Malware Analysis Report

2025-01-18 20:37

Sample ID 241127-f3nw2awmck
Target f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395
SHA256 f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395

Threat Level: Known bad

The file f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Renames multiple (2534) files with added filename extension

Renames multiple (2492) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-27 05:24

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-27 05:24

Reported

2024-11-27 05:26

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"

Signatures

Renames multiple (2534) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_neutral_ded8f26cdee953c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\shrpubw.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\mstsc.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\newdev.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\PresentationHost.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\find.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\ktmutil.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\msdt.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Hand Prints.htm C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_527c841acf824599\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0b6784e7abb50e88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_en-us_12354d05087dc778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..r.media-driverclass_31bf3856ad364e35_6.1.7600.16385_none_f6a491aca769f33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-imagesp1_31bf3856ad364e35_6.1.7600.16385_none_e43e4c6053ffb2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_compositebus.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f6f2bd35efd4e8c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af29a5cb947bb312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ed4b155baa9f0415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\inf\.NETFramework\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-u..ountcontrolsettings_31bf3856ad364e35_6.1.7601.17514_none_e1cb175aef3b13bb\UserAccountControlSettings.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2af1986d004758e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_de-de_866165959f87dc9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00b.inf_31bf3856ad364e35_6.1.7600.16385_none_615675d47bc222ae\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.1.7601.17514_en-us_57ee6a4218527f7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_8.0.7601.17514_it-it_cbf71fa4879b221b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.16428_none_290549f61579b5a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_6.1.7600.16385_none_cbd629da03c7535c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8a4156361be8320d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60\irftp.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e687bd72ba054f0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4748b24b19a6eee8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6ac93e01f514c9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\Media\Landscape\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_it-it_47371910bb7e9c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f01380ac074756d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile26.bmp C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_up.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nap-oobsha.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b856c4c605edc086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\VaultCmd.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\find.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7c6ca7f2f717b8e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_1e7b93842c84c912\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Calendars\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-recycle.resources_31bf3856ad364e35_6.1.7600.16385_it-it_356ec05871df5212\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7f40c37236ef58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_70897adaf67ef72e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.lug.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15c431dc2f3514b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f1a7841ae721d906\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c3c89a0484c588c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_436bd26aeeee1760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_c90506c872cc37d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8e70050b51da13ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_451fc49d021f96e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_937cef3e8cbb2336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.16428_none_7285f76d5f9ece0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\msil_mcglidhostobj_31bf3856ad364e35_6.1.7601.17514_none_0511883c277e4ef8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_it-it_608d378fb9505231\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e3dca8929026e05a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\daisies.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_6.1.7600.16385_none_c10c2a29895d4994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_456c41a693e747aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-mofinstaller_31bf3856ad364e35_6.1.7600.16385_none_6e1250e34571b3f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.17514_none_9c12e14f7dfecaf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec\ = "MCZJGRNOTVEWUIU" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe,0" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe

"C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2e07d07f927a600d6f86d0f2c149828b
SHA1 2cbfab45834837739f49bafaf63f1dec1cb96acd
SHA256 7e56f0e84c96de7dc45391cb351be97fe564a8275bca88e647f03694572a6926
SHA512 f9f6c33a685f0b324db426f1027fe61b2f81ba3842231c76ce7394912ba9ac6cc285bbdf26d247df03bc45fa74450d1d4a1c89eead09e41d6496646737148e7b

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a0f37f3b5889c51f327baa9125d2eb47
SHA1 ddb1b332b8ac74a10c6351cfc81464c4c5b48ef0
SHA256 af5525e659bf85c0a7118216b68f7f6cac015cf520652f0699c1de1655b22716
SHA512 7523f38e3fd5d221e98486d4587c7b16a856510ec20ccd117616f6cc75c8237416bbb4994798dbabe7f847202a035b18411c2c609b728336f07f3c38e79469df

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 dbc15ff3d5774c7548e3cdf9cf777a30
SHA1 2738a2a5bc1438d41db17ec703025cdfb4aef1a9
SHA256 fff8b38a9c1d0d434356e254e9fe308ace74aff2111fed152b3181673bb785ad
SHA512 86cb21ae99fc98ec3671793bd1920c467b9336b1a38e65eafd27e143e32329eb933fbc994bde23ca471bdac78b80330d04e75e075725a238d508af059439e506

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 34abdc9320948ee877fd26bc46151f98
SHA1 233927fc21233e09bf18bd1f4ac870e1fb38d2de
SHA256 81eca1a8f497af02aeea8c3688d7977415f307fe4514052b4d927554e8f1c45d
SHA512 4b76f3679ca1f3c366b174198cc4e578f281e9e806a6caa2a6573918d1de29bdad145fb5adc8a45168d87cfcf6f6e70876d922fdcae06286dbe02063f77a0250

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 9a7041be0b5bbd5f1f9d3d02ed1de85f
SHA1 9df3c5cd93da26c2f9a891641b5071041b32c09a
SHA256 fe217f46040979be0d04502383d01a53423865d96c0a861cc99fd18836c59698
SHA512 6e7c3c3a3f719621fbcb3a0f1be40605e237dffedce43e44e45378dddb905feb97b12acafefb9e9de421aa4c9219df23e83dc8178fc1a9f1d836d9ee8160aafc

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8ceab995e8b6ff46378c3cf4368f9b2d
SHA1 ca0be62544da425aac813ee41f25e888d79d0a3f
SHA256 9d129bc4cc67debd8467f17afd606ee3b33574acd1c6cb19a241bd2a914f0823
SHA512 cf2a5ef6d860aaeceb94bc80de63f2dd02ad307663eb046e3111543b734e4c17719f79f838e3cc4949f1b0cb497012d42d4086a80eee4694df17ae70a1b78e46

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 950f5eedec48457ab0796f24295c1818
SHA1 4df81873eb10922bbfd4db60d90657a1dd9530ab
SHA256 e1e1bbd639d803594abbe5d505a6677adcb0b329f26b17678cd8962d50fc5e5c
SHA512 15b999d76ccb06d48acfecc9d0be9fe316d43b10a8c8d6a39c8ccaed2ee1f2dd7fca04b793b009534d3c1f3d5dba7906d68f16a217fda637c212d216a1e798a4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 1cf2315081b960779f0de0a5aefb694e
SHA1 66e2193f49ea00006d136abae7cab516d37208ef
SHA256 851bb8a5220681600790bf7add7e818795f0b9895e179f8be73ca00855927feb
SHA512 2f1d1701ee962c73034fa2af23de738bd895a847ff89dc1b2724410c022a7a2e5acb38f0f8e034f3b44781f479fe79984d24eb441c1ed495a0d5e16f8d0d92ee

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 e8a384e7197ab98355f8fdf9258fe654
SHA1 31c122eb15ebe22d5b4089f0c84a5fa26f81ba15
SHA256 07249074f13816ba8e62016b72bd32a43a68c8c1dc0f460c606c2d9b2db51372
SHA512 ab0bbc74e6c2e98256a19bd7fb28ad1ca589f1fe9322beab326028acf707be6571b5a865b11ab687128cfdad8753d2268a0f775135afb32d06e87cd128ac80f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 70868140a995c83d01650b041da49621
SHA1 77763a444aae53e1d37ba881e53421ed8a4fcc8e
SHA256 7437abc6835f1d4a6b37495104c36b5ccbaa3ce6da248c6bcd95684a59d4b851
SHA512 1ea889d0770049c0b82f040e3fd3958b1e09d76eb4348e67f4050f94faa6ea1c6c68d0fe41877fda4f62bd92ea0f8546e6ca9604a76053707b53815c133e9ae1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 8bbac39d12af89e241b126fa124326ee
SHA1 fa594d51a81984bf565645318830276b2547c84a
SHA256 616da254c6a8cdf8a6c38e859af8df32f71d98f7f8b1530edc1339fcfaa22202
SHA512 473ef89a13e1da5690f11b83428a11ffb9438b7b54aee42f2d27787c7dad3f88c616255c31ff27e4192e74dd2088cb1e5f573cb1cd7fcbb3d1ba603e014f3826

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 19c7564df3b780d99bb4e85c68c8c735
SHA1 fbce33693716c0f02576c4aebb99a048ade53c6d
SHA256 1daaa9281e6f724bfe962e519ac8f648bf4659b3483f43b76a17152eabcce951
SHA512 a0173b2bba80bd40ea9260d25bda4ee5278bef40278a16d502343e67d32c7cf1e72bfbcb4b1ba90d6e427db3be2fef3a572bc4384d19549a823f5c7cade78563

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 c40313d267e4f9605771172948b71468
SHA1 d2bfdbaa80674a400cdfc46a2115ff615e88ef0f
SHA256 bbeadce24df5a9597da8936a48186f41d12480ca957f061fa2d9a7afeefa3b24
SHA512 7772ec178575b8c64295f94d6393774204dfda59e07c6136bd95e1685c340064f01788b5c68a7bf6bbe058c5771a15f4c3fd1d01273928b600fe72a9b520c7f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2dee98e41fd4a52a5803347b48974a53
SHA1 28e864343e66a83446ac800f8aea9c1e745fc13c
SHA256 d82522965a5f120cc39ed89a9d509f6095842bccf135282a08a7348b90fb0a42
SHA512 4bf1c8872d76ab4de7a5d5771342541a6d7c5e216a8d9229e47873d80884cc91e1fa92e78e74ef4cc28d39a522dabfbf1dd3a4a2c715ead14a20ae5c73f38423

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 45d99843d41c1ad9d946e1cf601f4bcd
SHA1 6a471da368d35e84ba074c9216e2a66bc3153ea6
SHA256 9aabb29020f5d54c07233fe0e79e637e0872b6804e602854343192d6efa7d12b
SHA512 c182111a7e328134ccfe29bbc204fcd06e24e5725e034a83ecc5cfd8e86a88db3bf80d1a67db94d484f5655db67ad79ae1d085014ecfd8c50ba3a12dfc7c482f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 ffaa54b9390bcd0cbe1d32e3f8ff44e0
SHA1 bb3f3cc2af86a883ddc11128b8f2251a234e7ef1
SHA256 2f90db83977b632ac4202a86d240d782023c22d444f28d491ba1ffe876fedf44
SHA512 11a3a55bc87c0e9a06640ec752dc0f17d13f22a676e46572adcf3831d6088924d47b3b993200ced0609e1e33235b2ae6a291afc3e452988b740c9a768300bb00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 782889c42138fed532ed305b10e2a214
SHA1 173281b7a24272b0534ca2b30d35d18240119de9
SHA256 4bfdb07fb405a3951c3c12e8bfd614e7cfb13fb6e365e11f18818d9a9f7a5401
SHA512 1ed30661792cd95fe5b0e48d20bf064c387158692cc2b760f965f43a1c5079834a166cd6f7f477c9fa084c4cda1dc95bf6970f33e6add09c1aaaa382661c3713

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 eb242c91af5ec8d3b4a24bebf019016b
SHA1 d46f2ea26641cfa38c4461d08f7203143f1e3c92
SHA256 c2478bda5a7eb75420078f4678c8059ec7a9f97dd92bea615cf9d1934b7944db
SHA512 ad1aa3b9e670464626fa8177228e6705b08cd8eb684fddb605622bb2a3c50acca481d0cefaae89760ef1f1dacb3d3afb36fa97f9b81790c1772a5696390b14cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 856ad4981c174144667f232faa6f8e41
SHA1 d184e19a9bda13fbd1878fcb8d515c18d81a4f96
SHA256 bc3d39c56710f4463d2ee0db43934e09f282f4ea3ee13525ee447826121416ee
SHA512 39c1fb23eed4cd1e67a39ca0ffce773304ed0c3653726639fd9c552513737bd0803aab7740ac0ae2b10aaad6a7e17b67967135560ba421b011652a0af0f73977

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 8ca8b87d0c618e45431d86922f03342b
SHA1 9a06b7ff6af196bba91d593ba643708b0e4d3a10
SHA256 fcd5ede561bfd9c15e0a8feca02f14bffa393a4182e514a8bb3aed9b147bba91
SHA512 2e2ff7ba3f2cd6c1ea725c83846e7f7dd948e0c3285ecd56529fd6eb5ace8ba86909b24da397074ed41d40811de36d590f8727d092fae50ca999ec6134cd5df2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 0a6ab87c998d2ae9bdcac2e544662820
SHA1 0c74bb97420cc8f491c6a1135e69944fba09c4ca
SHA256 29516df3c3ebb19e88dfb15f2500b05ac815b360e3526e888009e3dc3ae5973a
SHA512 ec5e037b4917bb5380966c6a359e8ac622b125ef7baf2e2854b4e9605a018a1111d5826f720eb2e60239f23f91ade66fd165a99ce683f043f2a67c8b791cbb66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 7a6ad7cb398a80d33709b240066308a9
SHA1 1edbfd07d8eca2a2c440faca94d4d21b309a0887
SHA256 23922a96216cddb32fcdb17bf8eea33c9b22494804403b012b4e97d6ef6f3e75
SHA512 0e60520035f34a5d9a24ce8f9c877ae800b6b2b53bafda35a9a8496f5f92cc0b37839064bab03821a1e18dea7d80d68ef45e281991eebe4b82a6e2942b52f313

