Malware Analysis Report

2025-01-18 20:27

Sample ID 241130-esckkswmdl
Target b4b8368d6d524f70a91dcdab4db707f0_JaffaCakes118
SHA256 d014fe2e7f352ab44ad2a92dfeaec304e3d0aea22dab6c86c185dd96dbe20b0f
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d014fe2e7f352ab44ad2a92dfeaec304e3d0aea22dab6c86c185dd96dbe20b0f

Threat Level: Known bad

The file b4b8368d6d524f70a91dcdab4db707f0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2192) files with added filename extension

Renames multiple (2168) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 04:11

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 04:11

Reported

2024-11-30 04:14

Platform

win7-20240708-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2168) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47B.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47F.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dfcbb94e79ff3691\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_6.1.7600.16385_none_0f71a9754bbe406d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Default.wav C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_megasas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8e6c48ed4ac0bda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a91fb2cbfd3260f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_72a54dc2d9272600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\Help\mui\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_59e97454786d5b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_wialx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cfe4b321af4846fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1c91ad8a9bdc874c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_494dd8c9f3f02706\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.sua_lh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3ae8c923b696f7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b57b7e2495d17dda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-logon-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9127638fa65bdf7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-class_ss_31bf3856ad364e35_6.1.7600.16385_none_17723c290c0f2178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2dc97b99d5774267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_444f9d0b0c1a6ce4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5073632e4ef0764d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\Boot\DVD\PCAT\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SoftwareDistribution\Download\d881ecfb1357f383d18f1e4fd0554eb0\cbshandler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-netproj.resources_31bf3856ad364e35_6.1.7600.16385_en-us_191a07ae389ab840\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2aaa1c64192cba05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ea5d52f2f6e355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_de-de_18f43c9af640b849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_frame-highlight.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_prnky005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d8cffb3c64bec778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_it-it_79f5de8574c9f19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9722fa79c8301db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_pnpxassocprx.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cffb214428f6b2aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ponents-mdac-sqlwoa_31bf3856ad364e35_6.1.7600.16385_none_19575e8bcec889b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..-wow64-setupdll0021_31bf3856ad364e35_6.1.7600.16385_none_4b10e156c951416b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_dc21x4vm.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0de5e21554d8506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7cce12159227da31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ae5495c772f5647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f56e7e8fbf484ed1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000415_31bf3856ad364e35_6.1.7600.16385_none_44fd1be27cc4ebee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_c6ff5262e5f5bccc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1c3ac8797585f9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_9ed31df1798cc171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d4a1da3b30560ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_prnhp002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_15a9be6cc36d1ca3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c13ea4afcee7844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3c984138d615a085\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..inkwatson.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83df74751d14c3c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00v.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad7f69318e9cbdb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ec70662fc15a0fe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_netr7364.inf_31bf3856ad364e35_6.1.7600.16385_none_ea139236d3140569\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7eaccb55382bb7cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_885589e9229621f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\52873358b397c328168f0a5be7f3b9ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9dbf4596e183feec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_mdmtdkj7.inf_31bf3856ad364e35_6.1.7600.16385_none_0cd09f551c1e4fca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_081caacce2fe65aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_06eea27505cb38f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-irprops_31bf3856ad364e35_6.1.7600.16385_none_a179ad7dd292b00e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\ea53e69de4ca155788883a9c2d18f31a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\svhitsa.exe

"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"

Network

N/A

Files

memory/1960-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 3f8c536ce623f82f49206d0e9a39f839
SHA1 52a97eb8ce4deb96d648b0080dd2b5c305cb5af1
SHA256 adf8343e686d7f8829c758facb4f14c703bd5e009eae121247a85d018bb71055
SHA512 785069185a0fd33e3c168cef58f54982976f621db4d3f66a7e91f778a94782349725900a1910d8d1607d0ec06b774536215604b005fd4a3658e3843c338b2721

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 176d5f85b9c69d42520d8761025ca156
SHA1 cf033f551398bbbb420ecc7b0fc72f13bca38f84
SHA256 fb0eff8033f2bc96573a1afbf9c2d0bfbd1106eadf67b6862397942d566d0399
SHA512 14cc7acf7f5cef9b226a9c8c9489a176e12feaaab0df736e3370e6e248c644000e79f9618d11f32ad97e06c7680d67400c7bfa0071904f10d7483d3d88da36c4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 0109ccc83a20efccd8db9d4daf0a8073
SHA1 7288513cc1d07e92df29fff51781dfa24ccd3e57
SHA256 18b79dbb49a35e8fe241c974befd5233a5fd5abb4f507be8a15ef0e754b1139b
SHA512 cadbe03eed6b6b33d21d3032d743a70d3c4acb765c8d41ce64d1afee139bb6369009155529e6cd684e4307d7b74fe359c2d003a2720e010ad6864a242adac106

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 1bb1b903378b25384e4a197466b1300f
SHA1 8c8c0d0e68b547b19fc67459be62c8f2c9617b74
SHA256 17470176ec939c3ecbac9666b33468e649141bf264219772ecdcb427cfb6c123
SHA512 f3b4cd454fea86cfe02aca5c64dacd608d45663e5e5b01b54e3a2c9b7c11cec79fdb357d1aaca521c48e896ddf03f697843f22e3cdf8998948d727dd2b37f0a2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 4edd8621bed2fcb1647de1c8be154f52
SHA1 a0ff1e2b9e7b8e3506efbb096dce1562c7ac7b9c
SHA256 5f4dae1e18a3e5bace51cb3cfab6ac7e35e73625c24a34aa01bb972fa9fa5e50
SHA512 541a870a8cc82083259a3816da53161c7524d6286df821c52fdffbdfe966e0f7942e10257fa924cbdaeccdc81243375a45ecad915ae6243d9ba28d0061cd2d05

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 afc755d32a4ca743606388762d73fc74
SHA1 66272d9dfca637250a574ccf57d134549f0307c0
SHA256 688ee8048d1f9ba5e3815dc4a9b9832dc3b0c27a9125680e281140bf9f76f6b9
SHA512 65d600f3d26829211839d9806262cfefffb2f9cab321084d7ce399e86368dae84e4b37f0714a1f23f12d5bbee1b5da7b83d66765cccd32874c63384d1c819c6e

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 afa6fc7d712bf10b7665ca0da0972d16
SHA1 9548cf33a38042f30c727325754ed3b338b3104a
SHA256 509a2d5725499813beac9685a66dadea64a2ef50cee44bde80bdf95aeaa4ca5d
SHA512 ba205957f4545989121ec252ce69776ee3f7f52eb31efd95c86d7270d57c5565a0be8d1e408cccdc6ce53f4456adc89b079bca900b785bba37e9b7158ffd8097

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ec72fc953ede8e5159ca0f1577304e82
SHA1 c9fb36b1cfa3dbbb0d3b456dd3e496f8367d4837
SHA256 8cf6be59ffb9a0ab9f526073e2a1652a60291c48e9214a0ab86aac0afd1c8e26
SHA512 e87bb20e4864a8c3edb6329fafa56b91070fca214978cdbcf65d322abdce87543a8af9964812f65bcac5980268a2238f2f67bdfb11a8326cb2b23b567695d6e5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 01a9080bfeb899b0bbf884aff4151565
SHA1 c0ed937bf2fd5539430590f63aae3ad24edac5a5
SHA256 f7fd7a5071d09d3249907cfae53c5269deb15719c3ac07c1e5c832de2e3f7731
SHA512 f37a7168c410a9badac18cfd309fb7cd42b54d2d3a803e645587b06008af462c9b798719b31b249827b3355380cbf494b7ead63678783ca0d315edfdef374e16

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 a4beb79b26229df50a373fcaf8ad53d5
SHA1 94042ffb3644bd68e2d3ad693898581c5ad53f12
SHA256 194f983a4b8186165495400f96822e1c17c268a6b6668ce66e8ffd321894bf6a
SHA512 213ba01e303045199b72af09acbfa0a2298d8e41439dd6ef3dfb25751d7e298ed7afd9d7158f0a4c7564ed50231792f49d0ad5601543fa72c25b7609688d3b90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 5208988b5dc39d03645857d52e9c0aa1
SHA1 b60213e69629720ac4effc7ece7a8f2687adc874
SHA256 41524e155e9ae6b1ab0c7f03073f03666cd88e4ecce6e6c00699a16567cd2012
SHA512 c2c0e235b1853118982104a80a641d9c6ca1d6d0fe2bd54bdfd05afa1c3a9dd649fa730328c522d7fd372b3a0d15eefac197529f8271d2e1356539d507f6d458

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 2ac9f71cd720221ee7d1b4c85367eb8c
SHA1 59a90f5fa6f07c7a32527830ca9db7e9f5141a65
SHA256 c31a155eaa03544f9e4d85292f309e917f7d2e0c69d57ca4f915b24756a5dcde
SHA512 c579588c9bf7d795a825f4c34b53c9a3f6e0ebd36d2f012745b90593208b0603ec8045f7200693affcf0623afa0b47f507036005a6ee0e2c40cf9ff05edff339

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 a91741db96565ddcb6581075cace2c01
SHA1 dffb43e2612879ec38215d6916058c1adc3069c5
SHA256 c7b2a680ced8e3c13bd782107868135a62bb501e4b6bf327e7b127bfb17cf0cf
SHA512 f4e285d927fec7f0f3a021c58c75e75b55e918594ce2f806508de6856249d757bc4ccb10a89298425c14d0253c977b8f34acccfecacb58c0b6d4e684b946bb45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 d07b94db2eb049c7a1698446392ab7c7
SHA1 96adb2fd9fbfe265eed2e8b071368e32b48b77a9
SHA256 e7b124eba9470f85a7b4085c72bdffa4a150ccd2d6246a515a9f97cc79365573
SHA512 59e6b645bca40e107990ced713f0733ab14bfbb4f53acc24a6b30e9549cf81d146fa522245072735b6a6517f11af7fd1804c75ce8c558dd865524c4f0ea9147b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 0cd27624f2493948d30d477ff4ea6122
SHA1 6c109a8027927e60f1bbe49c6cb6212559789e63
SHA256 a471a47068758e8399f0e7402200c928d67fb930d5f465ae7b9f0e0df71984ba
SHA512 09fba4f9865c7f8a34c752d0a9b7f7473a09835063acd1341ebb5c4eb698e0e1f0928febf0dda2c3608b6e62597d5a972015cdd9ae1927bdb54ae98c1aa15d90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 44784e5b2758c5e2f52f1b6f3605f966
SHA1 cbe9dd86ed07821548c5ca92f1686e0e74539579
SHA256 cad1469aaddd96288e79b1fd98f5a5f8d34826d166a851089a8c1d00de4e4e71
SHA512 3180e0c082092b24d01a9f00e3e9181a1e1bd4373b262a7f1bbea263e9aa34c2c7376b40c061e22bd5c72c887d1e9cf911efd5b27c04957acaa5a3740e376c90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 664697d080b94842f331d0a345bafaa9
SHA1 8d1107fccb1c5e807b76c7bf323d99a05f662fad
SHA256 f76ce4dfa40e575f2011b0d8b9d4bb6c5ba4cec11b8bee4f9de206a5d77a7134
SHA512 4f8b2c523bb24764300e49e408141fc570785f5191a2b626c98db0b5e3c6433235284ef19bc2e5ec4ba432e2087d51d0ab6aec5c1afeab552f542ba584f60473

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 3d8c41db61032d5c23d760949157cef8
SHA1 ec027a1a8f2bce6415c5a39614db6568d21deb46
SHA256 56180fb471c17912ffe0107b35be6598596a860dd258bc801e27644df5f6ddd8
SHA512 f0ad0513542cce89177d715fac9acd9b036bff914a5bfc09b4bf617aecd75575ebfd4fb65f60d3d81a8a66c1a82214d559dc949a2b69219a856d4daa657de3f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 7e46f910d5e5003a3135fdbeb8fd0e09
SHA1 fd7bc38ac6ee02424c862c2527d91a250fc7ae89
SHA256 14c1b7ce16e630dd0068ec2f463219dd9f27519567d9719a8465830e602ec7bd
SHA512 bd330b14f0e167b2b5babbfe23d56d46a9cfdaac9af80fe869368f0b446b270a11a9653ae20f9ef77635a4184c47e8bf974cde32808b74dc91ebb711fa0a514e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 d221a44418a541d9e6039d247b41e624
SHA1 bec33f6a65529bc83a5182089af9f2101d2068ef
SHA256 72a0f83f9659484be5776ca4b4a383d0a3ec3aa59ff066fe4719e9d48e80a271
SHA512 d0c95ec0ddf9676199cca071c2dbfc41098e2a4560ef9a6b435824420e3bbad8ed00c10e0bd8960f92b3f75af8d4588f24da33663894acaf5aef1aebc7f54579

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 468e71ae513c918b961fdbeb19f6fb2c
SHA1 aaec00b22901062c0689f9baa07fa6539f489fdf
SHA256 63cfae1d674f2840f6af4b541a1808a0453957707690f0603f107e32223c514c
SHA512 8646a6f55ada3a15741e829ba2d5e1ee416d9c4e9179aadd806861f4bdfc447668bff85ed053971582dc8c8e05521909e7abf70c8071bbf4f497b0eb0d23857d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 971ba264791837a1c18a96c52a50085a
SHA1 4f62370f21f1f7cd07078540d93d46ff096696c9
SHA256 22e7a412f8e38fd1e45a5657d6e910b4f07ca2b9c7e7d37cab72ec3202e00674
SHA512 92a62f5d707366ff27fd8ec01049df0fb2ac058ee11ee430718dbc123ae21f1c38c7f79208fdcd43443980358cdc6790d01c171a8f8a3a4f29f357c2ceacdd45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 442f46e2c58cf405a9e0f48e8d31dc7d
SHA1 065dfdab66d28554683b1a38fa8982f27233b2b9
SHA256 92fbb54ceddb59f4ce6225327bf5ef5923c834034f8702b8290f4942d31eebc0
SHA512 0fbae85b0987f6fbea4e346853ce8f4c4afda7564661683e161abbc1fab9c06c65dcc89d7d398ee204d47039c7401920f3311e06689b30e93968851b6294c9f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 8a0f0863f0eec747e3652888dfbe2009
SHA1 3bff2ab21773d714673fde94c6df9f580e335720
SHA256 995ff502395d5f9afccc24d5cbcf9739328e589ae97e8740674a20aae396f85c
SHA512 f7060d9f853035af5e982e597bece9f1008250d7585af33a2a76bd99c0bb621c5512ad14dfd3f6ca4096140cef495a556609bdff5e927e0908211e07d24eb20d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 adc5eca82cbb23e97871c7a973c4d13d
SHA1 74e798dbab9157b0f3b3babb52cf2b867bb9e22d
SHA256 6bc7687a2a45b743dc44a37cea854d60dc4ec7e3019b9e0f4e41a4433b800906
SHA512 7ed6b8df872415f9a64ecd965374ecfe21f707a56bf94b61a0d5cc10c9d92a8fedabb1f0322acfa6761b6870c26945e10ccd784a2c29382e5092033cd66fcea5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 56b7c65e11ca61a596c4be07810e9477
SHA1 8a8fdd0404cad6158aae34bd4c584a119a7e6832
SHA256 57702b1dfc893cfc24b4a66c1d09f0a4dd79b17d34070c0d77c184ee6173a939
SHA512 258c8d16fb3a73045bc1281bacafe74c65773692fb2dc1c68ffdfe37c040aebc8badad9efc91e1b61f5cf33847ba37f7422f6bdc4a7ab17ae960edc6e7293755

