Malware Analysis Report

2025-01-18 20:27

Sample ID 241130-g1qhhswqaw
Target d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe
SHA256 d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7

Threat Level: Known bad

The file d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2209) files with added filename extension

Renames multiple (2199) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 06:16

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 06:16

Reported

2024-11-30 06:18

Platform

win7-20240903-en

Max time kernel

77s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\circlass.inf_amd64_neutral_cf52485bed804e02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_neutral_3db956c41708f7f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netw5v64.inf_amd64_neutral_a6b778ba802632cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\UnregisterPush.wmv C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Microsoft.NET\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_mdmmod.inf_31bf3856ad364e35_6.1.7600.16385_none_62c8fb15ff663b2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cb9f2652ac79e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7fee2a5359364607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\Media\Garden\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wnewue.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_177eaf90306f8967\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lua-filevirtualization_31bf3856ad364e35_6.1.7600.16385_none_c3d6167abe4bb1d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\FlickAnimation.avi C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_prnep005.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dcd29b06dcfbbd59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a69691e004dd5081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d00f6a32d935aa1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_it-it_65d8b3abe5a49142\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_22769c28e109cca7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a95455e7fd0b6f50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..kitengine.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_89971a052098d047\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\msil_sysglobl.resources_b03f5f7f11d50a3a_6.1.7601.17514_ja-jp_1b117af1d09ef5b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c162de87050a6649\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a1d121939c849ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9f12f597c556b9b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8923c10d73f1d51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_netloop.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_98c66c2e979a9fc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee6e2e5498e7d604\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_248ddb3e590730ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_72d447851751d372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_it-it_09d8903c3785e299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0509c517051939e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\drag.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-class_ss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f3523b5305bcc704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..gtool-app.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5caac05eab0930d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Notes_loop_PAL.wmv C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7601.17514_none_b66cf384dd65af18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-openfiles.resources_31bf3856ad364e35_6.1.7600.16385_it-it_61f363f25d260d30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-hbaapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e783cbd2d6a14396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ty-backcompat-tlb28_31bf3856ad364e35_6.1.7600.16385_none_b19de89fdf63b95d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..nese_nec98_usb_only_31bf3856ad364e35_6.1.7600.16385_none_37368f7ad397beb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_acdcc3f6e11a9852\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_e9dfd464f0c2ad1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e013da4ff3da2c8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fa3980eb2a11d283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6864799b40f1d057\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\msil_system.web.mobile.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_7837aa1207c1e744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\schemas\WCN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fe35fb7998e36ab4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f7011c65ffa757c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b688998da4283456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7601.17514_none_8b399e33ba72bed9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.es-mx.ale_31bf3856ad364e35_6.1.7600.16385_es-mx_3a427814d2550733\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_1622b3b244141a27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ctorybrowsebinaries_31bf3856ad364e35_6.1.7600.16385_none_96b859d89f2ebd3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\a415a146afc72f13f691f69a11ab5609\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe,0" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open\command C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Ejei C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Ejei\ = "ICJIUERSVAVCLJG" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe

"C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe"

Network

N/A

Files

memory/2496-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 7da46930a9ba3433e4d933160f7e9720
SHA1 339817403e05c061ff9213c13c6d673f443210f7
SHA256 b0708ad36fc59038bcf50179f0d2c19b4838b1fd6e9bd80a21ad0e1ed8723eb8
SHA512 cad4231f925fe41d34d4bac345ec810e180f872401ee3b8b9fdf3ae8d8fdcaa22f8b1208e9380ef4e0b87e133f4c5a5a8278b5f4de7466d681a84007f5bba63e

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6263dd008991523f6215a6e40cf251dd
SHA1 306606a91fae6ddb1fb964a72527fe219c3642e3
SHA256 4d59e03e036ee975df920334c0c9b3950e14c36244bc10d35a06c9931146bf6a
SHA512 3fc507f5148b9b5084e5917d755308459ce47283a487ee674e1c3d16f9a38eade7adbb2ae8055fd3ce230ee72c8db3acd749ebf40bc00dd2bcc9790849e6eace

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 8c3b3e6213a8fd766fbebc4ae94db066
SHA1 cacf010bd23b910a771f8687f43565643588b218
SHA256 1765167fee5a12f1780712792f6426c7c89369545e8350b8652db28d437b8eeb
SHA512 c3e4efb54be59ed73f2edcc2a67be9c68f6ea6f18d578932cac04f0bfb5186571d1c1e04bc6fbd617c02330a6ef3e2c2305e383977c482e3cbc3fc562ea0e411

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 134868895be630ff1601557e119f3b96
SHA1 c89b6c37c6a114d551620dcf1db46bdbcea9c52d
SHA256 aa7f5abc2c5f5511ea7ab649d10a76ebb3e1317875a6dc9426f9aba4a6e502b9
SHA512 cdd02ecd15759648f63196dfd6778947fb260d7aea0199c0aaa9c6ffc7f1b62cbb3b29d26b27d06cca1abc922e2de9d130c7290a792fbaaf219870968c58ebe3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 7472bfc286a80c4d1668eda1fa85d972
SHA1 b7faf72b4060a6b9b0450e1ed17852c56b2603d8
SHA256 488752d77365d95ee43d5aa30f40d700bcadb1cebc74b94eda2228540698db83
SHA512 6867d7a9acd886b04101dabe66e4dd3d16e68a5aaa8cceb725876101c63f448fb1ec449469331b8db817a99f0fca22923e6debc67bc9fe7ba4694791ab25b88f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 247f8245279a05e7a010a4aff0f92039
SHA1 794e4fd52965be403a3c5e3a57ee480a34e320ca
SHA256 fa7722db28d89e3433d2fb0191d2f14fbb2a2acccde9ebc563ada364fa91be20
SHA512 7dc8d138dd2ce16e7bc1944a907497a6716f4f9248bd30f90dde6a383a8ccd9c6628745b8db172b893fe07d3c40295d508767ba30d1e0184e72606e6e31f6e72