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 106e81e0b05caddf249f36884cba735d
SHA1 5ee51ff57bdfa8c21d41d0562f8181846bfc9f76
SHA256 dc5c48d84ffde73a3b16b35e56e05356bf8c9cdbd11900c68a866f7793774611
SHA512 4bf19337dac9cdb22ac3d214cae9161d7c4512a42eb6cbf34a76512f7cb382f28558482c506f8bfa17eebef01ad3219f3a7e84516a4870672443de0849ee2b51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 62f58203f45d62c8a5ad60a9c0c965c2
SHA1 4bbe57826279d359465b221d1bd3a30965966a45
SHA256 9d83255810e149e8526efea710f906c33c7b5e685863c0c4b59dc837b1c850d6
SHA512 7c03ee00731cddfae00b58548d74ca2cea104109b43e80199431e3f82c6425e8dc96babbc90227589e2dbfdb8bc511e5b31a1b718aa9746dedc97f2fda5fbbd1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 49658ccac1563c0eabd0d44152787947
SHA1 2dbab69366e113913d34e060ba83e7fd607faa36
SHA256 701fb0f2888bfd3d3b6d08b9e223a99bb0738419e83dcf1502c5bb63f3c0748d
SHA512 8e6db4689675a6008ba790ff983c5e8e1ce970ee4922624702c8cac0e53308a82a6ed4db881a3596e9587cbdb3b2e3a5d1347243492eb4190303d733a2073fab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2edd0d46867439c8626511152438a968
SHA1 eb7c1bc97e595c05eb56a7c7f71acaa07a79f39e
SHA256 e3eef9cecf546c439f7fbf1b509a45070b1bdc1d33a9a4c17b96adcbb616d507
SHA512 f28aca2cd89d0782257dff03dae9067ed16615db211f466f3530eebc5bca1859fc86c6dec134a4380ef0ca03f5e4ef1bdad1f820069d9e6afbb1aea04fab880e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9693dd3bc1e3b16a048342c7cc1315cc
SHA1 9422424677f9a97a8f6bd21044be2fcb8e7b06c0
SHA256 c6288cd8c0e860f10f84172ad196d226a6c8ac4e9f3ab5745d84e89e1a91f6f8
SHA512 cb1186e0c9477dda41c7c0696241baeba21611fb52b812cc56382ef2abe2e51c8406be9db6510873af35e93af8adb2e3dfbd0908d8b5a91dbb5e0455b2ce72ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 e6fe97919f30498c7b2382a05d5113a9
SHA1 91aca640f37feb42037c8315ec43bc591d64b78f
SHA256 7091952103cd73ab7bcf1ac62f91471ebba6675b7fba8a3a42c10de2ddb673f2
SHA512 eb66db8c189bdd20dfd85383b5931d3c3b111412881896142ed5dde07b5fb07c83d39ec03579787ffb98f9cc536a8ac3d24feb83f53339eb11bd9c3db507ae07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 ec60b41e0b5497812d261bf11992874f
SHA1 47c513917e0ee340d119d3be764b9cf88210c598
SHA256 437e72611d2570e04a2c1ff299f0001ef1ad4276d12753239cf2162daeca3677
SHA512 1a7b1bb9ba46883f0c587cdb4eca5e5a8e1bcd7c241faf7cca196dc45a8d9ffaecb639f600e9702b57776f27f79d4fc88d44b963c6fb839bef2de9fcbfce4b66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 15136134f315c6a9da8f923ea3a6101f
SHA1 6eeb6b3c176b6eec2f69ede560f307db2407f20b
SHA256 9ff90b78efdfb19f3334464fb7433582c492e0e83bcbf91ca594720fdc3ea03f
SHA512 ffcecd2cc302516cbedd465c609e9cb92351013bc10674d822c45f012e70cf991883f546383af9d637325d978e3de37268b0acf75ddb100331ff8c0f49acf02a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1d96694575b2d80f65a027615e452d44
SHA1 ed50983286db82f4c06d62b734a10ed32ea6d977
SHA256 49e82b42627746babcb5a473708fe8273aa91c48220d6288f0f5afc02b6ffa23
SHA512 84b765101075302ca5d643305bb221c4d61f8f2009cfa004480b8e80bc34341c7a96821b1a16e008b0405a4ea4275029e45f71a38ddd704593426e33e1fe9d5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5e9385048d76b9a07c05898ad75d6bac
SHA1 a02fa8688c60a42fa2f0fb7ca36f15be030e2f41
SHA256 986f4ce2f3e49c1f4db87bef5d71f1628b863a9913c617c3e048c77d8a169d75
SHA512 a685127599f5ef82614336a1b9566223bbc9f5ed5a033b8ff02d02c0a73a735a6fff0be47819cf763ce3cbf011e80837d163756c926057e55a1621399a49f723

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 7db5d3fbf26d762855fe8c189959c767
SHA1 659f023906b0258fbe9ee3cfa245d2a7068e66e9
SHA256 6e043af6526fb67706ec870fb5e3ad6b0465a1989397915d43574f739d10ed98
SHA512 1eedaa87e1d96af4742e858d4b9b030e3ae41aabf1615d5cb1b495958ea86c7615b77beac80df8f80bb9c0ceac360667792ddeb5c8a7d7fb99b630d9096a4d35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 5bc3db37b9daa9af02e1aae389eb3aab
SHA1 72d0a85333abe8857bbbbd66ae5b84937b697f3c
SHA256 e715c047430171be317e0270a91895a96580af26b921200b67ff1cf54e3cd22f
SHA512 ba23ab32b04407205e3c2d33c3b63eb9b8f84947b7d8ba5b3095fc30d56154bbcf77fc16781c79c13e0ac32f2d387fc8267b2b410203a237a9b7d3f4ca0a178b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 71a5d86f87a4e437e9a8b289851156ab
SHA1 cc4309969bbd22d48329f6d771dfbae09dbce47e
SHA256 2395a8a63150e9def4e4fcba69563cb94377c57fbe99f728765cf3149082b460
SHA512 fe7f5e1ffb412fadddca8318b017fcfc109576adab824b4eb16fe199badb4ab1eecb5c6c5cbd06a0d0ec1ba12cd36c79f751b04e50a303e9585ee6d77da27258

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 1439433fe5e1830b45b2ad3a7b973074
SHA1 acabc678abdbffeae80842273813585404e29e13
SHA256 04c8d019e2ba39c2c38e7f073f2fb56f83fcea88d2c2f4d90427dafc4b2588ef
SHA512 7b72bddbf275a04f5183c42ea0827ecf80e8837411d82d77a5f73135265e219708c5a9999f20a0dd3020d6e1fb8c2a00e3486e81a66b5191d244b9c4faffcd84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 8d27cbf447d85f5e003dfd2d1c7432f5
SHA1 c79e498c6363457857d54a797b6e0c49f62b4d70
SHA256 03cf871fc7471c62721551af99fa028a099e8d30caf2a6f30b4f1d7ef4b21be3
SHA512 0bdb36ba6293507dc79e1562f5a9106b7246cee96386aa0ba5067953a010321a9a67fad3719b63e8cd8596825a7c400f02bdb514fb9550a3b1323fb08f029ee2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 b010d952012ed3b37f896580c409c67f
SHA1 3eec8bf8030ba0eb40dc261cb86de110367692f1
SHA256 b3d041aadea88b17ce6886e3134b65db3b93ec46b763f69675edada8c4c5d0f9
SHA512 ff7419ff3a831d12e1a6aeaac387ec976c9c38a08cd417b2f0284ebf3327813d7859bd632c1239f35e725c32d38cb9ff47df560295f665dfffb7e3cd1af025b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 038190b71dea6fff329abcf94c26063c
SHA1 17cb4df9121e186ba9079afab7ff21e3a3e9b4ec
SHA256 1c4a4353196bda1c50c4e7560b80b61d3a27362349da6e18811fa3cbab463cd2
SHA512 693164f76b13a8ac40539b647ec34247fcff06fe4ec2cbd58ce958815344405395a440b82e6746a25730611eaf65cfb186f7e46876d68d59d8c95005b1078ec6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 86e5dc0c81102a4db2c92d25b93ced20
SHA1 e60e03bd79a0fa45b608399f02584e3ef605a3f4
SHA256 818be666e58fb8de6b604bdeaba1ee87f898d7a1f413e1a4e928f89bc4561ef6
SHA512 2ce33faf1a2513e6bbc108c40aa932d26a1e9d6568fe366fb9eae42ce3b9eb7c3a2e12ac6f8604a6cfd91774aa2efa99b6a9f6933aeb23b8bce49371e63e7c42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 a5cf636bbb623db7eb429d884d856468
SHA1 8137a7135524cacc62fd71deb643d99cd9d72329
SHA256 b8d85a7fc58223b78245b2c6f438182367d13406a843b8d6b5277bf91b385697
SHA512 b63775a15d63295c753d3dffb9e0bd3cd05c578f90ac6dc148174db0598e4996400905ee26b7708673ac4405cb9f2d5a94bd616133b64b90e16398f70e8b63a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 6320f2cc8c6d5a0d409a20e025ede0de
SHA1 10662ae4fdac755aa9237177e0054ba005307055
SHA256 a88b652df4d36e1e0c7225f11288631e77585423e7a902041ed8fe79e31f4cd3
SHA512 6195f9fb5d90bdf35506925e37d93e0ab73aec9d787ed87ad88e2d213950f169799a3505c92db51d922fde51ebb5948130c0a09f11bde23b20280dddea09ba3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 39612200af6cec89f6a5f93c9285038b
SHA1 ae88905c40331aa9dcf8c7a1cf64060b324d68c3
SHA256 77cf6c86463c7fdc857bdcdab2c993c8ce6371356ffbfce300c1485bcec67464
SHA512 7e68b183d5de739392392ff7f7651a553e3b47274884842c55c8d926a4b7be9b7808d37b37123e86271e9410ae7050750242439d7079eaa45986f61ebccc1ca0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 d2812c4d31821f93bd52f61776c1611b
SHA1 59fa963eaab2ce5f2ad127cb0f4659631aa9ed2f
SHA256 d46541a287106810b71cdb2e931c89f4de12f0b9b30cc4bba7ceb424bba0bf25
SHA512 0c076683fe0243b4fcc3a2c9fb41b5ba7c5359dc893ae93148f00876e48f21faf0499122e592544f8d923acdc487ed65d6cc3083560c95fe09b6f189176c5528

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 20e1c7965bf1912233fe2d843133b021
SHA1 e1ee06c904c54ef9ef85998d2b2455a5ca2e3878
SHA256 f4fa21e727e927ffff7fb3f3db33e3ddac446d6776bf0dca5de34c5c0dcafe9b
SHA512 9481eebb85f0fdb89c61e524e97d322d3234d6b2e8def913e106eaf9e6433429861be22ffcf2120ade4d7c6707f7effb9cd87c722a2cb824e45bdec0a6d47d59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 29aae12bf5c2d8cc1c2ba175db3a5e2c
SHA1 c27fdd4ece9c019f1f7190d75b9d0ff2d861a118
SHA256 27d90562eef2545ae7ad4f6d9b4ba93016abfcb255be6cbe5c1ab46dbe0efca2
SHA512 358bfd41fc998a80a69e9e570c4c3cd5c5b0a905d233551667470e0c691fb3746a660c709118c3c474e5dc8f5770d0038e1c14c8fc0343de91158151aa149469

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 1a1825dfb68bed46bead0424b6972037
SHA1 d1152c38e7f4d27c1c6d5585d2b0c69485888d9e
SHA256 c1208b58e7913b87ce4379e2f780fdb76e6142fd44440e592007d6807dd6a4b6
SHA512 cb058b05c0011e0cc2f41fefef3470e22f9ad37477013e5b2ae92e0be8c60aa1cd1cac820a9651d59bfd9d99a194a7cf1b1257856d9d28febc69f2aad9df4453

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 d2b405430a247efd6e49b9970bf71b7e
SHA1 06f9c69023ba164f126948ec14bae13efb9a1c43
SHA256 f24b96846b82b0de2cb88c43a86f2820c02bcdb13e86807bf1774a8028a3e826
SHA512 64ea30c17cda6880b519c18d9a60474f6b2ca404eca8d4f4ec51abcce75bb444121caa0e1a87b5ab280033da3b6cf9a9b34b15e3cdb0a3b21bd003b91fef9ba7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 9734f739af130232966a9472f5fd6b4d
SHA1 f5639c52b45169fb4c0a929b10901666f24651b2
SHA256 cf7e2354275877b6b1a36e0de6143c14492c5efc4575bb4e2a32fc178bb5ab27
SHA512 5bba9e47b9528bf364a540f85bed13e1d154c284c32516279515b84f10dfb7a9ab8e10531bcec05f3e77a9038e48f3eeca5c0f9bb7434d4cf6a745faf0a57e09