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 24f2da7f49607630cab2b23f20b5d375
SHA1 0cc873ba296b69e97004a72189a4c92d2ff7b5eb
SHA256 b3c68d2e630bad6f0dc2b0f6ab8832fc958ebd0f7f19c4480f61980839aef421
SHA512 e91970082e9fbafb94f920fc581d3508c00240293c2cb264458da7e7e7ec0d5c00776925dd17bed77531e18083c94a6aded9b527047a442058087d2c4ebf367c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 22db329a8491e4503c86b6e714c22200
SHA1 35692c979be3126fa44c2edae4040b6d514e7a14
SHA256 653b4e52924d2aec7105b4b0308f3c71746c6218bddfa571bda953d7d2bd2244
SHA512 df27eb96cb45bdef72bd6e8d2bd62e43e598a39514c9eb5b96b64755aadb2831bd246a9c47419f2d26b4a68a89aa6adfabc1803abe4b5983a3cde17ba063c121

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 86f4e77252381c4f4a450bdc36a41fa8
SHA1 4d0ae5cb6982acfb88dd731a1dfbf077732bf4dd
SHA256 ba3e7f7167eda8d2b37c35738e804b4a55463137bca9abd6977ad8d8e5cee6f9
SHA512 ee9374b070afa352b7002c6c357a0185e6e151e8ce430c970f1cccfcda73e765bbda1f9f1c22cc5926ce49bc9b3ed9f72352d0782bc03717112710756a6c93f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 eda65c21214bec1912dd4797e65084ea
SHA1 426f04d6970708d68c353547ecd878c595129d5c
SHA256 88bbf4376979756e4a801c77d3329c1b8b135f55f6aaadd6bbeb2930ea42d3c7
SHA512 5584b22184148efa283fb2e16db0048a0c8775bd4f1912cbfcb453c7b21b3804a5daba9f719aa70bae7ac890c7c91a8d0ae084aa91458868ebf055cc9ce3609a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 9a44244c56a26e5f023cd43666b4c557
SHA1 6b3c772baa2bee6b073bfeb52bff763be67815e4
SHA256 aa7b5ed29dfc1c3f2ae6e626fb61521d125b114759643e9b281048cbcfe8d5a2
SHA512 e982a0bea6a19aa585b1fc3839ae200326c6fc2d91bc56da929f7965abcea6500315074779a0b82d4f58a649ae892cfd688986768624a2e271d5eb87b5c7f86d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1bd82180c1bc396a76857e1bbdc01daa
SHA1 c3d599a2ec0324de4ccae25ec2c9abad4f8b234b
SHA256 855b2c048426daaeeb06ac511b2f2b00adce5644d5de4bf09e70bac3f0036d1b
SHA512 241802139bc21a9dc8f74bb51cb1178f6ee51cf563c2369091bc0b64d17f40b13c9e754c248dbde4d2ef55a4a1c4c3a9bf5c872963351ac3e60d6729238c7bc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 3255b47b6e713622c2dea383305f0f34
SHA1 8411a3bce6851cb38882f08f6b86030f3c6f4419
SHA256 7790c37c6d7fe7b6a673cf829c5c91bf4690f19a62fd3ddf2172fbb4a94e6c82
SHA512 eada910f67b6f715ee0f9a84018a9810e1445968c39f31825478a2e30e15f893b8b0b7a8d947681d24d967f17c1b3ad40f3efaed596b4aea9a8078dda0fc7df7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 0adc29d9f5ee9127db4146b0f844f001
SHA1 2871f15fc3ab900c5bfd8576009af25b06b2d78f
SHA256 2d709a4b041b9c4d242fa32924aad762d3488ee38f717aeea7a874b21dd1a09a
SHA512 54e139f016b194ca9d31023401eb393321b904a833db55a4eddc8323764ba22541a3051cb772c650f5ee69a302fd97cda5f0773a5d87b3fb08144adcd80ee0c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 f4399de1120dd1f761807014b7f65414
SHA1 c23225a6b5337735c118c47025120ed0ab608da6
SHA256 93e60f853c22bb1f5b581d8ea7ff3411cbd877bbaabd4e8417c582c0d69c88ae
SHA512 1d4a22da3e6404b2dca5dace196d2dcc815d5bf1153295b73a37dbb8c71ec36683e83ad3edea8f4e0a3e95d27c6da8763644eff8c20ec09dc2d165348b20f482

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 160266ade42f539a5bd81b9343bc0afe
SHA1 4cbb69b47a51e912d3980722135c670629e8e4f8
SHA256 f584f1cbe2a733fe62dff3eb53afc682c8c1a14ad205def42b4770b0e3602d0f
SHA512 ead6e012bd010b21e98d8b23d0b6c6af59034a4a0d4b9f100d108c0c5f09b49087134aeef2bb54e4a2d6751ca27dfb9b8648cc4afecd2271c8d99df23ff8069d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 210ecefc3044581b60627aaa04a97694
SHA1 da3e0f43fe8cea2ecff3c9281c3a23b7441d6ee7
SHA256 35b5095ca647d175d3483ebeee73cf50d7680c0337b57cd51e1e053033210595
SHA512 219064fd3f59c5e6ee9cd9b883c0a8f5a6d8b549d2c11e94b72b86cf6414eef2f9b76f83f947419de22ace396c0762fac99af55b15d88093b797fe5854417669

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 72100ae0423a1408dc85427ce5b1bd19
SHA1 ed983604edd6b56540ea3a8854ddf8e9ebd20fd1
SHA256 3bf14c0c8b91123a782f1773d104c0c7ca36985cbb0936b7fff5c4eedaee52a3
SHA512 ef93b2c861bc374cbdc3f3e801255f2c0ce574e60962717aaa3eb418634088ccc1eb5724a2a200c04428f600c6776a5cd774042d6cc9a0a29f10ff5ba07db10f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 7522b22c77c07cc7b4170b24c1b18aa8
SHA1 3e3e1c4500a18b9e00636cd55904c868ce75e688
SHA256 6968ea875b9ba64994924369692da9756501e746c6d956d85b4f7da2cec21823
SHA512 9fb221554917c091a1c57ecb5d21e4002f9f905011eafc832b1fe91836bf5f182f9c41101ad12cd5ea7d0a634eef76fe08bb108e7552707281cd088f18bf9f3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 b43e755430a44f52107845fe6a8fb4d1
SHA1 7323d88781c580f14d946c8d890f2465c92f9285
SHA256 d18faaeabebb4538578d654f7e811eb1de950fe21d3a37e2b91f8394ecc710b6
SHA512 110b577269b90bf1ecebb17d676aa3ad24f57950effafbbbb50832f453b3cf7066acb19ba84b3b2d5afd12b066cad118912f819899d3d6b30e689ca1530b6f82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 b91378e9f6a36862be624e54003be181
SHA1 7cc10ddafe312806e52bdd3fb2ba43940a0c9b80
SHA256 ed730173ebbb3e6f5d239a666cc84800bd683965496a5dfe710382c2c4729bd7
SHA512 af905a1768062a8d6cbd03aa86945fe7862b0614e0496b859908859595e5f82d4961f7ddef94c5ec27fa51d8d2c3677ac549f5c78b6718e3d27fa2feb184466e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 2e288e3695524cd1bd5dd5ebe61336e5
SHA1 a7e8a17e61e57a822e7d443331b73f1c6ea895f0
SHA256 df20b09b205e57874acf53c61d3cdc612834d19b6d9ad252c74a38c2fa70feb0
SHA512 25bff02414e12455bade7815384d603d9833d3ab3c1b57580cc489cdfc52242680163105e9e1d1b0caf163e6024ea93ab6c3db8880ece3e0bd9aadca0524ecd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 4669545e7d11031158f4ba4d322bafb6
SHA1 c2f7d8537787c5e2836d44abe9bd3386e3b5e2fd
SHA256 2f1fc8a971995a6c050470705877c519505cbcf2fafd0e90d6e6ea342fac3790
SHA512 d390602fe3eee9a17d8bb8af22e2e4366403b0852f9dff3bcf02a970464798eab16e10d58edc26ba5eb25e3183955b865ee2564ea379de2e1fd5f65606596eeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 2f5157f3cd16f1ea947ac23594c9ba18
SHA1 826f01b8696cbbb9441b386af8f681ff8f8af33c
SHA256 6dc6ce0dec804f47a3426d23719e13b0773891683ccbb5081b9e3e2ae5ea57dc
SHA512 43d4667d2a8e69771e07a241427be557684b17a7ccc889d1bc165afb2cb38732910845ff4cb3b12ba4d27660dfa0bfeb8c08f7fc015643c75dd318646b591a40

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 0e853f6fdd5265c9967aa52102ab7953
SHA1 58b7516f206b7982f12e10d8829d33b61b9ae58d
SHA256 fe58b7dd76edcf9ce6a1406bd2c89da0c98a94a1831c949dacf60c047f921b86
SHA512 5ca73eb48086928ab5b46bd4a01e8f2a3a0ca71845601035489ce4553be085e997cd6859354393a691ebaeeaacf377fa943f3550342cccdc1e8301e0d420e239

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 8904945b6fabaac69b7709241c6f3dcd
SHA1 f785e580bf7c8231c86ac510c985c5f35a0d7962
SHA256 dd5e40e0f9bdcba5521e27445b0230541e176debd4c8318c96ac4c49cbbb57d5
SHA512 f517b73d46e2acd4bdbd163aced5de6e80b8ace463530ac6853a88ad52cf4b5d6b2b0f41761a381c68bd94892c8d7987811e191b001f0f0fa9a495767172122a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 00f63f702e0565b25370caf9f9a2dd07
SHA1 957c841bc7585844eaa6767b0ef9934f82488a34
SHA256 53804b993eb792cff865481175a5fed4ac0760665db163ce8fce4c5411d23803
SHA512 18b74af486612ed2cba34d58bb73c024592f35db783d0b478439a90cd02e27ef127b5deb7f92140698793de1ed0f4d4885851c8caf48c7f1c69ce10270c31054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 f410200e2fbf433db09c9fc3120d349f
SHA1 30b3c175af33d86125fc47c672a23519430cd235
SHA256 56e47429dbcd946b023bd8c4ed75e30f730bad691bec26ee5f48ad9d7ff615dc
SHA512 ec6b12be084f4802d56f227ccdcce8c9521ea88f2e9a701e956f355f46a88a331bfe4f536b5bdc65963f1e18173bcd3b6697a4c400370df437f1bfdcc5a0b3b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 a0e6945d9c119f62269bdbe4204c4218
SHA1 0f5f8760453d30812941ffa850f0be09b692ebc4
SHA256 0df618265bcc709a78800e30b19d160639b15dac69e714f6232a4c571f1c0c32
SHA512 798d221bdca9c4c0fc1d3ee31f15a5e6dc448179675321cbcbdb34e30600c3751859a6a3a9a6b67ede5d2d0fcfa7e67e39ae4dd20a6a6ffe74d3ed704b8c71c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5920bfdee5e6b3d8ed8f370d084966c9
SHA1 f61b2e3d89aa3e9dbf26afc2c0798c5fd521f5c3
SHA256 2a0b31e4527e11401fabcd75766b7fb1d08e3bdc31fb7310fc4c950f83f158ed
SHA512 7eaed81ad26032021584368dc03ec5f41c67244c4e00cab301d1775d2bbb28da2b7e3fc573d4be21c34dae664032138e24162da48bf5e461704deb0a50c64b43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 053bf89f05c203e8657c082d9e56f986
SHA1 7a0a8254001d2ee3b2638424cd7aaeb9da3f8345
SHA256 84e28457c3ac33ae4b57ca909061f8ac6ebbb1c22675a5f244672e552d74e64b
SHA512 96ee8d8ea291d62d38d5da4e465aa34fa64777d36089db4ca9028c8542a2fb6966958e389c2e3924bdc7911d8ceced4455fff3ac83711f46802e71303501d35b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 9ee8ec32b11ae2376b69c44c93c7a5a3
SHA1 b23369107d7fce8afb2486872be7896ddb77867a
SHA256 b265f8eb4b042e25a89765ca03ec739463611ca7cc88e911229e2f2ef845d127
SHA512 1620125ec9f07469383e7f9e0470ca5ebdac79fd629d8930081bcf0946e8c4426ddc2f3809190fdf6fe6665f959f698a6edc61a57cbc9999aa3cb78441d7cdb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 76babcf58ff6eeef46f2c378cfdb6745
SHA1 5c61b7118774805e8b61cb227a58deff45e028bb
SHA256 84dd4e128f78563aa59ddcd15b015c2c4ecd711baeb1ecf315c01bd6f2b55787
SHA512 201513c942be57e464cfa9c9d30ed01550f7629d16625acca009251c499a90b798a1560c9c3110c845b0c3bf197130eb9bc6f8fbbccce074eda7839bead10515

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 3abb4dc3eaf2538c42160d45bfb488b0
SHA1 29fc1183acb329c1331612412d2ff7dc82b3ee27
SHA256 354b6ea9546a1a31e789ac31cfc9ef267e0ac82876d3a6fb353a7c594c3996a2
SHA512 f90a132642627d97396ddacb3e899622c07c9344ace78706ac36009b037ddae87a7faf69640db7045f555ed85ebfaa963131691a92b5e1b922ad93fcd1733edf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 7bfc8cfaf66fca701588232070b5f832
SHA1 5539885918dde385ecd4da19e685618fc25e978e
SHA256 19c2be2474bc926b5eb2700cc3df25152f6740dd6e7e5606e506db465dd2c21a
SHA512 be5605294bec73432dd0787664839bf4e9401005beaafb55afd8808cdc043d733ad61125c5b9837b9c2065140bddd692b881462c57801fd1dff5f377455e2c96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 b4a2fbb5a8cc97eb1026228a3d646333
SHA1 c2e591a9991c7004022d6ab0447e3ce7df268495
SHA256 e305f6c09a7f78177c6f2bb2dfe3fdb015fff7b10333c38966af458a4b12915e
SHA512 14cbc571804fab8fd4cf59ca735d09ca4d293e895e47f933963219b0ee18eccc6e853e4928fe6af117014c48c7bb37a419c5b477c544953b4d3d886d583b47cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 e52c9be21e4cf4890ac4edc5e1b41366
SHA1 65f0192b05a2ebfd9f04b0eea7f385f6bd031727
SHA256 ff9fae6ade7a57c583a38484f04cc7d0b1fe7151e26ae8ca7ddf4d3692adf5b4
SHA512 a4295d398b3de8696a59baa478473926f85777912ec79c77d1f6e76d6cf6426145e2ec31f36a74339fa100df09cae917e1a66e7c7496487567ab083033a4b229