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 dad4897b3e30de7ccf41787c786d9e9a
SHA1 badbcd627ca61311819d1bf49c885c5f9c67f842
SHA256 350da3c1e561ed8ad86c2a0d9ebf2e848b9388420eade0cbd480348b133b8186
SHA512 dab36bff303b3737eb82c39e4bf594b95498b62c4118cb72076dc50bd99d8f83a12fecdb788ab4ebbe34fb2c9ca970a3479996741b844191f0762d64d01dc6fa

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 06efe1c1941a2b75c88b4d3ac87da627
SHA1 b61f3bbba4a3eaea4d30f8fe356f5479355f080f
SHA256 e69b332112bff86ca4b3798d2615157eacc0a38e3e51550f86af0294f207b983
SHA512 39b0f86790195466654750280431d0173f71a4f42dbb5c9310d74df8c447b7eb0bdd030f541a396847964843d3e16dea9282dc69fc82b985333de22234a91064

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 8ad54b008060b50119813385ce36d7ef
SHA1 21c171d61c94315f668f9e479dd90916d4ee2944
SHA256 821bd6ea7d447ff4b212448307e8c72c0af9e579584519ff34faadb1f54417e7
SHA512 28c8d0269103c5ade431de1fba8c825fa0aa284f833cb7461426056ac0b195a6973eaf369438b906e9a7ad613a21211f2056a746f8c2259e9abcde54a67cd464

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 72eeffe7a1e662beee7399af6b166afa
SHA1 d89771282429e46441aacd03bec6f3cc5735ed3a
SHA256 9895f3b90d26b3925933f62b02779d1b906ab1847a0a9388c37440994aba7a7e
SHA512 125e5252fa98fe7b90c9bd822608f277c6446b6905f1ae3ab0f96d5463feb7c7eac0a6f54e08c525a839d2af04e76b9521df2732ab8d3a2d59ee73ee44653163

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 1c5a6052450bf04be0d588e2f7fb08e1
SHA1 ba95e7bfc2d0fcf809423c966affef4f440520cf
SHA256 54449b76f5a8afebbc8aa9958bea057a92c2813e7c55e10bf14fd2a6873e7801
SHA512 9f45f282b74b9212f6636f11b5bb74e790a3c1dab7d8d83dbd85bd0a36e5b4479615838a4b1ab8a97cfbfc8257d4f8a9545d862f5f41a06790a44e4701fc473a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 b59afcf373bd108cd5e24ef8e3501e28
SHA1 9ae97cee1e276d03de1dd1c2d3dfeb761984b724
SHA256 7d02a293e2d617f2ed7c7589b34c98f7b40548198dce8f3bb25df2389e107895
SHA512 a18777d51cd27c4dc81253caa2475b2611792b29732207c63ff30ce1cc115befd7f0b72db89df757ddab71c6f0c7f7780dba1e4f7e5fad90f9937e35d31e8a87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8e53c9bcbef9b040a254dffeeb170cd6
SHA1 5f954d31187c3f61d0130bcd130f608a26cb45f4
SHA256 0433d08c49ad8e1b5898a124a589b8ebc05939a478e9da036f945b4f2aee2c51
SHA512 c811a640b092f64eb39b7c970fb6a6ec775673cb5351653ab851e5e660b8d1fdd22d06f1ef54e17975e9d0fafe1c35b1f77d5d594c0bde5db9300b18503e0094

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 9eb96dbcd029765967d7f4cbc82eaaff
SHA1 41b3602bbbd397e6c20b83f491948b4d5d07e901
SHA256 7a181bc919872ce280907754042d84b2620ca48e052bef4d437b763b25225695
SHA512 06ddb373ed3fb83c3834fa7bbe32e910dfbb0b3fc9e865d9479861132f8f98681b7966d24d6b8fce39c7e8d82b518d1c2a4649dccbb16fbd2b7b8782aa397151

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 5405cb474449d2b8bb851ed5c458eed5
SHA1 20561c5b8570fddf97c5c1b603750436cef2c0c1
SHA256 5ff14aa27df12727c2c227c2dd756e40526ad218dc5d8435276d9e9f1055cec5
SHA512 79e0ccc74a4b51049bb10b012a518690d8388254aa199ce4815eb0318776607f94abd9cd8e60c45b0773c1f4a7888eaa5280146f6031ca9f64a19a95177ce558

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 591bffe7da913daec7783a3469173cfb
SHA1 73526c5fa4770c2814353aa60ea36020a7fd16bc
SHA256 d47d44ff5eb2ee8ce378abdeee1edf99f53e93f0c066119c515a0b5209581570
SHA512 04832192af3fbd490cea48e7246822be3a78891e4cc7805ff5b6241fcad883c67166d977f6ec1ab4f6897fab3d89a05806f2de7ac2bba8b257dc23e19c0ec406

