHA512 3928eb00571dd18ffe4d3b0d24d9b914994d8491d425cd60c812d1b2ae1f4c7925567567fc2cddeab58055d9d4b237943dc1b0bd939c40739399ccb49b274605

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

MD5 63c16de1febe59eb2cc033be47d843b6
SHA1 4ad69211414c41b94890934e36106aa362e174cb
SHA256 dd4497afc2ccb58205c325c5eceb6b1f39567fe497f08812301dff4352387191
SHA512 61d6851aac84a09fa97aecbbebc6ff4bdaba4117467a333cbe66103db8d318c9bde656b1332cd48eead16144325f374c9cc34e19243e60193020853b312c31ff

memory/5048-6238-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5048-6237-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 dab5d8f571d913ad5c560b0146ebab8a
SHA1 bd60dbd7d3ef5d7599fed5535280183659faf648
SHA256 fc8f3dff66238d9b20789e63df9c600b332b08b080c82e96bd816f316c5b9de5
SHA512 fd929eae42d8fffda3a8e94dfef4195104624ea654739965e4255680229ba4ae50799362e71b794d3d2b19ee6bf0a5f1e65a3b9d8ee8c5cc75a7b521ae9cdb41

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 6537e77afa866b2b0a58eb904f9e47dc
SHA1 176926b9a20aed2441c0ae23bebb9b599559646a
SHA256 218fe92c9016d2063869ef9617853203158b3bb95a80a3ba52fec942c10def0d
SHA512 0622d39dd895fa099209f54382b584b602b3dd8ef17bd0c1cc5454875f225b3d19dd861d4ad30bd04a0c020503172ff21d93f51a6a175b79b6dda1ae6e530c7e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 46835b517e80ecd0d9e805d17dfd1f09
SHA1 4b7708995d4d152512f73c0c7da15b8bb793df54
SHA256 c21954bc50c73174037fc33e2099436c2efaec8ce702ef4302a45e6e429e858a
SHA512 f976360a7fdfddea9f47f455fcdd6632abfca803f6f167238ca2683d1bc94f399f72054d717321f35f47a7588499b30b6e71a6c1624cbe19af6295d7447acc23

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 c41fdf5bf71cbce5374f4eb6c16b8c84
SHA1 819268fe4f6d558ce8ae27515de5606e172c15e7
SHA256 36cafa3071d2437de08c4279ed5d17bd2aff088b9bc8fbceabfef0c5f91e850b
SHA512 b477998439731496caff97803af1059750f01e842d57e58de11b9ffee87405357cf0e497146171f03285e0700c66922aff13af4922b5d8dbb9e20897df44b6a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 64e321e96a8306bc4425031605cd07bb
SHA1 459c4e7484875bdc4eb885a922fe9e6ea77c14eb
SHA256 77a7ba1230f44e9d26bf7ec8ef2966aabb58f778666e972b53203b27e0f15627
SHA512 03dfc84b08222cbe5ae98402f3b8a6711c8a94cf890c01605875f6526846f57be90c48efc5ee4527c6ef96539f49e5beba79eb3b0e9d0fb9bc2106a190ed4d42

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 829c49494d82b40e73d69f6e5eb9258c
SHA1 2f894af5c5cc08559390212e93183f01e39d3f84
SHA256 5e50d7bc2f8bee52034641225eb51b75170cf150e5ff07bc38ffa1b4cc28b4fa
SHA512 af077fdbc1a78ee836870c13962ccc23c4873a29cb011094f0bc721186866389974befb18c8cd025db3be4258af47c0b250451d1aa01a7a2cf386090cca27325