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 bc356b72a931f3b959e930f60aed8111
SHA1 ef8d3e7e3c82fe4881704b5150c63d9e4f2a169b
SHA256 3b7610686d5afcf4176d1a0fe2a10b0754ca57a974d48c612abf45ee713b2b00
SHA512 f0952bee0176003c7407c201d940478042721abc1faf2a583965284e537fa81f1f7d5003b260b3afd0a5f79b1c12f307415f193d271e3be405bfaa05fa8d525e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 036aab1c90e47428fb4fd12320656f2b
SHA1 401cc5cf9397517e00b6c06666dad1226eea891a
SHA256 152cc6a959d83db85165b14db413eda28eb6c7a2dd7b35aecf3a9a9f44099418
SHA512 3ab2fc02d54c03e1559698aee16dbe9dc5f60fd0263ed33828b498fda100d6b60c4fbe84e89b441e824ca266bb12f8223281c593fbe3d8877215327244087395

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 1ea4989f0db1a7617daf9a500681225b
SHA1 3ea0daee58d87f13729a283ab38226cbdcd932bc
SHA256 c6a788cb61685098892d75bcf030e124562dd45d06997a7bc2dc31837b242dcc
SHA512 cd8ae429712b4c7a0f042a4ed042e292a321f67e89462f790928c541644e27be4cb5072493aa88ae3a4a4ca5726be93b38520cbb247b04f4deac371cb5bab395

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 a0966d8acd6e94722a4e70c655eee0e9
SHA1 a8b763bf7517000341f1c0ca3a98685e83c7b390
SHA256 5740b041f40f73e330b19ab3f75895a02a46e295d0abce30e064726b9411b16f
SHA512 f827719e265e9a0e91b422bc988546f0e24ee7e6c3fa3ec7ff114154ede047a0e82495fc2cc53d561b1be6630698e0c4de94dcc387b87b630b834c162bc2f48f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 cbc59588cbd0d8c859f7f5096d3c1e42
SHA1 38a76834647ac4218b4816e0354f07eace7877d7
SHA256 5e8e26068047674d70d53879390e7f9ae53e02c6e3e64438e47633a2a497c236
SHA512 67322412a024055faebd46d283d122c18de3d2316bde0f915abd4dd9ebedebd93690b6cd3e1ff0b0efa87d54030359320838f556d861f285af45016a5bbcda66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 fa1ccfce097f52286313e245b555288f
SHA1 510237adcd2f34e5d28d47216627338bfa4f6b49
SHA256 58bb6d1c07965fdea2f3fe4c123df18950385a4e7325a38d3a23a5f16e7c94bc
SHA512 75ee9aea2235eb9b2558130680023a1a520f522721551d0a4d183107b5be823fef51e7aff518608c60d05debc76b855bedaecead2b44e1826fe7adf79b10910b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 1a0bcddc8d57844603ac42e57628cd0d
SHA1 fe7a72049baa229c42129d0ff93d6cfbecf40599
SHA256 b27479b292b78fa2afd484c058b5112117babaaaa79d1d60aa9e9e193f662883
SHA512 aba26c032ef86f6d19d3a5ebff5f0c64f52bec39f149243b8cf986f11f5aaa4912d274313fb2fa568f018b40147a36c6fff979330d29e197ba267ec991d457b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f79c0b21fc70abfb15a515aaecc25ed4
SHA1 c3a064d7cb99e9efdd3edb6f34b38211adbcb230
SHA256 c9a4cff5d09c95fb0c0aa90e6bb70f27faf50466b878def5b9f7fdfb38cd31f8
SHA512 ce7ae0dd3f868ccd3769342b50aa41fdccc71aa818288b788b6c899dd8cd252150592ee70b8b520e15ec42b100dab180256f0fa55d3b87775e2b10d3bb4cc6a6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 96398b2b17036c9800cbf44885a6ed5c
SHA1 d067e7828a0da40e42cf6353658add34c53d33d5
SHA256 65a388bf342d3b55c494baf41b3efcba593aaa69b2fccfbcaabefdb5c0f5adb4
SHA512 ecfd27f10dc1d913d18d2efa501431728e7dc52fe7228dd9af05ee2d2d43b480b35bcd03dd657d1c42b794ad559eaed08bca739accabc59f28bdfea0efa88091

memory/1960-7399-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 6e181d76605f123bb90b49289ef7e0b0
SHA1 1d68d247957e318014232623f93e324d309f0771
SHA256 930b18746bc3e3a575e0b067e57476163ea1a7efa5e72a2defd7fbb451f6655a
SHA512 502dcb8f8b21f5d7ca8f40670ee041d66a92f5912462ab3171000548e54ebf6bfa8099e783c66b6392fbb44cf52f5b788836679c6098035ca46b0743694c6be2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 76897bfba85f9f42f729503e8af324e2
SHA1 a3eb3069360cfc4cb48038f0b722765f95b525c0
SHA256 5d75631cb12a1acda1d8cd9dfff2006871fc02a3d92f6bb352db214ec9017102
SHA512 b02cdfd8b7db90e6ad2ff1773830785c70e7a1a1f0aac919d005bc1c40fefcba6811705ffd72cb4db6996ea2383406209af95b153c899872d3060a57d967b284

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 946fb25bc60fdff325bf1365a2425dea
SHA1 a5745be44154b558fe793b5204f85e87a003721b
SHA256 635704a65a56082d38d6c2d309f8516287d4173c4dc1f4ebd11ecc4955b3320e
SHA512 4b6e1f6a18541d1600c2239a8f492e0d033e378f7ccacfabf15bb951dc5e3e9440c24ec96d248e4ce0c6f8484e9b04fea74b08dfda222e16070cd0a06e3c1f71

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 f31bd3bec4e83b3cea140fd944cfb0f0
SHA1 6a337bac75573f09c773705dee6c4b3da9faed35
SHA256 b39855fab149e81bc269105fe1fcfb9e2b76d5ebe2b0f3796e03d192731e566c
SHA512 908dc6ed114f275c0e2631d04e160f484c6f28e03af49eaed49f1a3bba5307682e13de9f2c4ab6ba5f877453386be4c414c8880b58ca3b73d387ea47b1d6f364

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 69e340e1c8cb50056eeade264b8444f2
SHA1 f87ee8c362aaa06c226dde199d4ea46fd4d378d4
SHA256 dcac981d84d0cbfc32fda974d40968e59ef932825756daf43f5d25a93bac3592
SHA512 5548412d3dc5fd5f6b27912c0483a2fa9a5b4092c8a020085005270ae3a2943edde1a5958359f614c0e8dda1beaa88dfa8a9ec062767f8af5126aa27c86844a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 73751cbde54c32154589c2bf1ba05c4b
SHA1 3c98085c593f393757775658117ac4287158b1a4
SHA256 52e51059e85f4e0f7d43f013a3d2b0b6f2f73588553eb0c74e430688801bea44
SHA512 aaa8edd8b9a214392ff4cf6e33e39d45c248718c72a0290c0aeaca89049a3f7b8a39af8f041fe949659fc70a759997d446d1f0fcc066264c797dbac447d14150

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5d21590742c2476bc05c94f0c89e16c3
SHA1 5b1f119802a546903d114a1cac68f4190f97e449
SHA256 75e63014b3bd8a91f89d150524fbcff4fcdcb069e0478f4c43f63da1a65339df
SHA512 76746ba34b45ac1e4e21d35a81b39c11bfc4f8a319ac3fc648d90ace1ced01327a63295edffef9eeecc6f50379a9441bd7391e9bed15247dd2aacd94c9ac4ec6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 27df5b551e5456e09f1cae41327fedcd
SHA1 5f88625a6583ecf6a03f0371f88187f62a4b9ac2
SHA256 f60d073397d8057a614df597497f723fd8a5637b5bb7d29dc7c6fb9cdf3ebba1
SHA512 d2ac12a35eb0a70a929b8c9e2954851465c608a7d82125bb2d819e19974785b91b741a1832f9501b3190379ac7a6435e745ab3a2a1708e9bd34d38d2144d1740

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1370ad9dd9b11f7b87d44c621e02c6e9
SHA1 d798a3951529bb39a8fd0b2a17c92848507ff609
SHA256 8e973061e855174d463f393cd8abf3137e89c1cf83524b4ec61a5beb477a48f8
SHA512 d0c696e180e48972367078405dea6d2411222375297ea96f99dc8a800c2cdbca77f0a84b55ded78c968dc4321b34bc778a74311df73b35f2d48f89aee90648f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7d766639b6336e9477f8eec2e715456c
SHA1 3445f66f3c441202ad8185998cd730ba8f77d7c1
SHA256 1a1ff0896e087103070bc78e48187f6a7c2ed7da2a96edfeb4a81721d97b07da
SHA512 b3caae50aa1da0dbefd8367361d81f5d5f213ca4ec90d4306eec525e73931ca912e7dddfc462960056c800a277fa84fceefc74ccaf0597d8ca3f5a4ef7c57031

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0efe1112be7a869d755f3af0ee606cfa
SHA1 32eedaf97b0626140f1c0d1c284bff08473e582a
SHA256 1b29c2274b608d1468a453375202b426cfa53367b8fea357ddfaf0263cf82027
SHA512 ef93bec42a428b98bdb656a87448237031f82b953dc39d28310bddbd1edbefb34c5ea35b171321d56ea8b4d37c4c622500c2feafe64ba2d64538c6202fcf0d0e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 2667b616ec8c047253b9327532ae2fc1
SHA1 45ca399a4bb6328e1fd9345629a04ababa17c19c
SHA256 25858cdb6f77ba693dc2a7231cbd093394c1a117f602f02120b99c1efa5f4d53
SHA512 2d70c77c00f459af80f6b6b7bfdfa2c11abf235d422522c24c7eced7e1bba83c31be18db8a76ee4e47332960ed5cfa62a987aa56394d8efc56c428cf8e0c1a0c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 a25edfab6f2b8f3ab63379451c79f24e
SHA1 9076ceee65808392dc2d12452289f510d145c04a
SHA256 1342aac2074796e50bd82e4d4e0b090e2f69077d421dac0355d7e3ae421574aa
SHA512 c41db6febbb52eb4ed5ade0cbb35e97eef1dd7052866b3dd5582e154e2c1450766ae764d00d2e5f3e6cafc8b34b170ae430aeeeddf52ae9fc58c6b9932afe28a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 12e59171483f9656b9fa4661c266e321
SHA1 d2097ed73a624c2944887795ff50ff7689c0dc9b
SHA256 81c23a4a0c4b4dd89211d18454e3885785a6066b74a386e60fcbfe3bbf178d24
SHA512 3e1e986938964b76e285b1ae7626750eb908fa3244d1b412a4df7e604424fbcc12a2d6e2821b7b2c7d07869c5e6b9c2f772aeae4ddb2b4a10843ce17f3210d86

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e2e990b0c00aa032c6f4d5f6ec2061e5
SHA1 18114fe00f679c34589c37d46693fe70f539a959
SHA256 459a466836211c994b695fd20b825c5e4865c39df937785b46a2d1919f8edb68
SHA512 f255e299dac1cacdfc0a5e7e4c15308958d5d5af4dc578c1a6788eb2ec1359d0fae69d0b98b5ca2f1a4409b929a47a8c7c55df6e7cd96b2b1429b1921179a25f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 34282eaa1eb773c6b2e47a2f1f277d0f
SHA1 2a87e94ed4ead66ec702b99cc0bd4daba3dd233d
SHA256 258bc91fe92b5650f91ca2413f31dcb66d6e7aa4006bb12365ee1f30e059dc62
SHA512 f0ecfcfcd27c45746b6ab951729badade1893ba8fd14730deafc1a098a5f94a63b1579bec8d00bda8525460446662c999c0e6dd1923c897ce3b35f10235b8e1b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 190c50569c1675d75c001af746f23c8e
SHA1 1eaa9ed8590b2158e8cfc7596ca9b14a9db7aa8a
SHA256 8d9ca111202ed4dc262e0640d3476e73f5bfffa2c34c05861e26df655bb4b41a
SHA512 2bb0d5d4ca36f3fd536966592abf938f50cf6d9f30976cfa308e84116f7e8249163313a547a242967fb1dd7b699f6f69d7d863aa063b82fc2a60fbe6f2128032

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 893562c6dcfb2561f1040a8702a5b838
SHA1 c8d0d4c2eb147619e672b7bc55fa9a4f62b3d84a
SHA256 469ee031bfd14e3da5ebb27f05233795d9bd4adc3274a2a440875dc85d449cbb
SHA512 1552c469676ce75a800fc71513abc9a3d7c4b6f82f60e834c0e8ce29acab34abfa39cbca327b4fdbb0e296e00ad471f29fa0972d058f4dd4252eebdd8983cbf4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 265494c0a9df5ca61ad1e63ab8f4b3b0
SHA1 efd7d68852859152f10bab885a2364370c90f787
SHA256 f124d984f07017c6f76fe0e2d1b2f9ed0dc85a779a27ac10e9b245b6849a76d1
SHA512 51f8c6b27a05d07d4aecaff4a6c3f2fdaef3bf57964d6d45a0d575bf72ff9a933ad70cc721e6fa1c37377ab826aed1d0b64569af77f0233fb1ec3c6504a5502c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 ae1b3d40dd08bb22fee268eeaa135446
SHA1 293923534c02e0fcd0f9d0851d7b52f8ba512634
SHA256 101009f3fd28de75d9cf8f3ac59ce91f2b6a5ee2189cbabfdb84a7ed443b4db1
SHA512 38dc7510ff7dd5a295a945b2e2af1a56adde5f5760dab89ceecc3dd23ec7f6a51c0cd4cb52d796561c743db6e7d7bc095dd583d9885c01383b8f7f82207125af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 79f2f6a70c060739e95bf36e570ae03a
SHA1 6011025072eaabfb4f0f7d371f37292ba8ba8c5f
SHA256 59429c8721e1ac5b78222ab4eddd4964fa7a91e55ec3b228ed21ea1d91b5a74f
SHA512 e93c8eb1e5e777e33ad869075f6223b5736f2596a14849ce768119c6fec8295399e7feb5f98fe05d7ca169086a14203148f1ee59f4275db28b15003b0ea28a23

memory/1960-9065-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1960-9066-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1960-9067-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 04:11