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 a9bbf060212e56de5ad7a400ac3dfa6d
SHA1 e58b9abaf4e8942eadbca888c38879acd055457e
SHA256 3cfedbfe8d6a6e19515da31a7e460b78705fc63dd5a889d7a940047799675c53
SHA512 d18e81ab157c9612d38ab605a19940c6d676c85e235ba3d77cb9a8d1cf3a848ec22b782be721c187c3cb94e99d37895738bc93500dcea8edb2894de8643889f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 acd865d2f49c5484654a042449ce7078
SHA1 2cc5f2ba8fef41157bcaf811516d3684c3fc0a39
SHA256 7bfe57f8ab2d60326c0e3b6779f56dab2749193cf69e648743709f7d260264a8
SHA512 e70a731b2ae31cdd71d2f66bce9589c3f23aca2d2f707acca565e39976199f3514eb1dcc793cd2484dc86686d100d43083177d058f0074454f3484460b0db75a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 754f6e8a0c8cd6996ff615f7c57842c4
SHA1 6196a96b05bff0147c036d4b7f39d09b27765114
SHA256 e6edc81b1871deb1ca29b52312e2f4fbe3e16d75551b030573b6803b392598fd
SHA512 9b53a321f8d769c7889f755c9cdcaf13d2099f69e05e2e9baa0023e75a32a952f52d6f10e6d1e36a5d64942f598ee81ba453cc729c6cf5962ecf6ce911c967d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 1322bb7584a60b23bb0d18f76acc2635
SHA1 cb36ccfda406a0004c80991c5f3dcbc8318e57e2
SHA256 cccf9c120467f61d013eb0088acb103fba6aa567577566932ca1edc890e35d8c
SHA512 792d5e1448cc69d144f453a6566c85ec1f071e5d8a3fe4e94c18c0c39fbce08d830098b8b8eed6c3b4e6ab9decb58c432eb7bd95a310a86f056f4e5ba6299a78

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 dd897c747a9fbc406dce07009a096f13
SHA1 12a397ef9d02ec933f30fd62e989b725f2cd9566
SHA256 a84f1502795c1556e40148989f9e5a5cc8fab74e826a485f88490d0050871022
SHA512 1bdb44ad5a4c142701fd8800eb9af7d82ffe8134bd351f786a1aabe6f882e41dc062f6bb37f255d945be67d336152dc4a5274d5b12703988c30053f30bfdee5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 4d485a5e9b15a4a802f6585406a2257c
SHA1 6c8e9fafe204f5c0a09de516d4bc345fe4dca759
SHA256 f61f0fb68a13a5b2556d265a5f9fd256e5ec95364b19efa80c4f002289f694a7
SHA512 c071c2bb8565d2f1206700f2b0c101e21c50b421e89822df1f39ffbe4e1cc138a470c126c53f2f12903034610b81b7e19520cad879c5867f49598d2bde29d00d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 d2caf7d2385c71993e76eb41f793c1ca
SHA1 bb500784f80d16f36d9fd22ba3aab53078909dcd
SHA256 928ae791b6fdbefd4ca819e980149f29a640d342ba3c6861de05d16b1ed445fa
SHA512 6bf4c03eeed46a0ee959b3de9358a0ce794a5d620cd7950cd11f5d8c205eaa54c35ec0284b456e865b1f7406fc06026241fa7346994ce922e086feee7d28ea01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 68b0cf011d50fb01c5db0c997be32dfe
SHA1 c150b0f6da1a01c2d12d26618dcf4410b3451ace
SHA256 107f5239f605bfcadc4c6832369cada1f7f75102d83ce123e3aa0204c19920cc
SHA512 afd9a5ca329526d6c1e22f4e54a8314975b6b8cf1febcb50743e071b57839e4036ae2353dbdc3004384cde6035f685cbe45c66d6eabfeb6836a9b4a223192259

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 3a492dd10eae971a19ab66fb7ae091f9
SHA1 f2096cb84da7a26a1ca0d47f5c597d379fe7d8d3
SHA256 494e15a18ae6751ed2da2d674ecd524cd43f58c3c88f62d518e1d8605c2f6ca7
SHA512 123c71123facb999bc1f6041eeb6835d36d7811dd6917c1a467b6308f7f3c2cd0182b586c09ff943cda93455c68085738f7f4caa921918f65fa7427dde6e45cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 f3c4a5c853bd356bb99fa94a7ea0ac58
SHA1 8c459e35187ab4840c5acf47f1f94634b7544032
SHA256 5dbea28244dfd39cb5fe52821df25885bcf77651aa5103722bee195c4f1c6e6a
SHA512 e87a8a65ce1f8f7bd0b626cd286c749d4568c6ffdc2db031404e13ffcd3e215ba68cbf3ba9d127ad2b9b03b37abbf4e890d99d18bb66be5c507e5a987f171462

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 1107d8ed330984b357cb1d1e4fc897e9
SHA1 7a9357765e6c714950ec22e05877baf0a779ce05
SHA256 8af8e2e6b14e6d00b488e92e27d887b441de81b8fbf19367b870a138a2638883
SHA512 364941e0c0970fa90ce14d44f82edf8b7c6e1ded049ecea862ad4250d0956f823206745114220db59fde2ba50cda6803db435fe5fdd8640c00864f5fcf9ed391

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 00c55c25da15de0244690d27e46af18c
SHA1 cb2cfb670f6c09a5a7e4e84fbdc3a4f9089a24bc
SHA256 c0fce52784bb83e3464fec1d92090eff55efc1a5bd2f1a3aa042c02c7cf02fea
SHA512 6f9bf0551e27b6307f12052e869484da25d7cdebf991acf9d82f43ee6778252a447f82f7f1ccb354e5167e75949a6727cfc10dd6aeca811ee8d3c4eac5832238

