Malware Analysis Report

2025-01-18 20:41

Sample ID 241125-gve5laylhj
Target 99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118
SHA256 04a1c752bb88e842acdf2b0b05f47d9909f5d871b0631da59020ff71532e51d9
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04a1c752bb88e842acdf2b0b05f47d9909f5d871b0631da59020ff71532e51d9

Threat Level: Known bad

The file 99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist Ransomware

Xorist family

Renames multiple (2217) files with added filename extension

Renames multiple (2192) files with added filename extension

Drops file in Drivers directory

Loads dropped DLL

Checks computer location settings

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 06:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 06:07

Reported

2024-11-25 06:09

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2217) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_neutral_ff250f861d941dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\channels\OCUR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_neutral_ded8f26cdee953c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_neutral_4506dea11740c089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3B.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\DVD Maker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OSPP.HTM C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Web\Wallpaper\Scenes\img30.jpg C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_de-de_08149bc4ee8bb679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_elxstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d0af5c24cc78eb20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1116988a4eeaeeb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6aa2d458ee571cf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\timer_down.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_es-es_3de17ff1fd4fb8e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_868e12e5e3585129\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_c795df968dd4991f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_en-us_8c3d316c0f30da5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_a3dab79bf7c211cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehsched.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d9f592445f713401\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_61abfa5d5be26403\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msvcirt_31bf3856ad364e35_6.1.7600.16385_none_bcb21589b7ba0d7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_wiabr009.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f98076415b4ea435\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_4522938c0ba39055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.1.7600.16385_none_a6e882bc6eb8ea53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_449a32d8d37f0185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-kernelceip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a93155862b96772\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\67c2902f53638a9056174f6130a8bde7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\inf\ASP.NET\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_de-de_772af58d442606dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_88f0ff81219d5759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c24d37754a012296\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_809ad1b1fd87a64c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b04acbe50bc8a92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea5f175fcd9f97bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0a0ec7f77e61710c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f7209a57ed8d06af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-icsigd_31bf3856ad364e35_6.1.7600.16385_none_966086b1babd3204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a23e0ef0a4416066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3cdf861d140e9daf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_hail.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msi-filerecovery-adm_31bf3856ad364e35_6.1.7600.16385_none_1ae43d41e3129c2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8154a3b9f1217339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_down.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_02354b58460a7e0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\aa093ade93079bf7ac8b4446ebd6d935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b7aaec92f3c4ea2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_99f02959daceaa6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_bg-bg_68d21d71f179ba4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7f96ef3e715b63ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-fstexp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c697604864cd4282\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_d0f8811880bebffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.manag..davclient.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4f7132d3977e5b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-csrsrv.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7fcafd9ff34b6846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1eef89e6f9091c8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sqlliteqp_31bf3856ad364e35_6.1.7600.16385_none_b8ee097bc49d441c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp5.jpg C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-securestartup-prompt_31bf3856ad364e35_6.1.7600.16385_none_4c045ec8fda52d34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8d2d55c63c4a4287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5f5ad4d6e4612081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_73ca4df093205138\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe,0" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VGNELURACJCCFEQ" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\asdf.exe

"C:\Users\Admin\AppData\Local\Temp\asdf.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ftp.gtarus.p.ht udp

Files

memory/2968-0-0x0000000000400000-0x000000000045F000-memory.dmp

\Users\Admin\AppData\Local\Temp\asdf.exe

MD5 44f5857802e6afce8b8fee1f5076faf6
SHA1 c9f3839db2e0e3c64929a7ca3f9ee4a1d11c9903
SHA256 d39530b8fd308d46f9684df83ecbb52af0215b273aeb1706e56e2a4b6b1b2662
SHA512 8b82d36fb81554b3ecf19234c29a5345c046c63ee7a539485f960cb0a03e41f072c3c005a9efc41bc51196abd5d679aa3795d0239bdceaa235a261242f38f77a

memory/2880-12-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2968-10-0x00000000009A0000-0x00000000009AC000-memory.dmp

memory/2968-9-0x00000000009A0000-0x00000000009AC000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bf7c33fefc44b06d8745cae5dea04b4c
SHA1 9d6dc0cad21510d21a9413e8af98c08f31892ef0
SHA256 e875b7b939152a5af40aad0df542fbad5c9b96584c2e99e72439e364c57a9ff9
SHA512 b3fb42df3087627db830cf55332b569f99a00102c102783265bcdef22efa3829a996829c0afdbcc95e4080dd34ab3eea7714323e51978006a6a524603a9138b1

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 665e1d3ef858211c7eec7d03dcb16e33
SHA1 1971a8b3cf40b1b7e910fee82582c0b1a0354f5b
SHA256 cc9b89c2659f862b0d147f1df8af59c5e8fe5828e12cafe3a342a1ce942dc15c
SHA512 5a67f8dd33db5cd074edb8f745c83985beb973a7786e0a345ad6d29e71c04955eec3de0f7b6dfadb4abed7dab6ab668a8b997c5abba95570d790087a0432819c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 342144bb9f4b1bfea56676554b42aba2
SHA1 6a16961e5e90fe8cd3a04cc3e9496cf73d3af9ec
SHA256 361d6e2328831f38f3e214a7492cf939f247c343098de948e4e98e72edc310b0
SHA512 03c59c9f8096fe12b40d8bea21ff4d2663b3c9e1715a75202f2031879cb98ab97adaadb6f37ee99c482a221d9416f1e98f14ad1478a440da02de72612560a31d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 89689556756207b5179fd33087b66d4f
SHA1 d91443fa08bfc0283a9f7c53555be41f3192a9b0
SHA256 613f744e7938533c1e0ad812f361b73832ed7f0d028dd67fdc50bb00557d6577
SHA512 849bc24f52e51700aef84a6ac0fccb58c34c5cd5233290d7eb758db5517080452956a7c4f22b26b0a400f467054b516d0438e26b5e6a1f7a018cad21b25f85f1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 426b9efcb9f137823de8a67fc8085933
SHA1 1341fc2473d07af681cbdedc818923bca4830ae1
SHA256 2a4378203114ce88fb6c1cecbeb49f487b47848a3ceaf6dd496a36c6d089520b
SHA512 9aa90c2ec531b1d21531af5a4ec42e88f089250be033eaef30311de89f0fdc94302dc75b2846315700767f50d36e0d83d8735306e4bd8bf0bb5d8a566ff34850

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 638082beb64c77f7498acffaa8342bde
SHA1 dac000fbf5d2d26eb4461df9b78077395cb3a3bf
SHA256 aca6f106918cf0342241319026a01c337ce983bf57f3ac27e1bb57b2280fa3d7
SHA512 15b91bf6cd5ff4e733a8f647a417dab909ca39ae6c37373b9bce08e540b87ebb2e0f7176b065c9a6c63e7f773070f26f36af38cb4930cda93d3a4e20f2a73b78

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 18f3dd36caa66419ceedd6890982b36e
SHA1 228e63cd7f14923ed8da477580528e59f6bab667
SHA256 e8f79d96081dff9813525a42300775a41d01405d127692379968a027f40257bb
SHA512 1f5cfd6e59495f2015da86c1e2fbdfb5a90236292c755e0aa51f0dc42ca5a917ba6c3cc3c063931140d9656d683c995b696e89f6a208174864d37b11df837398

memory/2968-1750-0x0000000000400000-0x000000000045F000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 0fef4b4662cc4b8f052d82ef6e25d561
SHA1 95d622926f0dbdd4a3887d64baff3b67bb148877
SHA256 2339a3b13b94eb361424297b872bd741073c40d8d7b010f74b352028fa54d03a
SHA512 bb4e19a59987388dfbc71836e0f9a216c9c8d280e83cba0310f0e207daf774b28d7108b645b60fd6d945683f791305843a4454d6f9df63dc9827607473422f1f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 66295e597dc474ff577313f38c199068
SHA1 cc7739c2cbede7ab61b756d11a601780db309203
SHA256 4c2ec094decf21121f665ebb4f81eb24249b37b9c7e2adf12ceb3044d295a4b7
SHA512 da4a8ad8ead1a64dcb6e4727e46d4c062bb3b0d10bec3d996fae854aa1b57536b1ab9eb7ed458f7b20454c7d6bb5b8857698c377eac95a384f58ca93c6e0dfab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 5a6f454c1fe25819541f039f30f11246
SHA1 6412416cb3076a205d789beb42a266884e238030
SHA256 e6513be767da7963fe05425770f94e3cb852abc97bfbcd8f62fda48f116e7492
SHA512 520660b8f144a716f3cb02ed157750d289566d8cbe0556d442d77404830cc431e26514f1d84df83d38f1a57caf3f05d1b21f232a4ababa3994715c28bf16d0bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 3adc8140648b1955e59eee1d9b7fd727
SHA1 74b878a8bc5278a07c904e53a1b96d573a06ba49
SHA256 9cc676ddbb04d9a65d4167ca16b89431c9d90152ba8c9cdd2c1f8303a150f85f
SHA512 5679fe502625699dee9c627a6f6ed2aaef23ab3105a10b2e3bfae9440825ff0ea41cea5326d8d5f1970bc0e6a75294c68c8c02265bb3f11c5e13944c0028706c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 c5b03e9920e4a9a19f748cfd435fc427
SHA1 828926779e07621c6ada94ef814c589ee079531d
SHA256 df5265a9bd4746cafad277946608a07b3896c10428aa52a1aab2d56697471bd2
SHA512 d9db67aa0a3fdbe23ec40ba48872d43ce791d50c305c86ee5472f22f0356d022aee1d93f1143eb83975ef7fc6ba015563882bad31b734e5bfa7e522ff1eedef7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9480cb78bb997f1a37682d71f6618ba1
SHA1 63810319e8c0c79517f2401784ba6b363fa60a02
SHA256 84e9effb32673adbf9bac6af1ef149595e8f0c07d44f7a899f783e0aa1182075
SHA512 5e30c9d17ae6018cc7ee54257762e52141d7eadacc529769a0293f679dbdd5293326e0cfe8945adf1d26878e1b087b8c94850aaf9a66477faa43801035cfb47a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 3c55797633bb2938e0f3d29d406c10d4
SHA1 a4c4f737fbcf0db497c970ddc1ad24f3590c0f44
SHA256 891ef036f33ae2fb77529542cd08921265d5c332745c3a515e2f5392cc8231fe
SHA512 ce8152c98906c2679639b23376367f47fa21adf23d0469f067fc96b126a1834eb60249fc98e594d70734eb060f96b37bdc04e3e68d3df60d08a042f1724777da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 249c43b080bf181840d6729ee4d46f41
SHA1 43393186fb97919402c4a7b4057ceaf8e2000de3
SHA256 385945833bdd35b298b445e4aa2af3102ae64c7605886c8035f710b01968c9e3
SHA512 767893b5958b824d16bff993b128cc0497f5702b9130cb27ee938bf58012c8326fbfcd78e2d62bb1dd4a0f28266b74a01778ab9707d2776b96680994b87aa952

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 fee0297e42ab96084633a165a982c87d
SHA1 5a6622b5e92704d1541b7830bb672981b94d95e3
SHA256 541173fd0d74ff8236ca3f021243f927b6518fa8481f3cc527dac66219cb1a2c
SHA512 d56f93fadcf26d95b0ebd8fc6ab1244252849d3af986677d6ccfba968b7f903586421a2a8b2fb5c24aa1964d195338971618a2c7087154cba27f05cacc21c857

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 9d346f4952849ab5fab9ab00d0c58abb
SHA1 365749cae868c1cb05da55900435f0c1b1e574ca
SHA256 cb55b3e04b60fec0f2aa75fc529bb6770e9cfc5d43dab7b6384f7dcedebff1e3
SHA512 709f120406eb20c00f0672ea18b8b8ea73ca28164a11059faa256ad9b7c695a6dd28d90f8c6824676fdcb1bd8d1de53b3bb6a389ce6ef5bedccc70d492a110d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 2189da47b953863cdfb1f41e34725079
SHA1 e798f96025d1417039b6f5ad846c6ad8a9fc2029
SHA256 cfee93b3d82c929630cfbc3d8ac9458aa05997785855b370c4508d272bdace0e
SHA512 77863a0d510b3d27d1e0e0d46705a5fd21fef42075e4adba25c2ebb5dbcee120dfe160cff289b5d4f3da36dda8637db49d044cde5d0a36870b0bb4bb010f3540