Reported

2024-11-30 04:14

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2192) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_b401376fd0a39c95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_fefc1160d15aa667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\XboxNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_retina.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleProfileAvatars.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-150.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100_contrast-high.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es_2x.gif C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-to-phone-tiny.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-72.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\NoiseAsset_256X256_PNG.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\file_icons.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_sm.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-networkprofile_31bf3856ad364e35_10.0.19041.746_none_60e946790955ce95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.0.19041.1_none_3090bf440aa2e852\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12script.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_0b3ead81bed98179\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..wnlevelmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_78b1f5f5c57dadca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.844_none_58b34d76cd8c2980\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#\6d056f3fff70a663755a1120dd61d6e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_it-it_c61696446f34e90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-netfx40_iis_schema_update_xml_b03f5f7f11d50a3a_4.0.15805.0_none_bd83a0446cce66f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_10.0.19041.1_en-us_8688a8c5dd24bb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\On-Screen Keyboard.lnk C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-analogshell_31bf3856ad364e35_10.0.19041.1_none_2a55c08b69ad4049\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-geolocation_31bf3856ad364e35_10.0.19041.746_none_1e9dc338f1237ff1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.19041.746_none_47ec758ff9f94aa6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..xtensions.resources_31bf3856ad364e35_10.0.19041.1_es-es_72f5ec15377aba0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\DropAccept.scale-150.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars40.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cba172883e274afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c30587016df4e465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netvwwanmp.inf_31bf3856ad364e35_10.0.19041.1_none_2a5be9cf8a7d141c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ackground.resources_31bf3856ad364e35_10.0.19041.1_de-de_21842ce5257431d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..acementmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_0538f2a34494964e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmadmoe_31bf3856ad364e35_10.0.19041.1_none_3cb17feebd0c9c85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#\4bbb283adecdf8a5bf110bc6786d021d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_5423242a834ca42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.264_none_33cbc8e23aac35d1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_10.0.19200.110_none_25877e2690ba5b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_de-de_62ac0abf15e2ff77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.dashboard.forms.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e1d99a5aee9bf419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-mx_02f04ed9c02b2896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.746_none_07b59b67e21ec38b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_44344cd8024ee1bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_en-us_4df75bd69cec0d2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install.Resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core-cpl_31bf3856ad364e35_10.0.19041.423_none_9134ae6b97cbbd15\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_10.0.19041.1_es-es_f2b56bacf12b5848\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_13ca655f6246677e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b5a0fc040a75c4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_10.0.19041.264_none_a0f2741fe53eb880\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\SendPhone.scale-100.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_aeeb306313eb7ca7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-util_31bf3856ad364e35_10.0.19041.546_none_cc8076c97817971b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-setupcl-library_31bf3856ad364e35_10.0.19041.1202_none_3d14890c84f6bcec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_10.0.19041.1_none_c94bb6333e8c7c9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_10.0.19041.1_de-de_8843b79929632053\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ab788870cf3872be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ation-mfphotography_31bf3856ad364e35_10.0.19041.264_none_abc4650086efc4e0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-bpa.resources_31bf3856ad364e35_10.0.19041.1_it-it_d09350d3311986cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-runtime_31bf3856ad364e35_10.0.19041.746_none_371e9f62a4194eb2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1220_none_02b28c2f7a0070a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..inidriversmigplugin_31bf3856ad364e35_10.0.19041.746_none_1f140c7aff2a801a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_10.0.19041.1266_none_db15e480a69981a5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.746_none_b9f682f6b5dee942\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_651ed14350af0db0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_10.0.19041.546_none_374799efaee581e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_e158bbe885c6652b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-profsvc_31bf3856ad364e35_10.0.19041.1266_none_70772af2e7de61d2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\msil_wsatconfig.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_3e1abf08e6388b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2enc.resources_31bf3856ad364e35_10.0.19041.1_es-es_27eb4a82003d4fc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.84_none_f80970fc24265338\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" C:\Users\Admin\AppData\Local\Temp\svhitsa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\svhitsa.exe

"C:\Users\Admin\AppData\Local\Temp\svhitsa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/4852-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 3f8c536ce623f82f49206d0e9a39f839
SHA1 52a97eb8ce4deb96d648b0080dd2b5c305cb5af1
SHA256 adf8343e686d7f8829c758facb4f14c703bd5e009eae121247a85d018bb71055
SHA512 785069185a0fd33e3c168cef58f54982976f621db4d3f66a7e91f778a94782349725900a1910d8d1607d0ec06b774536215604b005fd4a3658e3843c338b2721

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 176d5f85b9c69d42520d8761025ca156
SHA1 cf033f551398bbbb420ecc7b0fc72f13bca38f84
SHA256 fb0eff8033f2bc96573a1afbf9c2d0bfbd1106eadf67b6862397942d566d0399
SHA512 14cc7acf7f5cef9b226a9c8c9489a176e12feaaab0df736e3370e6e248c644000e79f9618d11f32ad97e06c7680d67400c7bfa0071904f10d7483d3d88da36c4

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 aa943c708fa3a16f08196d2f78a584d4
SHA1 1165de0e7e74249edbde6553a6bd59be2cb61fd6
SHA256 1c441f9b52b1e4401d8133b2643f63ff83e4a0a9abb18d40a332d7697c10b776
SHA512 87f71b0f50055aa9552c0d73f10b5e95d7c4b06e51a86810d85504becc86c427f30e98b18cd3ea4d55a274b0d9bcae05738e3d81dc4bcf94d9556a607346c4f9

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 2d97a466c748d8158795c4bc78e7aa6c
SHA1 5cb7400c2324bf90b954ae1c9bd85a22c5ec27cf
SHA256 1113bf14bb7c649efdde372fbc766d27e16520df3eeedd65a0b31b1e27b63e85
SHA512 d63f7c4a6a4297ca8067bde46bb3ff7b3d421ca9f75bd344648e7becb85c22519e70724ce2d2b08bf00624bd65a22af7b2a8714e86a1429077c4f572438193f3

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 608d84452f009299123ca7fd93e3812f
SHA1 9df2ebb852d22bbf0e14649116db9db045ea5ca9
SHA256 0dea901eeb271d31a168107835ea68de1800224abb23feab355e2d066ff2d862
SHA512 b90e6659f7bc581f38d1c59c3cc672d06912ec73f88ae8cfdbe6fde7abc84fe28194797aa449cecdad0d555752cabc05c84b5015c0f9bb317ab985446263c18c

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 bdfb30822b5232df43df303e97a45c0a
SHA1 6581262e705fd74e53e4f5fc9e021d4066b2f529
SHA256 d2f45ecf41d244acb22b14dca309f020049051e46731ac1afdbcbb790e49cb1d
SHA512 2436e100fce13f6a9ce58e025e5b51818600ee15c48230e4e2c5a79eabd6ed41b547570ad04711014d80eef2fa6e9eb2e159d5417774f37a19d18b5af73cb7fd

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 8f25c41d544c2fcb27193463b230de69
SHA1 cd3732b4704c01ae74f284699b5e5f2dfc069eff
SHA256 6e37c017b253ba73952d0d1fd69c0186dd953aac5198e8a83e7b3ca6cec7388c
SHA512 f45a61936d72c74bfebfed35044211c3ccd65b9f4ab95b6ad39b7e34ac5c61bcf5b06e7b24e674c4edffd1a3fe358fa3ee009672a051f557e07f4c20d2f35a7a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 8b294a33e05650f2a0ad050f38a23f03
SHA1 43bcb28109e9c18cad7d56766a9b696ea385b3a2
SHA256 ad979e724e6b4760333a79611531071ff7bb7979396db27e7f93bacbc4beed0e
SHA512 2154a430bfaa0970b11f34059207b8543bd754dfdec52c607638d9725481d4f48422162d7b54691504be62a7a1178a19acbcb9c522ad33ee2964ff7c960b0dff

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 06deb7acda5905eabc69547af5f41517
SHA1 c5a711430cd3a335668e9050074fc3607e401270
SHA256 c95b6af58fe96fc2bd2cd0321f5a80941697f9c9e65378809ba34a11d3b62721
SHA512 2e4cf16947a1f8a2864f5933c391317a66016c839638b5fed13ee549d436466297951ddc5091baf128eae9154ebceba7a8cb70d646e4df2d4176b0bf8f98b17f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 064fc6f23897bdb648aaeeaa7c776607
SHA1 d36dae329e3bae68e4ab793d9b8a2b79fd29b42b
SHA256 679f7397f0eba07f19063a7a55ae222c0be0c76f070d95158d5033f9bad6b8b7
SHA512 95296b709030ac26070a7207a366eeaf29a36ee5cd1f9ce710477cd9fda9a0b582e13828996f1d2ee1018cb6610da419849c1f556e20b339cad4791660fdb9e8

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 478ce87a495ad1e3157cc34af8c64275
SHA1 2952dcc18db067f996bfe25c47a0fc94334a55b5
SHA256 135334295d5ac06762b2b9d472642882847b3f995ad822e990ff5d558fdf1060
SHA512 d761971ca36b107bde2a8d613037ffc7dad18306863976c5135aa485fb9c6ffcbd64fa93c5864e5fb53bd09049c9b6317ebaf3fbea6047ba35375868115fa5ac

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 808e1a74f4c633a2950d4fc4dce79a88
SHA1 72ec5ef1c51c109b8f02137dfe9d73a250baf60e
SHA256 16d25c7349fd10bd84c1decfc85279b49617938f917da6844ab5d206ca7ad8ac
SHA512 874157c288b199cac8ac57bfcc0781fb7aec8d0e6ef94702ab1690b9de1a2d5a107aeaea3e5cdfa77d58c3fd0321b90125d9ee42accfce7a3100c0df72da81f8

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9a4361367c2023f0a3bdca0eef6030c3
SHA1 8b671eaabf81be17408fc8ca8ecbd2f8516b6254
SHA256 6f28ea37c15a09d56aebe5c5c0982496df9dc76c611ef5fd8d40ae219be1677e
SHA512 0f2871a5ea20ae111a24ed7ddbcc536e43c16c11302ecd4e96255efc19552fc8d4ca544a8dbcfb247b6f46b03ad4119f310568f4bbc62e77cb694296215b7f7c

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f8f8d246261b347df134dfaf54224432
SHA1 a25342ff1dbcdc071fb15eaf867cd7e3d6a9ffcf
SHA256 5f3ae62071feaaf43f6cdabf3fd0d8784674fe03039a27b9537790a01fd59a09
SHA512 b3517d0dd6fa025a4c0112953d94d36887febc90bee5dc8a819d4c2e467a8c5a8a5a07083bb4b31e97ed32638fb613e7ce944ef3c0ac4953fcffc8d3aab68d7c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 6511b8895e32ddfef355c05125add358
SHA1 c39c65d6ecf09c4933ecc9c2bed5f054ba0abf4a
SHA256 52fdb7e2511192b56c5521d5858048190213c827903a742b31df5f569a0d89a9
SHA512 82c157a06c9a8ae2486bda8d92d605924daca65b6a95a2d7af99027e8c9dbdab323aa4ea28d9d4593fe6105161eb6d0d64e55831426a1e056f23ff7ae29cdc4d

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 8a8e9d6a223041d04b5d6ac0271b398f
SHA1 20588cb05694c01e1a3fb0ee18cff76f674c36c6
SHA256 1d2dd7ad618efca15eec4fad935c3661126493bdbbd4302ec87d408bbbddcc96
SHA512 4657feb3c5ccdd64f6ff73dc0503842c50b03cec1c0f03f6a026239497b5160072bd987983dc8dbe08985ad17f6084df9f6b92419ea33f94a9391aeb6f9a67e4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 5ca9e8cebc36777fa5bbfbc6464e32f5
SHA1 8f46ffaa13bbaa9dd91d9914ecddf035c1dcb915
SHA256 57de46ea48746ea1ce779aa250a8ea5d4b24b6f4bc9012bb9248231f481ce593
SHA512 59429a049c4cd9fff6aa6cfb4ee4c628fa9f1a8edf4ef4ed29df7465002579ee864412d0bf294e9696e38f712b064f0655d294017742632ef53bc223ae250535

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 400c0dac81de3cdb630ede595a5cc50a
SHA1 b2bebbe28b96a4d9342c56fe11cfc406328e932c
SHA256 4e9d208ae755c190e9be0a96280420af648c864c21eb996e94e42d158f1bf3a3
SHA512 ddd02bd0a98bea58487faa4e5e6caf38fe43312039e45466bf3a251bfd0d88e00a79e53ab71d38198c94f7c80e5a48a63f8b3eda00de27847c3533f27960c886

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e09a2ba9b4f0adfd8c52f08de89d08db
SHA1 38f0c0b2ed7b3481f50a91b0acbe8defbef8e338
SHA256 cb2559c864bdc4c5ccd79a4177bb8069db7c93c27e2a55d5877632c98daa8f40
SHA512 299f90650bb2814fc265eb72f81a589ceb4488348b6b606569b824b28b69b8c807351a6f0e239cd123863017a5f0c48767ff1c92c61aadc00448be1650ef878c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 da578e5f8b7460488e776e1d89e8e429
SHA1 873b17b8045c5def5661b4e74ee951dd709f7abb
SHA256 77a02ac12bad93811ea4c66e5ac0e12337d85c51b7adb4effe9b933cb830d982
SHA512 865cc44dabd65d64cf81c60fcdcfde0c3d1fb6047e53f70be51a15891fcffb007d15ac81964ca0dd125354166cf1acfab1c06d2fbdac370dd725a433329bae0c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 4169a97de1c8c82fe3caeb6faab92d4a
SHA1 17dbcbc5bd64370177fc4ff4b424823da845fedf
SHA256 f4b888cdd194516c5bc081892acc9d914d4a099685585574279fb06589cbdf44
SHA512 615e17cb9308cf068b5c5ce50b6be331472199037817e50f393df8e8779613792cd9769145f352d11b0aecb769806697aedb658612241c0b8cafc65ad1234089