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 ab32ceb46784cd84e1d7f8c7c8dd74be
SHA1 60eea85d4f9c1cfd40b2c76e424a72973ee8b3dc
SHA256 a0a7019aef65d5cdd3f9a8c40352d712096427f95f5d93c101b3d4861a8ca5b4
SHA512 78647d7c8d1b618d370d14c413446ae84ee4cd6342f3f4c78921558c7fe895a44692adf3cb5437aefcc41b4fdce81adef4f6c6dd0f43690c963eae69e0e9b0ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 4d324ce9126588320818a77b23fd6c5b
SHA1 b044aeb78c93831185cf3553bb2394059df3066f
SHA256 7cf073cd14fe152105931ff19fd1ad9b0d8c140815f0364d8897dc4a9ff53bd2
SHA512 cf94a10fe985456d95f3704bc16a3fcca326c8f2df3bf1b685e0dc70941c8915238fc486b392ce9f09114f291bfb08aa938dafc9afe37ce728bfb43770d779bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 6255d0f490b7153e8ffc9bb014a8c4c4
SHA1 54df5d20e11e501cd9c48b5994feb25decc17c10
SHA256 08927b492dd19fac5e333f5a9584059bec00bf554f83555f5fabd9ceb3f9f913
SHA512 3cd43a9340a3ccde1f58c33ecdbdb22e2b26fe6816f163f98ae0105a4fb0ca8681a2184038a5af8fb4551f4255d4e15ccb15453a666708c132c7df30c3d13d1b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 4361357314f27aaa34501a87e52555df
SHA1 9092a71835239875e8181b3978a76db8beb62c30
SHA256 96031ed59ae8e3eac5920c4a11d4611aeea463f1fc9b949fc9d2a122fe876469
SHA512 4d50388ebedb6b6fd6fe21bea2f67dfd49d9bf5b13a1240affafbaa86184234f41820739b7abc407a622d69b62c0d7305215eb9d9dbbd81f9afb9d2174997df3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 93c7b07988935cfacc055eecfdfd3fac
SHA1 0a16844390e701e5353d318b3abefd9d5b1e3053
SHA256 161ee9619d3e5731feab24c09c657e7258e3b9353c8d72045d1eca886983d4bb
SHA512 be19adda96be0346b630e2219c7e57b4cb5d819aca104338fae2e95c931687d4bea8e1258d70d1d3c00ac41f7f052659b3576d33c0d777c758637787570adf72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 ac45a0c08b0410cd4e108129c72873c0
SHA1 a5d05f4cc260540d4666ddd626d2cb8e5ab4e6ef
SHA256 e354cda6d8c46976707afa60b5d15bbc71724b2bcf0fad8dee25cf16974c4d97
SHA512 f70b8682b9de7ded3cb9f0e31c1a961ce33f77f69aaf5f755dbd875480c1579c844225694117e021ae60cee4051ac5d53280f631a62d36b530b49b53b6e73795

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 595566ca321674cfbae07aa5266e284a
SHA1 01c2ec565d439efe0353421fe8a0cbd04e398a49
SHA256 3f5cf525caea21fe674840aaa1d20ec80c34c7639c8399d8fb684888ec093624
SHA512 18b51169c4c69c7c3307e2497830e64661ceaf9c0c20ab03893094b7d0bf30a045067634aefad319e7f2e62396b018329f7ec957965aef4bcaeca2fc85e11e24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 fe95bbcab334d1ae363b02f7b42b3dc9
SHA1 484094a9b1e940d4e4ac09cf043d1939c904c963
SHA256 49c313a838a3b9a3274e7b6afa05d40d00464ed32a63ac9aaa5b70549861ba38
SHA512 cb7a0d5c3e2be4c53627b53bd74d616065b760ebd134a582c61f7128bbf92d30d1867df696df34b07cb444e87f44f8523cda21cf04825c33f0943582dbb1e540

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 fb50fbe12f29fc94ba2c2a6939511aff
SHA1 dbc1c0f5ac6d46aee24abe64ba66663535b05e80
SHA256 072705ea7de55c285ab3a4843cc19f6361273acaf6fd93263462562906952bc7
SHA512 31ddd1e50287ea2fb5c661cd0f3202a8e205a3a1c05b9389d432ffcbb5c623257084f8fd0f507195be686d9ee417698371ab9d16550be148d7d7c4791292fe13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 e563ade2cfe17e8297bb6bba89149881
SHA1 ad4cc505f556daf5d6adc9ec6b31bb84a734bb8b
SHA256 31033aa961a9421eeeeb095d631cd6ae6f4c6efd55a928011e03ecca6a89e4d0
SHA512 74fbeee68aca6b7e972b2fb39c4eff317edf636013d994b87736159f60ddb33cf9d0c6d45ddb8e625b65872ddde748de2f131ac66be6d58ac206253ed72f89a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 aa3e8c4e562d7dba1c1fd1fe51e9e764
SHA1 6309b4710c488c0cd9ea35dfa91d21e5ae69833f
SHA256 7ee12e024fba81edcbdce9f48d22ba7f6949baaacc1a859580e69cc0eae0cfed
SHA512 cbddb9b6ed3dc2538316c82602053d8588efabf2e05814628856e8ace32f7a6196cbfb317eec227863acadc4588109d1aec58e63549ec5210359cda817e4c646

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 5b172b9402fd9530a798003b6c91283b
SHA1 206b0e61089178e799ca4753f88284bd717984c4
SHA256 2c5c0eff48dce27c0676a4dce6bb2a35cc40128c709147b5ff34ecc7f95ee8b5
SHA512 f0ee587fd128bf317740c3d82abdc33152c40fda57937a0982c55228d3bbdc225a245b19da0d2f86e1e2fe25e163733b99cf706294f8e7a2c4a7fda29fa5fc7e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 cb8555cd7ddcf6ae4440a43c26e7f8b6
SHA1 1d762e72905153dd7e43575228469d6824ec6b7e
SHA256 3083e18b1d5ea8e86e6533a353ea0ed4cff484ec10bb50c2295a59fd4c9120a2
SHA512 e0d1a740b3b73b165f17c32150b4cc571ec27566f39bca66cdbbf21d2716f19917d50449d8126eb780b753b52b647ac9571f3e3f2531a47f525f7f4dea4a3136