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 772596fe07a31c7fcee23ec9a0c42421
SHA1 845012fda4cc92435e4405027e45ca54f3255bf0
SHA256 9b138ba6bc949ea5573cc7696192905bf082f1d6e517832e15113f1cc3b2ddc5
SHA512 feadc8726f7ea6daf7793d13215b3119e3f3b9a46291ffbfe2515e2ac4317b27992226fac1e6706889c733b087032ac97156390c07f1f1138747c6f8f54993f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 0d7011bb3661f36856cb095aa3cb736e
SHA1 09fb1b815e2d19e7cce2c8d6cf184048a1763681
SHA256 9501d4bd3c01626ba6dab4686449e274449ccd233f3fc8b362940efae15b1a49
SHA512 4ce3f5c411d96c652e82d6dcfad2d0006fa3f0463d45e355fe609a09ae56ac286bc3d74c8ebb15679a8fa2baa0841332b498a624225b32b2c1dca1571ccf15c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 54a408b6e0c498b75c651cf36c153660
SHA1 101938142541ab746c4ab1f760259196a1fbdc51
SHA256 9d796ef78a613db9272a64acf5a10074e906ef9dcd1ed9444142a8b414550058
SHA512 62ef8986b967e7aa01e5ec535a61333d45b76887f48b762cdd004b09c66ed07b9d076b84b6ec61c20011b1b24536b2d73edafa000f931a6a36087b6e9a314f76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 3a7633914bceb1b783261b02884ed73a
SHA1 dd393148df9d409b15032bcc37c16103e94a7aac
SHA256 3580467d3e70314d2e29e68846121ba3e999a02158ac636f21726af71da79a3a
SHA512 19cac3da3615c7681475e180fc8dbe0acef9bed37552c00127ded446f97b75c2aeec01383c723ecd8273656002ee66d48b884a90b6c53502b14074d4ad6065dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 b9fba64ccb5dce5c26054051c9f97918
SHA1 3ec7887397ef208cb6336ec7bf0ea44d06a38afe
SHA256 274ba58f35802dc185a881c9eb283cf256d7a825de2fe44ceaf63388d2bd23d8
SHA512 b810d17a3ed8cdcecedc024260b1f7b0421f74f30f64aedeaa96596e24806dc372bb6cc4c58f48b0c4e4d3b5f1f090695d07125500ee6784395645080eb7860c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 c2696e4d6ba7149b28305c1e60b18950
SHA1 27e5772b310a893e1f74b54cfaadea31c51b9f84
SHA256 8f2c0d0ae37fdfc43df63051881e4ba6be02c8283d57f2f85a84b6a4014dc3dc
SHA512 09acd456e6bed2af02b4e35259bf060a7ddac9aa3b7b5204986db4e55f9fb0c3603d6168f29d4826cfffc283e73885b91037a2c9658887ae2543adc4e4ea86a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 df56e85b42d4afe613d0f868acdd460e
SHA1 b60e3436db76092d1689dc055be616d8806c3655
SHA256 2bfef5175616e2a8414defbd8b6f8497cd333ab669daac3ee1622c3d913224ce
SHA512 c295218281e9587e5c49d9f88263f08730d260ca185dad8d42502b9d660bcf4409e1545f00699450aeabddb1ec32e4215283ca7a41a175f0c4ea6ae627ddf14c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 cf1b9b0d093aed5d3dd9c1f3a5927f88
SHA1 20d0b8561e87615a46862c39685365812c8cf176
SHA256 23da459b9b292fc832827b7f8ef729dbc7e706ebc9015e051946aa1cd2c39529
SHA512 cfb3f03ea6c4e783a4bb16fcad9ee2cab376bd412064fb1b02f4fe8c88df94a15efe3213294a0936d8ccda9a59a78f261a9e1a21df8901081aea3ffc7438517f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 21866f34ebf8de2cee587060cb3deb49
SHA1 655ed9dac1464bb77f0873e7c27329e3c57ae938
SHA256 1529745f4f17e144ac0a45fd8b6db2ad2e53656a2d9a444f1b100dd13577f52a
SHA512 c804edcf5e1edded28604de10c598ded5daa8743815c42d66b8454ab17cb0f5f558af688f694ace987b5781fa87b05b689a44a2a271adc2c393259a4d27e08a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 50ccba10a9b966f924c926680ac083c5
SHA1 6ff74ff58662b35877cd564d689102546e511014
SHA256 20e1251bc471892c0183f7a136a5bbb29976b224037cf6fdf7531be3cf41b2e8
SHA512 56855e893416d4dad64b12655db35021b5a73c836e8e5792c02f8bfa7ab1f834c2225649a09a085d63f5e63a96b92ece2f7fb0007fca4b53343ddc3509c62412

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 bd5e0ccfadcb2f8ac0c25b2821a202cd
SHA1 afec5cee9c7db83dd210b81d62afa285dec72f99
SHA256 05ddef3bcd5fa7e5d1bd966a4e5cfab0472d996a02d254e8e9c5b54c38b814a5
SHA512 54df833a968d779518d8e1ebe301f23143281e27bb9c4fcf6be68f65058f4abc453729c1aecbe4c112bcf0113d7b2212e3c51e5900a7a7cac20c35b923a1eb31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 d2f6ac1d327676afe7eef4c29f3857ea
SHA1 4ed9d0292168528d9a767cc8486219cee1a5c364
SHA256 572f26ccfb0391b73ddeecde9eda2d5935c4848b0662e1a1630641bbc0eee476
SHA512 d78622d274ad6488e1d3bdefa2c1a90e9a8455eb8b8bfbb7f822aca56c83102b645ed00a088c728503f4b0350cf8ec76fc6e2b76563956c2aa21f99da53f5771

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 0228a84138757101d7ce089c61621b4d
SHA1 41c49df006a6ac81192541183fb93e35cbda31e7
SHA256 7562a5d0b60f7c7cc9b263e0ce528e9379e8e63d649e809ad783b26c417093a7
SHA512 5e70f015a37e5e22ab0c1c9b42f5b23ea8849615b04fdf5f4b428ce22f616598395873ca125472193fbbccd7c00dac8f13ec4a2d5cf8a8225e328c3b55e45452

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 742af9170470f351fc52b1e7e975b4ac
SHA1 91387b91fadd260647d04baeb303f7fc415dc223
SHA256 e8f589a3455214cd7a11d60ba96fc1e71fba29bc8667d7054b6fcbfc9fce0858
SHA512 396c1aaaeb097cba1015eb068e7700a83c78b6120b540f03caca479ca47c9246ec276c8453e3f586cf7b09d5d26a4d4de18e062b3dfd8c8bc3c52fbe7b299342

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 755d7eb88776d9d4632dab2c568ac1a7
SHA1 ff59840f5781f3c9cb6d0ad56c003a111ebd4ca1
SHA256 684bc866088f2ce309f3a24cf049d089838066e69bb04f1ab6241f52dffac6d2
SHA512 0e3310ca1479b593745671579eab8e9c93488b33f7094dc8e2e2428ec81f1f17e26238a96d6ed7ace9fd7ea6ecfc9373ee120978d1c3f83777bb12985cee2675

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 77285e2a7db1dfbd0689083eae321329
SHA1 92296cec642cfb667828878272c9052c01a39439
SHA256 041fba4089de082abfa2cdaa6f21674feaf7d4d4552098d6f60718c0e0c99a9b
SHA512 69e32f2236a872e6be5719ce5e0eda28b303c3146c3932b5445ec4340b2fb00d59580db4c0e54fec98da179d1ffdb529d02bc0b73343979e001c28414a3ae44c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5ceddcb22b10b4b11dcd0688038ff539
SHA1 00c17e6ebe477f9cd1e4aa163002e33274ee33a0
SHA256 92366fcf63bb17fdd37338417857541d96ede2281d3517a1407cfa684009d36d
SHA512 529f2223b2a86065a12fd79b4ff992c1bb72b8286adaf43062e72a7ea29f70f88c32005cf93759c4022011d669b5eb2499123866917c0c56058f5a5004bd6e3f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0ce7f593a5212cedb1e6c9847c510850
SHA1 9b2599a91a9141e4632483e36eb45c149adb44a9
SHA256 2699f0f85a3a6fd6ba7b223eb1a45437a89f186bcb312b42786dfd8ceee50b53
SHA512 2c5ff148cafe1c28384c1e02c78791d225ed7ef7039fe79ea08a2f4329bff51b9e07fc6ac89cead8d7cb8960a4e5df449d410560f866d174b68d926eeab08413

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 28ab2a193772b3d47cdfb7ac311c2004
SHA1 71782f5639da464f39c262f4b45a9c5927b40274
SHA256 259075ef3b6609155d17a6c1e73d272f4c41fe46d5d024d88b88305535965581
SHA512 d25b0c003df4bcc8225ae25457143eefbed1e231b71571694ca25335a5f81b9d44c7ca026482fc8b2b21a02f8bda6823429766fe6033f522ec3fbcbe7ce9862a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 8287ea96cb08582fca386b37bc474fec
SHA1 166d18e2cf8b200dd7c9b9cb9192f8d3e3f520e9
SHA256 9fe45e6d150b703a4974ce9e956b265db742cfb9a66fdd112823be3b5256b013
SHA512 93824fea1ae8a188bb88070f3867d6452094669ec86c7ce042dd476b8e79b57bee47d030bf1167c7ecfccfa8ef4dc3a00cdcf72c326c0701e677759a0416cafb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 1d1836b02dcf448cbf897265189f97d0
SHA1 2514f529e1795c6e2f6f92065d194c9ba31a4b07
SHA256 7179a94fcde23259219aff694ba90ad13c9c4cbaa3a73d9f5ce67addfeed7608
SHA512 bb74c57c38f20b809ff61f55b79543de3167fe6e0949d4fd78dd2ab9c156e9d68f4b46e247f99eb094bea0ee8b6e912999f3014109c349af673691ba7dabbb15

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7aa0b818a4113175516894b33e99f895
SHA1 c331834e02f0a03baaf4dd40ef5e2a3adb41e6f3
SHA256 0b5a17b8cd706c741501b1d30dc2550dd1c562dc7fddba023057b48ebb9d7666
SHA512 c8eb1331e5c695a2ddb81f13669b831d1e31528130f814eb62e16f4094c65dc1cfe1b7fbc7b3b419579936e000c0210a48fb298893207684d13cb0c1cfd46ff2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 34b8d6bd229d9302d81139fe7dc09552
SHA1 e9d79f7dd51e614d71d61a8e196c95ca822a06fa
SHA256 0e4d7bff5391fa9bbb930922f62dd35f786c970a63a14fb80a482d835eb71f31
SHA512 3691907f66d78cf2c8f778904678f2821ab1555010a5277201bf13ad00921255461c30c30f82f537bf5b5c9b3f5c90fee0bdf776b63a7b67457a5c150f1313fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 e9980532d30168a8fe89846250472071
SHA1 c31b8066d1e597cab2b7ce67b83a5ba8dd588db4
SHA256 9ff84f55559d59b75da28e10e1ffa7248b6f5715f0e4a126e3185f8798b72e43
SHA512 8e14f4110a40232ba7360cc317891cc5ff4124a5e08ab851f761a74b8df8d8f545d0bf8d0a0856ae250fbef6dcb6585b0bd34d8861b5094593766232017b6ae4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b93afae955631b4ee22fcb8260cf111e
SHA1 ffe19972f652a2c6b84d5a5ce2a774debf6fd849
SHA256 362f60cc08ce5f66edc74d0659a07d61cb3a6921bf751dd27f67b0a130193cc2
SHA512 e9b165c241c75b841787f3a1e203ae50427512f5ca3f5cf3cc77540e1469994253fc3bba2230c27d9b0c51877881a36ae19e901929b2a3f6be4caa291f7a5c82

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 fee35a49a8dde45f6e0701ab5aa27a9b
SHA1 528eb637978350ed17c9b2022fe972cecfb9b27f
SHA256 445776130c7cb28390cd0e92a9c72f6e58c6e76c9c4a0c85507ecfa6f1d90119
SHA512 696b1ea1172b9e391848b95262cb4fcf596956f5c6f0798db799fe57c4699f1e1394380be46adcd3e731f6804f43c37e2230f2a65089441bf52bb2df68ac84bb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 b4098e9d79282245b59849f54f889703
SHA1 e736d78a7f38408b6efae59ba30d38c1ab43d0e3
SHA256 3c1d92680cf5b0434235800d1ae866d9e3183969ae0275ac38fed1b38b183030
SHA512 cb3114c731f9592b0eb5a7dac0d7cf4014fd1ebc16a25d250be4ae66a6a6dac591f7e3bcd4f8314a47d0f2f9cea669a080032f3bb351604036bbb68a45e5303a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5d8fcc29e88ffc29db1fe1825405ef74
SHA1 a0c963addbd06fcbe36cc64fa3fec7f3ae20e59b
SHA256 bbe0ed4cb25f74c39f6cdffb6e63ec13e6f3b41298df5f8a3526005d1b0988bc
SHA512 52bcb14399b41fc46a17f05061e5f1753dc1ac4bb413914fb6230a1587e19f05917b1a7b3d71a00c2262bb5d2199504627ecfc3c28b2b1f399db332bfd720259

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1a4aff43c9d4e13543abd603566b10a2
SHA1 08d5637a26fe7c21309223d8b75d789a2081402d
SHA256 69583f6ee7e97e7af96a05d01681507a51a9619a3f315afa9bb252783c204dc0
SHA512 536d3f4bee52c563c76fd368b2f53390c61dda51ed3ac1019facfc7a3a86385f422a1e8a91eb50c248363bf208c132763c3570808654439fffbb60482a760786

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 357fbf42ef0508bc44b271f28fb6420a
SHA1 b9343cd2d5bed9a98150519871a9a58ce80cfec2
SHA256 6241b37e7a4ba7856571f24066d05170a01127fc6b50760765524a312f54f976
SHA512 d87c12ba767ecfa063e0dcb0438179f6560ff6197a6140609c8ee8f18bf8b2e81dcda0d2ea16d77971fa14cbf59b4e913ad45fa71c03d8ac7d98a1975d9a2061

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 6b513c2c4f3a1a43fc16d9d7e9261148
SHA1 8ea28b165bdd769cfcbaabd0c8a3fa025f1c9e3a
SHA256 1f9d4f52c7aad6ec4f33bba8c8da11205ae632c99f00ac4b807cf67bf7c11694
SHA512 19526f10200ed6af744b1be5370aaaada2df60f292026a3375b5c831b50d2506ff45854cc439fb434deca53d7e6aa2867d43d74b43b8c8256b1b711caff3e0f8

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-27 05:24

Reported

2024-11-27 05:26

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"