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 1d0d6cde77e02003f3b50990b8f26435
SHA1 d0986c81c2f286f5e92e7d08d3ec7eb9f14deff5
SHA256 dc76ba24331427f9534c42175c36161da0f44d59211ed551644dcc97915d07ce
SHA512 2144458d334677dac0c9baaad3863ee0f5ee9876067ae7e62c98341273bc312c7ecfb793ff761d7623dc31181747a8812650f460dafecf316f09959f6397bcf7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 629e6db6e5dd4bccd3afa64d54767954
SHA1 8ffa8e8942de3bd592a8961e2c8e4e0de2507d11
SHA256 9f6c1aa24663b9aa01955c1f37b2e3315638ba681e6febb3db74f4661523bd32
SHA512 199030f1b009a541885cec712f36376575ff20053f4292c0787a3f50603c0d1a345c2695d900fac86e02f2e83b8d65ca04b0ca2e2431abf57c02656c84c333f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a6d98c999d5add17802b2eb97a5801bb
SHA1 be7f7b25f5149afd25d0fe8337cf08803c84c120
SHA256 bfc4a1123b1a9ee79acab74de71e067b87d108b2856f4569dbf84aa997762008
SHA512 b9a36c27f198798bdf764135c3393b00a101b154e03f43bb35f259269d7adab0067ffaeed58f8f2bb4c2fea6913b7ee0d5a25b8c1667abe298cf8802ef031531

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bc753382200e0f04868e826e42e2ecf8
SHA1 2455946c22780e16ed0480f52ea8439db8af2ef8
SHA256 2677568d69a768ac292a8dc71ba5a34d3de7f22ba7d75cc1af700bd9cd4fcc38
SHA512 2a561738abbac41be211a8d16f9f9fe9645692510b431843d29fe320ba05d61a2c9fe69bafbbac2b3158f4578dc91c9ba4784d383faa9f8132eb9921779c8405

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 33fcda908388eb4350863595715b7b76
SHA1 c5ab665d808fe8d7e2bc3c46fe12d03bdbc08128
SHA256 4eda2b78c5e6d3b138bf960b22ddb9cbf5b1db7cdaea4f9e02f79875fa4c6cfa
SHA512 b7d85ae7a096596bd0558ab739de14d7815d9e981205e968ae4395da81ee57619d4b9cdda1dbd63ae62b895b09c23895867c5aad6c69857da14437aac12cddc8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5bd52af9cb3b203e19bdee273d3ab3bb
SHA1 2215d425daa402e6c5d6174d55b2c3ad67e388d5
SHA256 46accba73ea1c30aa708483756b9325f3d5d9c689ecf46d1f9d57e84a0cb979c
SHA512 2a8509d2c96a4cf0c5470aed26cbfb0d143b57d7fa26603592d351e248bbe449ee60fd0c55bb2fe9132aa02ab5f8df76b144c14115aba52771ceca454a2a03cb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a4d9e81ef95b60ddc0b257f5102d6f9e
SHA1 448bd380f4099f65dece26336f3e92e3eceeaffc
SHA256 7eb89e635be73402fbf1d2cf04f465c176d109cc4bd42789c897af51f99e63dc
SHA512 4cb82a44702f6254196520ec46c39550d270e713f3f95ec1ea4991726fabe9f49af39ff978ad926752acb44c162ea3915b953bb406a1e12531924efa10115d5d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1f39e2dc51557d985b24e1f9fecda134
SHA1 c78186faa931ce82112f2b5fc0dc6455d35760ed
SHA256 1d53efef128e163152319c9b1b572a0b8a4d7f8a422854c2ddd7318f9527ac02
SHA512 42c6f586411a7bd976cfe96ba5b37dc2be4c8dc2f09b134a2865d631625056f6ad5e63191a116f95fbf363a0c6f0f88024dd2fb3f5d15db4eef88b2c2f6ffd72

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 644fab5294f9d7f5e9e6fe7b0a22655d
SHA1 0cc4ddaddd3b82cb6e1290a43935119e6d338ccb
SHA256 e8405c04e03d72e1ece319a0fcd397421885c128aa08fc2a394e9d90038d3381
SHA512 0011c99ce881c70cd84231bd054a6b874b84e6099ef5b44a62a4e8816d45b910c4d14832c576ce058d4f2a61a86d9dbce1a51292591df294ce8e6d71876b0a7b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 4f558e9e3f1c38fb97e79e86ec8a1c02
SHA1 51602ea1c569d4b35eab856e34563cdd787cbf83
SHA256 aac2e7b4840ec450f74d53694472064ba461dc27a7fdc6d5f4bdc211ab3f8bc8
SHA512 6d32d4f6b374d0b8eab9fe24eba6664a438457cb3dcd8822c3cded073c2873f68f8958e41bac9c4823cd3cce0343f0fa6a45b19093a5db92dd7b7229148afeae