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 0d5bcab2c320db9ff7532843198bcf87
SHA1 6d38c0b0dc62ad1ae6242276762b4dd2db1ffced
SHA256 24fc0f0b25651834a85f60e9c57a029e1145550807cb981daee92254be112a6e
SHA512 1110eb8c12eea2750f244b405238c664dc920618434a890ddfd210aaa7f090cccd7daede93f010ec0f2e7b54de6ad16cc11e8a93a9322d34508848ed4e2b8a3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 de8f10b70f47c63964b6be8eacd0a968
SHA1 19dfb46e8ced0eaf2414f847823073a7035319dd
SHA256 7e3cf6f33278c8700b48fa3c67154e9c273c893e7b8bf0c7fa36245d49ee1f49
SHA512 82b63df2bb359dc58fe0d0d890e40fdb668907c0922a52fc7450aeaf70c8ba973edc160b297ed48944f19de6edf52810cb9edbbe5b3169df108f2d0d08288b28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 9f7fb232bd0425c38fa204ee2a72d4a5
SHA1 57fe776b17dccba0c2ad542bee162d684d49b5a4
SHA256 87b46f50d7e1ac9f8baa0b24a3d961acad57c5695c4d018a6fcc600cd43edfe1
SHA512 1b53facbd05a8bb67b5a3c5e54e390b7cbe0e18508eb6dfc4b16ab34f90f215d8602c9658678c5a7f43d533aa09733803cafc80581b031671513641526d6a05d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 32741302e6dd5480cfe9a8474be23a7d
SHA1 8e12fe8f4233ea2599f52eac75cd4ff7ea4570b3
SHA256 5adcd1818ffdd8dafc4d956cffed8a4e9c0ca7c9520acf9e1970d7de5ced14d2
SHA512 4cd4ce5d9af321e2cb21730bfd365034d12c5da457a0ce122548d0858e279da8325a4ec924a8f665b17c2c93f03a516fc5dfa42b59df68efe1205dfccbd697f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 6c3201005f50344e6dc0c943a6b15be4
SHA1 f8406eb46c1171ccc228a3023ffca9f53f7430e4
SHA256 a8eaa1563849741a2e769aafaebfcc267d4d3f19cef7bccb2dabe75c74b4a2b3
SHA512 4d3863ebd498fec573b9a96c3ee715d0900ac63c8d790e6e848a17a2f949f380787d650b32eacf348a72ced4f6d818c568ac0d51b9fbec048be423c8b27ce1d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a8d95617cbbc1a4bcc062ff7654d87e8
SHA1 5abafcfab2e3de5c046bb043424aa0190b0f76f6
SHA256 b38ca50523c5dfec8348e4508f1e76c344c4254998f7a1a432bfa98cffba5a8c
SHA512 3afbc30b32ef77c7f448ac1f3e47c7e9dfee7b0d184148002256afc77d35bb5822052753ecc98d8832f3c55204a6d4ba7d7bdb777e285f62601740e5561ae0d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 bde33e9b371c7e26156528b227d4b4c2
SHA1 33480169c87cc8bc382214713a71962caeff0697
SHA256 2eeb8303056574232c6f4974bf7a0fb5b48fbc7bf7a7c3f66554b07e2cdd004e
SHA512 e93007ac0e58a5239817a7acc1910108ddba1a1d422578d2b667b02b8b7702d6cafd049718b746bfbb05963d7f0833295ccd6984bdf19480cf72a766236e8e02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 9fe96cb1dcedcc6e4c75c4e2043bd636
SHA1 e7d20ce34dc42c628f3dd34be416ab2b5312794a
SHA256 de94a21eb654d223d1e62dcf31a81e1d15acd1043ab5a93bc5e5b7bf08698b20
SHA512 ceca1880d01c2db5ba90fbf0ecd03c27742bea846346b9a87dc3169ff76333549b11d4e2d658d490b8e0b58690bdfe7731f2f1441de1c2b447e2a50f504b7f46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 4594d13a30f9393c3b6bfe5553783ebc
SHA1 2d0ecddb02059f34bca0b19c07eef8ab65e05de6
SHA256 067c76d243dd2ff49119ad9cca1e184c767e67a60d166376545e58b9130d1e0f
SHA512 bcd50ad51a7f7e00ae36a6a408ee257349452ea8dbf0c14b9c18452525f0c4d4e12086591f876c26d3c9c958887d9d9a724368399102a8906e3124b4e40d7e95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 cb81c66ad9d5b437279e79de64952be2
SHA1 ffc9ab3b2f835e0be366523d231c493dcd44a7bf
SHA256 97926a116a9e941a3b5b2bac2e98e0bff688bddfc37f87cbd50026cc22b76bbb
SHA512 7c9e324b4f2aa8ad4baf2293982e2f53b86ad2c4dc5cad52c74a80cb788b02b0a2f79fe9001d2f05e32f17a6813bdf815ec32c9b3164ea3165a5594c6590fe97

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 0add1842d3d482bddfaa16e9c9d5c770
SHA1 63be494e6a3fb44dcebdd4d7920dea49f1c7f356
SHA256 6481b051483519d4fa1ce01dff0fbde1d43b20e0f70f0c68dc114203043c7c66
SHA512 491bc9039275d26280480ee1db2777c8f8878f7de38f1f54eb5aa2d8a8038abc8b44eb932e768574b499da5722bca0c22ed19d53539ef403a1df21925fea4a44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 2e9bccd521d44d835dfc72c95500198f
SHA1 e5e835fffcb4c535daa240fac0d14f9ff9749c77
SHA256 2154a9adcb7d218ee678dfce3f002582b6b086a5340ce1d5e44b94cd2276767e
SHA512 247c0fc8734ca68fafe6ceb0fcce6d77bb3512efae7a2154d848740ff69579052b04a711c53f34a4557af198d03132bcde724295248021275d017a2d6466d5b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 25fbef00d7dcfe8ebdfc8438a1334092
SHA1 24af5e9c3dd8e9c8c09bc71192c7a8ac343d05a8
SHA256 d341eb8ec13bddf7bbcf9b18af48f6ff663e51ffab9a7c1e115713716407a0f9
SHA512 75ad1a3ab4c8455fe62680f0888e3c58d7f5d0892befeee2a4fb6fb57f51456dbc0a68245eb13fbbe0a48b0d93a9cffda390a85c73543f67402a9f3b64a5ebeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 b3977f544e77a0d2ba5ea608b294b6e2
SHA1 d23f22d0176f9658b2ca715f53ac46e0dc969c70
SHA256 1aea3e120d884862c5a873f4e606bfe8b0e2dd6e2953f0258ae669fc74e22e1e
SHA512 3a6760e1391df4f1abc3dc0985d4e0f07568b5eeefcddf7a2802905eecb4ad416d47a28e968f05abb043c96f6fa122fb581f5e76e097c8c17fdbe88182bf2656

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 c5299a85702a30d5b09d00b94ea85977
SHA1 96de83c18af0f9edbd6d5a04ed2742b38cb6ed7d
SHA256 735925ef3e663ce14e39052ae783fa9545a0f9c2db7f073a3c553eb8168b79f7
SHA512 ff03e0bc95979ccdaaf2e748e6d85bce957f9d6a1006dab53013a897018c9a6bdaac320f4802bfc53db4b584cecfe6944197f33da8c4a5b9d55698ea3c17bfbc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 2335199faf2aa6d0747d5591a904896c
SHA1 0ebbb1d4714034a8650b6a469ef34abb79855f0e
SHA256 ec1424882ffa8a73817ccbe319a08ab5cdce6ad2041acb7097625c4ca7178835
SHA512 c78e0bbced6cc9b6c7a2cf9192a8982f79f573c8326dafe5eae4c778d559430f417cefb297e63e4c36ebf4bf2dd117311daf4d8fe3205dc0b7e5414727562913

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 64ee00d9a5ca7244cdae42d92f595479
SHA1 e7cea33942e438e9c41207c6db349b4f49da83ad
SHA256 fb8985fbf74bdf90c0272e016914156a16203dca154c82f3854d02aef6994c15
SHA512 41fa641aa5e4575eff56b8a6499d023fdc229c96423743c8a581e7f7f8e4f46575b28c5dddbeab45aae99aeac1258f668b758889cecf2800e5799852a023c326

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 3b32a5855132a379f113d1e9955fcf0a
SHA1 0d2fc8eef0f339fd6355856fea02191565218e3a
SHA256 cec2d3e2abb301875c711db31a1f804d653552b56e2d5ce42462cbfd51a78c8c
SHA512 991dcab1efcb924835b62d78ff1648f0d20d49483ca90a32c8ca449fc8219f8bbd485ae57bdd7c1425cd61b40b09db8527ffe2c2e74174eb124654d56025e478

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 6cd077bfcc6171124884a3648a74ae10
SHA1 4add1f50ae960b4dff6e6dba9ae2a6e748414077
SHA256 fd632050110fbb8dac0eb5c4df6b9776196514abc817339f7e4f041d0d4a1b0c
SHA512 3adaedcdfaa666091b162af86abb8dcdaa34fff35bfe1fdaf19f3100c2bb8fe601cc5b29b2c9f13b0c5b47af7cc2079a9f37e55f992e471bf970bd0cc7ce3cf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 82b4c430662e940060ed5fa4859c02c1
SHA1 85ffc159e395768284bf0bb5ca9545dc76cd34fc
SHA256 3c122ae7cd877c974707ccb66c5ec65159f0b183a219dd0b11cf958504c4b41b
SHA512 3fc42e44b3236e1f468fa2fbda21710a241ba882e8d44121bc47926f22b3ef7a71e80df108f11e88ea826bb2a4eef0a9bf4c71247fdfbf0ba139aa6c9e9893d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 cd19037a527ea408490cf3d7293a9ec7
SHA1 9c87d35d7bcc81f197e4ea869539ce35609006fd
SHA256 769414b8bdd948a82cdd62a01514e9f427ff69c293a4fec5c4b076312592c13b
SHA512 47ac3b1d8477876d16ba8314e6e0b934a466be750838f69b4141103ebf9cc5dee2c5a21721bee07818509534a52d5d2ca0522af40eb72c5d1abb10a427de25c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f46207b1448e15e401683002537e3a2f
SHA1 5d53118e043ef8e15cab797a5208cf723918e496
SHA256 acf9dd0633171ac2b4c1cf0b0c6475c609b035ff486f6d896b31a9ccecb3884b
SHA512 d32eafc15b52399c3a0aa9858ffbb653dcae3281e65516e66cd6975add6398a8f49b8596441a3f70eba670ecd4e821020d90801aab3ae34b2587efb53f16abda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 fc05ef0fae6aa3c694e522b9dce176b8
SHA1 a54f75e6f02ef4e9170dafca44002ae29c93fcee
SHA256 c054c3fc376efa81b6a9178f4b40b4b57231fe24db93af70d7db7b5cffb874a1
SHA512 0a1dfe44a62c2ee258c4afbbb380e45f4bd1207a52b2c949a905bbdcdafd9736c2ad61d644994a6632eec21f85cb4d64cd878af60945562d96a2acacc06b8f66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f8f68274bf2efde84ed7d8fb4e69997e
SHA1 d67c7c342fe63b8d4f15eafac75d8e6e2d2b424b
SHA256 80df3b90b14a34a6ad33723f494b8e40cddbc1b35b8dca06cf3985e4c27a7b0a
SHA512 77babdaa9bb0db1d0d9530102738a3869b8be3ffddcdf5289abe51a0c1d2faf8087928d58683490fb99011befc7d74c6b7fd427ef4d46f8de8643a3d1a163c8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 c620fee91e9e567401ff7ce44c038d9e
SHA1 3d1d33ae7db639e6d6ef09b1d396e196695ee2bc
SHA256 60c6ba15c82ce9e651aa4a079d54f834e3717a5dc9942d78414a48a94221a50b
SHA512 abf5a9e33f8f0cbb6e0169c1c0fa933c85b4699a699c2222f8515fb8a13d20ee474627b4f143991d787078d36477f67a2b793d5b2ed60328c6900bf1c4c8113a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 5091719ff100fdc884e328e38c6dfd04
SHA1 04ed7f9113d2a277c6cf3ea97c3c52cfaa9bf339
SHA256 ce2db1db1c03a0bfb421a86224bf51fc02c9a3a5b4c9a9aaf889b0b729147ca7
SHA512 71155a610b2e3df001e081a3de713a9053e4f0966f354f415fa5c243e6a442a590497f09ddeca198d3d34a09401c3c0a5bcc82fbb9656c07f29c11c143509d31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 c03033b1dc9c815f872f11c3f0c8dc8b
SHA1 e0356ea967de2722605e2419f554e7587801a886
SHA256 d7bf54c16a7e57f146fe05188a5fd4939e4d36d68cd987cc2c3cac0d0b9310bc
SHA512 e1f352ba07969abdce5cc531d950e02d4a40794272a35719a08400e56bc9d9652697ff58804fc3e032361ade742d07126f831bc09b5a2641387a5d900435835e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 66032e98eb26d94ab9c2aac5e2ea54cf
SHA1 7bbc51355af0d73eba0d23cc34b45ce3dbff4f61
SHA256 6f2ec370ca63f7a94fa23faaa895d87727446b00318877ebd2fe665ba2e30506
SHA512 c541cb711c0f71e1be2057ec10f5daa00a16792470e3b468b34aa4867977085c1fd32af7659b9380e5cbe8fb20b773c01f498761d87d4132495d40b86ea6d118

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 58a080e084358a666b134e10cba1ee76
SHA1 0c42e2c0920c5e927bc461cd610ee5c154ebdab0
SHA256 1a97af4afa0c6fcdb8de2f732b0ada2a1108e25ca44541dde1cd3cac0ee97ade
SHA512 380cdf988a76fc6092b3660cd53eaef47ca05837d83c51b1522f7f20d1265f01cf3b6f153c99734fae643beb55b430654e5228aaecb86bfdbc94613a0468f00c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 fb9c93a81448fc6aee2d8b50330359c8
SHA1 26e60a2f28f03c2add1631dd5eb923d6fc4325ed
SHA256 67b059c3770b9a3e2f3c239157d426ce06399d52b12030aa716d1ce4b8e01812
SHA512 d45e924a53e9806f0c19d55af3885d5ab18a4a835458554b70dc8ae584a5949626f190270f34e01fd9b45e25e8561c1469826e0a067b77c766c283172e46310f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 479ea57adfcf4c153c2fcb1e86984994
SHA1 ede134b0e97afb5e1b4e9d9c987a53fd1d9d180d
SHA256 d04cd7071590d48a89d092d6ea5a9822d12007b062a7b2d246230556976514da
SHA512 4b0ce6852aba59ddc7a8ee575b511a0eb6075a8451ddef352f75cf787acc5572b809b6bcba25248444bd01f1bdf154c7e0f79634d36ed4b74f7f91c0e877c2f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 82ada1240f0f5927773fc5508d524863
SHA1 efc7df71e77bbc93063ad0b46dd35d56572a48e8
SHA256 664c876a7f5f94f921deae5141cd6af08b52187cdb99f13ef87c7360694b3d62
SHA512 c8e040255db968675e184a523df6e1016f0b0c40069578ee5f44fc975ef3035fa6ae29540903ac2efccd4102a2817544b6a76c4569152dbfbdaf13d87c40e763