Signatures

Renames multiple (2492) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\bthudtask.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\WerFaultSecure.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\MRINFO.EXE C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\gpupdate.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\mobsync.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\DevicePairingWizard.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\RMActivate_ssp.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_8375a9378e7227d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\control.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\TpmTool.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\at.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\finger.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SysWOW64\GameBarPresenceWriter.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left-pressed.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\reduced_mode-2x.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1113_20x20x32.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MotionController_Pair.jpg C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info2x.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-400.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_BillPay_Light.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..napi-stub.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0a7a6e697cac0bde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.powershell.pester_31bf3856ad364e35_10.0.19041.1_none_8a237828132e61da\about_Mocking.help.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_rtwlanu_oldic.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_578df1e31958b761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_230cfb7fe989f1d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d...writediagtelemetry_31bf3856ad364e35_10.0.19041.1_none_873def94cc87623e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.19041.1_none_f7adca24b5f66134\EhStorAuthn.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-provisioningxml_31bf3856ad364e35_10.0.19041.1_none_bd9b9842d29858e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e85586c284f70ca4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-tiledatarepository_31bf3856ad364e35_10.0.19041.1081_none_435297135474d97e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_10.0.19041.1_es-es_ff6b2c16d63472ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-orchestratorapi_31bf3856ad364e35_10.0.19041.1266_none_ae717274fd678579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-offline-amcore_31bf3856ad364e35_10.0.19041.1202_none_b9662ef4fe1412ad\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..i-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebb5321ce49cd954\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-websockets_31bf3856ad364e35_10.0.19041.1_none_708c3c1af3943b36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wsp-replication-mof_31bf3856ad364e35_10.0.19041.1_none_34165c046986ff34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_10.0.19041.906_none_af34dac13b7cb54d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\f\InputApp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8c4c17ec9ad456bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_10.0.19041.1_none_a9bf24e736897f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_10.0.19041.1_none_eabf966090a8b105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_system.numerics.vectors.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_8d7928f868b0c2ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_10.0.19041.117_en-us_27c971259566162b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-idctrls.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_aa2eb87bc9458f24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.746_none_122a74c9827fe81a\r\IEChooser.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_system.management.i..mentation.resources_b77a5c561934e089_4.0.15805.0_fr-fr_3a53ebd6b8985305\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Console\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e0fef0cf2d145e23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..mitymessaging-rtapi_31bf3856ad364e35_10.0.19041.746_none_3e2a61dec7a962c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog_31bf3856ad364e35_10.0.19041.1266_none_518a2f9fc80a85ad\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.264_none_cf10e1b9894f9e2f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mixedreality-broker_31bf3856ad364e35_10.0.19041.264_none_3b3536c093f7bdd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..verydrive.resources_31bf3856ad364e35_10.0.19041.1_en-us_982a11d0e103d9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fa84bcd97ed5458c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_netvf63a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f49aa1775e299095\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.iis.power...provider.resources_31bf3856ad364e35_10.0.19041.1_es-es_467b6b1894b92c08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\Media\Speech Off.wav C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\IcsEntitlementHost.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-desktop-playtomenu_31bf3856ad364e35_10.0.19041.746_none_8bee6dafb3345d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_de-de_6006045d449d1cd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-l..efault-professional_31bf3856ad364e35_10.0.19041.1288_none_b39472f9da00dbd0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_fdphost_31bf3856ad364e35_10.0.19041.1_none_3189516e0dc9dad8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-1.htm C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_92681c73960d2750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_10.0.19041.1_it-it_cc094c874c3fbc61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-xaml-phone_31bf3856ad364e35_10.0.19041.1023_none_457e1b66652a9084\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2d3b6ea159ff4dae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_wudfusbcciddriver.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d5d4015d94140605\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..riseresourcemanager_31bf3856ad364e35_10.0.19041.423_none_1836bdb9226aa8ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.19041.1_none_389cd5270341e0a8\regsvr32.exe C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\diagnostics\system\IESecurity\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..interface.resources_31bf3856ad364e35_10.0.19041.1_de-de_1377293f6ffb3bbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\network\Images\networkBadgeError.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\Folder_Small.scale-100.png C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dusm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4c5224ef0a5e3765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe,0" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KyN5377FpuKUICV.exe" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pizdec\ = "MCZJGRNOTVEWUIU" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MCZJGRNOTVEWUIU\shell\open C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe

"C:\Users\Admin\AppData\Local\Temp\f49df369e2ea0fd1cabba5d4d9558c28943c00b93a15d02424fdae570a841395.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 2e07d07f927a600d6f86d0f2c149828b
SHA1 2cbfab45834837739f49bafaf63f1dec1cb96acd
SHA256 7e56f0e84c96de7dc45391cb351be97fe564a8275bca88e647f03694572a6926
SHA512 f9f6c33a685f0b324db426f1027fe61b2f81ba3842231c76ce7394912ba9ac6cc285bbdf26d247df03bc45fa74450d1d4a1c89eead09e41d6496646737148e7b

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a0f37f3b5889c51f327baa9125d2eb47
SHA1 ddb1b332b8ac74a10c6351cfc81464c4c5b48ef0
SHA256 af5525e659bf85c0a7118216b68f7f6cac015cf520652f0699c1de1655b22716
SHA512 7523f38e3fd5d221e98486d4587c7b16a856510ec20ccd117616f6cc75c8237416bbb4994798dbabe7f847202a035b18411c2c609b728336f07f3c38e79469df

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 39df7c518595f3f5240ab4c1a2b4a60f
SHA1 2848778f5107cc5318a4e71ecb6c3e45159ae622
SHA256 80f086bb75abb873775ae6a11ade58de8ab3091e3f338107f9cf0aa9d0f18bb7
SHA512 246c9b32e4061e1fd98212c3a9652e6f6aeed1101b822d7f045160155a1f2f6a53d41b69f226e55950c85cfcd81457849ab63e9042e5a8de9d8a41884be10009

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 d9847285752a9a825ca41380c19f4e80
SHA1 891cb978792249bcc0f6ff6f41f7952cb678b3d4
SHA256 beb3e8a5a1fde77e70f62a8423089d9f86ebd4a5aa7f25f3ccf3818db59e56ad
SHA512 17e1017fc131451274d57af347e29581ef4806fbff01beb853833934ffa8ed5c9f2f1e66767c6490d749287b01fba51c567d80abc8f95498962f7f01a999a5b8

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0a27db412e060435794b2508ef45ce6e
SHA1 4d7d8d692b5355e97d702200a760a416b3595f6e
SHA256 bf97f03a22867aa37f2f701cdac340f9138c9c207db41c75d8f69c3fcc3806c2
SHA512 2029a8176aa7b57df8ee8f6b8b4d2bffb72e95d81a87d967a54c834abd89af363b726547f41e24f523c5399133fb3cc512893fc5dd75dcdd5f8a1746ae261899

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 290804897c1bf5d3569aba7c237a0b1f
SHA1 d6997bab44fa317e677741cc6e79991dfb0c92de
SHA256 a16d44eec86e01db24a4d25047f1495aa786eb2d06449ec553c8b3e36404f5eb
SHA512 a79dd3b9059d13af78812b5746d35d4ede98096f86825937789fc888538949c71243f5ebcd8838ac45c4f0d85797c38f28ce88523ae96402cd27f308c577ad55

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 2dacd65f7ef75e32d7628026c05e3ce4
SHA1 16bf22e1eed661a1d71c6f729c5dc95a0b5acd2a
SHA256 51342075978f27cdea1e6131682424ee567d7455f07ad07806e689e000d0641c
SHA512 b7e4314dc87dd867a82233987a5084b0b68c328432b6d97cb1ec7cb81ddf4177dc458e2a1cf3d5b943bd0ab34dfc6aaa4f47b02843212330aa2110c360f57547

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 8921a65395842b1be500eaec9a22e0ec
SHA1 2acb1756dc2820aa7b01c62d028f641b18b77b6f
SHA256 a15e20d0ade75f32111b55a3783675e87567ff579bbca68ead6b2db6e2b48a75
SHA512 c7e52a162dccd99053528457b9c53dd9504c5f7b7485154b081f468844905dad590e4893d62eaf4a84a76bfa37de476567921978be572729399384d29b8dc051

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c067048597c862a01aabb1d8191ee864
SHA1 f6e862725760275be6927d2aa844dd82ac8af1a1
SHA256 fdf04b4969ab5d6bb37b2555b82ffefcd962ccbb26a4023f801f38bbd0838053
SHA512 1f6d7fed2beb57b3b92372e37584844e94cbafaa71f25086f4971a7ec35ff61e13dbc321c5f234c05451ca0b59fd6e846dfb62d85d93499cfb849e4393116dd5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 4e3f45b5b51504f37c98eef69b66af93
SHA1 7b689747a340bcecc6742965b2e0e60847c135d5
SHA256 05930bbd7ad701ead1d655f4ff6afa16c832fc7365b46f98eb9c65dacd381c85
SHA512 eb23c3c234c20d7a43b04ecd1e683a1c3b5578678b99355d8e38f1c00b5cb71f2323364fcb24463ffb98f4c60ead7c49a9298ae33d112f30b4dd0ed9617a489c

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 221914f20994eb19ef0b7e481432188d
SHA1 111dcdb217a28a2d5498a3d6157d6f6108fbd0e1
SHA256 5c2136e7ebe285d0d0c4d5c0ba64fbc6dde81a490d5bc587cfaf9a1a5582fc41
SHA512 d4751b0caca2b32be7e87196451cd54323923dc2c7c54ce8800a9855e9c45aa0bc897662bcf64eba7e0618970cbfcdbf5f8a17e5171fd9659a7c04e9dcec4a95

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 566338a186ccf0be42e79ecc8ddbfd4a
SHA1 664afd0cfd126afee319f3f9f790cb6c463a08c6
SHA256 abb30bd032bf6728f3ceedbb62439ce61241a6e3eb799a8aa082cc40095368ee
SHA512 0ccc277a3e150b2c28e1656a67db40b50d816f3cc655aec3e8b0220dc74577ecc8663e0d333f28f3d93ca92313d4e1d575f22e81d49a9ba73dca860f69113241

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 c89a8dc0f219604df340d1870805e315
SHA1 7a669ef9ba19de8861cdbec894fa068a3fe957f3
SHA256 e05c074e4f3ac4abac7820d32a08c9930cbd2f714016c28fc9e6de3c93776710
SHA512 7738c4f3f47a9108e9b37ea645c0abbf8c7bd3ffa54da900dfaf227ada5959b1cb14b17004820fbdfb5ad747221fa9a4ccfff0748dea212bddbfcbb9596a984e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a3724b4424d4fd28e2971e43bd97b299
SHA1 25975e6616aa5035277e7560cebf04659ec759ac
SHA256 6bf8b43c9083adfd35911ad904df2a183d84d3101d57fb76b15c6afecf55acc5
SHA512 e64b62f63432712102d6bea98237d9a4a736975bcec921082710a736c30a6198033f7cf81e882d5a033ecbd3c6b18884946143f4062e63cb876b880d8c29b91d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 35b5f99c921c69183e21bbbca058338b
SHA1 f59332407501295419e377757bed8762ec3d7f2e
SHA256 f48fcb309d6fdec19a0b2dc8903146b236c0bee0d1d44cfae8cfa382e2f18c7a
SHA512 b59a2e7602ad35ba941b221d557926fa887f796ef82e8d41b5c47d9beb606adcdcb9d3e2025c4031035b865a7197ebb96d1213d4d7aadd4b6d9faad141507c02

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 d6acb60165ace5029a201c7649fae506
SHA1 8e12e77f356dc60bdcd22bc2f2273730df1c536a
SHA256 eb689ddb71642107e24456221684bd7ed2e35534852c9cc8c5b69afd33623dca
SHA512 a698a5902daaf1bac42fd1a1b6532198cbe7cdd3b07a047681b3e6329993d7f11d39db459849758cd9762de043b622671f562ad5769729208fb773705676c89b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 39c3438cfaf86176a72ec35897ff0824
SHA1 f12afddb11a75faedfd0fff8acb6f447fdbce646
SHA256 623f1930d4d155b3753d3e55a067a9e63b12ce7620ca470d9328ce1f0063cb6a
SHA512 ae7acfa25186ba6ef73c4ce913931b07dda862141143a13c3ce6b9a1fa791a47250e7c45cd7ee79267b88b83144819284ee6d23c39d35f15eb2a74da80818a91

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4708b52ce806a0d5ab100e64a1bd3a37
SHA1 189a1339e2ff5417618f39336f9a86b31b5f2671
SHA256 7c5e034d5a01bd05ea4145c98e9c5e9fac028d6db409816a5e8f1eb05b13285a
SHA512 62fbe7431e0033d020f487830ab5d71ab1b66b9db4564d2f5eb7b23e1f318a78f4fd47deda85c1aefd0b15f7588acac6d27a1823ba3a117ff40480e6a4a3ac1b

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 f128c222dc59a55d44ea142a891cd244
SHA1 b3ae432b9dec073ed4ad6b44fa53b907fd96a4eb
SHA256 00f4533600dc74f78e37918f59f5c22d1a44b0e5d680332111af396b61a319c3
SHA512 0d462c7da005517a5316f0c82be4b163374d06399a2e350726115e53632062991117e6b9d7ca5e34b386e9734aad12ea2e2475f9cdf4065cd9d95a7675b0e313

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 7d0eeb4a812ec34cf2a356a728f15310
SHA1 910fbbc88d52d1c8a409ff632ceaa3e0736164d7
SHA256 41d11e3d066b49b123c851e0b641fcec2e7731bddcfae162a2766091d9b0ebab
SHA512 0ec33b72f13a3f320c654eac7767ed1e4eb28b8e767438866249363b9d671967ba90abf9eedc774d1233a0c800e3266f87e9834d902631c9e88d243828e97644

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 14ad3259301a0be120af30e1aa7335e3
SHA1 5419888636ae5aa78569c6a33470e64cbeab155a
SHA256 c90b87b80fbd1c12c42ef09fc0ccd2be4fe18425cb22fd009d7d64d04df33200
SHA512 4812a7a0cbbf60f499e6432dae860b4d2a9af4e40999a6d5f130b9bad8f7bcf04c1a551c73c3447e761cd3a2b7a7aee4f23db800d532ee56cc9ca6466fe8cfbf

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 f2813dcc68bf3515a61e3971456644bd
SHA1 75f2bffe6d91fbf214b867032df8d3b4cdbfc5b0
SHA256 0d751ef6e193e8ea06332fd3d95589ac455b0fc4f84c2ef840cc48b76b6572ad
SHA512 e5b26bdef5167cabeb3d637204717cfb6020479a7807c1c34c3ae5340a50181e7bc4cd825853df300c15e857cd3ce3547368b7877fd6bde20f0bd5c0ce25211a