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 2677049269d8b8a500670c62d3b35bde
SHA1 d54a7f6c0218c21517babbda89245f7d7ebe113f
SHA256 311b756233f9430e5af9dfeb6beb57444994796334450bf61f5f9a5176ff3d32
SHA512 454580bac7856e3f07dd28e07747089c34e1e70c55515dad002ed9bd04a90b05a29de0d3799db0dc451fa5cddbee01675afa6de75dc60bc6185af9341b5d97f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 4f8db507e311e2dbfdcdba07769a6a5b
SHA1 02cb981b165c3f9a8c4f63dc92845d6d73d4ceb8
SHA256 333b5c75c451eb5d2231098d08e72074a7902a71928975fa4875a7985e8507d5
SHA512 bca9cc3b99003e132cea6b753ab1977a8c17038edbe39678884bf0370f2292c81418e23d70effd0ec7ee84a58fa33ac7bda4adbf5c00ae7caff7219c20a3d41d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 798823ac9a481218737e17a5ce3e8e5f
SHA1 329741a10d6b82089912c2048e4af938839afeec
SHA256 fe46012e87aea5c97abd225855c583e803e6570f2224cd263c952800c12736a6
SHA512 650d09f21e67344020e5150417676e4eb45693eefd91191c0fe4ebfd8907b36a2cc61c768ca788f4853f24fb81e792230305e80f5f32d3dcd3a04f957d327e44

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 ca5615de6968111e37fc17c7b18396bd
SHA1 e56532336584876ce6408720e6d6616bc4163830
SHA256 a9594a38f5f1b783955a30cbaba3c65356d99f8782180569b411dba9bddbd030
SHA512 e488528380af2326647cc07e24438942f30b1ee3c8c958ad170ed8e6c5978a662312f4f6c4e28a21f578dde81b5080c057429093a5d56abd34de324513e7c7f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe88f6ae3c5aeaae9902a156d70c43ce
SHA1 6bcaf554bc42ccb9d5f169ea3b91e6c4e637fa2e
SHA256 ebf52f305818e41442e49edc746df24d258b74fdfbdf41a30059108a3a1f4fe3
SHA512 47fe1ca9fa5dfdda472705d176d5afe352f9133f307befe9759a12d15a30bc4c08ed3cdc3931ded2ac961129fb74ca3c4ec21caf08babc0896d6d156b9842c0a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 07232397bd5144d6df309e79d87cc0a5
SHA1 9dc486ff623a717d5eff99896cf9fb97c7f3b0c2
SHA256 94e04608d55128f741789da0efbbc182cb9f25b9d52dc41bd12a1270d53a268c
SHA512 a2ae5e4718a1fd327c68fbc617bc741c49ff53ab3994ed2daaf23f092bb23c71bfcefed1866291036b0328392a3a1a65146eddffa019a1374878d605a59d8525

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 52a021c04e04876cfe6801e6e0438018
SHA1 c92a83daaa236e01ebe2be82d1164d524a42eb6a
SHA256 6875c9a601b708018b30ddc32913e2f73167f53ae383d116cb65bc52ef41f07e
SHA512 a1602648debf7b329e38e9b666d6471f6319440fd7c5396a42f9225dc9a2ba58cba624422b4fcaea451cd208985f8e0282100163c691e06dcfc754731902a308

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ba0dfc4fce45dd50ddaccd444bc52778
SHA1 ec86662863ffa20e017e85942a3577b652ef297e
SHA256 66c8a3d396504b724aa1394ab598ddae9960e6fd95e2014d0f7a2efc33b7fc9d
SHA512 2749a8fa6107cd0df677aac853230b93ddafa249ca34b342687d5af481412ea653d4eca4d858282461d2b91e795d297ef770de5b2244fd6d310f59f1d4e89017