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 600884999223274012a120d294ed2107
SHA1 d7ac76a060ab9cd31ce4f5ae06345955662fc48b
SHA256 f01be653cc4e1b41a14dc245905923ac0639bf4e28bc368512a72da6ad7df32f
SHA512 12e191f79d3715553f9d7b76ea9b2a377142eb8bf80681b649bf1f81d2b222a4093326621d0852d28df25af99539102762434aa17cd7d0274027f83e7cc5c9a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 484e2d345e19ba315fb56e8c37d02e13
SHA1 ce6b73e2dab4db22355f94917c0f44cc4c402373
SHA256 e1e1b0e82c16cd9267069720a3d6a87bc5b2b6cb5b5373a2bfdfb917116310db
SHA512 34bbb52fc525ba6a54d0b0ef5d706e60e4028fec874922fb4282939c772dcd6cd71ae4d1485dbd2c72eb7ed11a37b0100a15773a672461d190e5ea98b3824c47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 6faabe41121304c86aa1a89c8caa7893
SHA1 e968275665789770ed1c113b6e8c9129a617eaf3
SHA256 0cf7684e6bb6ba3004c3440e13a9eb24e29825276f4696e3781afc3df8a043e5
SHA512 32d57321c752b4e86b19b7482eeb13b67d735eb992245b5dd9671c9ff63f30a3ec03ca668ce0ace9e981768d672cf98350bb4a5f8662191e5e13daeb9597d4d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 3b6f1d17adda92627d10e8fa91b84ff0
SHA1 c4a172bd11b8ac481bf3228873c8f92476262b19
SHA256 c6a5089ee1e45054be09a46a92fc8fb54952ad77eacd36e9380c79e96581d60b
SHA512 859ad7d53c1b9202d1172173e8282e8aa40a6f0fc6e6419233cd56798a09e822078cf2f927e1780f15f53489fb7ee9077a129db71ad0a65da71fa38291ebae96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 7818e782a33a595a1e955c449e4cec09
SHA1 1eb81f4575ef8db0bcb49f806380a9bd6fa6d184
SHA256 d34d5dec056ad477cbca39628a9a73da7830db9856527d6943f412db053156a3
SHA512 6cf0baecf8bbcf3951a2b0a612593b2ca2308c6716ccf7cb68d8ef0c6254df4751accd1e8b9516908c59e5502eade59c0d489a52a6100cc2efb439c68539ceef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 9ecef0c71bfa706316331fff2714aff7
SHA1 3750a53b7a5fe1a7f64c98820153c8d7c3a68729
SHA256 eebc7bc489772a4d7794de7f8fbc0c2bfc57e971cb95ee2ba6c851e2a23398af
SHA512 7c86d1f64b7b1312cd75d48b55b50644e1cdf9a40309d241474bd41b86f66a8a9edb0e12ea2314a0f2c26024d7bda0a1d67cf6a80e59429ba115a5044fed62ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 b97ff40b469187e41c3177e2310cd933
SHA1 0cde9ccbc6b8b642a9fc7a91bd0c930abfeca359
SHA256 dfe13ff46b3f7862a1bb845a26e3f435a0b6bf751e370a5ebe1510f6400356c0
SHA512 98c5367c3cad5e3d31ddd3057c6e83a845f6e357035c39447fb8317794d7ee6cf3c6f50301d5a2c9dc219dec901862c14fea70225fd3c3bb77c3fc8773617856

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f43839c882bc44a4572e39a081e66e56
SHA1 3f59927bc141269e647614cf791df2e68bae50fc
SHA256 4fc8709d79259794a80a72133281c2efeebdeb978f0eca9bb3f0feb94d950da0
SHA512 a4ce0a9be58c4c3b058671faad18ca6e71c4e06cfa1b433f5fc0913eb8555a3bd566fdb82a73d65aca7a7d123c3b6b9670ca3485d45f64b2fdc3522f5322532c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 c5660f702aee980326715dea4cffebb1
SHA1 d58a90952d5294936109307da50452bee16fe23b
SHA256 cddbbac6b67c947134ca9ef8901265aff7414bf84632b9f9baeaa5e104fd5804
SHA512 f861f32552c36fb97f14b003664a42775b7a817d187cf4d6db559a825c6d62095bb1735746cc0bab209723a805133dc6d5fce56457cc8a82a7a40973de9e1c5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 3a08298c70f893c4391d927b3b966fa6
SHA1 d7945a1c7131de74bd015653d6369a3783c5fd2b
SHA256 a0a52394354d836c86bd9ca046217118b8387c0451597899eecb54bc49c9512d
SHA512 3b1fdb8673fd26f9b97fe9a993bb8c5f5d0531186829637e34a71ffc1859eaf21d7b1998164f1c7f87d4cdf9bb7c64da38a7bf4715df57ff1cebdfea0e8d31d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 e481d8a04b6c995a86cc3b9722ea8e8c
SHA1 6d8eef6973fa931dc9a76282bf5905498459a56f
SHA256 106ca33dadf25620c423856ef344d1f4baf660ac078fbc66c7cdc10a60b4e5a4
SHA512 641c0f56c099c726f6946bd384cf936f2faaf4216b4a8a870a32cf9d4db7fa120649b3d02d62fb8df33c599dae7cef5d3f5fc93d623a6fb5b5d31f8d0efc38e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 f695610ddda0f3575d5b7fad9057d0e8
SHA1 9c92d701e448ab18a94a917015456b93d72223b5
SHA256 a58992357984d82e9c9d81353c5981422cbb8f60a9fef103276fc8be53c130e6
SHA512 f33a3525c3806bb555869f74a22ef08e7935043056a795c4b7cecfc5bf0b0a3c8ea510a2e05b2d4565fa23e719273b85418830aca539d3a59d61f64a3a682383

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 8f2636f9d7f9fb03dabdf19c3dca2dbf
SHA1 298f19066647ab1105332ed2fb20c35f1b7e157f
SHA256 e52fec43bc0c349b57b1a72d8d033efaaebb777e796d072714da311952b44191
SHA512 9b645c8b992ce629de3e25d4a11740572c1bac3beb3d1c0acb3a4f12ba378705e8d0e3ba9a71e5ebcb5d0c9a42d5f4ac152a7512260618d9c07347f8861a0ee3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 bc5a7dfe5d237e7e68b5ef634eca2c2f
SHA1 15e416d9e036851d0578670823b0c9828a28efb3
SHA256 94aa8c14a6820658ab00bf1ef2cc67aef04328341c56577216cbb53fce204b58
SHA512 4134fb4f0a8658f7206d5c6f604cccb26fe18d3a403cd18d4304589bf118ad0e4cd2f6b5f93d7c3ce5e141729c60445178603c8b3a07106440b40442d12e2baa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 b3aac4e3fa0554cdc78a2f17b8b4ff8c
SHA1 8b476caac330713ab5018dad7dffc8505a1933ce
SHA256 d5f6cbd5ed24e0f8961f8ebabff0e3209812f9841b7e61a775533b24b2e5877c
SHA512 219418ef080629c0a16500c4786587a7450aa306f3e148173588ee4ffff44dc0166c3302f83655c00756b90950fbfae412a24543446ddbed936d8efe6e770f43

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 2a5b5a9daa6cde32ada174bb9a0ed88c
SHA1 0cbd822d044ac65e3117720ebc76358dbb49e54f
SHA256 e294e0dff62d9b47aff33bb0b2fef888e816ac91f996b490b3079245964d44f9
SHA512 cb37b231d4fac8d0d4c848f0fa61d32ade926cd2cecce2aafdbd74ca37a157356756b7db016f003ef93a0bdf1c6ff5a77617cced011ab96d6340c68d11f2977d

memory/2880-7487-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2880-7488-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 983653f00946f2224b9cf151fecd9ea2
SHA1 af1c673bac69e6b98bdd44a3657b62ef28c69d79
SHA256 45eb6bf7e29a267c29ea66698736d30c1b930900329b68461990b1b7e74e1333
SHA512 d6c02d75e0056d11e4691bdb3727a313a698b0f515eee6f2aa527390a111015ad61b0916ab53924aa3846b61058ddfa7133eba4fd986471a115de208bcf55423

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 0b73f4e7f3285cab3424ef4854c78fa3
SHA1 e77edc9799e7b603b9e446a402f9d1592bd51e42
SHA256 63a859e025bce1e96d839e74180890779dbd67a1dd8f8e03a01217b85492ea44
SHA512 9b96de461e2b05f6bb532453afbffdeccd185e10987b7c4ed25ab2467921c54b159d3769895d4b29968a0a6af5d9a41ed52f4519787e60937c8216bbf4160645

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 cc6f01d13384715be5c83ed0a0581b18
SHA1 bdb8f5675c2299c7de621c63f0220166fa239514
SHA256 232718b534deec376113ed2e8241bacc07eaa60364f155efd2e088220dc3f051
SHA512 1e68f57f652f81c57f8a4d350d44ff233bd80f59560c516cffbe6bbefd2be514c37882f11db604f72d9d01b9189e81972bf772103a4640ca1dd952faccc8e7d1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f7d93abc310bb11f60690807e4356326
SHA1 301b893ce9f0314989b640995aee70ba8a56ad7d
SHA256 ca1a4a2e5fc2b314a51c3235f24f12da8e2895ac18d4cbe082988dcc3a26a1b7
SHA512 52af5d128b2fef5fd8a22fe4ea9f5fa9210cc7dbe7d4fabadbe12696178e89f2516a0eee8077bcd6b7068ffba6bd4fdf831c5f8273ec1e3d88fcd5dbd8d00b06

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7cbde54ac6bff7393d53e18c7ee883e5
SHA1 d75fe4b98fafe36a2c50b287e21fe75ced187673
SHA256 5f469a5cdce2a9bb2ae4730598607cf488a616a80761250fee6f03430fd649cf
SHA512 249185cb7cca6e6a227c54f619db916b13fd646ca56d8906115f4c95f77e92de0df5b782163567db68705c22b1c14ae6bb1d61db0a5883307075347f5627c0a3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 2843174a0e12a16c17d601ca2a308568
SHA1 2cabaf6253822f426ea1e0aff4aa3f7cf29369f4
SHA256 7135ffb63794226e705030b4d6f26f5ac35c976d823c0fe35b192d88ec74f631
SHA512 b27e78376915d235f035193948160a980106b5f284a352171e3dd86cb5948bfc791e19a430734918022054acdbaf34a72b3352e717811f6716c62a1e33762cfb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e2511ecdda98eba90bda87e7adb39896
SHA1 0dd2215a2b2e274f0c57e945eb34376a2cf5dbd3
SHA256 f47d736a110f93a3606b049d70a496f252d90740ba9a7bbe82bf69d4dbc36d20
SHA512 c8383844e6805918e3e0e435a403d32b647f5b955aa2a13521db1f30254c34a32c0c47d3aa56fe42a91d25a0e990ef920a12fc62ebc4eb50810347c367d53abb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0e7c25d49075d572d3a774c11a3cbff8
SHA1 5ddc292396cfab116629aacd885730add6fa93b9
SHA256 aafc58866e459e731f0d7c5b069293afc40cf5b9370add0e86f9fef1c94beeb5
SHA512 be7a3d784280804256b9fe791ecf23132c0f2dfc627dfe7e10163c27a2d75a14d08d7a5b330331ae2079b45290168c6fba1716635d55f0f7667db93a13ea322d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b8359e601c80e77c04e43dc766f0aa5b
SHA1 bd0e1eea9defc625ff3daa9087435dda9f44f82b
SHA256 ed39fc3cb648df9c7768ae5cd7a52a91bd58503ff16cc36d557f3c9d36c241ee
SHA512 a4c4a81d3d5c758b73384aecdcb4316d4ee03e984d86920363d5813e146feca409b659bb26929ade3419a40b474e9d68399f575c5c6e534ecf30d790c9b69042

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fc002c1de3f25a53ed70e4314bf5932b
SHA1 c61fa826da41647d1cc28474683ce34f5f293cf3
SHA256 70eb8784cb4958059d42a6bb6d9972e7759b7f89a42d2df2642a5698130abb88
SHA512 74947254e74df6d361fc1fbc970e88d0dc17125256373c5aec542512b769e7d51d93d944e4704b54604f3f62aebaff1e939fddabb82cdd2c89eaf9f5adfeaa6c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b28a2b94ecca7129a82810b18a017a59
SHA1 8925c4c5c73d0a0f58d9383597ba35c50e5b899a
SHA256 c528a2074c48a4447fdca8f74fee2a7d5fcc6d1925ecb33ef6cd7e75bac25ed6
SHA512 59f5a0839a0318134a00b36dac0a067c3e4f5ce463e5cea475d2d04d03083e15fe8b02845c91c0282849a743972237b72a654772c35ec799fb9f1efe2051cd23

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 72ce2da875ff80749bd2d0c3e3a02016
SHA1 ff4e0aa7a6325503b3dac00751bc9a3af23d74c0
SHA256 bb1a37f9ddfa809c930911fa5b4824ef762af9745fcdfe869c61f6c728249543
SHA512 dcd44901c8cae86aff1940cf35e313a056f3c0d32a25e2b289e7ffc73cac22e5cbba1e8ac51c5e4e1b5fd213c811fc97e904d9fc442d8f113af64af44f08b1fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f9ba5109b37370fe27884b578dd696d5
SHA1 a6392bb943ef2650c480c8856cabf56cdaaf1966
SHA256 ad238a172eaaa307a65823dbbf2719d867fa27ab9b4c852e927a6c6329157acc
SHA512 98c4db58e545284316717e84a0f0a13a3473e20770890c75568450751c676d44f709da1ee0b68954baeeef3261eec7cd44f890080993407b04c0cf57076ca147

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 83afd2a715954abfac3308079b1364a2
SHA1 be99e79e4dd915b0890c1e6b994cf9b63a1d70b4
SHA256 0aaee0e39d8381365d636d9b7f74b7dffee1ad11c6406253ab6c6574e34547f8
SHA512 52a45d2df2f10c942c6507199c6953786a0672510f71c67a520ae678c3f5dbf3752ed6ddae675f57df4673ae14fe8a8f9afdb69c836f2822e2ade7e39381647e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 2752ff6abfc32f0666365e52cf2cac7a
SHA1 ba09e8b84bdfab9828779228b318b02925df07ee
SHA256 3c7a3bda17af6b80c24f93d39a9b92db8f8d095757b7e639a9cd572eee3d7f85
SHA512 cf565547efaa6de6c6b2cac9b4fde6b1e4024d516e1596089859334ca25172dc3f35e09e3ec8ffd1d3d72a4210d70a89a48d17a82dad3b0417cff93ef48b7f49

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d71efa9529cdcc0df684019d6577405e
SHA1 d8c6bf96508daa8aee79d62ade3c51ce5447707f
SHA256 d82d676c3a08009973bbcf943dc4898e4d410b0a1f5e4f3068971b27a9a5971e
SHA512 bb99fa1991d33656ed7c8fb88fb44f7f9c290dfcba76a1b51f26e12d9d6badbe7eb02b5c14662411937d0063a8dbf7ecfe6a6e1bdf53b15c197952d4c4da76b9

memory/2880-9136-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2880-9137-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2880-9138-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 06:07