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 59b9ff5b808ca379c03c5cc7de05e815
SHA1 c9fa705c271358ab4ef60fe5861a765623bd72d1
SHA256 fd8dfd5a55c635c3baba6db748fc5d342528c1146c7e80249e22630689b936c2
SHA512 9d943182bf8453699eee9dd3a71ba11e7f75dbf1edcfcc536a97c8f60f42db2d743ed4d70785a51d94cbb19d553adbcd23f0ab7e21d6a6541b04644c02aa28f5

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9907bff3d816a808beafbcc0e922e796
SHA1 32a82cce325e76ab3db5a9538c058431458c24d9
SHA256 86df4e651ad9f1bc467db2c3b61eb8beaf50e426973260cd1c4ca1136c81d004
SHA512 8e334deb7ed96d1036bb199b81a18a3c6baf7a2cc8c62a0f2f8a34580c92b467013179c86a8ef020427252581c45a91be9a98adcd5e493017b8d4cd4d801baeb

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 339d6ab839fcaa8e891b50b1ada5018e
SHA1 19b1cd672e0604f241e53b11ce8905d762b3d58f
SHA256 19b57f2f305abe35f2af5dfe82d5c1bda2ae154405b96e8f6daa2f6cf43d8fef
SHA512 2c6a68a217af95d8500b3dd2557b41a534322bff03a44c27ba2681adfdd5918d758485682b63e5e14f40f10809824b749a6879f9bee7c3bfb53c16823d63905e

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4a830efcf6867824f5c753f594df5645
SHA1 4812e9dd367c1f71586787b383264f8c74e111ca
SHA256 be545edfbd5880167a1b95e2958b550d47756c01748292f4cad88f6e09e72376
SHA512 51d072bccd0b5e33b225ba51129179ca6c402efc0eafb9ed801c5a1d8b2a1628e5624047e87249a6717022d7ce5405efa5dfc08e75abc0617b4b15afb5f680ee

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 81697c6e533c0288487b9ce47af30e38
SHA1 95f13cd400fbac07f0838616e9195b966c7ca47c
SHA256 cd09dc3ffec19776c42fc653eda4ce04912660a79a26c40978078744848a3d82
SHA512 27277f7023654e3602465d80428a83d79ec638cf52dd09598d5aebd478a0668eaee39736713c206145ebd210ae31643a2b46ec7f2882500051cfaf042f6e4253

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 21220a0dd2995c21944384085e5ef176
SHA1 52b84d67560cbe5a5b1346c7136018436986b133
SHA256 9396b87052b0e3a4e568b010027a9adb764aab31082579c474ef7aef483847dd
SHA512 2cbc107fba3156f48bdecdee78011e352fa4b9f9d22bae0bee2dfdb0a4201ff7611b3654d9383fcdb8fdd43f2f68b7d63796a7aeef17e8d90b74bdd67f503b17

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a671fe49128cdd13f50979d74285cf52
SHA1 abd4def68183db357247d98424531179f7d47477
SHA256 e1ae738451a0ab4eacc76bedefe04bbcdabce071fd5196846e2470c3c41e84c3
SHA512 e9801eaed57b026e3026ea6b9895390598d42333b18bd38c30e37349d3a85495160e4200110925f5ec359569248616d6753ea538c678dd8be538404899aba21c

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 9a823026b8f16d72f6bc6abf1bae725d
SHA1 d000fd8e500a16e57242eeb726825d899e15c7e2
SHA256 dd7e0f8b8f885df94a4fdbf8ecb481f95ac91c555211faafc84c33e495a42181
SHA512 fd2e9aa7a3733f6653617b1c647e1d61303e1e53649475672c520ab3a13e0e859e9788c2afa7ce07a3a4a0a14cc5404d3da558fb5f5d4e6d634233ce1b86ccfd

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 e64951cbdb969197fe72f3581ac1bad0
SHA1 dc21f02db126a3994bc2d050d9eeb940488fd2e1
SHA256 27718612bdce03abf39d748c6703abc0619e15b3f1d238d9c1bc83a1272571da
SHA512 deb9905e9eb9217ac3cbcd1d4dd32feec2ba4e86be40694c7a37b80e026c4cad4a35f45fda142021689cb6b81f4719a5b5357a63b19e88d07849dce9ff906b69

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e483f162befcedde198e443ae45b9e42
SHA1 c1ea1e482eb9f593b6baaeaea95aba7d50b90892
SHA256 c729bc1d1f0a4e8dc967925fac131ece56ef072bd4e983384fbe2d87c54213c6
SHA512 29d49a2cc199ff9d00f3f78fc276e4ae16944183b8fa8c5f5cb0084cf11361b03629140475f7900ca3659b1e94bf6edf408ac07899274709981104ac2da6498d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 18b931fb55d1c2b087faa80882f32ea4
SHA1 b84b9449776c28f03b7d94d87c280878ebb65867
SHA256 66bed9b7bea65fcc7cac98baf2aeacaeac9e33dfcf463f0f5ed24d548f746042
SHA512 ef977a911bb1966c8df1261361195c2b8a023854e3ff24c9d08a9b830c7f0e9e7dfa0cde37955c3edfd7ae5a1129112fb52c89455d01b42026d71c7d7099fa25

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c375e83267379a6ffe9dfbb5c83fc6dd
SHA1 cd4e9759a173bb3ef39bd5a3b9d582641277cbcf
SHA256 cf81eb18f73ba30ce7f222e4d50da38a92866a04839a6c3bc1912e73d7387655
SHA512 ef5c568a34d2d0493a846cd11afdac688cfb4e4c4b96b08241dc32adf3448f09418c7f495506520776dd527cdc43491277d215507e11361f74e4b095efc32306

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 3757a65f1b043ad5f2e4d7f1131ec8d8
SHA1 b0fcae40d74d9901e32027ab22dea2c201a5e501
SHA256 fe5fdaa28be2f2b67f87f863160adbed16b91b294505b8a43ac88b37e9ae592f
SHA512 0a91fbe77d8adafe8a3f48027121cfb6e9e45d3b9adc3e90f5397ecb7a3c33f0bb3b7878dfa4fb5bd6eda388513dfec4fa795f826783bcf1e5d26ca63eb665ae

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 ee78173686721e32c49cd005eabc884d
SHA1 754f3c336854aef54ba867dcdb8a406271e4be02
SHA256 1c259d79759e289974e0fe9b65cecb37006e7d56c5e73ea4a90f1fa21ea1fd99
SHA512 6aebd3979a72cc4f844b86124646c69dba741e3e4d8a65b928209f7d28443b4845c5eeabe2a2877153129ec28e0e48763461b2e357eac2f2a7328a20664728fb

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 fd998ab9a19cede72ca8b33ac0fbb17a
SHA1 bf12d2cc7135db632dc490d374aa8f708bc7c960
SHA256 6e046ddd38c821864e9d4f4b4b1c30ccf37e7ba846b42f019cf938cb1541f927
SHA512 bd907186b0ef1b4c12b7fdc1833481b215fc9f0b6ab5f72ac70697cbf9d522ccdfa11df8eb47f03b4c43dee839c4156e3a08dfd9ab2e7bdf9dda2ac5a1e9794c

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 81eb024eef46b1dbaa3351a7da89d1f6
SHA1 e638ef27518ad13aa86f1b817d08f4d0205c461e
SHA256 f0f839db2d45cfe2c35dfd55ecb03327b9a397782af87bc004eab0e956d5a175
SHA512 7d1c3074752108a71c9dd5d7ed3d1e0b6663e17067723485eafe2b43c7e12246242b249c13d4593fc256ea83c4c4676a9d1508de02e3a9b5fb324a6c45259636

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 2970049cca604e96b88541911d9e1b73
SHA1 b6420322cc3437b1de4c65ab9214125d78c4cd28
SHA256 0a3258a128d8ec6cffd48085eb9bcdeb618bbf57059b651c2983dc6c906f9294
SHA512 6289a6b4b01833d75e76f291cc581b2a8cf5da6b22c41f58c846a937e0a687250bc72590e5f92b3a3026e7bbb82197629953219cc11f77dc964bcbca280925cc

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 4ad79d8046e0893ea9156b1494d6639f
SHA1 567433e6eefd3b7e79eb6b7d8e0cf53eb6234715
SHA256 ff80f64e6048cdff7c15a23db7afca35bd3ff8cc83f5be333a737ed9e2008312
SHA512 2cf2be533ac834f99ece0005858a8802db84981ddc499084ce18c36dd792965ad9ff9b326086f6331cb8a300bb9c6722cd042152b5c6705eb32d0b58d0bb36c3

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 27da8c9408dc44eef203759685cb84a1
SHA1 e7efe87bd0cad31c46fa50b3d09585d3b8a7f2e1
SHA256 f3c14c5772ff5ba39ac34847db8e8059baffe82742a2200f1bd8388c1eded2e7
SHA512 57cdb23d30ec881af21b7acb628a389ffe50715d460fe12a6c8ac7d83a778c7b48f74bec2ae6a2f9cf34c0f5bf28e64b4ab9bd5dc96f4ac7652e84e332faac9e

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 daa9385b5d3268c67dc99c2c841f4205
SHA1 d3c5b2c57ed943b3533f266080d3e5389bc5f17b
SHA256 d3efc3e1d785c11efb5c85b8932795a6cceb13f7b872f53b82403f9b74f7b811
SHA512 b0e256cd3df4d890b2e26c66888826fd8e2bd3f965d1c688644c3eb3345a867ceeb048fe896f94cdf816d45110736a0d96b9db5fea3271c91a47570f9ae6219d

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 32d594154b014bbb8d15975d81633cd6
SHA1 62aa114361e99049a4190c4d9fac841449e490f5
SHA256 048eca526e1b9d40b76420dca9dbd5d7c470d9f8a50970967209ffb5f6872219
SHA512 2ff822b59df2efbc258ff6cbae367b68fae1d325fb4850f6d550dad2c7effc76032f76137e5f4c2127527fcf99fa62ad53e6c9b23a36225771bae10030965449

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 3bb6d39b24b73a247f5efd3aefac7138
SHA1 267813164d7b2dcb2c854375f162b6c4832ae295
SHA256 86f3d828f9057e49d2dfc9120d4d4a97f95988a9e4b193ac0fdf2fecacc94b20
SHA512 75013cc31859c98324e121f4ea6b9ab4ecc3d7341ae4884d414e3c3af169dad533ddd322260e5d2adf9f792a9a35c8eee2a2f144153e6936714142075871e04c

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 fb44dc54c39eeabc8180f961acf9afc6
SHA1 a98fd91411dacf14d6bdc99cf1b41b31f4597b2a
SHA256 0a98cbbd396e6a0bc8e799bd8cb4a3af0139511ac108d7b959dd0e9ef00d8f5c
SHA512 50d7b83cb54a968f44b2e477b5f58c7fc74e7fcf8afbc25239a2cd1b7e589defea78ed5d5d13bc69450bbc2077b4abfb130ec9ffdf2d522f1b0386d1eecf4397

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 ec2dbf06f71aaec68d3bb87b701358f4
SHA1 87836f2e36e152cceb22e025d877d1c44caef6ed
SHA256 9c605dae47dcc7637bd73c5391d9ba6d05dc0f70e2b4d57e7eb3e277f697826b
SHA512 2cad5e7a60a5b512f982c2c9029ee4caedbc6fbdf77c0f06ab99590d54b6080e8e855fb803b908c5b56d28e75ab39f3d60c862a284a84993c162aee9a9a90e25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 fd6c45ec28315daae6270f1535ba21eb
SHA1 1c4578c84a823835de8fa362a15b3cd13f8b9ee6
SHA256 746cf5aa5b434650ef2473911e8b0d6050848aa438ac5c40e22de783b550440d
SHA512 0be8188d95d20b4149e57e0509fc72c5c5765549f6b5fc50ec280768267a4a88906e3825f74647f102f81ef372d2e6465a779d877bb9f4a22845fac7df063455

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 5dd916996a2d8895243c77be8522b45d
SHA1 c359e163ae8eae5143a124ee18b731397bb803f0
SHA256 842584aa4f214cb890d0a3a5523f53a27cc65550b66d1920cfccf121954ecf4e
SHA512 b163dabdaffa6164f72a309db5d573d3a83560e160a46137f68911d0b33e26034e3f9096412119dec35e7acf42da7bc79b9721041c3a795e177629ad694ae8ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 1a03eefcc40c7f0f8d6e68fc791059da
SHA1 f335c0e4a50d95392194431c8b9e58bb737af66f
SHA256 2ec7f1a539c113ba641fecb42b80db62712672197c5ba5c9cca7ffda3ade3e6a
SHA512 52ce39bc8cc922a49223d3726c09412ff3898cf348744ec6b71117329358c3ea4de51873501d94a56bda4ebf170d64673917c159bfb806fa8e2df48f38e049fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 c6422ce191b2af2f1a6b66f5f8870756
SHA1 d4473138274c2ba91e4d44d0b668f149934cf9ed
SHA256 ce21ecefddcfdd7c41dce379c4770a7016ae99e36b4794d37112d799f0ff3463
SHA512 088bc22cfff8ee70b9ab378b604023680e830db95ab5451e765160e97658b2d2d7e4bf2528a468f0abc01e858a9f22e663eb41bff4ed2a3b15956d6df0f3ef51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 d17ac25109e5f77ff170688bc9f697b6
SHA1 ac3c4675484ff74ca75e77c8c2925e51a04c5a53
SHA256 18f0b516c59aa6cee0cf9ebc38583ab148a3366ad5db45189dc220f23a6f3902
SHA512 1d3f129fde3dbf86c385b3cd0086e0dfe4809fec3c043561875c71241326529c6f4990b4d2ad47425f464e7ada55b728e33143123c9e315ff208bda6b595cf6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d662a3043114683aa682908226954527
SHA1 315f184a1b866202246bf78cd33c3176936a66a6
SHA256 9f7ff6ede6ff57cdc37bd21eceb9743087e2a6d52bc1b05dc9e81f6d6a27447a
SHA512 37660e26bf4c2d2faf7f5dbc92d7cdaaa0b260b9b0c4e41a3c1a4914483b492002577dd94181fb4069df367c5ca4e1ff545addecda65c240036d16e7356c0134