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 03f6e8bd053deb594a3b000dc9f67b97
SHA1 627e36643d8e9d75dc6d75d8e0c8a9e8eddb0a91
SHA256 2ef2913bdb4220e8bd13f59cd47edebbf82ba69270972be958f76af27f04ef49
SHA512 28adbeadd12e68b70a7e69953579b50726e39f5d2c79d675b249b7f0e0f7b76c908167cc1c236c7830647510ae103987e7ece8c34afab865143b907ba477713b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 cc82a497a74df5739bbbff87c1ac38b8
SHA1 d866c57b040155cc66933f14618bf50bb6017a89
SHA256 9334199f4cb413e364ca3fba00bf7ead173de831f2f3f68f8af4ba4884f7bc12
SHA512 4330cd77b13e095b0370a0ca5d12a119c4de52d0d8b6718198c3f508405ae112c0289ed6d7a9cc44f9b31010f8dc5844b4157564a23656e12be1f47cf166dd38

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 985664408ec597d5cb6e3d4d574b5c45
SHA1 5a62e4dfa754e443f85b9eb09f3f5a484b1ad627
SHA256 1aaa5348406686a639ff9cdc718a5f3ed4201cabf82ac1304699e9f33134ff75
SHA512 a00c3cfa651e85f3351b42136116df3986ef6f9f68de8bb1e486e806ea4badd1cd2af109afb76592b4eaf365d122a57dba20e8e2265f2208f4a4182c9116c5f1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 9b22fb71a994b422ec592177611e10bd
SHA1 30349ac852ab8360acc454e301efa5fea8a6d31b
SHA256 edd1e233040842af9fa0958037c5f6f4926c31c8a00b61a40ed4dea3fc6b18f5
SHA512 5a9017fabbf0c8cf2c4567f0ca29a9fe44cd53ed5bd7052bf0b9d0ee9b9df4abb86cd9031a209ba97e8f6f23d2494b1766ce601f15806b85c92cc601f5ad4b3c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 accea2c04d8ddc04a54eac00fbcb51cc
SHA1 49a403cd7ba52293fb0e7738a16b8092be592619
SHA256 1e33dd2e14bf50d35a534bf12211ad90be5c6a5a43a6c17451a944120b87e40d
SHA512 b5e79ec9465bd44642c6068cc8f95fdfc1b0f185b357a36a734309c34379f3102f48790a1727e007218f5cb044cd0ea366188a11e7a3df746400dc6483abaf61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 6c33d3f99ef7871b7d6d099de7296a02
SHA1 fd3f6e197a3574866c5aa9f0aa96d68a89433d85
SHA256 a8e95893f0b681e6b48826ec77db7e84be00fb6d706f630b01e6139f7a6928f4
SHA512 5747ca8d82dfa7734eff9564dc992d4c85fd225a24eaf30fc14f9c3ac79f27ea5af64a2d27b24b6a2cfa860d9bb5125d2277284ee80863c87d74a9584aa2853b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f15b2a58a824ef0dbb251b6d386a3000
SHA1 b55df126ae18bee30b4c093f483e2c67577d6eae
SHA256 345c3cb844981f1e6706ebf5bf81ecfaa9b54d7f760a2c1e02a5053cb6dd59c5
SHA512 821e06da995c69dd89c9286a4b59bcccff1a79141db65d50fb52d0fc399802090e5bd764fbd9adefc747427c85eb20bdb5d4ebe24930173bdf5f8d480a34f391

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 94add919f3a07a00d9b42067ae3b3472
SHA1 9718fccf2371cd1060559f7f8e1793e5fb0d3aa5
SHA256 c46076ccd84b33831c152f00288302ab8758dd1c66d7259cd16c9a8a45bfade8
SHA512 294a4530a764981c71035fd99398b333f1896eda032c4ed1cbd3371ccb285d4ac2335a766a65198c67a9a9d5dfbf84f0be6103985640275009053ffd67062148

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 34cb07158743812698eb9e890df9fa30
SHA1 8c062227da71d22af1360ea17868bd458e832311
SHA256 b13162b8ce455ee7f48a01e98fc50537f2b3dd8637e3dea17fc60843893bd748
SHA512 b223c88a480aeda3ac2268730722d81979ec4734cfed303e47497b92888e6d25259a09c5d2e62f1fa622b51d1d7bca0b46aefe039549a0eea786b30d73cbd806