Reported

2024-11-25 06:09

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2192) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_d2feb24c2d3b69d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_c20a3bb7ac1cd207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-96.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_contrast-high.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-150.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\167.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right.gif C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Thickness.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation2x.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-64_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\AddStroke_Illustration.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nt-dmpushroutercore_31bf3856ad364e35_10.0.19041.1151_none_d549bb8355b4ced1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_10.0.19041.1_es-es_077c6deaed8efedb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-proxy_31bf3856ad364e35_10.0.19041.844_none_d1135ab4e51bb45a\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tapiservice_31bf3856ad364e35_10.0.19041.84_none_e534a0664770c42c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.19041.1_none_da6b9c85304fbda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ninetcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93d9a22b0b887089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_103d7413f2fe0492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\404-7.htm C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_es-es_6f4b7699fc5f797d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\OfflineTabs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-proxy-vmms_31bf3856ad364e35_10.0.19041.1_none_d7f7c81f5ce3ce59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_a0759aa090a85964\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12app_31bf3856ad364e35_11.0.19041.746_none_9058677ca855be17\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_10.0.19041.1_none_857c0c60dec56103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_net1yx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_3966cd5b62e026c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.con..sion.v3.5.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_1c0aa37fdf72b38f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.21_none_5d87edc64039afca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netwns64.inf_31bf3856ad364e35_10.0.19041.1_none_4b1587310307e248\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_482dbe09c5028863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-bpa.resources_31bf3856ad364e35_10.0.19041.1_de-de_9af7b1b078108d85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.visualbas..lity.data.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_5a77f4f3e3aa30c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-components-jetrepl_31bf3856ad364e35_10.0.19041.1_none_5d4257f18f6f47d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-oledb-stub-er_31bf3856ad364e35_10.0.19041.1_none_4bc1edfb5708ae23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c8082d297ddb4f2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.264_none_33cd145286244f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\startfresh.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_wvmgid.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_699c176c1d1b09a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_10.0.19041.1_es-es_ba16071ddfa7f550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ingflyout.resources_31bf3856ad364e35_10.0.19041.1_it-it_2195f9b1bb8d3b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_el-gr_1cf4939a9885c794\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmiccore_31bf3856ad364e35_10.0.19041.153_none_b2ac5416d1727af7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_237aa87f7ceb2bf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\404-6.htm C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..tioninput.resources_31bf3856ad364e35_10.0.19041.1_it-it_2a2289481dc681cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-spb-classextension_31bf3856ad364e35_10.0.19041.1_none_6fe049417df680da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ebf605d2eae43c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shutdownext.resources_31bf3856ad364e35_10.0.19041.1_es-es_5499b4356c70a60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_10.0.19041.1_none_b0477aea8cb66999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\msil_comsvcconfig.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_339ec615666b43c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\wow64_windows-foundation-..stics-tracing-winrt_31bf3856ad364e35_10.0.19041.1_none_3b597d04781f6529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..os-snapin.resources_31bf3856ad364e35_10.0.19041.1_de-de_fbc7f28fff5eb06e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5c7655d2e64a1466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-privacynotification-adm_31bf3856ad364e35_10.0.19041.1_none_c2843f017df4be3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-12.htm C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_fr-fr_c7c95139b0684052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-ctnrgidshandler_31bf3856ad364e35_10.0.19041.84_none_5b11e4395d8d1b02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_es-es_422694e7d165f91c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-q..ions-core.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cea02e92932e00dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\background.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-desktoptaskfactory_31bf3856ad364e35_10.0.19041.1151_none_557e8a9a2302105b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..n-desktop.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_19e3d51da40eb67c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\msil_system.runtime.remoting.resources_b77a5c561934e089_10.0.19041.1_de-de_0ab77cfbefa728e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobe-chrome-contentview-template.html C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..iondialog.appxsetup_31bf3856ad364e35_10.0.19041.1_none_a029d8a7ac063705\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_37c80eaf011451c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..stall-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_c4579cc09c773ce4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1202_none_7dd671148082fed0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webapi_31bf3856ad364e35_10.0.19041.746_none_eb1dbe52976192d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b6479af7f3a8cebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_43b9c1ab93991fa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VGNELURACJCCFEQ" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe,0" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe" C:\Users\Admin\AppData\Local\Temp\asdf.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\asdf.exe

"C:\Users\Admin\AppData\Local\Temp\asdf.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 ftp.gtarus.p.ht udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/4536-0-0x0000000000400000-0x000000000045F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\asdf.exe

MD5 44f5857802e6afce8b8fee1f5076faf6
SHA1 c9f3839db2e0e3c64929a7ca3f9ee4a1d11c9903
SHA256 d39530b8fd308d46f9684df83ecbb52af0215b273aeb1706e56e2a4b6b1b2662
SHA512 8b82d36fb81554b3ecf19234c29a5345c046c63ee7a539485f960cb0a03e41f072c3c005a9efc41bc51196abd5d679aa3795d0239bdceaa235a261242f38f77a

memory/4348-8-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bf7c33fefc44b06d8745cae5dea04b4c
SHA1 9d6dc0cad21510d21a9413e8af98c08f31892ef0
SHA256 e875b7b939152a5af40aad0df542fbad5c9b96584c2e99e72439e364c57a9ff9
SHA512 b3fb42df3087627db830cf55332b569f99a00102c102783265bcdef22efa3829a996829c0afdbcc95e4080dd34ab3eea7714323e51978006a6a524603a9138b1

memory/4536-111-0x0000000000400000-0x000000000045F000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 665e1d3ef858211c7eec7d03dcb16e33
SHA1 1971a8b3cf40b1b7e910fee82582c0b1a0354f5b
SHA256 cc9b89c2659f862b0d147f1df8af59c5e8fe5828e12cafe3a342a1ce942dc15c
SHA512 5a67f8dd33db5cd074edb8f745c83985beb973a7786e0a345ad6d29e71c04955eec3de0f7b6dfadb4abed7dab6ab668a8b997c5abba95570d790087a0432819c

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 fbf4e7353e988cf796d611e13669669c
SHA1 598950f61ebfb537bb2754ecad4e000814850994
SHA256 57839c0d9155f40a1c647ffe278535b0ef7540c7657ff32d6e6a684a52046a91
SHA512 e71addf656e2c78e9cf0e7c3519867352da1be8cb8c62541ebdd797c6e80f1513c4aedf0e4b3a4a6eb9a5ca0576837b40fc29aba146c199452b51bf5d2453ce2

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 ac71e5c81ea7cd4e20a61c11ed986eb9
SHA1 7d2986483be19ab8036e7663a44a885976e78aa3
SHA256 20a2ab9fe42ee7ffb89acfe535d9bed5f5b343dc643f19fce1d697a328902948
SHA512 e415064a1ee6c7bea00f3fae1fedf90df26b1af702f624d8d6c2c5d511713ddb6f760fa73eaf2cd7b921e025743ac0a67534f4924833e154283b6c860c12b23a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 193169d4c8236aeef47e1656ef4d9093
SHA1 dffa95a4655caa386727d448b14f97111999b371
SHA256 82ca8766b47e0e1d31b5a17f0f5d453bda3ebb1609d9a3ffaaca809644c27cdb
SHA512 fb10dad1cccdcfe59be5edcd4d0a01b5ec7b163dd9115bfe21cd432ef62311aa1ac90d31a0ea9df55d1cafaf31e0031fc4c3884bd5c49caa7475038db25848fd

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 a83865849d6f7fe01fe72042a761393a
SHA1 7112a23c2a789878b145a6c18497dbf3a861aed1
SHA256 f582f79294f09c2da8f6e5874fe70b14583cf8a8d6d959d31f3eaf502a434e10
SHA512 d5ed5820c29e4fa0c5556f999721e58b7c95a01a0f9b7bfb2a6fbb9512ba9d5d4dc0a795bd395d35b19983c2f7d9dd4230718b4be7a1002e510e0c043decce38

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 ecd42a218677e3501aa48b77a85f649e
SHA1 a8d8968f07c19282b5ec25dda0556cad7fc41c01
SHA256 4d8caf24fefb396cd6a7ca2c70f1d206c711738aa394240086159e5ce3ec01da
SHA512 93026832e6ffe8fc385c43652fb091a74aa3b1af9b04e6c83080be89e93e3c93605beaf6dd93a590279b0f5e0a4baf43a8e9ec1857323336435e03b71d9dfadc

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 d2aebaa1129531641f14b0629f9447ad
SHA1 b1b638d65b1b9c1890ca6578fcdccc948f471b3f
SHA256 83101a08a7f39757edbd237d98dec66e70147145aa11650761b41e2d2ba380d3
SHA512 dbdea977ba8e9ee896e156192c8fef4292da47294ac5d392f0eabe12a677539f8a697663fbf67db999da4232dbe060bb8d9bc89645ffa423769c48404e6f021a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 330d58341c2f15db0e518483c5ac8987
SHA1 863640c1664515c1aebf6325039e0e57151f37e6
SHA256 674b7e26f56f79b12b66676302344810e5380a133aa0a7c4cef8b0d1138d43c5
SHA512 edef0694de6c2e033c1a69498cfec3677c3fa775f2711fadb0c5e88d957909c21d81d6ac86a113eda3096b1aaad87781cd54c5ff08b54f03d3df83bde1a3f0d0

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 78e97dc92867bd8bd32eb15d9df3b69a
SHA1 62a09030d7823ca40f464e3d877370271c165e1e
SHA256 0697f27c7abc8d901007ac7b6a70a70c280c6fa056b40d1f864f7df2db0404c2
SHA512 910674ad09ef629189dd247eda6911fb5e169a9974ed01b5927b455f49d479ea264fbac8cf1ed19bf5baf35921741bc318d0094ffe115656e5677758614802d4

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 318bb9111e471cacf001c81ca9b174b9
SHA1 4e52efe691c12fdd9ca02fcabca1845f2b78d0d2
SHA256 ea888c601041570d2c153e9357a8478e80fa7488255247c745986e772fc08d3e
SHA512 5ab7602b73b77e7d2bba03f6fb01593dea68f42235ebe2de86f8098ecbc5448c428584cff0665bf9620e2a96dc0a1f9f8a2696fabe7377b5b5a84512e64d1ad6

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 f54005c34f6cb8bc69c73a5cbfaced64
SHA1 c03bc0a2f0a350d34428b3d71cb1a0d0b06d1f1a
SHA256 d4d48cb9955fc36adec677e626d6aa83e126691f44bd3d4e62e137f152e9f9a1
SHA512 8a73314c0d861792e7a896f4e9291bb9196a72961974083dcbe45bee1b64f44ed5e4b2f564fcfa06b7f317405c72cd0722e478c611e5ec35be9c4c1aa815d553

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 96fecf203218ae18068ccfffa70e23ba
SHA1 7b908267b9ed92935f262cb96f36b9a7225e9c4e
SHA256 24663adcd4fd2651991252cd3939e3506146ea67da1c3f0b5732ee4705bed888
SHA512 aaaeb385fee06fa7eae0ade13f73588d346c0408f4742fea87efb3cf89bd2febe9558cfb5eb50f99acacb11d2681a8b52a1dbad35cfc581a5bad0896f06f4b98

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 7119924d10f9df487d6bef590f2ccc85
SHA1 2f88a050d17525dc29c62a0452c3d3e0fecc8b78
SHA256 fd94f81eaa3e1703e89656f125f139fbb5aac91ceef37402283cc884ac07c8af
SHA512 16ec1ebc1dbccf2b3f7e62c9c4cc4ce4babd60e9d469cc1cdabd9b22c306df582775530b5f8741671eec3de1e9d4bae0fb8b711820f1aa5781cb79d3231ce396

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 d9a7eed542a266bf3c6f477cc9f1c1b5
SHA1 22de0eed2ff913ed635b6aa91dea38d693fcd9ae
SHA256 78f8e1b3e47f1480e764dfd0440ce4f957848841f3b4864bdd121f7a0855f974
SHA512 3820dd431b4390ad0e16360125acf4b8726520ec64437f9fd6d052daed726dcbf5de64f7f056f56410f5dc6569739dc309cd8bbb74f95157d3a74867149faa2c

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 e116b8f5543a1922ab3d4f1b8c796f20
SHA1 340f517e79645c8d3863f3ed6b094d35b7bbc301
SHA256 991479230369bf5ab70aa03a211c47e682f6bf3138c8fd9e8e6be4b9578e8302
SHA512 d7420822e1577933d8543bf376be2a06675690786ef98228cf80e66d80f9b36caa20b63f22b3e6d8d6dc2c2e3cfe3ecaca0475099b1ddf67a30ab95d2d605066

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 61f77fa9fa7f1f5bf2cd1e4d46a5d30a
SHA1 b86fad293b47aaff299fae5642e7b7dc81b65a04
SHA256 364da04368d795c4ac27c128bf9406b7c03b05a81cae4fdafc6e9a5ea98f74ae
SHA512 747106e31c13df26b6b99a4f551f70f1094f91d2bd6a0a7372cc296fe0067ecef33ed29685d8258ba8df3b3e8fe4db95697f3d781645ecbdaafef82707baab6f

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 aefa645b7b5d7e4bfe4c1023f01de569
SHA1 9c9bb4e85d29f214b9fa8845b2b5f0b21b3fe213
SHA256 669c7975ae32dadfad3530eb62edabe95ccc9e9a6e540ff7f227186ff20b9be5
SHA512 878f322cc4015e52b54af308e3b2c5139463e255ab118e8cb7435eaefcbd9f80da493dc897504928d14dc008117d42d1363183d6fcd5909bab96975e67704170

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 67262abe36683d35d324881c5a83c500
SHA1 fdd99ceb07cadba221ec88ebb94784d65f48f103
SHA256 cdb18b413cd86e3725c41d2213f973f443fa238ea324945b4c28293b44bd1694
SHA512 8e9358681b3429b33c5db6d997a50e5701ca0ff15595058e47e5b9c7d90b7e35db85b52a1b3e5cb6615fe6aa3bef66ac174ba3435ec4efd17db595f8bf214f21

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 2310b3b7278e8cca6f679f33f1626c8d
SHA1 0f551bc7b62bbec58b7618cf61cec8af10131289
SHA256 42a1badc65fabc947faf2b4732bbd05716d683e1f343f91388298692120d64b6
SHA512 3843f3ba226bf3aa47adae507e924e1a0eed86081f13d024a23a81536d598bee7c39ef4fb09730d83743d536eb44290966d1e966b228c872452d0a1595349833