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c9bb3d6298295b6771b76ec382102639
SHA1 12a9533ccea9c2d3a6f2eeb8ba3b03c66fa63042
SHA256 8b724e632daa50c0aaf4b4e648ec63eed059a19f2cfd1bf7ee28c05474840d8f
SHA512 d9ec0d39333f0039ca922689c08dc4b29ea5251655e4722de2f02aa5e150c5262791a263a141510bc9fb6832e060f7884c144abf0fe053d3d0edeb0979f50b6b

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 aee26211f62cf07de9d7f82b00a58b7c
SHA1 6531dd0f62ce0f3584480271bb86a6ae4ecc2103
SHA256 869aad0c2f428df95bb9fb189b210fb00c68d3590d33bc43be611a954e755cc0
SHA512 cb8cfed7eafdb205c391a1e1c3daf3225f6c57e5510a5e6fa3678f9e93e7dca5cb9cdc54adab621eaaab24c6bcaec19e9ca94755dd98cb6106c49ae8a67cf9a5

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 dba522a6d7d916fc6c714afe304bde4e
SHA1 a3a00379beadc68bb440ab805f299d2280b6bb5c
SHA256 321c8fbfdd6bc456e32002daf0e796b20007fd4834bb6d7fd713edb451dc073d
SHA512 ab4cd4971efe792b802792532d39613158cdbfa7cf58b00d57591902ed4dcbb58471ce67c33ca1d874d861e509fae14bcfccd0dfd93d9108088927b75562a34d

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 38577bd4917069ad9ef09633d6aaa00b
SHA1 20d3932726e2ee43f30a6c659be0dc17d5ee4f4d
SHA256 1acd909c960403d8f86cc9e6cacc89e10de865c416eb1ca95d21cbda342138d5
SHA512 bf928c858f9f025fceaaaf90b37c873a2283c419cc14f895f8465e1f0e6c5bc4059af221544dbfc402286733bdf0f5be9439c5becd283e8e8732115c75313ee7

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 fcf985e308e8be946941aba41a64aab2
SHA1 cd333091959cf738922143d08a8327f3ade2b5ce
SHA256 a76361dce94291119937565c1c21658200836dc3f02c4bfa4c857a4833e0292b
SHA512 d40f3528ca8cd0c47175c09a062a8336eeb428559dd1cbce377b28a2137a911dbf0f695b5d9fe370d8332ec2adff3acaff872d3a69f6c39d661acd73d6b77a34

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9a98fa4cd0bb5fdee5661193ff587a35
SHA1 4e1ed403b5c877118586fc12f7f0379f75ceb3ee
SHA256 8284d477a94d4e30ddca079e6170c1398ce78be1af8ebd2d9807596efd94374e
SHA512 5e4e1c934da319f6558696c409a6748863ffd855ab979117b4d97a49ad3d7d36d08f9cf9785f5325022bfca57da1a3195ccc8784302bf9265e86f6988e727ed2

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9df16d2f162bbfa6a99390cf18071437
SHA1 97ec29e09a2e3bb8769392a83366212a0e14261a
SHA256 30f00c22025a36695627728ea3f6f1ac67cfca42bf960dda8455b25fbf7c17a8
SHA512 6a658fbe4aac9e1978db958abda0fb89a4b9ea94790b72a39e12a2d8ad5d34170ed617feef4b1f3ac02abf167601af860936fbe5d199b79505ea7a6cecdca9ae

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 e3f2d458caac9e7a614aad110aa528b0
SHA1 7642a48ecef53c5fc3784aff1c7232ed9b5c954e
SHA256 08d66837e4817d5925895cc597d1b9fd323d4712ba878e791a59c5f8158f03f6
SHA512 96b85f9afebcbc21da34dd457ccd9ca49b0c7738ac595b36e250a41820ef6718b6bb20498a6ff0b6a75b50b14e3636a2a6636a2c0e9ea6a239f24491e538394c

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 1b4dad2161a0c7cdd71700413630a529
SHA1 d6a6724887ae4388ee032e263695750a5c1e73f2
SHA256 61202e5567c3b21c6baba85bb2482a6b6462fee653f8dc0eac43a809e44727e3
SHA512 8339f5b9a026c7932ee21951ec1af35c2a16663851fa67216e9a9ec0254aca86f9310e613cbd8d5031fab33967f5850f2106cfdef0d6798f695c73f2c525e68c

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 323c7569b1d01e2bff41eedf07a99def
SHA1 7461c82d74abe7896927430e3dd137bc9ea77646
SHA256 99a6d8d3efbb7a7e2e031464e877c057c608bbf5e1f9e1b5605f5d3b6f7459ad
SHA512 446fa3c9935a4031932abebe594ed4150e88df3685b63de39a44b227b3023464f6bc5f3b3346cc38fc0f1501b0d45d68575e29c5d0cdd29fe619d06da23ec986

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 64953e36c3947c3ddf790beb0381ede8
SHA1 5343cecba352dc8ae3b750071f1287081bea68ca
SHA256 1a5fdf48cf78180689525677bdc02190a9c6e882492f0e31819ebceb1a5eb4e0
SHA512 01f09e61d688fbbc430df97341804906646631bddcd7bce96033e8c81f5ba764387e7e59da89d43b29ab97ee623416310c9fa6572cbd36a0e5cd4c32b7fd5d5d

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 4d40405f83127a048762f25965bc8fd0
SHA1 ed859fde5708e2e403c359d9ad444a5faf29ff18
SHA256 46c738f31ca5c4a6b4d07fe9c2fd129457032cc51410cc88b1aff9421d6ab50c
SHA512 1a63b8d0e0868296497eda4938821226ea1e56057196e14a06ed01f61dcd7e94c99d6ca1f97e53f38e1e3811d3aa90cc5e08a665c51c1b49c9a13ebcdfa77063

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 4caabe068d12775a336067281d836548
SHA1 a82b8ac23f66d0a3b5c8031e244c99dacb3a9dbd
SHA256 2b10067319cb4d058f7ba71b16f97402d4d67f9c2c2cf04292f2db179f4b2f9b
SHA512 de3ab01cb46e8aa9a428fc32a99cfb17b89a73e43f4d87a5d00134f2f3886db9c9c9325fad2f1db5c4df58a997bb8c0bf8b1b50c8006541727208356907ff340

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 b1f67a1b655f366c5d452d57dea26a9c
SHA1 1ce1c3a31d2d158c955bf785ea6da1568ff780ab
SHA256 bc46ec3c4e58b0e5f656deba46f41ab8544c4950388460cb0d3781f5a3a4cf99
SHA512 025968b933256bf8bcdad427abf7c3f6ba5debb291da31a65fbfe4d7987d390fdcc05c07559686d44fc809b635b36bee2d42de81742ed2aac55f635d7aeefe46

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 c7120cbd340a6cf4d164bad40a517f5b
SHA1 f756947ec3bed68dd44d53c94651644536fa09ab
SHA256 105ffb2c1a10efad658cd214d7673bef513de089683624d177bb99120e3abdac
SHA512 386b18be426914cb887317af6f17312c15229a63fefcd779c590a3e258581d8902a16cc7d7887569f3a011195514683149e1aa39ee5e844c08b96d9d373c6620

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e3b98814b2ff40efe038c0027d823430
SHA1 cb56cb223a673af5bbed6ae681009ac3e378577f
SHA256 e04aea7a4d2417252e2cd87179f3c0831e793dc7aa08396e7a18f9236998ec38
SHA512 e62c0cbd1f91cb53e0966444b5c0a9165c2835cdd813f56bfbd352f5a7c1334169c7f6d7abdc2bfc113e5fee7294b874e708f53398ac34a446de1f927b94cf2d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9244fb0284e04f9ecb64c22b33154010
SHA1 b8f653af7d47153bad933e6a58ba06e206c0ed38
SHA256 ced75541bd8110b4923268b9318bfc01481a36a218a59e161f23efee6d94742d
SHA512 b94c8970357741015ab8181b43cc63b3a55c8c44f2487643a5a883a3ef57fc314f3d9733f45d70a986f6ef9d9c0b04e18cd56ec2bf2d54481081edf84b97af02

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 01672639b797b3058fe27a13eef5fb17
SHA1 8a8111f0be872d3b7df5a7e3ac2758ba778ad98b
SHA256 38e0064148308b57600762cd4c30fbd084241868b7506af9853b4722b5345602
SHA512 b9935f592c1d5da2ff0a6f8368490c15cba56e5847d59e9cfaf33d4c88a28bafe36b5e6b8429a4bd703e4a443fc9210b73a9b6d431d0c65be3d4fd8609d75733

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 de281c50b50488476653e4705c716e29
SHA1 131115c1ce0a1cccb326560e7c304539856ef757
SHA256 00788e64f26c7d4d417271f160d5698ff77f820f819d7cd9648612131fc51adb
SHA512 47519321cdcbe59915a017e226f155626d3282990588f9350087194027ec59b87a51407d8847eee99b5b7a293f4c79343356082f9dc7857889d80f30441100d1

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 2f4b1d3e18ed236e0967c33e2b16d144
SHA1 dd66cfeb29b9bcc0880ece25f012d9ef67b4cc16
SHA256 badf7bc3ba61634048f866e93d41f056cfe7965f35c37fbef03592507754bbf2
SHA512 16e11d164a2f86683ebafcf1269350b78e74fa9bad0ac15205b269f808dcbac89dc02c0aed6358cdd0d6f7c1b6fe584bca27cd929d1cb23d24022b7bb98245dd

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 0083bc69dc56c69f9d134307c05d0cab
SHA1 83e26bbf800c2faf8bfcab77b5b31645acabfefb
SHA256 1f3767af6b810345bf33ab8b8872c392a57ac2c10ec7d8b38769f9f79c3e4851
SHA512 05349c1d65829382c0d32f151c189d8bb3557f1428ecb54d4cb408438d832c965ff0c4118470af0f1c5fa911e75b0a3a11507d094bcc3f7b92374006835e66e5

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4c5fdbcd40d7c7c29f3d1890a6c80f70
SHA1 6c85166c633b5c599a64c12333dcca7bef3a6cd5
SHA256 ceb023d88aa41f703627fefe7c831ba4949f822d4ce14f5f37e581757e58bd36
SHA512 ea7d4d87d1bc3e7024370dec050947e0b24c536000ab8c0ac8a1872d17d897f5a2ef66cb719cc6b4b8c333b7959b720080282482094fdfb89fca54fc47614ecc

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 9e9de69e016ac97388db57a2cbcc0a39
SHA1 ca2bd9543ae9c2ba4d988527fd867cab90e1e07c
SHA256 35f5fb962a340c00e7b1d1ea26d49a7eb8209859ac451d6a9a0aca1ca57a9c0a
SHA512 c3fc6434ac3c097c3bba43e0636c565a729739a1cef196031df5477ad089e84451af827068aee03a49c1e4bd6df6cab03412f0c33af77c8e499926d6173cc8b1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5b189a5ded3db35f882f0b231070c32a
SHA1 3b9449350a217132dac5150a0192b539a6b5376f
SHA256 b59f0731af9d14d8c849ac0e3a033ecdf90d13f944ca2af26568205e0b08e128
SHA512 f7ceb42c7e685ff404f72f93894b5020f6866b5a477c1c61bb77d39a9af6ac0a215981fc6bfb8ec00d64ef832a5bc9a6afff273287e91f304f77f76930385083

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 6a657f76d7a858720ae9ccb2a7880fe5
SHA1 2f2518289843b8f37a33308c4d9b3c5c64efc359
SHA256 ab2149e47f097d87c4cee8bc6c2bbc771f437c70ae848eb80d9c62d126b65151
SHA512 514ae51a8ef0481d7a74b56af01cba6b19e82d1f466740e203f54434e661515f59913b58cb3a18eb285023276074b23d708eee3627ad7c1cf4f0b89ff4de2d04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 fe94a3c3a14078ef27e5c4f0ae4e332f
SHA1 d66aa44c62fa9dd017005d04209f1fea3b5171b3
SHA256 2277107a677c18af8d4a4e0c63da8cfe2b89c56ad0cd1bd02625ffe6bf1c5972
SHA512 a1af6da33083514df2a6739ae091fc657cd110b1e273dc0aaaf00982b296cf897934b68fbce1e7a6c46ca1ed82f3ead26d2b20fa6defe076045a380ab0caac54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 a9b2cddfde7aa412d19849ba4a961d64
SHA1 654932863b8449f8925d6303f07a99e70e1764a8
SHA256 b608de5b5561a09c86f4e6b447ba38c17aed198466f39e9f9db41aff246b10ce
SHA512 04762da726932ca6a4d296a112b4cfc2e4ec72c027f1b9a24cf856d355fbd886aca401be379d1c3593ebe335e2e8f583fc87f88896e1b3071bd2b09d1590a9b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 f97ee7ac5456f4d9a7c4517ace51eea5
SHA1 8157ffc7e641701ff017cbc1c82acf016ca5a022
SHA256 660363c20a2df89681d4109b4eeb80af26f5d0a31030d42b54be7db170029cc7
SHA512 45d44fcb492614f55f74aa9530c8afb17eec56cd5d27a9269f2be3d89f7eb26737331cfc2b931c898e4ad735b1fb653b51151baa11a7b5d916891adf51cbb37d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 1b925bd43997a316cfb3b503f328925e
SHA1 32ff0988e04991d05db245e704d91aac734674cf
SHA256 7f76be15ac17cd80f63690dd9c4ba5bec0e0524a47507dfa0378217a282faa00
SHA512 470c7797a993703436cd1d9273d9dccd2af77411692149f5947eceee5d469acd33b575122c98d081b2527ba6000a73630f131c8b581885feca0d83c27be02cc4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 2eb6cb811a948a629d45ef34707b19b6
SHA1 fa06234259920fe1bbe742f4545af7023011ca5c
SHA256 1c47b0e8f2e99ba3bcacd2533261906824855e724afac2c9962e6e6ac9291d2f
SHA512 7af04634f81dc54b2f75ab7e706d65100286351f44bc298c639fa9cea07840aaac81023adf0dac0e6c4701e1542adda9ad031ed944a951f848d8da632653c6b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 e700f2fb8d36ac90e0e364a05cd8e78f
SHA1 c11691c4f2d5a57f1d5cde868ecae9ce931baadf
SHA256 908ca4cb5fe9cdda999308763f57f20ee135697b336324cbfb91c1c253372225
SHA512 94893d7c2e2a3efba80d8f445560efeee721dd3d31301fea3019b65d8d9330b2857e0cd3b987cf5362194f2aede44f68ca0cb3802426a48ffe700bafd7bd62ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 a435b7dd38104281afa03fa750cd01ad
SHA1 6394190fcc451db1baba266ad2182693427549de
SHA256 776302b9f15c0f79c94c99a8312ebc190e47b1a672a12f81c1e65a1a21ee12bd
SHA512 3c87df44d519d02ecc93b1969d6b3f817d3409af7cd8205884e5ae37f83ccdf515e41ae06548e5ae951331f21d2c3ce20fc89a5008727c049bad0927c5fd9d70