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 0a425f9227baa15af6a962b5201a90f1
SHA1 0a0cd6c3081930c2c671a9b5184a14ff326f4983
SHA256 336974ec00726bc78d08ca79c85b1c5b8c25edc9381cd3867f0d7c88e19f8b22
SHA512 b7b7082b46a253af62e4813101079e4f3ef89c681396fad1bd515c01c71268e3578e17c55f24f9c8e3747f724c5f72988e721a2654ae6a5b7d6a11229c259eb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 8f3805888a773f127f4a0e219b2a39b7
SHA1 0c233e60aa960815a6572da61e60d293b5d44fe2
SHA256 4bb7a49a43a292ee8d9f6adc10de88a71ff9f0416682814ab9cc0c639e1c50c8
SHA512 69d6fd144877c983de570ed03f812662bcf1f8258586a9801d44cf6575eba079103bdcfefc5b5f2617461c74d28c382539fcea609e7ae4733f1426d3527caa00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 4377e7f23d98caf5c41b00206b3cb8cf
SHA1 7401a5eb2300b45e179e6b856f0aa71a65a26c39
SHA256 09dc577a11a1713a9fe0c0d4dda44ae9f5c7629213097ca0b851904615d038bb
SHA512 06ebadc479906484e5c5210c8f24885c3e2371bbf3d7254452ef32b5d5bf0b9aecb1a1372e406e9565e5519c9a35f479686061703933afc7d67fc7be14f9be9c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 356101ca175fe55ef55ea6d23ce14a0a
SHA1 873f557d6dc3bc350652a7613702c1ced8c1ad9b
SHA256 6397506db5ee0ae95166185b984a4b3f58064fd2713530f4072ed6c2f4df7fd1
SHA512 5d595801af9f73a97e08e9c56ca8b1b03bdd567b597cb9abb95bb868ceb08d85cbe24c72dd5a3a014e8e5bf93e59c0db65705e986d569f9a573b0da6afb8e102

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 a2480457be115fee3eefed33fa2f4438
SHA1 1dd3b5d61d5ff06a32a1d25d90421532d145289d
SHA256 24a97a5efd88021d34df0e83125405b5b6aa588773c2d463f8e6434e4d8877d6
SHA512 4f17465cb3e40109911d0c26cda5382c8947088f642947ec52f87c1946de10443068b32e7da6c68aa3023f9058df6cc0cfc2c2e402743dcc7b41510244559ef2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d8aca58695e407435a8f8819ac56ba14
SHA1 3a018f3f6a530f9adae8959277a0d146d8e8ee96
SHA256 9ab6309854e712b6a72b72d9ab4ad11c649dbe3bf635870cde405899084d0512
SHA512 eb76d876ed8c51170a79677e7ea359efe08331322e905af114804c86790396eecefcab9252308bd3e71937cdc519f6e0045e95cff3838e3a6993067f8d57d4af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 0a23738d4520b1c4f73d20e3702f07fa
SHA1 5f5b3c4cd0b4877e2827316743fdc1cbd4d1e4e4
SHA256 75073357239eb002d16266912ac5d1be3c834bc7707f01a885684c74942943b9
SHA512 653b9faaf22b4e2eda2b2786ec2f82842d3c4f37af1ed486c395194db0f7a8ea563d391d043fea7eeffa54ef9d5e509826f5287783b9d17fe682ad04317beea9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ec4a879a5cf6a9e63c6a96ae7b7dd9b7
SHA1 babe967bba5055a1d3a34589d87d4aa5c776ade8
SHA256 19c0347c415d20fb615b289584849c8e45de90e09490785c43124de9df89fe4a
SHA512 df865152a2e21a54eb417920d45e7f30373e6130df8daab6fb810dcce9ebf8b31a0038c483ea377021558093a48a30d7bf6cda1470811b03222e14ee0c487e37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 443148e2f57afbb0e871ca77bba76ac8
SHA1 f686235c114a9a17bf7719b536380fa8c601272a
SHA256 7d901f0d2769418b068fa9e988fcbdda67eff0eb997942c95a35a8a604fdbc3f
SHA512 8b729a53badbd2689925edbeab89db863b08eeda6924235f7c68b1c8974178add15229d0f57a30969abe0cfbbbe569ef6f0b227086e90432f78c525a714bfe50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 76bc1759b8863d1d45d3481a3776eebb
SHA1 b937107e8e0a8e1460e74c0ad9d820a3ba952e78
SHA256 aa4fa11e013cf24c8fc39ad13bb4a6da6ff3e7a84477446f16dcf5fc4eb55ca3
SHA512 034288c1d4d6022d91a935e3f3ba2b73c914bec71446131949bbbe3ef567cc8764250fab8531231e2e89ebc496b2d7889b032841c45785f0bbd2f431c61e8414

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 9998dd8a4c4ed1ff5e64881c8066e422
SHA1 0f2439df072df4cbdf566db687acedb87e769929
SHA256 1c432cb917465613434fbd9aea1ce658bd5d60e6a4b490805d0752a8412fecbd
SHA512 fb53595d7cc6fd22b43de5e6fa23bdcd698cb91f451829eb18b927f6de63fd3e98da33e9a42e1d15d34a943e024c5f595b4bf3cda935ee7738940148f60f7f09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0b8f5831b19c2fd4983486ef6a2ded3a
SHA1 b89f9cc2e510a95996a7e7a005827c5294352183
SHA256 9d03ae3bfce9062ed8e3fb7b244c8e4a8e6b462f42967f464520be36897d1e96
SHA512 ff662dd58d393d692b9df3a8f8cfaf94827022d1e63c1d8a17eb35a10526b6aa0ca7b530b5e3a780155970f847d5ef69e050c7bb621d4f495201502b7596b459

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 ea4af56405e6459b4b718d6ca6a5b53d
SHA1 54f8ee8bd70c8a03b9d9d75204faae97c5133d86
SHA256 9474b92f647af85e923553476ad890baf557c83a2d9985e5ecb809745bd9f41a
SHA512 e029600e84b3ae16d65256ff74b9c9da96aee2cf2f2432f9154b5ebbd0ec928460ceda8ff82c336e975676a673629e194f9513d8483cb0dd43517e36509273b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 4998429f3b68f4ac389f3eadc5534f27
SHA1 8e152ff9fcd7991b068546259f98e218f0cf2eb0
SHA256 b764005f0428a8a51f31b9a23b7239adc205b0df45b42c29c06a35cb2d4927b9
SHA512 fc5c13c755e718536bbbabcc9f441306b631b34f503f67c7846e91330fecdec52c6fcfa6f7cc23b1a44bda995b3adbfbe808eeafa0872a4c2f2667d9fb748e8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 2fa20017a198582d8562a0f28cd2416c
SHA1 15a1ea6ac6925bbd39298acdbb687c866098d583
SHA256 a9ea5be882784eca22a4dcc239004430c2fc5ce07d34dcc0edadbdc8d03a7586
SHA512 5bd2e43fd88136f3d79cbf05197df210cc66a3ead0779c88683932aaf9f100681e377236b1b8809bbfa4460d9345291ca165d5b3d9726d5db416561c8a2e45ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 d543e75a191e078af1ff8fa8baa93e84
SHA1 f6e1673465e353a9baa3b24a5494eba29682a091
SHA256 9a0796eb504ae2844f5203053eb498a25401ab566e9461f09ec2ead07672d184
SHA512 db416dea473fecbb0e3d29f67a5dea0cb5652f6fbcac77820643a8be040e2650c92000683bbb6aaa1e91f422eef865fe5f8a9ba02928217a410b648f42d199d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 cf2d5296bec8f29ee49c0a440e768b14
SHA1 f0ad309da3c3d81b14a802e6e3ee554a60dabe30
SHA256 9aac55f4509a2872dc7c57dc63f3417d038d5acb829394ea8245e3a9329a1f6e
SHA512 7f4359b996f60eed35e760cb4e8195a96eb79d12c94b92307bc7870ca138b4564c5f2b2e292d2c7c90c2bd90f1fb141f584506cdc25d71dbabcbd5f8b0512fbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 75471d98eb771b39f74d4964373b147c
SHA1 c5e333b5d6f21d0da507565d7253831f68dec4f9
SHA256 f58ac30b6795345acd7b1f78d00d82401583958c4ff27294d1d600c69cd99153
SHA512 3d55d90ca7ca41109c434b46a37a9482aa42750da5e926a194a07b0d9655113a96e6ae893b52e1ed671180d950cde29ead195bcc4c7baa2cd81ccc9c5db4430b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c4bcb1974aa289e82974463e513adece
SHA1 726d3982ec44a2cd56cfe099740ed364443ca16c
SHA256 144b623d0b2b70d0c89f54bdb1edee0b08ac49925ae0ee7259e714345eb9f50a
SHA512 58582934d4fb10b6238fdf714c20cb22304a5fc1d7b24395dccba096db387d5fff4ec99dde7795d1b482e017b819cb5e43c5bef535738215b9ae6d7bebf43a6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d0c5a7b9e818e05e5beabc8b37a85b4f
SHA1 38b61851923bc08c3d5b4ebef6210db4298ebcc2
SHA256 4f279224e585bcab6371bbf73cc81864376dfaa2986c98016d9f6bd7e9e710e2
SHA512 d25cfb2da1d0176cbbd33d3ed20eaf2780665878bc2ec8d09ce184fa3b2a6849c7c1f421ab535efdaaa5f273615bc25136d5a7434f453b464240adb9a982142d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 06ddf197a304cbeef278e810da2417b3
SHA1 1eb66077c44505b2fb5ee9cdd369cfbbe96f22f5
SHA256 984e4d1b9901045a9761e6f17c4aa53087ed04a6a73e2e1b03a27d47cf95a587
SHA512 e73ebbf815bccb07009d3bd148ef2e77f2b5f2f63d66283312f67807fde1655269dfa19e69c698b04e32b247a1d0183af452d7faa704e851930bd20ca99c0d8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 264fc0116c8995dee9f7941b9dcc0de0
SHA1 191484f63967fda3d16fb8195a5f277c81291ef5
SHA256 688d5b5fcae362cf2c84f3c89c6defc935699f38469129b8bd0c13aeef11cdfe
SHA512 687c5d007dd344b3e98b7315adc6f43b2fa3aec2fea577412655b8a6e1b3f20ccd79e46f0ebb803982955c31e5a65da960cca06790db4f5e452058e4259c7107

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 35c773857738c8cc308589098f9b61b3
SHA1 e708e718761677d308c2cd933de56a242f91b864
SHA256 d8866d88f0489deac881cd2aa093b34d383d4dac277693f32c922d8dc10ab5f5
SHA512 c1db37d881a07b68e1c389b29e9303e636ecb229384d273f71c56ac39021f5b7f7e964873faacfdec5386302bbba6f6ea1c56c4bb5e77c4badfe3982eb5f095b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0d256d178c2e070204215db1f85e13c0
SHA1 a04724a49fd92511ea95d337148c7824e4b1203f
SHA256 97b15d21644cecc6141734f6493dcf6fb43c1e936972d992d29a142923771d7c
SHA512 3f48a2928c5bb2832ef3c05fca4e851873fa18657baecf0f439334bf72f92f47219300658635b58588ad18a623bbbf213ca3e793a42ad58906121a43bfcd2bc1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 ae424a68fb2af73611dbab761a2437a8
SHA1 a7a5ba16b4cb2b03bb042b70c2ba08509b041d7d
SHA256 73cc2ef2cb4e75d36f5c940497a6e97cdedb89073dc0de72534e076d6c6e25ad
SHA512 3affe16b24cd5dad9caa1f5f8858d9573096d021b3d4b6000eb96551770a950463150154242ea9af50cb5832d3e5af310d9d67278bd9bb97e264260e49bfa1f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 03026f32c5f8845d855714128e21d631
SHA1 3e851573b7061715d0e8f47ab4ab84da32d19728
SHA256 49e9b77119737e9d89c40a3ba470833da789e20c0cd536d5d23e36dd64dafc69
SHA512 6fa695089bf2b0f287104e4109844f99362aeddccbd05c9be43c50f2966ade3e2962cde173fd2ae4bfaed23ea5cf9c536922626813f9bfbe62cd059deaf2ca90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 32654166306da48858ba12367e714586
SHA1 49b9f5c73d085b607f37901a3e9c250e05e0362b
SHA256 5359814b3a3c6d82b80e5fc5d7c5d1424dced13262c0487403e55940129d99cf
SHA512 5e2c781778f0eca1a9d37cbeac3ff4a08738dfe03bc4a310e0f3573787ed7fddbc73b63861136a0aaa66b4ca286c0a0f3f9ef4615f5d9f760403ca12d70e1382

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 40434b304e50852238b195415af5187b
SHA1 9c90db3359cba8a8f47ace7d3165d5bd01a48b2a
SHA256 df0e07147dee82150184c7e52881014313a37a17f0d9871486fde77955128a33
SHA512 cd8220198d731525575120d925365f1eb4df46bfeac4a69e7be76d67633d234686c0e5476623f8ce952b664f4a1865eecebb23076d1d529dceddee66e6a95790