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 3c3d0910e26ed3a4d852094dbf3743e7
SHA1 b9be5ff39f12d21721dd6f6dbf28bf16c0b777e4
SHA256 7c91f4d8ff0c76db71fb92c29883350aa5540fcf27094d61fdb14a5d1cba9a9e
SHA512 b1629304f78c0cdc31d3199b37a9963978affa4c62c9682e07c9551100f6126a687985920f4c4960f16063b5bc3f9c4c321d52fc98ff52f1486a8a9091a493bd

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 eeb6bc12ba17f739f6d14e03af90a3fc
SHA1 30572fe5e70a67dddf6e618bb552eeed3710b6bd
SHA256 99c7a2c634b8d08b5599e1631c84a41ab4442d66692a4964ecbdbadffcb92d7e
SHA512 3a7c1f532a704ec9a19253e9319fad9c65cdf6de91e5774fa96bef49dd16b7c5713fdb25e88dd93d80b1d6a1cf4e54930730d1043ef27afcabdc599150fc4237

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 d2125c3377dbf5291c8e8279118bacf4
SHA1 1f370bfb3f43851d9e9bb2dbb4d044781f90b48d
SHA256 3458b8c4d9c9de2dce1404fcff5507c41b7ca09277912a1c48c7d36bf691af97
SHA512 6092d55fc8a740ff3d3e8cd76efeac3144c772f3c2410471802a4c6991ebf6f1edd583047a4c49120d8a0dcd4c36aec6c101d35980e013045edb871e46f020ee

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 85a52fb8fc4049ebf6b06c9c9b0d9f61
SHA1 fa7e2ecd86189392bfe583f5ec361118cef71e1b
SHA256 40c2237e44a8bd426c923437497ee65c2af07b41e3bbe5b5572559a8cc10e518
SHA512 933c27e120104ea672fc1a84a25660a3ff0e3b13339869b28e70ba55b30e043ecd0479f3b072b1f1fa202278979bf39539030a1bf3e6bf9db2e0dda6fef05d30

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 272c4ef3fb5f53df09c4da10b30143b6
SHA1 130a6aa407e3c49f14cd858b21e7bbf23841a288
SHA256 54f423ac5ef353b0c181a6c042dcf798e536171f5c81c2cfa3f99c0cb29ab361
SHA512 683d967fcd8e726346379a6b75ee731098d28d5c0f85723d2f25f0296705e1c2ba691d5d183e2e1d28f7ee1adc7f90f5599ab7d09e4e189fbeb86cb951cd189e

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.EnCiPhErEd

MD5 58694e08e76b577c80042893fe948788
SHA1 7bdc9c6180fa71e88d2e140f4221758b1e4754e0
SHA256 26779e6f7a03a31615606b4a0820f7ab467b1b35672721d22c7c2899f8c52628
SHA512 04a3612aa7ba0a716a58f802834aef072d82ab7ec7669d2be681bfd92b1ae0521cc83df03302be22cc0cfc2756539981bd9848316713adc031df15b950cb120e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f31997e07fff661e4c7a3c82aca0fb1d
SHA1 f80b3559374bfc579fd2d3902798198cd3346552
SHA256 99b0d233238b9d9b8f2f7f4fd108f1cb8dc719c43215dc9cb48a1a643ceadd7b
SHA512 fce665310bba7f6163b1b43fb9ea27af6e659623c2c0c519bc1e540fabd5e9864516170a5f2d628bab0a9a12e51c1f98f29da9b6c5325fe74675c5d050c0ea4e

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 4f3675c9e04bb032c810488d4ca9b940
SHA1 184ceff81c95893da92a7e7f4829e5ac4a8fb104
SHA256 7cbe658608569d0450d3923defdf4d85b5c5421b31afc60e6e240a6493987fbd
SHA512 f072fecc48ec2f89d323890f6c5cf020aecb73c0c388f2334af98dcf74e1f85f79612c94e383b3b6526cb6a6fcf51333301af44e3071656761cda867ba446bfc

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 aebac28f4f49a0e637f37ca13326a582
SHA1 24effd44df4e7c087fbf97fc39fbb24626a7cda4
SHA256 ef19ff34eed2621574a756d3819207deb21c2f1d9bf8bc9e9415dfcc5fb0145a
SHA512 b81fd6023c3ff285ec0a2a8cebcd50f94ad31f0e1d641e87f5cb8298c7616ffecfb85bf61e11ebf76c59683a4df823e7483d064f0cab7b85e31990c439175e0c

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 5801047b26a06dd5528d68062ef743ca
SHA1 e54ed6d865bafb43d7a4c031248ae62cf44160b9
SHA256 e529d9e20d9b7854a392b29f0681778f0911c17e35da02fe8f98d3e87f94f93f
SHA512 294259c627a43768e8e820cc6e6707ebdc3d628ea192946956b51d25b6ed2a2d344a92f30fedab0081c82c6b1586c2125b960d55afe4fcebc1e64488b88f9c60

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 97f888d28163ea7ea4534b7bb6587e7d
SHA1 568fbc555ee6fb4160c4b5a18ec546fba68da85f
SHA256 cf48d7936be3c6264a013d84d204b2a3cfa1a6f7077f5c79cd5896bd442beb9f
SHA512 311d84e170308c9d7d2dba44f88694250ab72763ec1d191b870f6c37ffd907f94e9f8c69a371ba2d92efb2ce066c610b9eaa7367ad9762efa28ade28df7bb288

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e9d6dbf9b54b313e9dd443b88ef9f9cf
SHA1 aec55fdf4d3b3a90f2fee83e0a0f521c7f04aba0
SHA256 d8b0c09b5652f96a2000bb03faf10dd9e159403ec11a6ff8c063cf8cbb2dbcb4
SHA512 403858758add89762bf9c91acf00fc63bf77d07567e9e26153bb8f39495cd2e660cf9ead3dff571bf27c24a6416352c992180ccc60bc09070ae3889635f32707

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 47153092bf983646e310f55eec676805
SHA1 dd050bf6b94abc76c7a0eab53ac175160f496995
SHA256 aa006c4475bd892fac3d7ce7b89f9cfa0efb3fd6ab0d0b18e232ff68f5234fe9
SHA512 89522b4d7ad543e9b3c9c27c3e2a3b70aa8325c90eab22067df7e219e32b8100bb07875871b99fa2a9092a616021865e45aaefaa5f189cf2ff49153bf72950b7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e198d271a8daa99f0fa4e1b4b94cb8ba
SHA1 c2b37b06ba1d647df9e61d32cea8f4af07738f47
SHA256 30b05fc97b8dafdca5ee2facb821546550441c6e3c2c2cba27749f1f88d4fb7f
SHA512 2cd0cec8598a1f0d53a57cb7936118beed7ebf712ef22721e9d26e292263d0bca2f2ca2c65bd950f3e0054f745dca6f88d3beb68a1052a668782d457972052f0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e998693c7be3c0a634dfefeb9fc20faa
SHA1 6f3f2e16118a32d5b087ac3d414e60eef9507479
SHA256 a46a23e10bc35b83ab5b3902fda21702c93e2d1f994d2b6827a68fa4a89f6fc7
SHA512 4a70537c6cfe0650858275b0f053ae9c6840d4fe6c14b3eadeb0ad3bac6aac0981ad3ea21f4ea57363a338165ef6e590d10a68ae3bb017b26c438ee91611f024

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 2a647cc29522cd4c5b4a3474929e52c2
SHA1 46ff711a593c9eb066e29f034ea82108654c8104
SHA256 0fc016858ed6a7d5dabed393ebf6f4dff8118ea6236fbf97642040fb63d02722
SHA512 97070bba6a40aff252c53c386629d6761a81ba98d1607abf71e890f8f881ab8032fafaa106ac152919bc57a8c9051a156e82a4e684f258ccdb25755f208d0ce2

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 14b3e2b08dc1e3b524dcaa449032fda8
SHA1 c043616e8b505c7482d6153f2aa7c9c21eb40cdc
SHA256 c2f9e694f004381e3060749420a29055c04a6c29379d93a9a82814a562d6fa15
SHA512 8bfca54b74316e0865e96762d7b2684a60d5c4d8bf11bdf7480a04ab16d7ffc4e18d0699c18bb51a60bcd3b2d4c6dbfce9bfe68637417e6aa8f55e065021f0f9

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 652c35dbd50be368da76b1d53b0449b4
SHA1 1790456f74cd609e40adad6376df2d4194fa01f7
SHA256 35601957597be37e7c5537fd5858d890fa81e5340dbe6448184dd8c820d39a05
SHA512 90b90e71b2bd66ebd169bd30084ce54d1cb23c860f7164ba2f23c196c319e4ecec6b963ff7233fde4b59b6ca7b3e00675b1e3b039b0f584248ba69bb9f7f20b9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 665ccb8f9c1d0bdd6c64ac163aedac73
SHA1 d765db0c6c5a66730aa21efb9c1c95ee9fcb4f23
SHA256 9b0c795c54a9a91f9b11f187cc0bce2a68907e6c2a41c2b43f4d7126ae370f1a
SHA512 ee5fc5135fbced2ad25001d3a74b4a78087643b7cfe586e4884b1ac37b3244252dd12f12fa067a8cb8552db900dd87c9ae8166066f65bce2655e7552934a8322

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 5903ab97871a3cf853df1472255535eb
SHA1 9dacf3c736b4b1be82fa331e3e27e9df8aacf112
SHA256 64e3670615e8428b8265a34fe8295d8e0fe38e693147f51c41ad67eb3382dc4c
SHA512 53c9ef4ad8f6c168672e898fb69cc95ac7bbc0ae780afe394412701e4315bcb6e140beca308c2263fa87293ee050fcf5877e1bf9e3c57819dc83b35cdc29e082

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ebc5bc52094ab4629a49c7b4e8d2142e
SHA1 e04c5aef81cfe8b65a7824d3e37c5c2e1df5be54
SHA256 af9952ea7ed79846c60806474b48b0fc01de7c6fcdf3def414d02fecb0b28547
SHA512 771263273530836d9e9b54c1a5e01f74a3df8bbb92a379e6586196aa241e99b15985672b87d8ee41411f9af771bd8f393a01e033a15c1694200cec61e416678f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 b0b3a90ec4c7b37ff52d270a17c5e135
SHA1 1dd6bad59c09d4f092736038e20c6223ccee99ec
SHA256 ac4e62a66d43dfc95aa07cbc65d63c8162093a5b3590caa50a5bef9684724de2
SHA512 b1a2333228b8e6be1967536bf65e697ab8853619b0a00a9556add71b8a313ef9bc1af6a5dc3de86e240f23d6ef15f8365209853b5178bf8b25cb24204034f8cf

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 da5761b5d2c5f12a640f82ec33d56c42
SHA1 c8138a333db3fdad3f309262b067efb9add7af1c
SHA256 68ab52738598ff27836c88e8ec13e7875f83356d57c5ace0f9cf8766aacdd926
SHA512 66260b2695668874c1ec7ba6312f53796c5d0b4d47d1a6c1e7c6bd70ec32152ccdb2937987a3604011d647f9912002aae10664c3f8a9244c5a76efa0cf693727

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5c81f28f95b820e94df4b84b334329c3
SHA1 5fdbcb3609bc3c51ef61dc3c96df94e116ddca38
SHA256 68db222e2529ef55f2a9a8f111ed3cd90defe5a4a1f6ea9cf9a20046062820bb
SHA512 f596a9f14a166ab9d49641e421235a7dac091ef8af4a9b7283e53c7eff1b08b0441d275ca5616a8efbb6b67908c2e87700f21d1de02f381e8cd3be5867a83a8d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 a827c24f4a041f6da8c55be4fc94c087
SHA1 31d3e4f237690675711f180642677e49390fd602
SHA256 c059d92dacd2b9eb69028420e7106cc2bcaff32e9d26b536a75db0c58ebb5eaf
SHA512 04a5cc7d76599eee01ca1d41622896bdfb32abb9d33656fe80f95c5dce8094af7cf30d787b6d2781ec49421056c0ffc1224a5a23cbbf9afbadad1185fa40e3d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0e1097a1b14970e8acde0ae9857a0be6
SHA1 17fb67f851aabcd7f0ba31a50c03e73978039a29
SHA256 dd5186f4140edfc382a97b19b225d2263736e5352afa9e18eb02c4a321ffefed
SHA512 354fee1c3a754f57e65f9c5d146c3b7fa736b88f90aecb8bc27ae4820c2f1d9d0232aeb5e93c02f6ac8666869eae558b620cb167761c359709f733a73b91f5e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 e35976f6e39d2d8d132575b806cac655
SHA1 d0ced2d0e6212efd9a062d3d04f6b0168a05135c
SHA256 7fe824f1f026ca54a26f7551e4ddb2c7ac79ebb9a1fe92126cadfad00fd53d16
SHA512 15f79265de51a6ddee5566fd211e444bfde1c9f05df67ba52b27f7ca03703b93ef771f42547ec1ddb66897ae212e6a618654159a52586a19847c3b1b8b1430d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 f1f0697eef7a2e2399656e7854cc388a
SHA1 14461cd38f24642b76ff5ab38b5f7c513abbe9ad
SHA256 c2ef95d4fb757b9176aca042e7cf0762b2d1c7758edd44d973aab4ea733192c0
SHA512 2b9f8ba9827de28d10dc4e1602374c0c41ee8ec9f06d76f0d24be4a490903118c553172fbb5152b90be7bde8bd04b459a6932acd6d673351d746fc31205bf4ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 053fe4783d2430942b77336862b31733
SHA1 f2761e2282c4f6a1a65ab5d904e3bb51cf4ab021
SHA256 916af9fb0966e83a051624009ef413bd74bff13c716b246c7c6a8e6263bc6703
SHA512 71554afe10448c3f0b03a7b08eca077a1323964637f0e66f96a4d8c627c048c5176491d281ba495e32e82957b83c06189e9d3fbe40438e224cdef92cf383e8f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1f34a61031c8239c91fc8c097ac35647
SHA1 3ecec4b7bf5a96ac711b9c4555a9d813430cc094
SHA256 18a9f382eb4e8ecf2e1fc6208e1e317b3f2a1ca154d2cbfaa3eb4f68b86c04ee
SHA512 d3ac60ca0077852b11999a22f51583e042a7d696f776246914cf29dbb8c8de87596b42b3d324d5b3cb9119558f74901842129320ee89d8e2336c6b5f6d77ae93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 da5d4ca9cccf79f2f52417b99f8f8001
SHA1 de7ff4038b8d7f93eb781c6162b1e4177d988f4e
SHA256 ee4381975609fc16214d9059a428da9e75ae861bc14a4066813d1a450f746fac
SHA512 06bdef8734be9df31c7639cd30be93cc2c27e4c7884a551c62e07d2c061999792ad44f531c0a73eb05759d3edbebfc88d3cec480e1253748f6230c63af180da4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 ec60795503840c270974195b4672500a
SHA1 a3a2868a5cad2943ad3789c0358e3b2795c9b323
SHA256 5c111ff5e42ed59cc0922376e4923984e8e06c5efa31fec003d3c4ca0ebdeaa2
SHA512 c4a887b7b3e41a3e512e2cadbb35874efa1296e007a3e09b8f22c39f9e56b829e35cfd136d9ec6b342dec4ee1ff3cd1c656908d21838efecc600d3d0ad1c46ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 085f82fc22b74b410be0f60a4d0456eb
SHA1 e1c7c8fa42a3614e1bad527a0620fb65cc2fe1f5
SHA256 9e91741ae872ef5c8d4e97270bab75248cb38d1d826c3b2b19482c2aeb6c10e8
SHA512 e89a5c3f9103625018cb38211ecc07eb578a53c58b53fe92aa5856d84d9fdd9e5106251ee7eecd4ffba0da1ad0281718070361f98ed4a0e63f04a75a1ed57162