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f10e9d4b019c1d00b72f39bca383e307
SHA1 8dd27cd2fc77620879a055435fc5df39010c9e23
SHA256 bde1e5fa4cd7025cd784c0ca6e5b617545e18e9420d7ebeec4829f1fcde08c3a
SHA512 b997df4db709e4923aaa577842861ecc00d8cf43a3df012b8408c6601dbf92484318466128896575d533ad2852e498c446a5d6a2ab492da137b44c0bd3b0d44c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 741c931ccff216594e039278c6f270d0
SHA1 27b0149f2d4e2b147832f123e15bf3c585e77564
SHA256 31abd596c26d408f75bedfbadff4ff23881c4446abe255ff1c7f2b8545764a01
SHA512 9c41f03afcba29a839f49a2bf950ba1770a457199426bb0af07c1d17696cbb202c6db13fa8c42d92e7e0c4d52d4c64510fa1d0305346a50f859654a27b22a32e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 bda9eb06c89dbbb69af8946191bca2c9
SHA1 d31eb7dfb748b4f9c5cad75da4fc27342cb31513
SHA256 49d5f2d828a597780184051c57a504e373d744309a6fc2820c87c20bb609d865
SHA512 2d68c220bf20e59deafca4ac0a21a020bc3ca89358a1928cee0493df6d1310fa7ae32e39a7064e287e219040b28b9be81468c0a1ab235e33901a6f5000838134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 569eb50a1fd2bb00358da37f27f66681
SHA1 62cc380fef19c5e50160655dccd401d60fac6c8d
SHA256 6651565aa1f611278ba4623cf380a40042cd88af4534d7d6fe1ff996bf6d2af7
SHA512 aff00bb12e7e7a1f68220b154575090d2698fce81d9f684dfeed9aa349ce53a99fe7fb48f21a59655e70bd07a8d695e9dbce6e68dc43f94226081e3181044c14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 5460e5362f08a49eb0ab2dca56a7c2d7
SHA1 5c4201f3341e5ece67c14ad39e55e53eb565634f
SHA256 97dad2c5f6a99e0407e40ac4564bfca0a275501c25339439fe5e5fc26046875c
SHA512 4437f2ee517c91315cd98835dfabd1c4a0cc44ce5bb98d5bf5596861640827d588126130f6b822bacacc61b2f9b9039fcbcef29e190030c59495c2f95e59e4c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 809bc56d2ed7cf4f18d81a6f675e41b5
SHA1 4a75f6f3baf0f7472ded222d4eaa73a306634b9f
SHA256 59e6291f435654d4a7fea0ae801f50839c0c80d920278699a065c91a2ccf02d9
SHA512 0fabd11e97cc2b73a705d02bf584d5c640ede23d42f79179e2bfd999347d7aa0849635a5bdad9e4e43520efec6c5bfb80260481efc3a2c3e147204b4bc63ffd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 7d1215a45eba5c0798a485a3d48cff87
SHA1 ad44273e542bc277d8059d30fdcdb164a520531a
SHA256 d7358b10846875cb18057e1138070aaf1f2aef8fcb37370458e55ec52ff94707
SHA512 7d0a08e45f038977adb5c3a82d3c27bfe82b9a7d88639d96cfcc04d2b04499e095e78a20ae851918b62280361e10c80176d328eebd395a602c5a3e0bdd786a1b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 457f029717412f659b9307662c1e5ae0
SHA1 2528c2cca5b17d06b394d46a64d2ec4f6615bee8
SHA256 1ca99dad849b72ec1a654381a5c262d025a79bf616e2b6453131801428a9b3f7
SHA512 18f5361a7ebb64ce89b20e4527bf7af811f0120007218df2b123581ce46c813d39d8dd19b9fbe14023e0572ccceac4326500f5c7346f2297d1159f280ad6730a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 b96652ce8c7af24b1c0d0878a0dd3714
SHA1 c60fc67c3906073161a2c6072620c085b8007bdc
SHA256 3747d68e1ec08a77effe380553ef4e81e2d28b6c588fa20260bf2de797c8b8e5
SHA512 1fd0ff45ca635ff928710c7edd93b16a97fce28f42c7283293962ddcc1848df75d052b348ec2c99230e8eba3bca4a877cb0192ee5524b31f0096f0b45323aea2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 7c1653fb98fcfd4789a5e463b7d92375
SHA1 234eaf831b81a5f26d563be1182f8611a376f883
SHA256 824ab82a2a4bc3f3dc0a0d33a7a2a8efdf52bde0e518ef0793f2f69913e461e6
SHA512 091f2e9d3b8e459d5034ac6fc131adb11e411b3b440f38baf631eaf7d5f8000db01923f45c49088540db28077ae4f9f8053bbdeb9f737974e5fb9a5d0e36766b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e038a25fe3fd45436a2ae4f12be55d05
SHA1 b11b0080ec9763a2618251ba647fe3a9d26b6ed5
SHA256 f510931d1e440aeb9a59a370b9b2b95c09ad22e646075c152a037a70fffbedb3
SHA512 c238a7b85cd0425c7e173f02c027078e2aa9fba17a3ea07d164cb839e8ebc9bb9ffcac31e861c094f4eca40751608775cbf72f6ffea1b68f890f85204e8d1a21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 f4668f806cdff4d2da78b503e7d275de
SHA1 1be908c6fa8298c0b8a07f8f669583c2aa565f64
SHA256 ed5166421ed70056610dd05ac5cce36783a94b2cad5addea2c10d81ca78de302
SHA512 7bfa6a349381b7099ca0f2fce2b09976c6f5a3225363be0a6661b1f37a3b22343ea4a4448eaec5467b39b7f6cfd9a058ed14840f9f60825aba7b67b09150ef4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 82a561e0fee23fee0b70b383503001e3
SHA1 eea63d0f05b9c8e2f2dac5460299066255648046
SHA256 94bcff8b5ccb5f2ce168a8a6f7c268fb3d214cc7d4aa2beefede6b088233e1f7
SHA512 07d7b0903dc5f1a3d181ff554d275388f12318f958643ff681e463da30a4ff086f11c9c0cf8281b08605d3d1a26270e4d3288129e49acc39273df6f80389dbe4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 0eaf48d6aed040662e57fef70d0d8707
SHA1 cf52b7a5bb624db52f4e483f23969dec7a2d5da8
SHA256 7f515916f8ec811ced9cccacc095009f8ac2d13700a12d5ebba6227c9cc60285
SHA512 180f698cea3d46cd0ef55a52289f7945e77753e23638007208b1e3879d9fa38f14a7a0a57696304fb9c5444259decfc2e90c2395be76a7401bcd17fa3d0cbb41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 600d996410219f2ce0555aadff9d37fb
SHA1 524c11d4f3ac92d444e2f4ad89559f0755e47adf
SHA256 364a58e84c468808723c163c5f583b0f83b8f0c042dd46e0a15204f0cef88821
SHA512 6efe24d2b2686444a08e437f17618edee2642be36cc9cf147f4bbe9cd85992d3f01afa2386cbdd606edfa337b6626841964ea774dfec7903000dce6d2e93edad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 619aca7c83a39bd64f1c3890a9c5b675
SHA1 e98ec8475b47bd3d9fc0c7e3e9fc7f669f4778ed
SHA256 e4df019dbd8dde99586e06c1343f09f6c4f611e79b0091d3890f8d69f51d9c19
SHA512 2d4506976a427ec5e9799766fd550ecb358defb01b0a8ecae34def81dafdc88f3aa7a698237d173fe082041fe146e2d00999a0d192241db687e690684da6f81a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 cde4bd45bafcaeb640e9b4ac835065f1
SHA1 e2f4d25391bcba2daa1d387182a49a56aefeea76
SHA256 3b76ce0e69f52a5041cff3302d07b3810206205ae1e5f277d4377cec5227b2b1
SHA512 4f19a0a25e9cc94d62ac03580e3c962043fc123f0e4000f5e3edf806ccaae896023795fbab86dcd2d10dc1350dffffed9c9b232664c5de42253199f5ed300b06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 9a727222abd87209e138e32bc40a9ca1
SHA1 08a7c1019669cbd63ea79f293bc7267b6583f84d
SHA256 985d6cc4d70726f8e5cec0c672c3db620d5cb8e4dd825615a2e4930caa5235bf
SHA512 7bd6c63cfb71270d7099299b2680204b43d8c605eeb2bc5ab017940717f39a19daf62d19cfa44372d848adfa9401768f64500ef5c24c915705a01050b43f48d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 42306ebfc64065899b7b91cd50fc9e92
SHA1 2615c71f530d59e7778c8bb08d50b81a87d4c0da
SHA256 4961ae85149e982ee24481d649c8ebdf52fa152fe2c95404fae272e613503c7b
SHA512 3e610fcc9f644182691b5da36d3d69dc8a2a38974094c277119f8907821c216d91fa1223673697f6a0ed21b8ac4c7666b6063c53289f8d0ea8ffb00d98f3b734