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 3509f8ef0a99bafa2f2c3ae38fe11e2a
SHA1 19a2e759ea9d74b22480fd0e44d6153c231f625a
SHA256 bb84197616dc8e8858f4884028bf79b164e1c7d56d515a1459009cac64b3a140
SHA512 f180d9c7d9d2cfa9d24b85a8f23753fb3272d46ef2196cfc78c2458a80da6b09b7c1d3b3fbecd53b4f94297edd9804721f150ba68c3f0b34733b652bacc27f4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9b1ffee2ffd295578a531131a8410401
SHA1 aaab1a1a0d2b41eeaf8569df4f4f253a7c1d386c
SHA256 b5108f808d8c2de3c0b418f4383ae296a9301d29e41e37ae882ccc8a1c9adfa9
SHA512 fca7277b9dd598e39780879b8a20b05faa0920459b2cc1623999ca5b99921eb954e6df92d504c2e029b9a10e4de656d84f725d70b509f53ff0531c3c3f13e6b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0dbd1e5a657a0e660387eec2687cc325
SHA1 f6306411a95d45115b2e7844644ddc4320230a83
SHA256 65775cdf8de4144612127ee1a9be4cccbad950ba61c1ed207d26f5a315d1db4a
SHA512 3829746fa3febe30d069e69e03045b0025376c164c745cb4faa4c177e7d54250691a4cdb57c9736b1ecc92b6d324d5b9db5771f9e25a97e6bde7062544869b1c

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 cb06c40fb12130483e9dab0ec894d0df
SHA1 66654520b8decd935b767e5188de10de5caf25b6
SHA256 d4dfd18b80a3fb82f810cc6dc136b0eba625cd6b729e3a576874544ac755b39a
SHA512 37fe2fb323a92619e0afb6d9b3c9a39b7c2a536398e45782eafe820bfaea816e0dae61e81521ae82247b3f0ea1b203299d24c3fa8d7175c93cbf2232dceb8c97

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

MD5 50118efbaffd85b8298ebcd03c213d62
SHA1 0c0ec0c46b0a0ff25443f8dbe4f1dc86e596e409
SHA256 df675162c74498dbf27754ec4b4c180bce71db027ab74ceca06d5f93cf63aa6b
SHA512 c2e724aded5b6a50c44b33ea88bbb13ae942a80858987eb3d34bc15913a44df7c5a4e38644d1620b8f9e7755f5690ce25ca63893f7b9c34805b441beb452c999

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

MD5 1022fae09fa4ab85af31d7dc1a354863
SHA1 fb3167cf90f999b8a9bbfc772e40c9dc3172688e
SHA256 a3a1957c61d47c5b05a798b69794b33d2ed78ab668e3d9b94f0950d9a12a83db
SHA512 d43851a2694842da362d69f535c356efa24025fec15fa592f8253102fbf32d2101eb489d60ccd9140281276e100d5e3e184936794315b7aa9f7cb910649c8306

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 4e3d0cd79022d819651e2c501e007a58
SHA1 16000d3c4e743e87a0aad69ed7608543699fc72c
SHA256 608c79c3c46c0743e5b8e25d55d3a04f79b412617c3405bfeedfc6ceb78a1d2b
SHA512 5a992d9558491244b058a91d0a8b5cbdb2f896ee85c1b3bc48eaa4c62725d1bdaa890f08cbbc9eb1588ea0f44b9950d5555b49633c8ab673d89da9fd327f06e3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

MD5 58c4b4afd836299ac2eab6c299c8d387
SHA1 0fb95705f3f2e704013aa0396bbe6f1ec7f11f94
SHA256 57e757e5f4f4c069d37c4242338f0bb9bf8de07bcc4a75e79018f2faaffb7dbd
SHA512 df57668dcc4e68f766e44cb03c210e097de38069b29ea31e677775fdc72c1767112b9d532ef0e35279d82d15dd2354943704856ccc058d2eac17eb9cb9391b0c

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 4a3a75f232e1fdbe35ec1fb94bf1a748
SHA1 a2bc851e81687310406ac1c2116708d0d909214f
SHA256 64c8191fac0b1bcb35f65e2d6ded46c383ca98817b52a99395fbd3f8caf5be74
SHA512 2ad255f784686bb61137e514354448b9ad22e30aaa995247cac0ffc49eca001d54418c3773e667481902426b491f469083c0944b52338b617c8da547988a4603

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5ceddcb22b10b4b11dcd0688038ff539
SHA1 00c17e6ebe477f9cd1e4aa163002e33274ee33a0
SHA256 92366fcf63bb17fdd37338417857541d96ede2281d3517a1407cfa684009d36d
SHA512 529f2223b2a86065a12fd79b4ff992c1bb72b8286adaf43062e72a7ea29f70f88c32005cf93759c4022011d669b5eb2499123866917c0c56058f5a5004bd6e3f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 8287ea96cb08582fca386b37bc474fec
SHA1 166d18e2cf8b200dd7c9b9cb9192f8d3e3f520e9
SHA256 9fe45e6d150b703a4974ce9e956b265db742cfb9a66fdd112823be3b5256b013
SHA512 93824fea1ae8a188bb88070f3867d6452094669ec86c7ce042dd476b8e79b57bee47d030bf1167c7ecfccfa8ef4dc3a00cdcf72c326c0701e677759a0416cafb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 28ab2a193772b3d47cdfb7ac311c2004
SHA1 71782f5639da464f39c262f4b45a9c5927b40274
SHA256 259075ef3b6609155d17a6c1e73d272f4c41fe46d5d024d88b88305535965581
SHA512 d25b0c003df4bcc8225ae25457143eefbed1e231b71571694ca25335a5f81b9d44c7ca026482fc8b2b21a02f8bda6823429766fe6033f522ec3fbcbe7ce9862a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1a4aff43c9d4e13543abd603566b10a2
SHA1 08d5637a26fe7c21309223d8b75d789a2081402d
SHA256 69583f6ee7e97e7af96a05d01681507a51a9619a3f315afa9bb252783c204dc0
SHA512 536d3f4bee52c563c76fd368b2f53390c61dda51ed3ac1019facfc7a3a86385f422a1e8a91eb50c248363bf208c132763c3570808654439fffbb60482a760786

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 b93afae955631b4ee22fcb8260cf111e
SHA1 ffe19972f652a2c6b84d5a5ce2a774debf6fd849
SHA256 362f60cc08ce5f66edc74d0659a07d61cb3a6921bf751dd27f67b0a130193cc2
SHA512 e9b165c241c75b841787f3a1e203ae50427512f5ca3f5cf3cc77540e1469994253fc3bba2230c27d9b0c51877881a36ae19e901929b2a3f6be4caa291f7a5c82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 fee35a49a8dde45f6e0701ab5aa27a9b
SHA1 528eb637978350ed17c9b2022fe972cecfb9b27f
SHA256 445776130c7cb28390cd0e92a9c72f6e58c6e76c9c4a0c85507ecfa6f1d90119
SHA512 696b1ea1172b9e391848b95262cb4fcf596956f5c6f0798db799fe57c4699f1e1394380be46adcd3e731f6804f43c37e2230f2a65089441bf52bb2df68ac84bb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 b4098e9d79282245b59849f54f889703
SHA1 e736d78a7f38408b6efae59ba30d38c1ab43d0e3
SHA256 3c1d92680cf5b0434235800d1ae866d9e3183969ae0275ac38fed1b38b183030
SHA512 cb3114c731f9592b0eb5a7dac0d7cf4014fd1ebc16a25d250be4ae66a6a6dac591f7e3bcd4f8314a47d0f2f9cea669a080032f3bb351604036bbb68a45e5303a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 5d8fcc29e88ffc29db1fe1825405ef74
SHA1 a0c963addbd06fcbe36cc64fa3fec7f3ae20e59b
SHA256 bbe0ed4cb25f74c39f6cdffb6e63ec13e6f3b41298df5f8a3526005d1b0988bc
SHA512 52bcb14399b41fc46a17f05061e5f1753dc1ac4bb413914fb6230a1587e19f05917b1a7b3d71a00c2262bb5d2199504627ecfc3c28b2b1f399db332bfd720259

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 357fbf42ef0508bc44b271f28fb6420a
SHA1 b9343cd2d5bed9a98150519871a9a58ce80cfec2
SHA256 6241b37e7a4ba7856571f24066d05170a01127fc6b50760765524a312f54f976
SHA512 d87c12ba767ecfa063e0dcb0438179f6560ff6197a6140609c8ee8f18bf8b2e81dcda0d2ea16d77971fa14cbf59b4e913ad45fa71c03d8ac7d98a1975d9a2061

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 e9980532d30168a8fe89846250472071
SHA1 c31b8066d1e597cab2b7ce67b83a5ba8dd588db4
SHA256 9ff84f55559d59b75da28e10e1ffa7248b6f5715f0e4a126e3185f8798b72e43
SHA512 8e14f4110a40232ba7360cc317891cc5ff4124a5e08ab851f761a74b8df8d8f545d0bf8d0a0856ae250fbef6dcb6585b0bd34d8861b5094593766232017b6ae4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 7aa0b818a4113175516894b33e99f895
SHA1 c331834e02f0a03baaf4dd40ef5e2a3adb41e6f3
SHA256 0b5a17b8cd706c741501b1d30dc2550dd1c562dc7fddba023057b48ebb9d7666
SHA512 c8eb1331e5c695a2ddb81f13669b831d1e31528130f814eb62e16f4094c65dc1cfe1b7fbc7b3b419579936e000c0210a48fb298893207684d13cb0c1cfd46ff2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 34b8d6bd229d9302d81139fe7dc09552
SHA1 e9d79f7dd51e614d71d61a8e196c95ca822a06fa
SHA256 0e4d7bff5391fa9bbb930922f62dd35f786c970a63a14fb80a482d835eb71f31
SHA512 3691907f66d78cf2c8f778904678f2821ab1555010a5277201bf13ad00921255461c30c30f82f537bf5b5c9b3f5c90fee0bdf776b63a7b67457a5c150f1313fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 1d1836b02dcf448cbf897265189f97d0
SHA1 2514f529e1795c6e2f6f92065d194c9ba31a4b07
SHA256 7179a94fcde23259219aff694ba90ad13c9c4cbaa3a73d9f5ce67addfeed7608
SHA512 bb74c57c38f20b809ff61f55b79543de3167fe6e0949d4fd78dd2ab9c156e9d68f4b46e247f99eb094bea0ee8b6e912999f3014109c349af673691ba7dabbb15

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0ce7f593a5212cedb1e6c9847c510850
SHA1 9b2599a91a9141e4632483e36eb45c149adb44a9
SHA256 2699f0f85a3a6fd6ba7b223eb1a45437a89f186bcb312b42786dfd8ceee50b53
SHA512 2c5ff148cafe1c28384c1e02c78791d225ed7ef7039fe79ea08a2f4329bff51b9e07fc6ac89cead8d7cb8960a4e5df449d410560f866d174b68d926eeab08413

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 aa3bb6b3dcdc22b85c043efe5d06fa1d
SHA1 2a17ecb1ade5fbc863af9da1b158e51a9948a324
SHA256 394c043357e59c63808282e8e10344dd88ce0dc4821ba3a5077ba2ff3708a5ca
SHA512 5a09ff78a0aada43608d5f08a8e08b7a967392c9e58286c6b835f0268395de55c0908161509e38b9fff1399be5cb31245be9e9f4c80f1159f9175ca0a482661b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6be85b705678ec1dbf8c5b4d3cf76125
SHA1 f25e9d1254ba62657a545f632ea9d9095ddabe1e
SHA256 3157d93e18337789a7fa554614e22d9bd4ee0191d20c1395b0306865144af9f9
SHA512 eb2bdbc18d9a3e96d57e3aae4694ee2b96dd9232894b2f900b14f2545f510ddf8d06f1313f0bcb181e15c5389c9977427d855cce5a142d9fdde5ba9e753a51fc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 d003417199281fa17db888766eb06784
SHA1 15a1a90cc83a7ecd16acee2b674b9d4d704bd2af
SHA256 2b5062e5e9343610b78e6a787e8abb45b1bf8c89d294fc890c33f7a07bc3dad3
SHA512 f2236889221e60683daa62e77ae32aa1987ddbdd78851f4891f5e9a6eec2146810bb04a78297aba395b3f8678625332113355c3b70da37e734498839cd4531d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 367074b893edfc7549b1b59d23cdff78
SHA1 cdee7b9fc20d23253ccf63264cf3ff17bb300d38
SHA256 2dec6b110c87101595bf4abee4e89d2982aa2ff427db6dd48dc61369281c017c
SHA512 33c961190c7c1b3dbc85e3b7bf77342b5ffe71973c4dbc9aa69188a08af8066e469ff0178445bedff44eecd18ed65e21407b8e0e23603447898e2b1a64385547

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4f5cf5bf7c83346152e238e2d044811e
SHA1 78971337cbf80e35d35d1bec9c20c7bc53af16ec
SHA256 28080934c4d3be4e8620dcb8adca5882a0f6171d3546cd2a8646cb3dbc7ce48b
SHA512 7298adc1af3995f33a1843f537e905f8a2c97d05d1e6b2ea56a836ba3aed7581d1283ccff615b83fcdf4ab9734e146972209d7b564afce5196d9823467d7c74e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 15c587a469f8c6fbe88b7970aefee2e9
SHA1 73077c72ad5fed8f74352941b4d3a1c4925ea271
SHA256 45e3b5e4f77fbad3e61ab7bded28f09f6282b073e31d00c8982a2fb5ad8c3916
SHA512 86e3d44388ffbe257eda0659fd5c34e0e22ce8cb46bb26e66c6f3a6ec325e1d242874febc0f6d4b30c635b5b28352b0dff8a2f286fbb6a3362bca521b2928514

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 64be1a50280ca33d8b41d125f8995363
SHA1 9e85332f691256dfdd862104514528ddc97b25d6
SHA256 e27b95711009cd0f5f95c8d93044c9f3b0cda3f8cfebead3a0ca9cdfed6dec6e
SHA512 a85c46b1626c2894fe30a213a142da583d8052bd0d5bcbf884698cb09743b0dc6813180b1c57b1891b80566c3da4d5e99074b0c1bba22f898f971ac4d05e6746