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 f8effa6db93be715d4d2caeff7b9e6e9
SHA1 ba674f1182ff66562ecb1e35bb8250320545cf6b
SHA256 b23f336c5bf9b7baa46a2d51017c464a45c9eec0d0bd3269368ca85072001e14
SHA512 347e12ca045b81691fbbe5cbb8d86d74907c3db8f745a5360aaefbed7c64409d355657a15d3fe4a3c268f2b11bde60a5f85b284b90018f4ecb899195a0d3c359

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 4c634c6293e8d675a4745f48ced01184
SHA1 9d2e9f97e34add7f7e41a3bbd2a25aeb96fedd74
SHA256 f68dd975645ea208f3a80f7a796c0130605666d94c17ed5a4f6658643773b5a8
SHA512 449a18dc1456f9e1b3ccf3f3aa86c501eaf0338e895606487cbaa91a9d0222de6645f3b4403e01d8c96f5826be2a3714f3fd499d2c1abe03508c71303552f453

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 539476204abbdced910d6047c2742ebc
SHA1 c96e563db64e6cb4cfd3b4defb3daad06bee65c4
SHA256 8e44e1ee51326096a72a1bf324c76df2c0b8ecea6e4117c9794f47df68d0abc5
SHA512 6c609703320e23f9bda3df8459e552a8233cc81787b675e6d05b904ae4fe560a2e3a1d081b0d185652fd608c5851babf8b018e0a6ab1490c5f61478cb59650f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 8c75aae44d814d08eb36c6c12f2dc9dc
SHA1 b47d374af2b1516baf73266b7b5c1c059dc7996e
SHA256 392a63b507c9958e68c5ed159123870ded2ceb3742c7a662ca45b1fdc2100d14
SHA512 cdf33a1d534e6ea82aeabcf81432f652323d28349020c39a48bdd9c7e09fd6a32d6f5b83053b2a2b4cc61eeaf39b31367151a8880219a10aeb86684c28827b61

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 7d76cda0a1e0cd0aac54783f27ae30d3
SHA1 ed7c972d72e3b8261a2fd0e83f3764112077cd35
SHA256 bcd271c0a43aad1ae520cff1fa0898be1b4c9edd1f9fc7a8af0913be31834677
SHA512 db5bcdfb629e8017c2a3879f4a870ebac10d642045aeccfcba3f72517b3502f249e25ba10aa51850366908bda1991a8ce93bfee815c32ad77eecc663688b791e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 03a4972da91e69cc89390b296fd1164d
SHA1 6276fbddae709cb9fa3be4c8a5a444a01b35a497
SHA256 605c92b400e95f296325871cf80be88ee2b8d1bbe2396e8485f8a61f01170eb6
SHA512 483ccffb957c024c2e87216b1b84a40c2ca8e2c446539528ba08a2f4520e7c79446c0d9061a8d9ae15b4d91ea77dedd5ad00ca4bac5fd948da2eedff56ed8a66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 ca872688ab5ed8df84f4a39afa6ecd7a
SHA1 61d375286269fcfb286d90c17689e5074085294e
SHA256 b65afc4d615ae4c500bc51e9b0920800233996d1b8e4e696cbff6f927b746048
SHA512 ea3aa35862c2a097a8f246d0bb34006efd925f1d72ff1ac31a182bcb9f24f2ba4db649503cb222adae21a0e7df96bd7639c0e0655d6272d290ee070221e11acf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 f04a48a71b7fe09ec1a23b69557932ac
SHA1 2e490433a04e32b59fe043dad673db4ad36ac4cf
SHA256 2e1c0598cd092cbdeeadb2330efd56c8e0053d94887bdd0600f8a7d25286744d
SHA512 aaa51b3d0bcef1150c62cf0abf0ec90d9159e59d2ac7c4e1447b9b7e926aba41b254eb022d733c1b253e3ec8d83fbca06a5ca473b606763b5f8a44f04cf54367

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 738292bb14d59040a39c8121f8d0bf89
SHA1 6dfaf05ee71cb3c7595bdd64015ce26a2eade4c9
SHA256 58aa67e81cd48066561306f6538ebb3aeed8b4280186f9ae2d5c2b92729bc8f0
SHA512 1327b64f261d00c9710639d0718dda944a5fe045741750bd0716db46c8e5240d938523d09e12f50006030a98db5390e7613250354129471ba08e54a037ab4f12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 836f3e788d9ed953148acd1f11224016
SHA1 ed72cca3be36eb5521251975c418ce86961f71f7
SHA256 b3e790a2bad4ad9299f148eb036027282242d31a1d90849961e3b60abf41695c
SHA512 071d70c9dfd0beb9bd67f5b16e8503fe709ace2884313f9947c3f55e8c8fbc7350cbf5ce36883cb0dcc83c523fbf66b60b8c47110e942bc66fb8fc5160819556

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 cd5ee4fa36d499a838f7de1fe3115d7a
SHA1 3d4c81fd997c4f16d343ee30ac1a2d12e61e3dd9
SHA256 a4db11b2b7114bd3b6e0122c0bad51b1a654976711d4704d3d17fc6ec46956d9
SHA512 1dc777f214c1f0dca74785198a88af19e008b0de2004e06abacccef32ca5354cdf7a1a0226a227130b2c0db68efd766edd1ed9ce4864c6edec9d82c8b2a874a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 493a877cf9d5e753ddbe8ccba63d5e59
SHA1 95fd0d109005a55a75ff282cc10b4eb30165f764
SHA256 a7d85b602650f5cead5adfda64c0e6877f2435ebbf03a17b1045ef002c6c1878
SHA512 4b844c0f80fb208daafcbf639fa322404c70106991ebf48a338e7e89c2a81e39217ce062cc63f9e5e771c22975b496995c0b392c0ae3ccd8372fa2f692453c33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 e9c108918ae49a0eb65439b5ac483ed9
SHA1 71a308c859c662d7d47cd70dd4a5a36f85e6c090
SHA256 bc5bc6685952a2681568c434cc985fcc3f95c7b6fbf24ef864eda70eb15e4e39
SHA512 b65a5e879b1e24cf276bb0b3880490fd18319bb75443ab4c592c946259b298044210806f52ce6a4d3f01e4ddea537c26b18ca5a7a1aeed58f39dbb3663bde17d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1bfa3b878ce7b627eac74591d7892dd8
SHA1 f0a9bfcdecffbd64dc4ca2977b2fdc28cb9340c6
SHA256 dac8b7736e547fdd0e4a456d27b6c921aee16287a6443a3fab56daa5a69fb9bb
SHA512 2c44c2857ef245ceadce70c6a821bf50ad6eff0a67d96aecc50e153937c2dcb3ede794432664c5caba678de383bdeac945138e2a4e394f4867ece84f797aa48c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 e4ea25414faf0b6186146ab3a203c7d5
SHA1 436af5a8f10315ac46b78de3466f84dd6fa079d3
SHA256 66435a7c5333e93cf2b5e7023b0d893f9ef61289e48d7d197cc2359f1d3e27a4
SHA512 d927194b3de8804ba7ab2eefbd26d661173b54e6934f99c04220457a87e568fcbc751079de77f1af6ce6fb7d14c058eba4aec377aa7977c3b02a32e831fdf87e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 2a07632e426d381331b9beb5242cbcbc
SHA1 12cb8b73c2cf3b8484d134f5435f4d324c1c8fa6
SHA256 fd890fb2fcb21ecc614b0eed0dedcbdb376c1986a2c3b731bd07805a2ac145bb
SHA512 4fae0fdd3a87ba3070b5a2e46addb3c4257b4caf6afc0c656ba97e221c2da99b7aef877379fc88126ab26280906681e0160e6ff21da81135eb047525bd59c898

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 9a0e67e04ebf7c7ee0e6fbea934d513b
SHA1 f96900c4675814ba13d97ada1f100a3b3754249c
SHA256 7e6eaa279767f210bd6e68e13214c85359154a814b9c6b212a62dd8839a6bc16
SHA512 c450366676c6ad3d73c674d657d8c2d33a1b13211e45386d02584ca9116612052b91272b46eb7666e618fdb456671f589a48e29df28d9b25b3664d8c03cf3553

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e6f244a980e08041d0a4ced864223a21
SHA1 0dbed9e37887744e34306eb1c46659659651d821
SHA256 5126010c430b44fab2a6e3b5fc35a3963cb45bc691d8e056d146c91fba71e9b5
SHA512 5089a3c0d5fb111400c8d68ae22bd30578f2a9f9b5630f7d73338673f0dd6cf70c848350b389514684bc1442f2e6e75bc62bd422954ae847e0d79fec29db058e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 6492b3163010e4a06f7f2f82f5b780b4
SHA1 2e6314260127b40b067b7fbbf9ab0821efc04377
SHA256 5be15d0120648a732f9141f9aa780fb8897c14e5f67a604cf9a231cf837b78be
SHA512 3529f1199ad8b03ddcb5479738445524bf4f6fdb35ff0050319f58f0f68363e62cb872cfd043ff9923113e1526b4a48f51bd0f475928b27af2b598f0d54cbbd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 845fd6d3441a30892a6987421ed462ea
SHA1 720216b475f4f685f8cc850754b064cc9a02a423
SHA256 4cabf0970c104e853e8aeb68099bedad32dacdef350ea0b969876e98fc4e7a0d
SHA512 8e9069125d3f8776d1f1c55d497b87fe2bde34c294cf06c0d1b3d605e5968a0381a27c6afb61d3f9a71f06dabff5e35a93efcdd78b6cdd2847226db894619346

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 35ce1de6aa57d9d94f0ed39aa027465c
SHA1 b27034a6e0eef992793fb2ca7900b29e48a7ae16
SHA256 de00b9824c03f4c66480308c82a981d8cfd33a7c80746f099424cfb79e8ccbe4
SHA512 e79f6c2c0eb8e3966b036b25346da5a6118e7577e67169c4d6fb1a8084c029e644e7f351ab99015c90783fc96f9f6c31295d5a557212760345dbbd5a20be6846

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 1bfc6f3bcc5a2ae8ff04c68e5ad43cce
SHA1 0b66879e101aec5d2b573cb98ffbdb5cd2343c33
SHA256 dcb960077b32aadd693c005b9eb828a23ea1aa459309f7eac3437d8859448c5a
SHA512 203d6fcf41709055232fd400936cd02139d698c46cf16748292bccd0f9fd302811ee8bec321153a17a1e0f13a9e1f21b982637b1cfd570239cabed2b3fecbe2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 c9058f9c017b5e4d8c933ae175aaec4b
SHA1 216a07df39253ec112e64ea3ffdf92de0799da33
SHA256 c2497f77c0487a53c22f830fe17a76fb5bd7131593977019ad6ff36907565560
SHA512 edb548c5466acc17ad01f74620fe7c0fa1f412e8b89f025f3f6f70cad7e85a7772df500416eae9b01ffdd528744fdaf5f0b40636b2695984c6fbe1b6509e9e15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 7546efb1cd576cb8db077b507e1ceae4
SHA1 23670a46c0372e40b88aac84e8356eef6a1c4855
SHA256 063502e47837abb5f2d188cdd6d5efab406948622c3b056a173824421e88a5de
SHA512 6a37c7ee403a37c67182dc112f7561a30d2dba1ff3b4c46025cc8ca15d55b7feb261b1289bf1e639d563e5a847528b9c483ece5b3172a6a49898004b27ff6b37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f8c377215ff4d743609a1999a0d10ebe
SHA1 cd8e6ffb06b6659c64896f6e497e8e63c2f5527c
SHA256 42e28965335a643aeba4da38ef9614a9e9da53bc69c6032627ec9b8315796a90
SHA512 583c8207a0bda686cdfbfc071930d75247e7645d9b78ba241930aa1da4ae7c00f9d8fd0f620deea9ada77afcd6bf0870f9393975349779fa2381963282704090

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 a44c45266c213e6b1ac46f527da704db
SHA1 3f3bc1d445ab55c7395575d6e1a0c7b190b87705
SHA256 2ede9889e0331c2baa1fafd9711055a674b7dce483072a4cfb1b518c98a791b8
SHA512 179a0a39f5d960c83d7be77dd7bb949ce1395b34984a503cd77728a1f357c5e29b9e60210539c6128f5cf4504c8aa669e5d325e6ed7e119bf40d2a797ecedc50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 86485c4c587155d6448843b11b93c81e
SHA1 720e7f137a2aa6fd0591a040328ed81a2eb46203
SHA256 c2d0e227b3732680bbb18b97ff14f87ec930ce3e5fc1b05e9450f809e52c41c0
SHA512 0ffa5f8a384ff74c25b5d3175c9965d65c6a5bacb549e238be2e8e3682c012b51fa45b99d9b0ca7b8a7c8e3efad2f640259b3c8b0072dd276886f64f2b0319d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 5086a1e4fa009df7e00e98b54db49450
SHA1 09bb65f1077f397493bd0e919ad42f0f913857ab
SHA256 467f04139a05a8493d1f2fdb9b896293f35bd04728944be668cccc6643b4193b
SHA512 500205c3e57191c2adc71eb5e0dcbbdfa7aa4732f4d9c8428a1913a0026e64adeff21b19d9a96db6706e91219d8f1aac76559adedde114a7e36261e4620e0bfd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 b10b3c1bff9fde1bfd1183c5a41d874d
SHA1 6e27427fe1696cf87bde01159530463c3526bbc9
SHA256 3cd479758d290bf86863bd5c1855ae9df1769d2f9e5f39a7e077ec2749066e9d
SHA512 596c2b6aed869d0f379ebc4c23a713c5f3960072bd372a75e4bd4cd9e148a0a70eb764d3b8dcc280a5b907a0811aaa27f9a870362d09ef51b52610f86bbdf548

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 435c6647b6c51ddc0c2ad42b74f19ea2
SHA1 8f0db05cb6259c72b91c8466843af73f4af07754
SHA256 ac5c7cfdec7983952f67baa31b14e8b69a9bff7f9b088698ad47bea464fc422c
SHA512 2099b18868649345ee24ba01d2da8f817d515c9eb9012ab9199cc31f27d1ff1259e4dccfe9c67d62bb9717c4027c62e5fb04d864f1da9c3ee8ecb859cd6617ff

memory/4852-5295-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4852-5298-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 e73f63c74017bcc8b670f490fdb8f4ac
SHA1 8d3bfd2b334b6108e1a2cbe11ab6c624fe6a1200
SHA256 1779cdd4a735f3a3b18c8c506cf7e8058a74872914bb755276f1a4069156b110
SHA512 e54918428bc6a81da02c4313615b204e3de4eeab480938638de0783b6c76913731e8866cfa0c0be971997ac584892d00ee909ff4fa4c75df6073277a0c43394b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 f78f7a9eeb371b3dad58e18cdb540814
SHA1 89610326342c5a15e236153c048815530be4f4aa
SHA256 1a27a0d42d33506054e7bbe20b521aed5c985bb4b78be01df049e6fd90d80abd
SHA512 85a361a03e390f72c87e8a242ff4596be3f8156227080ac9691c8d322971cd1775fc45cc7089a77a6ff4da070f4963f3f4d7fa97f26d477d9ace651384273080