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 19e51039b5042e72835877d90e728f97
SHA1 1a8b35bab208e1c6a88bcaed29b5defa851146e0
SHA256 dd04ab84fe293e9af8e7bbc9ee8776562bccea0306be7019711d54a397d3a216
SHA512 e8f4be512d6dde7b879d7cbe383c49e8ab502dee529817dd19d670e4b42d49f0b4540a1625594b363d4b53413dfadb692ed535cf8add67993ce7140de3a584e9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 ace395388cb106db7570d19ae0e85555
SHA1 87abf27bda778d15a6caacee140d2e59c6846286
SHA256 b9fac0d21dcea478fbb400be5ec02f4674b2d268dbfabfd5139e3b3a4e0d7560
SHA512 da2d9dc1eac74f61a3c79c3e80c34136ba151b27ec1874b51c65df9822026a28a6f3326b14b98a9225beaa8bd8e63c5c2166e4dd9e70dfbe10cfc5d1b0f5eef0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 4158e468c5244d2d1960c3332ed26ec6
SHA1 02c18ac2cde83e8ecb8dc4a332d0c725f25f7c87
SHA256 3c5d21818c1a70a4a4215aaf6ad9085336e9e702f3cbf80dd2d16ca03e796099
SHA512 aa47f072f145f82253ef5ed5b91ffbae41415d9c8d5f6884babd66b096ae882313388b8258a73ecf6afe2f1fb0a1663e235be2742b82b9437fb9371563bfee3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 cfaf31f4d3cc84ed7a94f8484a163a98
SHA1 f84144abac8f6ccfd3c2f9d94c08e23b4ec1d588
SHA256 18b50e3f97ab5639e973f49f976bec854decde8d7a3b16cc98ca56899ede5b78
SHA512 abc83e6811aa86138dc35126e5d9e3dff07e6c574bb6d1bfc65dbc41da2b0f6d5957659de410e8dac37bc5ed6c451af26401cef14d1de73212fa8348fc28c8c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 5da72983840a2b5c8a5959660feea0e6
SHA1 451f5b0f6542fdbe003372b94d9ccccf0072fa54
SHA256 1c0d6623063512fbcc8d0a3ddd0e9c475700784393e7e5383963c2674409bd19
SHA512 fac9e08656c51b9cdba1e3915c88a1f8a5d5db6979429ebc1c9d97bedc4ca437c44299424d3fcfe829ec9abd86d0be93038559db4a3bc333318d88ed0a917c2d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 a13ae893db0660a68f69814cd95e167e
SHA1 8dea68dbc1efeb8096e957e437cd8a716889be3f
SHA256 04ab87f0282c7141077881bd76cd8e4cfb1ccb910fb5555f4fc67ebff568abe3
SHA512 531629ef59f9ad45864be671831206e6495bb69ee00d527ab49dd11c6e08fc132cdd9cad9fd5b770de46472fbe0f260fa9cb8455298471f435a4b6099008267e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 e495a25fee9c8b5a05a9e01f6e82b56c
SHA1 2b046af38f98be4f80579cf3735cf3b7b667d97a
SHA256 f1c963f4f1cfe6d940129eaee1da0c8433b8e0aeee22e2399e89197d0d7507ad
SHA512 41d28fbc01e92d9de5d1da947c57c94c1f1a3c1b7b5ed13ec3ff61c385d8787fc5b20ac6944846e0c68523177b04994dd1639ed78c8477366e8c88a4778e7d3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 e11dee21246a7d201c4353e8395ff45e
SHA1 ec6568971939e018ee242ac14e3fff92dee6452e
SHA256 66e26f8c52e3dbef8213b796f5b7f7b201dd06825303eabd3311633619a7b56b
SHA512 87e89c7a0c4cb635d3bb857406d36d477273c9ba96b7d4f2c269ce30e4b6e6388cb03b5d9c73db59fea42e14a1e88dd1c6847e41b358f0e0b92d02bb31ef65e8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ae4afd7637f0490602823c8e649f3578
SHA1 0bd8418395b7cf33361610ed4c1944895b5f27fc
SHA256 234e49b2e60c58818ab6b00f7e80771891d377799cbf5d7eeaa102454b69853a
SHA512 2e06744bb395265120107862f18db6bc8830ed4684ddaa165146b2863998019ef7a5931f24ed84e7f58be029e7b60a45ca076c2046667b5aa68e954902ead1f6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 7b38ba9be3ad40ec5917fbbe83444bce
SHA1 3c4ac7c25e0245b5cbeef487a907382ab58f6f19
SHA256 afa861abf347943f695359fb9872af791507d914d8d5d9a149c49689f72b6f05
SHA512 ba7cea34dee5574ce06154f42b59d294b38e0917ce3fea354b7f178e4b46d01a48c5b7aecd9bc31a3947bae797612d36fc1f621670bb05610bae5a1e19e5349c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 8fcf1fa9a977e3b82bc48461090c37a1
SHA1 154aa84ee4af5cfe631550290828d031cfed9214
SHA256 cf1882941f0c224b202dc4944953b6aaffa700d7db3da779d61993c25ce7ce42
SHA512 f37245515600d166a69bcc8bfd381de33030573d8f62055e65d1f0c0317be42d5fe0251f641e1753539204653af98c3d81a2e08bd63bd37f1560b827d958a8bb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d17b70d3903532623df94d65cb4b79ce
SHA1 591f47c84a44c6f42790bf86c8cad7a8166ec942
SHA256 8336c4871a9e200f25b181fa8df0d16af913760dca1ec17adf7c80402034f235
SHA512 da27d5dc2800469bb492733be2262d819bd062bcdb1a9e7ccb3abef03772c0524fb15740e0cc634b7e29ae888de9666ac5bed1bc9dc6cec3e83fa5561c79b20f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 91a95d79fb6d9788259a8ca578de8970
SHA1 2aa6641e14bc66173cd61dbb7cd80855b454898a
SHA256 d13ddf1f956e7c714ccc05da8d192bb7b5aa927f8ac91d874c884239edd6c568
SHA512 c41d7ac51a2dc477b921d7a2f59a17186a79ef89ffea980262a8c6a7099e1a1272c4dec7962287a80814873e240c5d72fca4b56a92694fb23a79e5c2a24c8d08