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 140e7480cf34c294b7c3219b3975cb37
SHA1 21b237f9fc24ddcb04652b84b7940bea5f664f70
SHA256 857f040f35f014888166928ed2a79cbf0a4a0f5bcc69e01a5d15e63909122afd
SHA512 3b1a98be9fb0642f9b12fef07eaab0f588c4373fae55ebb17ba49453e626efa2efe40fac8b88f64e73503b8f78f54b9195ffa632a004af4aee3af59d99f88a12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 62f99fbd36706a11ddee32a3af35e21a
SHA1 c717faf3d3b7c6bc854389677a17a4e1af36745a
SHA256 2f147c5bc11b1832b6517800be950cfdc445507431151e471fb9d5d360cad292
SHA512 6f835c9bc386277885effad817c2fea1b53b3a005fbe4cb2a7bb5b1bbf0b6adea120cb03e0ff4222eff7d8838bfe1bcab862692f44572c06c8217a5ff34a3aba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 afcd076fc9270ec481682abc22078d97
SHA1 ea655bce2df51a8a979e8926bf6c9c21aac40b15
SHA256 265be809f92ed9f68e4ca155682a7d86474ef0789ce7cee21f49296c97f64f79
SHA512 a46bb332fd272d81a48ffd82188dfa15e4a1bc5721e8e8887f5f32ec5db806797a4d0801816b852a67183440766a449b687f3cdbc3ae5b01b647f1846ae5db4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 171a097fed96047c903dfb28cd4bf24a
SHA1 c3d0f4d1254d92af69612484166c1152ff8843cc
SHA256 bfdea9e3da22fda9467f3bdfe66c13cbc071a0dbc1d8fe2e80a0a1056cc6ae15
SHA512 55012632def3e3c189fa2a98dd9d0519289fc4f84e4301075d2857218b9fd3736da1391aec74e61fee72136a5becce5fdbe02bbaad14ea05f2df9a0d1f63c640