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 e2bf2d1a3a6f34ac91985c66147644ea
SHA1 e21c7e5198208d067702ed7dbf5a824b2eefe11d
SHA256 691f9145e5617165ba97fb2f05b274fa09f213599691cbd50fd177a51b1177f1
SHA512 6bfdfcaeca0b9ec9c19ef2d28da410c2e1678b9c7db4cc5942386d3adb7dfecb2d441687a589f0b50be154c8df2526d734e8c9de48b540586f19e678bdd6ab65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 78ea09c6a2a3532515561f8b2fb8f07c
SHA1 914bd5414261a9f1c5970267a9480526937baf26
SHA256 13ceedfbc2db62790bbde597207fa43c900e655b7031e877074322f1bae8ecf6
SHA512 a679d10c95fef3f9e6ecc98ea8aa9222de7b754a7dbcd643c6d268a08bd69b8b537fad013c46f710c1441619f82946ecc1d1b9f54220c69a758c16d5cb289ff5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 8f1813e8fda2306f4af70939e96a0a4e
SHA1 8d0992d9c42778676e61a5718b467f8fa1747be8
SHA256 c8bab83c0cf3609e5ba201fd2fa1d0eeb9164000fd2abb055cef74ae9284aaa0
SHA512 835810a7defc72aee6ef63374d4b8e2f07b1abb655fcaeb1e8c6a4578e193221e6429da4f0d8014ebb64398cb024ba02a322f5a3694cd4d67901f29ae0d3f0b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 db323a14da5b0284509822ee8c4a1180
SHA1 361008d58be25acee2289e5865523b9d493513d0
SHA256 81587147a101af9c1741afc0dd77e5466605bd6a0b7f856e6591fd1a9e0a4b25
SHA512 2d45b609b1eff711dca265f89039bfbf4105afefe4399e533f3cf8c73f822b00e37f960281004634e7ea97c99af07c40965f292870dce0d2430af7abcc5ca351

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 06210e07ecbd67e52b94081e37d1fe7f
SHA1 2cac84bec349ffcb18ea8cea8d85e1c93b007cb5
SHA256 b4298d7d27a93abaf6ac7059380163cc3371a7a0f42002a8768daf227f0f4df1
SHA512 66ff3669333e176978dbc1ee0b95ed55ccf4f7915b612062a1a397379a1ae5c1894da1242cb08413000ecd97922eddf20b12d395861f1caa0df40f2ac6afc8b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 312d3042023234690d05b7c817563b66
SHA1 7ada5b64d6f2daf0d2837ae77255a9e8295bc9ad
SHA256 faa4a1cfd554929368ffc1725e196a0a361954fa071a52b146bd9a811350aa12
SHA512 f03d6559a11f5bc78a694f0b427a3bc15188bd37084d81969256bc86a6220249f124bc90bfe087cb0675cbd06d5be1e9ba1b277921c5ea11d09c5d51064718f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 fba5c7734542756871627d42da7b0d42
SHA1 6de37831ddb3c36f2249d2b2576ce187ecdf01b5
SHA256 af42fc2d2923e16096d08614475fa5546c4a8c9bfa83c05d26f2f2b533cfed0d
SHA512 308657f96191adbb665f271c1bf5b88c7e78201b1d29104063a781561e73548248a7b34d905e8306f6b1c08713753f026cd4e02b7ef63a81b0750463984eaf86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 b17438499cca601012564f76a6d95d5a
SHA1 fe1ea47ccbcd9c5ceef9a9fa6537c8243eacccd9
SHA256 5dafadb951709335e95b65240dbfdeab015404f5ce257a736611a71203441ed5
SHA512 1b0a6cd76020518dfb93f20a69da512a2cd4742569d2ca13faf9e0d659f09dca12e3a6d01d9d94b54c48f4c48941333bcdf98a8775e8c2fd0e2f3d3a5946c998

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 2050ccaf2c21e9195d13c93d2d479364
SHA1 2bf4ea41a1dfa28a981d27015de4a2a9f355098b
SHA256 dbb2e338cf15571388b0bcf0b8e7c9f01f0a90c0d0634506ec92006d1d294362
SHA512 ed8b9b81632d4b38537865bf8668215e056787a62cd819c72c80c2d8642220c354384e3cb422d841eb2aca32cec908073ebe0fb7e32c832e1053c324264d72a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 75f3a2c9c63258eaaf79136f4b44e132
SHA1 a6bc7da4043821849837fdd810729ece9f05df19
SHA256 19be1b87d57d897f75b26c01bb914320cc6ce7c13c7dfeee19629b15e8d54199
SHA512 ffe7adcb348462d108e320018dd08d3b8114e8b341fc42b1f2d5ad744a5ae645136a7a8ec40f9e3a1bd3aa68903f8cb6688ce83b863a93c4dcff1bb4d6f8ff2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 5de91adf6acaa691ec2ab0b39b3c0ad1
SHA1 380e43691317206254ef005089a66aaf5180df8b
SHA256 4151edba25c325aac5ecb54be2be43ddb9841cbc2f22842459f8b54dbe89131f
SHA512 28d51b799074984766d08c0c639a4d428228d9086def689086bee41d3ee710ebbf9c3ab3db22662bb2c94486ec5082f8899011e81888e584908856e09347396d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 f1ce7fdaadcd505adbd5cb8e09c6ffe9
SHA1 d0c90db209ee8e066e5fe9dab34c6ba539a159ed
SHA256 9aae5c004696d3504f76c32fe38b3ad758706509abce48829d4c402971c67928
SHA512 236d3d4845ddbc08b9eb1b3a2ef418668660b3386408fbabc40d3335f09be27c0fb7aff3855fed2768aac6b68269b984342aadfdc91c32e98dc0ebab45a5c90a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 31d89423b730698a2cfd7f617211e21e
SHA1 36776b3d863198f843464978ba6339a05b318738
SHA256 71e4ba15ce2d881f2f56371dc68449e1c451f421052b8a555928e004a4a68cab
SHA512 7a7ef0b1fc9c66acd8aedcfd69fe2ac00a937df4da9c407d1b6ebfc70373976c548916d681c6e73afbad646eac8f1aa4c018715ebac60e10061f6fc14209c1c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 67dd98f1b5c91f57b9f4b4172b9a8f2d
SHA1 96be094664685ef8b73ad649638e214e4a2aa526
SHA256 3f45dec4506e3f6ed1f71f03271be3c0733e18a40c966826fddd35d0e9e5b9bd
SHA512 3ff3888abed10078fb2301de04fbb2b4644e0b80079c17511f051e6aec6c463187d91838abf8e459823cd5ada6bdcba834d9aa629c41b632bf2481cd60b341d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3d2a98ba1573fc4f511c5e7c3bf0c66e
SHA1 65090cc1d89750ab285a2c0f1c3db46eaeec6e58
SHA256 f375e193e72744eed1d4cc31220a711f95e93f0bf7b3ff840d5e3ffac40d10a7
SHA512 92ba331b8d534969175ab4d3c1e3fb14c2b34d0ef6831234b074a114e1e61614d0c4003e6c94852b85666252ebf1e7634f4155d018641ee48e5d63f48df98276

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 a55deae52120a3076fcbbc8531f7759b
SHA1 60abb1e1b8f89de48015728d430883c8b3a6e4e2
SHA256 0feb2a39487ac56e16b323cd89f0c1747b9c070179d9019ccac93de26d230340
SHA512 a88ccbc8da7c4d26a3e02b76ebc077c9c03d95cc1aeebb10861c354fd247056adf8099a10c1f7e3747aacfb7a563dfaa3765d5451874d9df0254c18560583520

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 635a49a25d78eb530d3465170baaa475
SHA1 eabc89cba78c13cc74552ca7bc9b3e147ec6f887
SHA256 50d1cccb0d15fab1a5811bc93deb407068104221389e27c6db9f25dec0add322
SHA512 a05c2045d77383fdbd841e4fd3f49d29f31978c1db8b7e3dabcd908c10662b2a3cf6dbf52652c2ac8b85a0e9deb93801baa9242fa2f3a0644ede5c7706260c10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 5b345dff4270f438e119a5a6d61e881a
SHA1 d5a26df281f8fcd39d36813c876e99e083943501
SHA256 230c8778f729d48070b34cc3766ac8e96512e5726e2dd217600d4808fa8c6afb
SHA512 3a07f99fb7b362914c1939e6579b3bcdf34833f9e889237c06e01dd4ad1be21e20bd2fc6e0b87706e86349c32cb45132ab7af25296e8176e85c863eb8fa6bd07

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 6483e6d51cfb5793d17cb5971bb7c921
SHA1 682b57856c5fb35c01b51d9cff25c34d1f6bfc2e
SHA256 e83eaf3ad4017ddd5c34dcacb727c4b70e62aac6d938a1636f6d04bfe87fcc57
SHA512 96c50461c23b4b7386977edfff680879e42de8270bc75f9eb8d720418ae07ea77d60c9b900d6b10300174d0ba6a5d9aa998dd737754343d20cf49f22f371f468

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 dfd61b5193486710e418e7b01d3aa897
SHA1 377655b43505dbe6e64f532e4b88f4731f189b62
SHA256 381ba271d7595cfd56dd12d47f294fe281668f5b81d192b89565a2a11d0c435f
SHA512 e30dc4f5521f3d7a00efa9958d6d8d5319963bf97bf65d9ec57441c5154eba7feb6bff5ee60166fc5b68b8fd16b89cf399e0bd795ca2cc366eb5eea58b3d84a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 5f9578f06b42464f4e17590a9493e7b8
SHA1 f148ef91e629693fd599731aeb68f8a1b8176a51
SHA256 62e0553dcb486f0c8fa51b9e699d9173c39fbb7399cb55da088160e02c98dc9c
SHA512 b9e6577ba966e75b6cf591c68fcc0f8d99593d6d1be7a2319003c7e196dd382daa9722a063df7821f49f87416bc93ee7a84b3f542010b4aa7601067eb8e13e4b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 b5ddd75c6be21b31c25d3030828d1774
SHA1 146499a08a37f0098c759addf9102d86c0a02dd0
SHA256 0e10d4c6b08d30074235b1e2484adb70ca388a594b44a1dd812469d63997917f
SHA512 b41cc6a951565a86a063af2d2874d46ae9511b23808c29ca1f50d2691750624ac9fbeec16374efdd0528e9be0bbe8cc1e5b0c61469199a0de80abd2e5b784bf4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 1e2acc0f9e55be8ba91ecbdc4311884f
SHA1 af77557ab385c9061de78f5c9cdfc042f6e1e390
SHA256 709ad228686c2425d035586ca150fc92f0f0ced23f3895cd24d256f157fa1477
SHA512 31e5237c15325cf3f60265a95014e7d9a59deea6cde2cfb941fb129cdba157245d0539e4b3cb76837c145ead43d8a41042953e5323d1407b1986c1cd18d63ecf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 4644d1e45de28feb1903d70dcd14ff93
SHA1 a510e90c428e401d2de8b92a150d157e1e65e7b9
SHA256 b944fd1496103fd60d8874efef24b3cc0aa56673f15758e4e6300e86db89904a
SHA512 d9090fafa12d2e9d15baf473520d85f669bfe1083f1835e238d008c2d6f98eecee45a0b90a476d05e6fe56d86c22bb956ac471010741f6dfeb9706e469d21adb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 8868a00c83049cca23b38bb0612b9d02
SHA1 51dd029a3e81bcf6c9913fd103ae740b5ef4291f
SHA256 4ed993ec990ae531c700ba142b4029e27508ecac9deee6221b8994007630473e
SHA512 34916df50eb577ec534e6f3d47e91b9348eb830ade09553ddbd7136d97f142c801fd28efad9bb14efa7c5edd3de2410cab54f0d131ab1c63f3fa650f01528ce1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 eea371e800f2e783b632807cdb4ea930
SHA1 3e0a4a80679e7e8ef18212343ec882fd5b025624
SHA256 5952505f6c4b69fd57109b8163bcc405e0efc95dc8344d9d102114896356adac
SHA512 9d9c68d1ddad1ab7c253246b99876b5c5c595fd900ecba789b236e68d7ad1f8e3696220da58f480856045faa9e3adbb6eff49ffd83e8ab4be493be34b8408f61

memory/4348-4390-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 0d7a29d378a981f5db3a8246873c2c38
SHA1 910faa4e2090e928444be4cdc7916a7b0f7dbc81
SHA256 71a06fe851261f4ce50bd76a06e1b9e7bae24638a6942c5c787748c680526cf8
SHA512 6dd616495d5a57bee82c4e74b49dc1826e372e9f6eb05d2f087d7d6e2ff18a33e0544da10e0a48f871efc14e5979c279f912adf27a532d09a2f54fac06c0f91a

memory/4348-4398-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 4f70672c37c02320f363e6669510da30
SHA1 6d32b723a12cad852d55bc148f787d20ccc46f59
SHA256 652c5c2607da274aca88feea59ff7f63417bcf544c6a6dbce775ed9811485ee0
SHA512 48db9b175ddabedce64659ee822ed3a5f30fa6469e82aa06ebc724eab337baa08c843a0c226bc1a53baec2eb8c023e011bf43f59a30f1906308ba08375231c26