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 352d3a1c503c3b4a5403e4819ce23c52
SHA1 21588d0f49677c2db8731d1ab83defa16e5f6aba
SHA256 3ba772254ee46e8388db12457f6e68f101fd729876f8330e2083c1a16467a19f
SHA512 9d320ed6ceb1e00330b595a9b891ef3b0ae5bf2567a6f6e0b937c57d46f1f7dce5b4da1253ef8728aae02c21f1c8d73da66466146cf6858ee0aed8ba081dbe44

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

MD5 662f810b7f0a45f01d13ee58d469a4f1
SHA1 366ca0c2ba8c8711bfa75896395e141e7b5b040d
SHA256 0e280fb6b9ebe770a35463fb87ec6a63397483e62c6a0f0a4017a0c8e925e537
SHA512 e220e088890cedb2bfb74c9f3c448f87a9e55444719378f773876ddd250a7f9106bba294bb3bd53e3098acff662b183c70f8b2e403ce7816defc0c388a044316

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 174bfcbfec8fc9cc285d83ff65613474
SHA1 8ee50c4e4fa7e7cddf1b1e4c6e4b9b1d5f3b30b3
SHA256 7859c2c272cfc599f9f395b474272237bba7158953636184d83df6372e411809
SHA512 bfd5bf9d1feaf60916265daebb3e38cfc202932e751deb3bb7a2f3723f3c2f22151056423864a9f21f6fb76afc68fe70483438dd6373d1e7613e64cdb3f35121

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 6e181d76605f123bb90b49289ef7e0b0
SHA1 1d68d247957e318014232623f93e324d309f0771
SHA256 930b18746bc3e3a575e0b067e57476163ea1a7efa5e72a2defd7fbb451f6655a
SHA512 502dcb8f8b21f5d7ca8f40670ee041d66a92f5912462ab3171000548e54ebf6bfa8099e783c66b6392fbb44cf52f5b788836679c6098035ca46b0743694c6be2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 f31bd3bec4e83b3cea140fd944cfb0f0
SHA1 6a337bac75573f09c773705dee6c4b3da9faed35
SHA256 b39855fab149e81bc269105fe1fcfb9e2b76d5ebe2b0f3796e03d192731e566c
SHA512 908dc6ed114f275c0e2631d04e160f484c6f28e03af49eaed49f1a3bba5307682e13de9f2c4ab6ba5f877453386be4c414c8880b58ca3b73d387ea47b1d6f364

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 946fb25bc60fdff325bf1365a2425dea
SHA1 a5745be44154b558fe793b5204f85e87a003721b
SHA256 635704a65a56082d38d6c2d309f8516287d4173c4dc1f4ebd11ecc4955b3320e
SHA512 4b6e1f6a18541d1600c2239a8f492e0d033e378f7ccacfabf15bb951dc5e3e9440c24ec96d248e4ce0c6f8484e9b04fea74b08dfda222e16070cd0a06e3c1f71

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 76897bfba85f9f42f729503e8af324e2
SHA1 a3eb3069360cfc4cb48038f0b722765f95b525c0
SHA256 5d75631cb12a1acda1d8cd9dfff2006871fc02a3d92f6bb352db214ec9017102
SHA512 b02cdfd8b7db90e6ad2ff1773830785c70e7a1a1f0aac919d005bc1c40fefcba6811705ffd72cb4db6996ea2383406209af95b153c899872d3060a57d967b284

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 73751cbde54c32154589c2bf1ba05c4b
SHA1 3c98085c593f393757775658117ac4287158b1a4
SHA256 52e51059e85f4e0f7d43f013a3d2b0b6f2f73588553eb0c74e430688801bea44
SHA512 aaa8edd8b9a214392ff4cf6e33e39d45c248718c72a0290c0aeaca89049a3f7b8a39af8f041fe949659fc70a759997d446d1f0fcc066264c797dbac447d14150

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 69e340e1c8cb50056eeade264b8444f2
SHA1 f87ee8c362aaa06c226dde199d4ea46fd4d378d4
SHA256 dcac981d84d0cbfc32fda974d40968e59ef932825756daf43f5d25a93bac3592
SHA512 5548412d3dc5fd5f6b27912c0483a2fa9a5b4092c8a020085005270ae3a2943edde1a5958359f614c0e8dda1beaa88dfa8a9ec062767f8af5126aa27c86844a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0efe1112be7a869d755f3af0ee606cfa
SHA1 32eedaf97b0626140f1c0d1c284bff08473e582a
SHA256 1b29c2274b608d1468a453375202b426cfa53367b8fea357ddfaf0263cf82027
SHA512 ef93bec42a428b98bdb656a87448237031f82b953dc39d28310bddbd1edbefb34c5ea35b171321d56ea8b4d37c4c622500c2feafe64ba2d64538c6202fcf0d0e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1370ad9dd9b11f7b87d44c621e02c6e9
SHA1 d798a3951529bb39a8fd0b2a17c92848507ff609
SHA256 8e973061e855174d463f393cd8abf3137e89c1cf83524b4ec61a5beb477a48f8
SHA512 d0c696e180e48972367078405dea6d2411222375297ea96f99dc8a800c2cdbca77f0a84b55ded78c968dc4321b34bc778a74311df73b35f2d48f89aee90648f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 27df5b551e5456e09f1cae41327fedcd
SHA1 5f88625a6583ecf6a03f0371f88187f62a4b9ac2
SHA256 f60d073397d8057a614df597497f723fd8a5637b5bb7d29dc7c6fb9cdf3ebba1
SHA512 d2ac12a35eb0a70a929b8c9e2954851465c608a7d82125bb2d819e19974785b91b741a1832f9501b3190379ac7a6435e745ab3a2a1708e9bd34d38d2144d1740

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5d21590742c2476bc05c94f0c89e16c3
SHA1 5b1f119802a546903d114a1cac68f4190f97e449
SHA256 75e63014b3bd8a91f89d150524fbcff4fcdcb069e0478f4c43f63da1a65339df
SHA512 76746ba34b45ac1e4e21d35a81b39c11bfc4f8a319ac3fc648d90ace1ced01327a63295edffef9eeecc6f50379a9441bd7391e9bed15247dd2aacd94c9ac4ec6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7d766639b6336e9477f8eec2e715456c
SHA1 3445f66f3c441202ad8185998cd730ba8f77d7c1
SHA256 1a1ff0896e087103070bc78e48187f6a7c2ed7da2a96edfeb4a81721d97b07da
SHA512 b3caae50aa1da0dbefd8367361d81f5d5f213ca4ec90d4306eec525e73931ca912e7dddfc462960056c800a277fa84fceefc74ccaf0597d8ca3f5a4ef7c57031

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 190c50569c1675d75c001af746f23c8e
SHA1 1eaa9ed8590b2158e8cfc7596ca9b14a9db7aa8a
SHA256 8d9ca111202ed4dc262e0640d3476e73f5bfffa2c34c05861e26df655bb4b41a
SHA512 2bb0d5d4ca36f3fd536966592abf938f50cf6d9f30976cfa308e84116f7e8249163313a547a242967fb1dd7b699f6f69d7d863aa063b82fc2a60fbe6f2128032

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 34282eaa1eb773c6b2e47a2f1f277d0f
SHA1 2a87e94ed4ead66ec702b99cc0bd4daba3dd233d
SHA256 258bc91fe92b5650f91ca2413f31dcb66d6e7aa4006bb12365ee1f30e059dc62
SHA512 f0ecfcfcd27c45746b6ab951729badade1893ba8fd14730deafc1a098a5f94a63b1579bec8d00bda8525460446662c999c0e6dd1923c897ce3b35f10235b8e1b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 e2e990b0c00aa032c6f4d5f6ec2061e5
SHA1 18114fe00f679c34589c37d46693fe70f539a959
SHA256 459a466836211c994b695fd20b825c5e4865c39df937785b46a2d1919f8edb68
SHA512 f255e299dac1cacdfc0a5e7e4c15308958d5d5af4dc578c1a6788eb2ec1359d0fae69d0b98b5ca2f1a4409b929a47a8c7c55df6e7cd96b2b1429b1921179a25f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 12e59171483f9656b9fa4661c266e321
SHA1 d2097ed73a624c2944887795ff50ff7689c0dc9b
SHA256 81c23a4a0c4b4dd89211d18454e3885785a6066b74a386e60fcbfe3bbf178d24
SHA512 3e1e986938964b76e285b1ae7626750eb908fa3244d1b412a4df7e604424fbcc12a2d6e2821b7b2c7d07869c5e6b9c2f772aeae4ddb2b4a10843ce17f3210d86

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 a25edfab6f2b8f3ab63379451c79f24e
SHA1 9076ceee65808392dc2d12452289f510d145c04a
SHA256 1342aac2074796e50bd82e4d4e0b090e2f69077d421dac0355d7e3ae421574aa
SHA512 c41db6febbb52eb4ed5ade0cbb35e97eef1dd7052866b3dd5582e154e2c1450766ae764d00d2e5f3e6cafc8b34b170ae430aeeeddf52ae9fc58c6b9932afe28a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 2667b616ec8c047253b9327532ae2fc1
SHA1 45ca399a4bb6328e1fd9345629a04ababa17c19c
SHA256 25858cdb6f77ba693dc2a7231cbd093394c1a117f602f02120b99c1efa5f4d53
SHA512 2d70c77c00f459af80f6b6b7bfdfa2c11abf235d422522c24c7eced7e1bba83c31be18db8a76ee4e47332960ed5cfa62a987aa56394d8efc56c428cf8e0c1a0c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 ae1b3d40dd08bb22fee268eeaa135446
SHA1 293923534c02e0fcd0f9d0851d7b52f8ba512634
SHA256 101009f3fd28de75d9cf8f3ac59ce91f2b6a5ee2189cbabfdb84a7ed443b4db1
SHA512 38dc7510ff7dd5a295a945b2e2af1a56adde5f5760dab89ceecc3dd23ec7f6a51c0cd4cb52d796561c743db6e7d7bc095dd583d9885c01383b8f7f82207125af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 79f2f6a70c060739e95bf36e570ae03a
SHA1 6011025072eaabfb4f0f7d371f37292ba8ba8c5f
SHA256 59429c8721e1ac5b78222ab4eddd4964fa7a91e55ec3b228ed21ea1d91b5a74f
SHA512 e93c8eb1e5e777e33ad869075f6223b5736f2596a14849ce768119c6fec8295399e7feb5f98fe05d7ca169086a14203148f1ee59f4275db28b15003b0ea28a23

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 265494c0a9df5ca61ad1e63ab8f4b3b0
SHA1 efd7d68852859152f10bab885a2364370c90f787
SHA256 f124d984f07017c6f76fe0e2d1b2f9ed0dc85a779a27ac10e9b245b6849a76d1
SHA512 51f8c6b27a05d07d4aecaff4a6c3f2fdaef3bf57964d6d45a0d575bf72ff9a933ad70cc721e6fa1c37377ab826aed1d0b64569af77f0233fb1ec3c6504a5502c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 893562c6dcfb2561f1040a8702a5b838
SHA1 c8d0d4c2eb147619e672b7bc55fa9a4f62b3d84a
SHA256 469ee031bfd14e3da5ebb27f05233795d9bd4adc3274a2a440875dc85d449cbb
SHA512 1552c469676ce75a800fc71513abc9a3d7c4b6f82f60e834c0e8ce29acab34abfa39cbca327b4fdbb0e296e00ad471f29fa0972d058f4dd4252eebdd8983cbf4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 6d482bcbb70fbf368c1e849670d7821e
SHA1 36014a042d0165ef07f8b9beb68fede26c5ae112
SHA256 2405714f67bb65afa9241d863ef9d861eaf1cc2ab041612775df4df991a994d1
SHA512 551db328f40994b8e3060d23c4e134238c8ff716b6229fbfea2fe063b79a168b5551cb094eb8544739e8b5e99850e95f53a1e8abbb607d6d1db08c5de1b114d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2986fb9e6caa23a85336efe8fd4118a3
SHA1 703393f7907635db9603f917e36bd06a5e416ebd
SHA256 b37bf92d69c52511c8b89dbe3bccd9f4751d8cf07c2204ada26254b52c19f6ff
SHA512 b8a0cf43c4e2db4857585d88318cb6592c549887e2bccf80bff797f86a944b77f1674afa2450c476d91ac052325a88ab78d7cd1682482d8c96e97c7e3cb16374

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 8d6c5b45556062990fb2f32aab7e50be
SHA1 c647a72386973076b11041fc4819f9c06894cf6a
SHA256 30109d0445cacf57430883ab5c4d019f92c5f0b44631fa8c3778f7fa1edc1b94
SHA512 ac2740fbdebfc52a550c37f520885644fa8b79cef1ab3f17cccd020c48993b6744f65ba08d5a19edf9122714a9f08bc7d32292263c28acd44b3b1e1bfcf13074