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 5368a1f82b1fbbb4b9b0423d3487059d
SHA1 79961b4150d2ca35f0ace815ebcedce134e59820
SHA256 2339c1bfa9080146ebfb44c61078caf2ea20faf9526c13ae8842c5fc3a6fe679
SHA512 110ec3e4c28701548cc414689f31c9d06582abbf5abe7831521d925b47765033009a22b8f056cec1a86d67fb46ae60f2da04f4b9a729d8d74bcbea0a864458df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 3bd133e2309bea010a3988c43ded02ab
SHA1 c2e46f67d9a03c9f91810d9a37f19502424ad04c
SHA256 53cd4bcf4bdae81ea940ad66539227e5010d9f77fad66b19d4d5fcfef77f0f67
SHA512 1d37b20735df91f2e12582a323ea558bc2e2c856bddeac12b0ef8497d63b5fb55ee88a5e8730189bc980817ad734b41b5d94f4f963278f05fc29d400ca26d35d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 f986589fb87f90d9220066f859339f7f
SHA1 a954b8d28099252dd4f6539c900c408b60222534
SHA256 3f65820441b71328bec1890c72055879967291e8850240cb2d33809472268e2d
SHA512 a76c034db36168f5459dee0eb06bb6dd8dc96d494215f43c123c02638097a0aa889a8a08417fe509dd1c10c4943379826905e86773a485b9edaa2e2291b62811

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 97745488d76deceea718e7ed23d2e326
SHA1 f4c7026eb842e65922facc21a47220c21e195e6a
SHA256 98f91c9103c1a60d5db5bb0dcc3498c61bdf278dd44f7ba27189ebb6b110e8d4
SHA512 cb856737e898bb6c8c5da8117d1363d81b97d79dfcbf5126f4f4cfe64c9cd062e82bcc00ac5f2e4874a2973ef1f737aee02baed5e67f1d321aea649499f1c976