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 6e68c2cdd434df2f1b8943c0feeecd6f
SHA1 5583f10f6b4d38a7435e21925f83221277e44283
SHA256 b9a3aa44dc57e9e28cc9a0db8ec1165cc6f5970f2f0c0b1c1a48662abb7c4b9b
SHA512 afdec65924975baa8bcc0331309ed15b15c4a9b01afdea139a636f516eb34665b20c3d83e8b139f5b2bbb1695aeadafa0761685d14d2ac946b881519b38b3f4d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 39e5e942dfe5451e92f1cf408825fdce
SHA1 34463f346c963f315a7281bb8364b9dc17c08a4a
SHA256 1efaa14c3b3d853a3b884ad99da9cc67ce4967a0508c5d7f60cebe8d656c687c
SHA512 f0264f5711cb835e9f9ae284484402cc39a21a7210a4115bb1498e073bb50a8a8d6ee03f6bc8b20adca5f6b871fcacfc31c8661b34502376172deaad42438cfa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 94a7d83fb959b4ac051f6a678827c366
SHA1 d38e602def39ce45bd5b8e137caac82b86aa259b
SHA256 6c8e6adc2a6043f7b79753a650e8d1f0ab72ea9c17b897736d14def91615a917
SHA512 2865a42c0fe8d1e277c2759d45a1db571a9ab12e66dc0db62ac64894aac6300460b517fa9a3343a48dc84365f0925fca1f5d4d31ade33b01d57c6217916686e1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 70edaef6d8cd0346e6319e2a5f70ad6b
SHA1 65d36b5f642557d079c24f18c9d7e70331dcfcfc
SHA256 c425a5c0c445e670a85e0a0bffdb8257d6ea498f6e83c89f9f45c3ec4ef8426c
SHA512 830e9f7af83e6408bc566fdd1ff1328e306b243c94a0edaa869686388e106a5190c0a4f30c62d850ddb7f599e39a387fcb36ef20f0bae96c34741dfd4ab37844

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d1075b94703bcab2091b91c42779a923
SHA1 fa394ca0748ca2405037568b6c837f7a1cc9161a
SHA256 0bf41083a96b28e1dff336547aee45bac19179a1b21c48917164bbe7bcbf8c9b
SHA512 d32527f264d305c986ccbd7984e8e0fb5aab960f00efaa85abc25841d6338bd688235e27a0667560255a7a12fb6429b278b9df0724c9432fbe0da50cfd0ea31b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 aac1505d6ba272f15bb23d8e31c14597
SHA1 063317bf2879b0789eba278fb7556d458540a87b
SHA256 73f627e3c22ecbf056fdaa13274fbdaa8ede2a10feee2464ce253b6543575d64
SHA512 0d39d0a357ed0777fcc8adbb9fba508d94f16151e4eff8cc17172130a9424583a9d13495074069b99822feead16b164ee6cdd2b826913692d08ea89c60245a60

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 baa943a9bf5fe8ceafc412b14531c032
SHA1 06128103c233da2147da3b7c52457503ca86a55b
SHA256 4d8d8f18f3a3f6806b00885350c96470dd134c244a095026af43ee3f05e44414
SHA512 3f933e0be2f5e5f82a7c90d799faf7c41f4d5100114551f3bdd1b7c0fe3ff85b4850d03846d839890a960f4a713c7768b6c6539736ca92385e83fa9bb63f6249

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 cdbfb8ab0eb063ccaac2f4b49561e2b1
SHA1 d32377684aa74b98bebc6618513873a0f14f9da0
SHA256 b732c8c6257967666cf3bd461169ff1911295318e4790a67cc33d74094f77d45
SHA512 e923cbea20ff20b10efad256c5751fc52616312bd06c43e038ecbcf2505eaf5751a4a93d7ad420ab9f26a6e3f131a4b3ffb467e1c4bb652120fa98b6baf2231d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 211483a2158b516ff8b27981c4afcfbc
SHA1 434311a2aadecdcd60488b6c337e04cfac626de3
SHA256 6553c66398b3920250b005b31de79dd67bbf6c48eb66846e965fa1d5007f4acc
SHA512 fcdf4a67d22d353e812cc731803ff89a8516b95b7ffe5d0b1fc675dc4ce897578501e55025ee0b251cf3e39e6f25f98872136c4aa3f1354f2bdb31aa8c53215a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 54cdd2245ecec5e9785ee49ca24d5588
SHA1 011e4c62c05e6570b167741c16ceeb28e34c192d
SHA256 a4409e6da870db1c9ef10416e710c6fcb38d57987f5db99964b157adcb9fc7ca
SHA512 4ff2c71119854aefad48ff84cb92705e517e47d3c406db3c6da8c509ff5a8e52cbe6bc53a92c4dd698518018c50fcfa2fc073afe925310d07c0731aa0d004f43

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 39d044434b7a042a1898999b429a5f80
SHA1 628e76eac8ee410c02973f8fcaa6ef04b455e0dc
SHA256 a322c2067eaa2ae697dd422a944995dc4cfc6de79fc8f668f15df743b79ce0f6
SHA512 7f826938484189f5a5ea0b4a272ecde9f306c4953ba282f5365b053bb8ab6d8a0ddb0bc72c59c59bed633deeffcfd82ec9fd93f7762c83d307c9709b1834db81

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 66b3f58dbcadb250f8cfa800ebb7f516
SHA1 69fc753c656cccd10f8a12471bea255d63f79562
SHA256 67872e6dbeb6a4752f5b4b1aa23047913c59963365f60f9ba4a79aac36404f27
SHA512 f6d22809e2419f0b08377be10697145f71c301a59ca79f42b34a1aac3d21025392ad8a1ded8162c6852b82ee7f1adb1794b2dbd04883a5197a22facf9c129599

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 6a3bcf16fd6d89fb5029dcf774d51842
SHA1 89821e41c97c6f0568559b05274179c85db727c9
SHA256 96a788d678c5599c36b33e122701823c9ec7f8b01a09b95d9227850a6a9d5230
SHA512 38bfce96a6107619e2152cc29a62f919674bc71018ace0573950ae5f44a4584353569cd5a60c6072a13267962316861c265244d4b40bbcb7a31b37076cc33171

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 955355b2a4844a936524c359ca9f4f4d
SHA1 127f9b9d4766ee23cc556d34ba80476aa8932814
SHA256 0afdeb209189f982f405729512ea90e00ac73347ea17771830bb442a1350c5ce
SHA512 d65148aeb017ea9ecb54635507fa0c9e567c816a76651a01846681af37428c4d85eed1fb93fa52914cfe0872e41b8fb2407baea022a761f6a211043503d07759

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 0fd051c53c2a8fc6f24164c37cb7dee5
SHA1 022cec90d72d8edd22cf1c6be7095ec3e39cb820
SHA256 5ebbeea80c75e9965eb6964dba73aa99ec5352126855f80ca0f97fec8fb1048f
SHA512 ac88a0f047390238828686f043928b49ca93381a7db326a17a57201eb541b9e83ac89dfd251c8ce078ce7b28d6178d802feca6c6590d0420e8d9215a53758551

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 c8d0fdbd9a21dc4471adb5017b96933c
SHA1 a06f68426a8f1a717082dd47ba239cbfc4789cae
SHA256 758bb29afe42b06b8188413de911b94ca599ad676db966ddaba6b44775ef8208
SHA512 319765605e84b1529400bdd323cc7fff6f016a77f74d5d1d52a5d0d1df768bf57013dd6e6bb39dbb440ea0b6fddebb009223aabbd2685b2e2d60da5a5df1f040

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 cac2e208180c4425df30e86e94e06b6f
SHA1 9eea2a2deef253dcc15c16c72562a29c45deb0a2
SHA256 40fcf8960bcae5a90e39bea017af98c2672c016d068a3de588e1cdec39f73798
SHA512 1583fbf39407fa540497aa5d0dd6312c5cc31d1057e50129d00cde140696697c2eb7d0541b00eed90d107cfc84c740e0358408c13b18cc3ed7dbf6749bcecb81

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 7f2c0dfafe9da83b13a1e5526bf69573
SHA1 00d86a2f86fee17c6a543054b65594c408c57bc3
SHA256 924d8f9de0af39768d0af40e4ac26f2ca4730643241e0cbd3a1d667bd2c3480f
SHA512 fec879c8d29e31ca2019e1459ad9de908927af0a7d8ed37cef677a11f9dfda4be887731d07d902a1543872834e0e768d3fa9c2d88e19e01ddd131183bf5163d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 4ff44f0bb6c1b17361a56ad26cae637c
SHA1 d0dd94d4fa3c046e0b79732af4e033b0b2cfb224
SHA256 d03286e31c660cc7ed2583e8ed706979ddacfbb036c6e152779e14c3ec96304f
SHA512 681244ebd55e0c93f03a782412aa7ff503e6c9a415f8337388cdf8d0eb699c133d30a42a1643cbb0bfa4216025eee0636fcbcb75d346df6e022cac2451872c6b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 013b13e30b5265fcdc390a0e8a142b08
SHA1 7dd5cafab90dc4685d1c04af0ac8b131f5b447c3
SHA256 10ab57a79714105327f30eacf1fe8131acf33e99605a57298e1a7ba3eca1faca
SHA512 258d957ea81b3455e38b6c7efd18fb6e4cebf78fc0cfb71651e8a03c6945f0e791de2223624e1d00b846cce4f5d45ace59967fee3137be856fe56e82dec1d5b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 3f9d1b0cdd7da75bb7cd70e0bbafb6d7
SHA1 ea64ce5f3b708c5019e895a31eced2603b024d96
SHA256 02d8b25d1815534e776390ec31f17341b1213defc4e3fc9c0c7c24844e9dfbb7
SHA512 2fd6fc87ddc2af4b54ebdbd03858b5b9b8b6743ae487bfe4489097b28f47a3158c728bfd41919fd84a40526c59a55197e4045632bc244496c966fc3524a57158

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 2e8e024cb7d908ad3d7956caeebbf2b2
SHA1 2d6dc06237a5702894066a6464a175f6ea250afc
SHA256 093828689685616b76a66950b5d15d7d516edcc6ec9bd0988f142643dfb1d3b7
SHA512 f4770be7b00481b1b0fae66887b2178a34dd96b9830a652bd32eb4e6714a9b737a2db6174a0183d40d2a86082c2885e99431a015fca0508325c7e1a9987018fe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 e6b4aa01470b2765a170bea9dda2bbb7
SHA1 ac341ecf8f3faf2eedad97373b04348d7a4c84ec
SHA256 ba36da709007c0cc0f3b3ec8bac9eebba4e86e70590371798d3e0fe2738a2f0d
SHA512 e30aad70c1feb6ae12fd96138ecf5ae6ec4df59c3771454d146cb0b40464add12cf58662efa2c85b0aa164ef6c0e77982242e35cf1f17c6efeaac3d1ed0b163c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 656bf585a75beb37231b89e0d6aa9580
SHA1 9d495cecff03702d1f2eb3965f90a49e8abc4954
SHA256 91f68addf2243cdb60870a141c14482aca92a601824fd64fbda8a93e6a099588
SHA512 10a77705c72cd65f46954e73e310b19f07da5e358b68ea50d292fc8057410afec48c4307b947bc5ed90ac1f0afc94e7a1dd7624635bd91b076154e3e88789113

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 d306b2f087336e4bfd13bc491636df80
SHA1 33a295b89c420b15257b46c1f83897c34ca5f66f
SHA256 1d24b951e3d3490023f6c78163c82a6b87e31c6c5b62f7ee4e78607c8647ac0c
SHA512 d353c6b312dd86c6f7fd416f3d905c8686bc96e20aab931de26a268a0f0ef5514fd015153d7c5eb82dc246573a4985c8d84b723da8206ed3cf58cde3d52502b4

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6e18dce92cc73a88ab6f955f0964aa30
SHA1 b6aaab66b01b356324f1688d2e02da28e1ff7c32
SHA256 49612a30729385793b3bb5b775a48c48ceb10267ed8dd36524b764b635fafc65
SHA512 44c12a8938b5b749075aecfb6033ac5fdf5fdde3aef9a679192120939198f9e6028cce1f6741f1f4d7513897de316a9a94ff767894339997ee88c0a5060ad9b9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9736b0ae8bc6c64571a3cb5450737dc5
SHA1 68e3eae261f435aa6c0f8357b53a9b712dacd9ec
SHA256 64d7386705aad354c8d3913a3a29c52e4bdd65033f07c79c0ea0b01882b56c89
SHA512 9e99afcfe048ca838af02215c9bfd5e48bffd33142c83fc94f31bb8fa07958a50d7970b3cb92cccb3e8cc2a998ade74a5014016646ab7e8024c0048b9f22b28b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 32fbf248d24fe794b05cb1a3b0d15095
SHA1 6bdbc7a71bb6da77de21463340762acb9aa8b500
SHA256 0c8b139f81b27f7df73746014a4bfc18ab8d95e62c7d62fcda0833548b7ebece
SHA512 03caced25007bad3b5ad7f6c08ce9c81c15d5cdd311e424ebbae82c600e9375e16d2d64c0f8b3406a4a55ff948881a455c75ec7f2620e05608b257706d950d42

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 a693d4688fd76ffccf2635ed29dc0309
SHA1 e8bf1280fa72daf0422e60d9b65a8a1e90ef7894
SHA256 d3918244fc36a4fea7aa7d103aa9e0f3f47fbbe8cfcd3e917b773efc98b5d3e4
SHA512 fd44bd76d25df8a637bbb25686b0719fe1cbd4a0664a1823fbc0411bffcd3e44f1fa153d1035aa1c09e6ccacaa70abae0548e805c1402ab5c8b4b6f993605d94