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 303c8b7d032a19a1fec58860d30941fc
SHA1 ea1fe314bd49f16ebe1143c7ba7be453e7d12638
SHA256 3aaa556004b07a1a2b1ff64860e28e7ce862b190271cfd938b737e5a23fc2b35
SHA512 a898be32df7f4f4e7002ae9599fd763cec64b7348d5b78d61408c0a307f7065e8dd6da03d3751fdaace8c55d2d2008874b9d321f162b1bf1a96c24ee12d82c37

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 b2e34a0f0a839bbee8dde977f247236b
SHA1 47dd867d67ed3a66558920bcfb54fbf5a8fb5c1b
SHA256 a4310a37230c9648c137b08e978d6e479e9d6e905e5213e6cfe33c1173d08e43
SHA512 1c486a21746ce4bc2f6f147dfdb58bacf4ef32918e9b1e2ed1be4a5b5959282c780f9df2bb46547020c6c1158f18ecac0ffd45d4cc0f0a0f1bb420176e229c23

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655502487171.txt.EnCiPhErEd

MD5 12acc09d978b0da8d4427cc6e8e17768
SHA1 a75a75cfc97a88f96b38db57d3559123a9427552
SHA256 26931f752bdc81bf1c209f6a566d7de453d0932ea0d5c54fe3aa978c17e5aa4c
SHA512 2e98c77d7dd9d7963833d89263f4b6c218a4313622e0da4c6c4365ffa7b91b5b9bca8c7980d5a5f6ae53097ed1f151fd29feae73f69da78b06b8f8472c2f50d5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 877056a774147229840f513cf277f98d
SHA1 83afe889fb83c583d24795871e676da2ecde169e
SHA256 0b3eb3277bdcf5af9690bd45940d165ff783b784c49df251ac742a1dd84591d1
SHA512 c0613fa2f8661ff1a19cbf89cc4c35fcb972a531a37fc842ada2b9a942e4c84c0316e33a7e31ea571aa472db9ac54b54c50452111833d8e620e9b63c65344786

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 3fc9ac4aec934009136013069f77333d
SHA1 38b6c5d96a2d419949924dcf3ea65855916e7bfa
SHA256 6406bdd0920669884904ad3039ee4e7c14e569ff262d087cefa668f3cea49345
SHA512 88bc4627cc720cf3b45f52b9cd16e272ca90ac8f2f008e052ade0d835a5252d6e97acb5f4fda662eea5772863ff4c5902144d4891bb4c7f3b7995611325ce374

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 c821e3ab0643637da8dee6ed331ad6ba
SHA1 a270ba73dc792368179e4427b79142a19364f055
SHA256 f76e334d2358229a6c2e45d4f7f74b58c7007670eccc389408a6701fa0f1b404
SHA512 586815f4fc995de1cf589836cffe29bf82974ec4f91b093595fe1b833f9d3cbf671e556d578a3aa0ab8abf2dac0147182e16f3712a502e80bfb16a883e5c6d14

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ad659b9739f39db94259209505bfa8ec
SHA1 22c6b8a94a9aac32b802bdf9192b783309780926
SHA256 f27c596879f629d436e5dd203663045a772d595b521054acd7b56ef8f4dab8a9
SHA512 c7c509fe0f37c2be006310f80da7c0d776a61110852121f6fab341fff84013c27d83cdd3034616cd26e1dd8026b008569b4079fc8f1d664130f77b28d0c39809

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 983653f00946f2224b9cf151fecd9ea2
SHA1 af1c673bac69e6b98bdd44a3657b62ef28c69d79
SHA256 45eb6bf7e29a267c29ea66698736d30c1b930900329b68461990b1b7e74e1333
SHA512 d6c02d75e0056d11e4691bdb3727a313a698b0f515eee6f2aa527390a111015ad61b0916ab53924aa3846b61058ddfa7133eba4fd986471a115de208bcf55423

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 f7d93abc310bb11f60690807e4356326
SHA1 301b893ce9f0314989b640995aee70ba8a56ad7d
SHA256 ca1a4a2e5fc2b314a51c3235f24f12da8e2895ac18d4cbe082988dcc3a26a1b7
SHA512 52af5d128b2fef5fd8a22fe4ea9f5fa9210cc7dbe7d4fabadbe12696178e89f2516a0eee8077bcd6b7068ffba6bd4fdf831c5f8273ec1e3d88fcd5dbd8d00b06

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 cc6f01d13384715be5c83ed0a0581b18
SHA1 bdb8f5675c2299c7de621c63f0220166fa239514
SHA256 232718b534deec376113ed2e8241bacc07eaa60364f155efd2e088220dc3f051
SHA512 1e68f57f652f81c57f8a4d350d44ff233bd80f59560c516cffbe6bbefd2be514c37882f11db604f72d9d01b9189e81972bf772103a4640ca1dd952faccc8e7d1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 0b73f4e7f3285cab3424ef4854c78fa3
SHA1 e77edc9799e7b603b9e446a402f9d1592bd51e42
SHA256 63a859e025bce1e96d839e74180890779dbd67a1dd8f8e03a01217b85492ea44
SHA512 9b96de461e2b05f6bb532453afbffdeccd185e10987b7c4ed25ab2467921c54b159d3769895d4b29968a0a6af5d9a41ed52f4519787e60937c8216bbf4160645

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d71efa9529cdcc0df684019d6577405e
SHA1 d8c6bf96508daa8aee79d62ade3c51ce5447707f
SHA256 d82d676c3a08009973bbcf943dc4898e4d410b0a1f5e4f3068971b27a9a5971e
SHA512 bb99fa1991d33656ed7c8fb88fb44f7f9c290dfcba76a1b51f26e12d9d6badbe7eb02b5c14662411937d0063a8dbf7ecfe6a6e1bdf53b15c197952d4c4da76b9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 2752ff6abfc32f0666365e52cf2cac7a
SHA1 ba09e8b84bdfab9828779228b318b02925df07ee
SHA256 3c7a3bda17af6b80c24f93d39a9b92db8f8d095757b7e639a9cd572eee3d7f85
SHA512 cf565547efaa6de6c6b2cac9b4fde6b1e4024d516e1596089859334ca25172dc3f35e09e3ec8ffd1d3d72a4210d70a89a48d17a82dad3b0417cff93ef48b7f49

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 83afd2a715954abfac3308079b1364a2
SHA1 be99e79e4dd915b0890c1e6b994cf9b63a1d70b4
SHA256 0aaee0e39d8381365d636d9b7f74b7dffee1ad11c6406253ab6c6574e34547f8
SHA512 52a45d2df2f10c942c6507199c6953786a0672510f71c67a520ae678c3f5dbf3752ed6ddae675f57df4673ae14fe8a8f9afdb69c836f2822e2ade7e39381647e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f9ba5109b37370fe27884b578dd696d5
SHA1 a6392bb943ef2650c480c8856cabf56cdaaf1966
SHA256 ad238a172eaaa307a65823dbbf2719d867fa27ab9b4c852e927a6c6329157acc
SHA512 98c4db58e545284316717e84a0f0a13a3473e20770890c75568450751c676d44f709da1ee0b68954baeeef3261eec7cd44f890080993407b04c0cf57076ca147

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 72ce2da875ff80749bd2d0c3e3a02016
SHA1 ff4e0aa7a6325503b3dac00751bc9a3af23d74c0
SHA256 bb1a37f9ddfa809c930911fa5b4824ef762af9745fcdfe869c61f6c728249543
SHA512 dcd44901c8cae86aff1940cf35e313a056f3c0d32a25e2b289e7ffc73cac22e5cbba1e8ac51c5e4e1b5fd213c811fc97e904d9fc442d8f113af64af44f08b1fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b28a2b94ecca7129a82810b18a017a59
SHA1 8925c4c5c73d0a0f58d9383597ba35c50e5b899a
SHA256 c528a2074c48a4447fdca8f74fee2a7d5fcc6d1925ecb33ef6cd7e75bac25ed6
SHA512 59f5a0839a0318134a00b36dac0a067c3e4f5ce463e5cea475d2d04d03083e15fe8b02845c91c0282849a743972237b72a654772c35ec799fb9f1efe2051cd23

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fc002c1de3f25a53ed70e4314bf5932b
SHA1 c61fa826da41647d1cc28474683ce34f5f293cf3
SHA256 70eb8784cb4958059d42a6bb6d9972e7759b7f89a42d2df2642a5698130abb88
SHA512 74947254e74df6d361fc1fbc970e88d0dc17125256373c5aec542512b769e7d51d93d944e4704b54604f3f62aebaff1e939fddabb82cdd2c89eaf9f5adfeaa6c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b8359e601c80e77c04e43dc766f0aa5b
SHA1 bd0e1eea9defc625ff3daa9087435dda9f44f82b
SHA256 ed39fc3cb648df9c7768ae5cd7a52a91bd58503ff16cc36d557f3c9d36c241ee
SHA512 a4c4a81d3d5c758b73384aecdcb4316d4ee03e984d86920363d5813e146feca409b659bb26929ade3419a40b474e9d68399f575c5c6e534ecf30d790c9b69042

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0e7c25d49075d572d3a774c11a3cbff8
SHA1 5ddc292396cfab116629aacd885730add6fa93b9
SHA256 aafc58866e459e731f0d7c5b069293afc40cf5b9370add0e86f9fef1c94beeb5
SHA512 be7a3d784280804256b9fe791ecf23132c0f2dfc627dfe7e10163c27a2d75a14d08d7a5b330331ae2079b45290168c6fba1716635d55f0f7667db93a13ea322d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e2511ecdda98eba90bda87e7adb39896
SHA1 0dd2215a2b2e274f0c57e945eb34376a2cf5dbd3
SHA256 f47d736a110f93a3606b049d70a496f252d90740ba9a7bbe82bf69d4dbc36d20
SHA512 c8383844e6805918e3e0e435a403d32b647f5b955aa2a13521db1f30254c34a32c0c47d3aa56fe42a91d25a0e990ef920a12fc62ebc4eb50810347c367d53abb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 2843174a0e12a16c17d601ca2a308568
SHA1 2cabaf6253822f426ea1e0aff4aa3f7cf29369f4
SHA256 7135ffb63794226e705030b4d6f26f5ac35c976d823c0fe35b192d88ec74f631
SHA512 b27e78376915d235f035193948160a980106b5f284a352171e3dd86cb5948bfc791e19a430734918022054acdbaf34a72b3352e717811f6716c62a1e33762cfb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7cbde54ac6bff7393d53e18c7ee883e5
SHA1 d75fe4b98fafe36a2c50b287e21fe75ced187673
SHA256 5f469a5cdce2a9bb2ae4730598607cf488a616a80761250fee6f03430fd649cf
SHA512 249185cb7cca6e6a227c54f619db916b13fd646ca56d8906115f4c95f77e92de0df5b782163567db68705c22b1c14ae6bb1d61db0a5883307075347f5627c0a3

memory/4348-9595-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 6f46002ecb7f3270567748d29b9da221
SHA1 ecc049f243fa1a87435f38f536743d3bf2ef325c
SHA256 3bb9b6e1e03230f6c5eb1bfc2e7e277e08d97feeb547f47ebfe628c7875bf060
SHA512 b0193ca00eb140f39a65144ee1609603836e3b2efe2a3be94673978de6b531c804ae98fc387702862ac61d764265311a0e5dd10c7ad8b4cb7b791ecd69df1b99

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ad9f489c2eb18b3c56293cd6f4dd3149
SHA1 160404d3f1ed03a614c5059659c6cb042da4b741
SHA256 584a940320a813091a82f96cb430f14da9299031d099267a1db7c1fbda036f1f
SHA512 456fe022c3dc1852638687d448650329b2fdc7a6ac7d9922840964a6215d229c35eb30a3322c1c36241adc56c11a557990599a8ee449bcb40f14342d717e6443

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 d4ab1dcced3d369768aa39371fa1ed14
SHA1 8977111be0675c940337b3d5d6ec3afcf94c4cad
SHA256 26fa3d86c166f00d6db27f932e53f1d2a5c59e2148d1df69512d35559ad7fe14
SHA512 59e3b91a2747b814008bd7f2769d3bd8bb8ee74e516333a289e0bf72841c53bf065550372a526dce44540e35341ce70230f781363578edaa74957f8fe8701ca9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 8051d5e385ec747bd42fd655cba2824b
SHA1 22c890967bbdd3e2521bcc8140b82e2dcf19ab3b
SHA256 b9951ae6559c226ec00814ace1a1ae048e36bf06f6af97bc97bf2b8dc4b655f9
SHA512 e8d497a3cefad29ed7885540448da0071e3f57f11ef053b867201dfe467f91a405fc2ebbf2d8b6057f5954a10df3ee932cb95a105dcc1e68939e9b83f72d96b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 14ce83343b3e3a8a403fcb17be06ffe5
SHA1 ca1f53ca28963ccdd9256ff60b27796c5e47e902
SHA256 bd6382bd2bb2d8611dcca8aed56c5e75a50aa13d2afa6a81fad4c90969d2a066
SHA512 4318905a5d18981a783e1a8e5b9e02e9ad066c1e1aae3362ba47d5d69800ad1746d9bd3d481dc2285784fdde61830e22c6ede9e16f6475469a61cc84936504d4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a441908078edd792e50c0ca5ab40cad9
SHA1 4497a291b82f0ff4ed01a3b21b8f818eae3bd858
SHA256 eff303523958d296a80b6ee6379fe34fde19f59d0ab837a16a5e03ac3fda7742
SHA512 e59d601fd05a8c95b2e20ba19b56f8c3865237a1fbe5da53aad53915bc91bd11223afee3485cf490a7d2ce7c3095f7d430f5c7b46f95950560ca0aff3861b64b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 56f80ca913f4b3665d96375878a836fb
SHA1 39297aa598c3691a8bc2dc7a715fc9f7141ef963
SHA256 bed801ecb8864e6a180a34ea6c1caa1adee51d1ca5c25cbc5e52396cea9599b0
SHA512 af9d7cedad45ff4e6313182f13faf793f12bef0d720e6e8d328f05848c1ebff16dabac5c02925695d730dbc357be004ad8010685f5458d8f8efb5012b2c163d1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 e5ffe8402fa2665230ea24ef70798ff3
SHA1 8329e8ab336dbfe7df692311e86979ee81a4789d
SHA256 66aa351a65637ab0741921c57d549cc8616981cf250bf6cfc9e7f4e7a3ac59dd
SHA512 952bc1891d979c206bc86b32fe897019b8218d6165c7130f4b80936e319d7721eba284f4655e882d24ed962d97a877ca44afbe0f431c11cc843dc8b5de93c7c4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 fb7e465353430e0cafcd9b839c5eda0d
SHA1 3f657bd15992176914e24e36b3a239b7505084af
SHA256 e17909dc9486ff872c63f810e62879e9ddb3c4cb1ec776f46407190d4898afc3
SHA512 1c6bfce6a9f94f3a3d8d01efaba866c1eead3d53594356d8e96047f407d33449bd4e80637c9a92c8d4e179306e561f7ce7600541b4e2c74e028b3720cce6fc73