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 a8691ec19f3f22fa561ccae350761c06
SHA1 f772f67e834029374a8ac907d033a6bed9a90690
SHA256 45d9faedc0df757d036fa148b17094be1947ceeb01dcfdbbfdf912c63cf553f8
SHA512 23f0b3d25e14c479f5eb89a9f2b7fda47a1a056656c23419e0e05d62fce876e12226d963944e0a942293758ef9e4309b6ca840f186bbf4fbd3882cc2a3007bb5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4f97ab7cf8fc5b0e3901038b781c64c9
SHA1 f76aff1567bb9c0f1e934e989bd7d441b0b75506
SHA256 4a35d529e07927ca83b8db049d8fe797124ab8a59a7b6abe0262158a60e9dc8e
SHA512 99daf7d0cdfe1acf7d823754f791e88a9cab6bb6b0b894d0364f874ece8723b7fc36c64e7f7a0642fd95817189a06203ae7ddf9ce6885a3992f305ee46e2169b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a6bb0fc76b1c374809389133fa40ec32
SHA1 cc0fff00c6d8673154fb6ee8efc796a99ff45d6c
SHA256 3773083cc1b53f7ac39186e58153db4e6d962b6e77cfae5772efd834b9a42122
SHA512 8dfc3fb316542461e3888dd722b19a2f3c691e0a5a12712121d1d0d013462aa8a3b94e2f1259185d4351a2c8f9c2c298b346bd35e5209c680c41fb2954aabb7a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ce835ab30c36e4fb4bc2784384f74850
SHA1 68fa0b5481215965970c67efdc0ddf2d96690b98
SHA256 1878673a83204351812315c48ae4ed439ae4b4d5d991374d318fbbdd8c5b2b0f
SHA512 0b918ee06c67fe5701ed2cc1181092ca4e215c9e0432467931391189db01673be307d35c9c6a70f3e4408e03fa2bf7ee48bf0bed3c4a798ee578fd9780f89be1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 8080e4ae992c4f8226740200472266cc
SHA1 02a927485630380ca5186b513681dc8a397d1aa8
SHA256 ae76b8ac29e51b92d81925a94deda0be60a8b15133d1853c1874b661d8f67f7a
SHA512 9d9ee0c7530f47e05509a0d2d0e6ff6092b4796146182eef8f4f2be1d2585443f1128331e8633c0cb7e2ce3169d26f001d88ef4b4814c583380f72d94d8c15a4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 f21643d517bdea3990263b8128b02ea7
SHA1 3b3440a33b260d312daff53d9d4fe4f307eb44f7
SHA256 f8ebd999ccf94ef6e40551bd807358e1c7ef447aa3fc5671b34828ead15c3c50
SHA512 0745ba44a1bc17fe8210e811421a6e99047566534fc3a7c8ed8ade25345ef967e97ec3ef4868debe901bb01591dd0b6e6ee1709b00383b9ba732a64aeb7d743f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 1f6b32ef089d667579de7b15f148dc65
SHA1 e554daebb2f5a688b777d0e7ad17d602765a9b36
SHA256 0a281054572f86904239a6c693c25ae5159d5b68d1cb0b1c2279b27ee877c85d
SHA512 3127c67ed2127d215677f10bbd1cf863ebf807b96f8c91993e0e5322dc87558cbbd5de69bd55b89e2c6c797012ced15a325929584fceb1f408b2d9c81f3cba8c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 156feb1541e2964860c6638116b4c2a9
SHA1 3f758d17c96683ca002e2c9efb0b32daf72755fd
SHA256 49b01d09a621899a4c5a3654c12097ada2c9fdb68492ee9caa5a10fce64dfa84
SHA512 495121e8e7cd4d4a944da85245d9a91fce18f5a2ab45992f7481c9203792a47e8cdd48231507f0e8f31df1adbc1f76c57627cf220da4527ddce5f2b4c4c56f1b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d112f2cbcb86b28f528b3313f4901c9a
SHA1 bb6030e99e1498fe26f2030e3116f9cad1798256
SHA256 d24dd3100ce138768e763a6e1c19af5f940b82e587ec3ca1118bf05f541cf698
SHA512 f72833e284ad690425208370304f87ff95532c74ab8851489a14b4661712f0c5e3c0bb3e271e6e3e4b86d59acce83e6693c5d6e20c9e5000715d2435bb4f9f0d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 f61e76ce9a0b26c50be0a8804af05b9c
SHA1 17ff51bc5e701d7df4004333c789a06593ffcd53
SHA256 75ccef490f91c3b4559179d61d5d558aab047b3854fdb25a481d66f7848d1807
SHA512 cc39226a47ce19ac27e0363ad0f8b0def5dcdfdc1f17a2b1f5cc0b0356946d2c9cf5549318785d8d253b44dd2926d8295630491f3bb8f9f203ff7e616f3aa092

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 441fe2d97d1f5dcb44a6c3a9463555cf
SHA1 cc19d958340cdc5dc2e6354decbd99a6640be71d
SHA256 0c30684f4ba8801d293a9528a106774929e73b0a75d876cfe812582be49b927f
SHA512 1409f585bdf5f60f6c152638f8636de37be3ffb82b90753bcff8ec9ba17342e18c627114282203bd1a93ee238be7b07825619f2f9ad952e9d0530f708306536b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 64310f0de5f957ec79a2e96b5ac46710
SHA1 1dc7c358163cf15305afef5fcab4d0fe640f5881
SHA256 1299c6ddd27793573c74a326e905663cd18236d9c09706b89605d5b8cb920ca7
SHA512 d83b79904f19f98ab247d7f0db43aaa83ea80bc1940a11bfb27e995dbaa73125b74ca00ef9b5f9b859cf5d272fdf84a6222527e94a364ef2b6ddb293d2d9e8c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 3aebaa61ad7ab89890a6b3a0a41ccb6c
SHA1 f40c8f2d3b24ac96e60a2d190ac80a63f0f1b101
SHA256 e6331ea5794c6d03d2b5c37856c21473b0301e906071158e13aa66aad454af6f
SHA512 c0bae180c74d279cf7759a8cf0e96106a4a8f8c7ebd1027fbe7724daa25c47d5e7294b6e5182ae177adaeb88203c18801e19d1b92bcc1807a3d6eead13e415fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 f278125701c4755cf766baaf6bd36e3a
SHA1 d82e4bdf1fb4a55a00912700a156915e0166e12c
SHA256 7efb3460da65ef8793cbfe1d29f5502d31df976d7d5d5bd299bdcfc54afe049e
SHA512 565c239ed85dbc19c474f5c743142e9e9900043c7f73bb6253d858cb3713d3597bc160162dc1f3d782f7407f344d15d228e7b1548f5ca9f5880ee5f74ddb3b19

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 5bfd6d1804eb4cd2d25c07023e4a88a9
SHA1 fd2900bc30fbf1d14365d827e08cb4f14801f01d
SHA256 1c67506aa2e53324ba51e433438ef5282fb34bae966d3cb3d6ccf54d60f37513
SHA512 d6cde9df01c36545064afe22873b0f49a77bd69b2a17b95d41fd1c51d2e60f75005a3b2fd8d46af916de1394f74620cce3f7850607b4cc1cbd023953c5597a9a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 71c8a42222e20e88488747abc2bd9827
SHA1 4b94937c1075153764997723728fe621b0e440c4
SHA256 6faefe062cb104c7976f4de936fc3407580746ca22fe890c635b3bfc834ef4c9
SHA512 cae3f3d93c7972b36773854dee18310c5c3eb68f11bf8ce4bbdc5f226b18a5f2521ed34f9968b7367e27eb8987251990c3329dd99ef3e745378d9d1ac4694155

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 a9358b5dbe5c97e3b2d4f2c51ee8b415
SHA1 ea22eb4ad930cdc6baf7e2a8ac972efe72357389
SHA256 ff07308639574aec7e5704d91224ef178efea3703937ee9e16e7591fb5cff746
SHA512 acefeba8592111a506c64c6f6baf7533a1483a22cb25576067bf1f9a7564fa971a833e34a1bb6785b1f4a00ef009e707cb42ffa77c0376cb943bf6adcf3a2583

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 9ffa46a6d619e15b010e84f62acd4d44
SHA1 be93ca12ace7ece7e657681f5a866e90c4d00f73
SHA256 129790f4b0bcff4450a8be9ce83c3cf1f68204d6894dccaad4815aa6eb54a1dc
SHA512 ec0d17a451a0553b24c36ccdff24fefeb7927b674a79bbeafad36c1be13c6f39f1eeacffe07b413861a63761d2e0ded54a7ad4a7404e4c26fb4ee08f862796d3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 8f756934dabcf069067390b39f20cf24
SHA1 54c23228ea981fb8767fb9dc165d6ced66448a6a
SHA256 2f7bbf2a88a521654c78087a0c833614015a362ed632f1a81dafdd736815a90a
SHA512 2db9ec1825fa675a2b1e22178af9d94181031392f6139dc1f9d991017970b2c60ea757fdb667fcdebb690a0b4c6cd1a3fe7520c80a79e3649872b40e04e9ad08

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b394c8649fb72d4e1db1c78f4b01adf9
SHA1 2e35f932bf0d5f0e21d7739a4e6e2aaf3e6c445e
SHA256 0f95dfa7d194822de2a80c511646a809509c9cc2ecb3dc2d3a9d20e0d558c725
SHA512 bae75dd959ae8eb1fe99d33ca7eb5c2279045e155340cea8d31c01d3edf9a1a78ecf054cd642f8ba2badf2b96ea08f7b737a2d1bcbb1fdb6efb5d7b7cfa0cc49

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 9d23f8838c8f1fedd97c7b0d9dd10188
SHA1 c0f07f37232e8950b53e61ad80887b81a433a539
SHA256 6c0668e179ab39c2f38bc46e58d0a34018fa73c45a9846a2c0f0c82fc3447109
SHA512 455231b3a3bacfa731259db3f42a15c451233c965c2701b8027e7c7be677691b258504e995602e07c97d3abcc6b94e45b8240118f79da0dd766600b2b8d43247

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 da5ffb624c2d1e0c20f2aaa7edc26807
SHA1 c61f83a94383eae6a49f8a71e4a2b57c2869ad50
SHA256 6192f2c6fc6e1dedb64052aa14388147875918bc760755d9301a0c667380c745
SHA512 8d532511925dfaadf39c084b1295f6d45e5f875fddfc6425bc793e2b61bf4853ae7ea79f2c280d5599e224d2397825defcb69b845cc562fb9fd08c8605c1387d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 bcd3ce176cf317b27a57db831badd6a3
SHA1 f1812421d0de73d94eaa5d3f740dbc18f96f4944
SHA256 9b2deb5dfe1973223a7c045732af83db466a9958f6c655368f5013cd12cda240
SHA512 6a389a82f2cbb75a500f7cd7f9e090e469f2fbfde6ecba3c9b800de548d1223f6a164e8834a59c49c5595d8818822d1eee7af6311510bf0d67bba5af3d0ffb6b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 0b9d149e094e2db05c8690cbc8b37287
SHA1 9926e409d09dfb3522bf3311e4a080b286a242fd
SHA256 68978f35ebc07ae65991babb31faebc068b12977f82f35dba10e03d469d5e1c2
SHA512 d02b46f29cfef8b35531b71608914c082a79895576ad63314264b7957ad023302f53bf53fe5619c3fee88c4ee0d39e4af3bfeb3d96615c59a03e5a1f668830a5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b4ec03fa06b1cb69cdad48508d367116
SHA1 ccbce895b4b06f92abaaa2e3ac765c0666057158
SHA256 0b1905bc0f58cc41960d8c4a5a60aeb5904c17bff44124e74cc1968b18d4600a
SHA512 d9ff16eb110bd12966a47906d58d633e72c9247835687b8b958360967f65b1db0cd9ff6815fe5a7555832d1c0e807834807bfd698ad7961d1b308dbe567deb8f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 7e9613e5195770a596237cf9851065fc
SHA1 57ebcbb12019077c88f7f0888f75f0ca05bef2b8
SHA256 a1b28de053bfbc5f3e474e79bb59f585d12785c8c88f8414c26ae699eaaf5215
SHA512 2702bc1727a7b3a4c27d51cce037dc3d9e23f7df1c7bdd1e0736a3f0768975e712ad93927a1e3163f87f01a80fe93120d345ab1e7cfad0f8555e99f03098aabf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 07e3a938dd87d405558bc0c7db913b8c
SHA1 894ac476e94015f990fcc6e0ea4a3f2643a65bd9
SHA256 6da98228a371e01bc72751fcef08bff54ad20d2373cffe59eed84d992a6c4240
SHA512 2e6607afa7237600b7de18b73f1c7badc154743c98a8258475121fac5c24070c695554e87dfaaac9d3b7c7af04b63e0340e520215efe2faa56bbc51538a8e425

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 306c17897610a20faae1d756964ed8f0
SHA1 fdbc081cddfd4f2f8ea271bb869ccc27d68e7350
SHA256 11db5a70f0c4f54e9953235bda732ab451912a17658fcce15703687a87b21c0b
SHA512 9be2adfc964e921eee4991cc1a2ede6f2aeeeb4a71180ea72b772a73b35d4ff5413d6fd566f82182a5b3032c0d345be6f940940be99dd0adeb9c0a5d1265ab54

memory/4852-9908-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4852-10907-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a117ddb4bc75d58510c1408d55033544
SHA1 24959876ee7dc4a390723adeec104343dcf962ad
SHA256 1d78f6a2838f67f867233f345729abd7cb65e1196b9f7e702915d94ef8c98755
SHA512 08a1b32e1a376da2495e75bfbb0cc775a516674cb0a773d404105adcd6b1150e9b60067e2ef3eed7150ee3ea8be89da671f1b7b2200037ad81983c0be14118a6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e34da561578de28e2420b9191e7facee
SHA1 c147a705b20cbdd34efd072089e775dd158ea768
SHA256 dc756a2075ed9e63596eeea34df4948d0fb307ebf190090b5f33e918d0735a92
SHA512 269c048e96bf263c5f2db6bc73f5f3573e82a0057bab9e4f3b6ba4e496b47d7277fb54bfbcfa737a094c6a62f22faa7b744bf6b86ea544eb2ad60c2680e028cc

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 59dd89bea5740f432ef391e8d2d95f89
SHA1 3ebbdce8bbf3cc909f9f08cdaa425b1361e80cbf
SHA256 ef95373588cc7fb9935a5048aa55c0385c6e0f2f537ffc79b47cdd0a8d919564
SHA512 2d66f3b197615877617f0494e6779ce27e0438376c9ffe785d664453d28fcf6a4b42e89744630d3714a33765b12bd10b521ccb7e5ee9ec7792badf15f7c4c7a9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 bfb5c6b70f4edc9c18c0d109ac4d300b
SHA1 79fddbacd5135e6a2a342e1f266adb7e269cefa1
SHA256 6218e1ddef6f7c8ca15d49df8541ada929dde05dbf6f22df7567d3456968a66f
SHA512 99e9e3a173429abc5a0b6b7ce329abc32be665592966c5618a658d5c350c9c2216c65a161587859e37fc7256bf4b6e4c9c04c06ddf619b68017cc04799bb8cd0

memory/4852-11280-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4852-11311-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 d6cb02f2b5ce3dd8e5f7af0901fb36f2
SHA1 932ca6ec0061648423db5eacdc72cab8f4002914
SHA256 d1fe755e42736367d26e03c32fe43b520a10c71dc128f65f5510e1356b7db6de
SHA512 733f9b73677606db3cfd457224c2dbe7039a58a5e7ae3e69e493ff88140b77fb2bb3801514e5562a09694bab80af5f22984d319f3af0ff9fa180678601ef85df

memory/4852-11316-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4852-11317-0x0000000000400000-0x000000000040C000-memory.dmp