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 f96cbc5fea777d2644c6d03e68b03686
SHA1 468f3b816cec5e3b27a4b75b09ad3f859fcb4dee
SHA256 e96b091f29074209a0e98bd7185fc473bb46af5895ff71b139449b1453a4e2c0
SHA512 7309ba1216d43d23bd342bc2f24ade685c105fe83fd0da1bd3b949e1abb2f86c56a067d50e6834043c8a43fb456a2f61b42718ac80025d7f7ff8fa11632c5ce2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 ce585436ad612c101b483d795d4a0976
SHA1 f7bbc6c15d1658d9073c6d4aae51c8b80b9c57dd
SHA256 4845cdc1a1a6b3aec207207e63ca11e5218a6595960231c36d72e924db856a54
SHA512 a4a9ad5ad393b3ef4b41fcb359e68886057f771c305979e4d6f57320825e9de60ea9454d6b914b1338a0dac67691d6efb22555c311668d084681c05af7d3ee21

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 3b92242c2134cf311dd1b4a271234299
SHA1 4c8da6b07c0dafb72ed78b965ba2dcc25563ce67
SHA256 5f6fe53fb5cce1c997a6ebd2f237fbdd9b252cb60dd4ab78ae1477877cd72ff8
SHA512 6d02f78106c82e07e978c472c1f607041797a4ccc94aa32fec18b7d83bdfe287a462b94d4ef15cff786dc2edf0c162168535b4cc2d13bd2d6b21343a16ca61f1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 9baa47188dced59eb88b15434fba9baf
SHA1 890c4f1c21f149cc14cbc7774ff48a0173620ecb
SHA256 eef34c50bce2c219f20f285a97cf6d93fe79075e1937c92f1af2830e5dccf432
SHA512 e375e9b63c51fc4b42988053aca88b62120e4342a460319f1d6085dbf6080faf0986b2d390fb236e040abe88eb414a53963c5e5ae2f1f2d0fbf5d5bb96d85917

memory/5048-10608-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5048-10999-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 f6d03baa3060dea894a889bc523cc485
SHA1 b3f7297115a71d5b32060c5275f8cc478b390bc8
SHA256 14b836c476dd6cce8b09a9ef0fcb15ebb12a2e269ae7368ae298d524f26461de
SHA512 f4c78c070ffb544572924b3be27775d04bd9d83ebd8a89da5c458bc4c07f706b812ae1db8bb1d0f788e3d4409065a8a088b30f283fe4d8b5a44bb5900824a161

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 37546623848a1a82d8a4350f43a1cbde
SHA1 346598a51a842cdc694efebcafacbbb296d8b3e6
SHA256 84006796fbd5a19ed92b23f9eb24ef1173ecb0ec8012469ad5de0aa9cafc69ad
SHA512 8bc53f8d5296d383d52db788be284bcbbf3627498a8a9e10ba1f4eea9d873fdc1f890a056fe1da593e43e022a7a2c2a29a607d32836aeea81610f08f598a9be2

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 699d084ae7c9fa4755a35b3e3dc040b3
SHA1 817aca218a239446327c0094b97bcbcd6dcd35f4
SHA256 8ab9ef06a7f9c96d56ed2e78ec8d5486d130d8f8f4fead9654ba7fa7ecd10052
SHA512 94fb78cba59329ce9a0da58daa3a734c0d4d620619d096516bf4df2a4b8fa9e6fad80c7e07c4ac1f41586b242ecf9cb2f548593c033417db141b8318cd0ebffd

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 27fb0a83640b80e3667c2861bf97a65d
SHA1 73f0461d832950287af8d64f9ecf00baeba80598
SHA256 57badc78808dff3dc22dc4a1e7ab7cd2639788733fac22d38f39c2f2f2a57f68
SHA512 857ac216e937aec89e9ccd463b3fb909c9b415e894f0074a09cd991844753c569a4c5d684df820a13df777b31bae8ed207c1c75476b90fab95b89de498d7a6b9

memory/5048-11326-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 082fb56c66c541e61a836df2a65be1b6
SHA1 acc199f4f6fb483f30f547b552c3be36f3ab9a37
SHA256 56de841557f70df651bba87404bae0f457f9856ab9899d5c4fd1260754cb199c
SHA512 f9c4bf9dc2334290b8b7bcf8a06e50a780e1113ae4f3083c1db5adfcaa7c90fa2e069b9147acc533be0713aeb44b9fba890438b088816f884181f54e0c3ad171

memory/5048-11331-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5048-11332-0x0000000000400000-0x000000000040C000-memory.dmp