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 a9cb95f2cde532827448c94dbe0434cb
SHA1 2164c29b597cd512990eeaa1aaaae4d70583369a
SHA256 dd08088ea1a7161b0697dfd343804abc052da06e8081afeb56af2d13f430f9ff
SHA512 93cdecbd6ee7f3b45aa8fabccc9912b29740989c5e8e95507a266e78a364e8aa8ea4570742c986356256de6ac6370932a4c4700b2f9876f32b88e5a0f4f6f42b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 69a4768c45749c29cba9e6671eeb3f5d
SHA1 71943fd5f7515455e61884b5c80f73921281b395
SHA256 9eef911bd061d8fa9ceceebee2e50c7ed4e4cc180bddd26603234dcc6b6156e4
SHA512 d21fb95007cb452cff3b6ff3580b37f75dbe55b353943658ff025803ffd249d606f118fb1444a0d0687d1c047aab4a2806b14c53919caa3b24e652082e20c884

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 67de34cef79080b4d3b2448525298f7d
SHA1 2a10171c653bccb7e8ec90d1d55665043be5df36
SHA256 b5ae494ce41bcd57bd81269370fe986f3deeb419e854fa92f42befca3718caaf
SHA512 caca3897a37c57c2440bfa37dbd1659dbcee08d27438525463df5baa6eb54f3e496bbece8ac3b0ba266168d72b15afc25f308a265f5a4d6d013dd7da8d140f52

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b88f055631baaf98f9f0338236112ee9
SHA1 2fe0baa6a572f9073fa5ebc210e6b5387bdf88c4
SHA256 9f8f0f9804a8e48c7199785e83c8f96450fbc252c18d06e8bd1b5c44001ea51a
SHA512 14e9e3e3f15c1c8de9ab7f1ea505c1c00a06b1e12f36637ba5468e6b2ee3a0c24ce46b11e39f7bee3e933d3d48f61620941f88de5a19ec643575d78899e7ce2d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5d80667ffdaa5143f22a5f28754efa03
SHA1 5f2177600b8c273c72a38a394eca2e09941d18e9
SHA256 c16e8d9131db7ea3e1d222b4d58a02050d2e8712a78d0ec015e5bf3e16cb746d
SHA512 cc76a54d258d2473674f052c7413cc4aba575546b75b9d83585d349848fb6e30bec1e9a592b48fec0dc6650bb2bc4c33115652bb84a338bef543bd653b7ba99d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 daffe9fb7d8e9beebc9318218c20f152
SHA1 95b05c3153d4c53936f9c9bca9f843ef9ef5c8cb
SHA256 768d05c108294f6675ed9019abe2d5e9f371765827aaa5e28bd829c57ad6b616
SHA512 3fa173e491472971dd89432ee00751fbacaef8bd153dfcbaca4040cbca300cd5d5e42c495cb7e014ccf7bc43245b24ef19e1242bd9870ecdd3a89d624737551a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c005ae380989b3fd60d65228e2206f46
SHA1 5da73697cf62283f6b24e7e9b0c2e1dfa7d49d6f
SHA256 7aad57fbdc7f8b25cb8a9416aaa2b935b7cc98ffcd779f14b7ac4c8214ba1b98
SHA512 f542ce6581c7c2c8886480142542cb469e7c420011ef94bd7d1150ba7a52a8bafe158d130a0814abace04a18a9a6d3a52bf03842f31c5ddbddf037b4a94f9e99

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4c5b4dd033f171b7e9006831b85c49ad
SHA1 3c0777ac62878fdc76456a5668b130fb2cb81d3d
SHA256 8a00dd0ec28a8605e5fcfb6643dce64ed71bd3b54d22c0c8ed80db92fe0a7d4f
SHA512 a6b6e389b4198dfe6a66b0d41ae62e27be65c305029f480363167ca44dff02ad08bd552c369394eef92332b1610b6bd293c747778db9ad4d9bfb8da5979bfa42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5e29432f58dc21fd4fd0ac46ac779544
SHA1 ac8b1828d1c1b02c5f7502dddba0c5911d5126e3
SHA256 89a8c942f3a9a2082c25738b3e7e853ed59e1493025d5b7889fa3623e1fbfa2a
SHA512 a65d5ac5231d075068a310fef96c94182c40f55ff14407700defd9a4da88aac562a69bbe731f2042aacd57cd26bc817411b0a47a43410eecbd60eff345ec3c6d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 19fbbb9855d3e772ba0ddaa2b120224d
SHA1 b8e282743ccc4e2e2b5ac4875b0dcf0ef697b3aa
SHA256 8bf7f9edb0f5940c6ed4bef94f1853f15f7e4baa8b36bfaaec57d3ac8c3356cb
SHA512 c5431a65b4784552ea559d06595c6a29cea5841a0784f07a838a26ebee149c190fff767314f054edfb87105a423d20b7bc6e6e6d279b497039f3bfd86bf0b351

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 fb76f6fd721ff94ee6f9ef86a7ed4664
SHA1 0bfc56bb8f7780b7645c65d417bcb7be9843b6c9
SHA256 0690daeeaa5601d829fd8828e1c21a2482d580b071a6211f099bcd62d98a4ee2
SHA512 aff93372875e366872c765ac57063725b6bdb1b8ce775fc376faf96243943796ce98a116a97ce2f3bb6e5a0e2ed0fa11f6cc905fe03c0eec5ef98c86fdea2408