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 f185babaae74b29858a6cd9aabbbc39e
SHA1 c1b6cf1560f1c1da326d3e5e95b133a703a0e60d
SHA256 228ac55d67b86bda03850cfc6aa82cdf8f514969089cb2930486fef21afcc6b3
SHA512 8629a1739c23281ac8bd232e61943c84e5d78d26677c95644b5d75dcc1a30684bbdb32a0415c90f08cd6196668567bc1eae4bc455bde8a009e2b637174ca1933

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 be2421f77d712fb9aea409c27134e0f1
SHA1 bb28292c225d29c31b9a943754256580fe74f93b
SHA256 87bbe399ce0197c20bae97381266f54516e756a74709a69e42af07709347509d
SHA512 8ddc14207661c2ee93a4c32decaea6c0032f79ce8877f11ac2198e26947e44983360f7e6c1780098d7f22842929061dd77fe27059d597ad5690e53d890fda835

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 42fb9c01a6ee891e21e5c4a94da90efb
SHA1 2952229751ba9c074e36288e9ac774ad09115c21
SHA256 f23b8e3f5a514947f9b35721317ceafdda0f468f5f08de94fa6ee6de77416a9e
SHA512 a37745bd2ad24289ff3a0455f7b7ce2fa51cbe52f5be0844e020066d00350c81f6ecc93001f5a19466e5b47b7658fd29fff8a7d510b4d1410a76e2bfb39e543b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 75d38c417dbd17bbed8aa27a46574f5a
SHA1 11f5df43b0af496b8ebb5a521c25ab0b661efaab
SHA256 94859c05fbcbc03f2cb03feb314a62b13550ada9346600febce28c6f24a4425c
SHA512 0e58fbae2d8d72f6fb71e4145ff3b6eb9e44351966184ec5172626faef4fea090ca01be477d1e62c77a6854cd6f0769e4f6143c707695e8552df7a0dc9b6a00e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 947675b4a0092d1829acc082c3809788
SHA1 79c1ad3471a125b38fce52fb82d6d877ec96e789
SHA256 3e8992e0339594c89a4806f64ec0b4dc730495c6c48d7edb0d8abc5b80948ef7
SHA512 608af885461a20b42224340e4bd9b6514f2ea61cce714459dad14ac25b65f72b635492d403c234fa7fdbde8af2d0f71b32d93842feb570d3d35c18286e86a1e9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 e8cd2543a72054185e1190dc4ada0bd3
SHA1 cc1dd462e648e6b1b4af39869a4c0e60dcb42c02
SHA256 4cb8bacc4d2f541df4848a9481c2b9bb5b115b95e6818e0e1b6f328324892f3d
SHA512 927e87981d524a241a69adfba130ac715054e5f1a6e9bdfe8d9e7de5a590e9dde31e00037360b71895fd5e3994c1355fdbcae6dfba4fd19a90a38dfb91cc17fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 7069fbf4b0a45b70404434ff5d282f0d
SHA1 00fff6d481cedf1ca48e37b9057e36219b1d9492
SHA256 08b9b4bcf9b92a38b44e3ab3da4881e762f779ac6e3bde8eccbbf3f6a50bc3b6
SHA512 0660a27d6d9a592b9a5e2e9212ba164f44e51f69178d4797d9a140936765489523759ecad80cb6ec70d85651da08a5dc30c90ed5fe0b817c85e7070bdf231233

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 2eac4f281b64ce0f3c974459b4805441
SHA1 6918270ded305e2c5cc82260aadae3b3f681f50f
SHA256 d3a06cc4ae3f4fd353fc5cb21dba3f8329ae4f7e589aa2bcf7092e70ba02be40
SHA512 36280488309771fc9d0ff7aeedf31ab31365424476d1534419496042ff1263a9d59f655de844ea16ba6964f33d9cadaecf412c6ac0338a650258dd5ca1d346b2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 147a79c4d28a0f2457aa24b964903440
SHA1 e9ea86250189c7217e24d41c79594966204b1952
SHA256 62b19b7f8f59064ff61855b919f20692aadd36cf589f4aba15f2b92436ed7185
SHA512 d864530d33582ff7c8c3a4625894efb7d6f06531c9df3fe106f93eb795939ae66d6bbe8256e6fed0f7607f2a74507db325017aced68b26ac2c557531c528b5ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 e636e69aee8f49fbb40818905d1f885f
SHA1 ec99063f6e99cb67c0eb2340addc989426f97525
SHA256 6fac5007773f0d9117541d6d152d87638ee165f03c5d4b07792330beb387fa7a
SHA512 c3fee007c0756e2053b73ea30484a5763638e08298781d3f4f5175e89ba80f1ba9fbecb3aa4c70049ff222cfab6c6842cf728c4629cdcfecc7db50138aa096f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c85efc655a2696f7bfb4a9abf67dab43
SHA1 b33210db7ace32a76743d386cbf4aeb34f54a561
SHA256 b9b2a772ad333a84999cd0e2e8ca38e731aae5658271c9a5282468aade6ccd6f
SHA512 0d51ecdab1c25b7493805bf2e77841316bcea79d90e178e713ee56765660ea80b386e508e32c90cae302fc6fb199f979f49244ad4a21d3a51a1321f240f23265

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 82a4054c0d26bd9d73edbb1bac181178
SHA1 777c2ee858411c62d0bab7908dc310e8d6c7a0be
SHA256 127981ad45891b2e2fe4888da0b8e1c351801e18a3505a01071e15f5b8b48620
SHA512 eb86c33a800ab2bf013bf7534be0a81278535854425d40de73f3f622194dba0bb8bfc93b9127cda99885fc6f78584295de0ed03bd9f9b372960731e72306d619

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 e9ad194d60b7b60e028e6019324d8275
SHA1 e3d074ad8bfbffc1cf3c4115da6cbdbb2cb1ae0d
SHA256 c621f2c9aa7784539eae4263df2da0f2ff5aeed9ace3e4361ff4f3ec8169633e
SHA512 791d0effff413718ffb38c25fdde411e8ab6e034b3853d0a6f784546d158c502ae0b83eeafbdbd989cad49619bd1da7ea4d6f5adc3ebe0eeaa67059ca9019c25

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 c0c358cbaa69ea8d553e689ad715971e
SHA1 1df16f0214bab72f2e97801f9646e72f58a6d1e4
SHA256 c653b45b89b2dc1e3ce58a48b23432d93019f574dbaf9d68929ab788a3881a73
SHA512 e6fa9d58c7ef1dd7e9324b7179158acaf02d52146e22fc99a7ca1aae601fdc969029b69355a3f6574c094fab5bd78e2165537901d84ffba8ca8983841fec42ee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 7abf42aa50b5f0f326f840f26c9fd347
SHA1 2e5e7a54a594f97a85491990195820dadd9231cf
SHA256 def4a7166ddaefd224a64e402cc88bac946984783620c52a3b37cf6c4c183323
SHA512 ebd38652e8b791bf54c06be5d738bb8b3e23a24db2474a73ac94acf971c19533eceebd2e7acbcc76aa389a7dcdd5e3b2923553510d1b32c447e00f8f74ec7d0a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c4b18dcc716b252daa0d40c2779d97e2
SHA1 94c3ce4068d4bf34d29beb694d3bbbedb39f4af2
SHA256 1d0bb39c7a267b30b44944d30a57c7d5d23109a10d21a690f82607dff7b3b78f
SHA512 08077015696b65b661b528b1d3c1fb05db398de80714b3290734f05075a7762a35d72785572d925d462a8d501c3b68e09ed11f4db7972e755e781c423faae1db

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 d4b8641d3a7daa7db6261d41f4c25a1b
SHA1 8a24bac1ca45616642c0acb60edaad399caea2d2
SHA256 514ebd9c0f281c7440135e128253f20e3a599c6c6016479b716cdef390a1c715
SHA512 1188b671449cb29d2c7277e8aca1d27ad2479227ebb126810450dcb52f8c2abbe2fe658d69de5d4178a6a9df09b8ea0ae1f6371c31e5d67515305995206879b6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 254a6c66c7ef92d85ac999a33c31cbba
SHA1 be0adcd5fc96791511daf4f1a4823ccbfc55b9e0
SHA256 10d83643cc2bfd435a881d76f2fa7596a714d12671c176d07dec8705163a0836
SHA512 18e21da4af899a9c48057edadda8b3bfb10b0ff052af7369489bbba91d44f0bd2dcba259bc94f10edd5c8d627f03d2ff628b47d6787edeef48b37620cff41a4b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 1894cb255a223f9adab803c5e2a4d9c1
SHA1 403e2f1f9068b81901d8aa93acc05547bd58e203
SHA256 2169ed72f784696838a65b46649fb4e3db006db025fdd9958b0f8bcdb7219489
SHA512 9178da41c060af103b9cadfeaa787b8061f92aba6b73bf35c01f77b8ffcbfe8328b83055675f71850498d66ac86f8133ba73cb10fed4f8b563c8a5e4dc5c7d69

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 254207eacecb6fd716814f102b95c93a
SHA1 4b46583dd42cd96b8cee4d96e2ac84a0128c42f5
SHA256 a842b6ae2a40b02acdc7bcd116829e9e80b5472fd022e231fa0014cb6f26803a
SHA512 a58272705d5f72389465a478dd7bed7199a83930e066c77328e964ae035beb3b637a71985b7063ed8b217c560c10d6802e76e352605fcac4f911ba450123742e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 eb3179a3ef0fb79274a06203214d7153
SHA1 925b56fe94e4769bea1963fdef3722f1f4a4c678
SHA256 d0f3654f9305bcb22963b9ee79d09e0423e4ed1c59de1b601bb41e11192d9308
SHA512 8e379c94afca61848d9f6a33e031140406b5f617c3213c8e252ca1d283eef49b3afdc3eba5a6663a1ac604cdf9dd56cfe1d02d0b6ff9fa7723dfa53c413df39d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 04b2f5ecf46230421e38772e8fef6f77
SHA1 72fa7032f14f29576e94878b0565b0b83978602d
SHA256 e15c093939b46c30a57837b3a22b16ebbebaa7cf0838bc2feb10e8c99fa0b58c
SHA512 cb1768a19a5fd482e3c6ef89d8d5c36bc97d54a586ee81c4593f1a1fededc919e693e53aeed7db01df79eedadcb2478bd73b1f363e18deb52bfb1a1bd38e6a5e

memory/4348-10846-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4348-10971-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 658941e79c44d6a6dec7d0b028b7db5c
SHA1 27c201c8dbe9d5cfee841349014486f2323295ff
SHA256 085e9bf430b9263f4b3a379f364f4b395426238118dc5792008f12fc20ea3a2c
SHA512 d65e872f257f0f3ad194702297b157a7b79e1f4167e4346614a676ce87d759d01a8743fdd8b6e110a85a5d3221c0694e33481dee3de8cbc25ccc0cce4d66f588

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 ed43c3475acdf5e7b81b3dc40180b07c
SHA1 23cbc5fa45b80a52ce3dcf7779cf57d91ccf5890
SHA256 dd24b16bd9895f32279ada7af052a6d0e702da4c61892c1f097d311d175a40b3
SHA512 deaa7b6d9c941fa8101383ca7833594175a39318d2bd1229a870360901da020c5357f90695d5fa17a68c433953f03eb3f082ff40934c3dd91b24b2121aa811c3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6af5c4484136abefa572cdd4daf7de7d
SHA1 20aba4841cba1413e1c706437affced58f6094aa
SHA256 1749f0f0be75c877cc04950503388fcce3a0ca410c77b1002450b08c8c444d87
SHA512 e0abd666822c462e4e66a87307e1d5eb7b3e03c8575cb0800a7235b11b4732ef05fba6d28377517a59aab9a1ecee6fbf170f0a84213e6a8249dae0c2f52787fe

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 d6adf9ee4be8c4cf5a5e09851dc4d1c6
SHA1 051d297b768028e14affa79df5e75767c117d19b
SHA256 a582ace4dd066986e17d408f8685d48c9a1cfc299dfa6adbac4c88798179ced9
SHA512 1fbf55d8ab1732052dc4d466f9b0a8710abe12d9df241c019984a1dc93d455c8acd3c75741c96c0acdb9ab2477d6c3bb359dd28e78e1f2f7f76e66bca16af21b

memory/4348-11250-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4348-11251-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 55420e4e9371262bdd3b565761411ae1
SHA1 f03c308d0f204f6c132928a7488ec72f1fa51c52
SHA256 f21e4c806efa2106593f18e6090247044071b8d569e2cfd1d63988012c284d13
SHA512 10c54139e8a37dfbf4762495f0b3660161809e29678a6f22bae2043268f9aeed7c9533fbf59cd0c492238bb99b8d85e55e972a6e0b3e9bb0a696affa68d82b8d

memory/4348-11256-0x0000000000400000-0x000000000040C000-memory.dmp