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 16e0c2499230da69eae2800cc6c1903d
SHA1 69993b3fa4cbfe0130a1f542ac1e68bdcf94511f
SHA256 b565573363144da63d82dcbc434a1756642d7ab452931ef4072930678ca73da7
SHA512 368731733660c4fe413a114e39c9c6a700aa6c12ebc83498b603447e6b037348ed4f0b74d2c0ea41a30c8b41431643f9dce9256853899f26a4af9debeee10fae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4f62202b51d77afe278e6319b853ea8c
SHA1 96257190cb674038d28f4ae04e9c9f1ff07c8a33
SHA256 cbcd2f2c2f455f8a79810c92d49273b76ed5c2110964d5b15ff6c336264631c0
SHA512 d4e61ab58e010fa3108bdda5c06e238ef79b9c33a824a82b1d84bfac6ffa7d43813b9868bc7aced6f5bacfdede68977a494eb043bca0190a9f12dbfe025dc494

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9f6b5189c9ecf7fb88be605f2273a830
SHA1 2272ec8f8e02ccf38eafb029b821f4c31f2bc8ee
SHA256 091deb94f9f913ecee9e1c0372e2ef4339f7f54e82fcc49a71b688c58ee9e2e8
SHA512 e4ec7ae8e34b7b2893221c3d6f7ff976b9b03ce55c129557c4e8daaf873e58d1ec61ab70327953ede992983507e5e99a5127284d25e58220c43c45abf2865b6f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 25a309a1d6b4d1c470e3d29cece47be0
SHA1 c833d7616cebd4632787ce0d429c2fa5b4f95488
SHA256 0ed7c58902368cb678ac383266f5d006f93ef0d119e27521e5d7eec1a862d3b6
SHA512 6c0ff60342adb2bdb9491df1c6a888f9f19673c7a26e9e888e8ffd96317f989f34996d5bc43a1f12618f9fce76ba77486619148fbec5a3edab9d559e1c1238a4

memory/2496-8773-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2496-8772-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2496-9061-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2496-9062-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2496-9063-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 06:16

Reported

2024-11-30 06:18

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2199) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_c4c8f901e3534194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usbdevice.inf_amd64_815550fc328ea85b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_9aa94bcf077169a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-white\AboutBoxLogo.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\added.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-100.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\DirectionalDot.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-400.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_40x40x32.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-30.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_myGames.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\people_fre_motionAsset_p1.mp4 C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_features.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-right.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-72.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.746_none_fbd1acf77c7e8ac8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..cy-script.resources_31bf3856ad364e35_10.0.19041.1_en-us_efbcdb1b276fb5d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.84_none_65d0f4a4c6cd4975\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wpdmtp.inf_31bf3856ad364e35_10.0.19041.746_none_8478465c1c781ea5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_gameport.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5835c3ebc221f78f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.746_none_9059f094eedb3899\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.1202_none_12d2bc7d3fe2a244\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_de-de_a2b2c9fe7df04d15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..type-segoeprintbold_31bf3856ad364e35_10.0.19041.1_none_222a0a25a6ef6a7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..neservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7de7983f00ca7d74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-appwiz_31bf3856ad364e35_10.0.19041.746_none_f4142d9bba162d05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Utility\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_windows-applicationmodel-core-winrt_31bf3856ad364e35_10.0.19041.264_none_93c4bf03c43abfa3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\saturationColorBar.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-oobe-policies_31bf3856ad364e35_10.0.19041.1_none_6747b7a3667513bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_10.0.19041.1_es-es_88af0fe4f90d6cf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Ignore.scale-400.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\Media\Ring01.wav C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_sslaccel.inf_31bf3856ad364e35_10.0.19041.1_none_af905b001cf5890b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_6f586ad4968d0a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\main.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.19041.1_es-es_f17180c635da7b1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wab-core_31bf3856ad364e35_10.0.19041.1110_none_d4444277335707aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_c_swdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_8361b9de288cfd83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3578b11b5096ca6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_419cf96ae634c514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_usbstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad377322445ff73a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_10.0.19041.1_de-de_a8dafb6c9bc0773f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptuiwizard-dll_31bf3856ad364e35_10.0.19041.804_none_a39946334bc3ad6f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_en-us_0be66a1077504969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobe-chrome-footer-template.html C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.19041.804_none_8b46258bdefa0beb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_10.0.19041.1_it-it_f3309e82e0c0891e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_10.0.19041.1_none_840b13fce0a52ad6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-globalmonospacecf_b03f5f7f11d50a3a_4.0.15805.0_none_c0a9a6dbc8bad28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_44344cd8024ee1bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iamanager.resources_31bf3856ad364e35_10.0.19041.1_it-it_50e78fe9bf7a2626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tailedreading-ja-jp_31bf3856ad364e35_10.0.19041.1_none_1b24b4a8f370aef1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_windows-id-connecte..-provider-tokenprov_31bf3856ad364e35_10.0.19041.1_none_8585ef2f1b683d44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsusertab.resources_31bf3856ad364e35_10.0.19041.1_es-es_a60ca6691e407c2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_de-de_3f803902b12e3d39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62f5cf26bb4bce99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_sti.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_ef033791405a5703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0021_31bf3856ad364e35_10.0.19041.1_none_a50cfd334efdc13f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.19041.1288_none_ff9a0c377d92f65b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..fcounters.resources_31bf3856ad364e35_10.0.19041.1_it-it_e2c7dc89734ecb83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..ore-bluetooth-avctp_31bf3856ad364e35_10.0.19041.1202_none_7eab7e82402231ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-bluetooth-userapis_31bf3856ad364e35_10.0.19041.1_none_2bfadc1293d39d97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.964_none_b55ac867bdccde4b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-telephony-voiprt_31bf3856ad364e35_10.0.19041.264_none_2bb47dca91adaf58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_fdd69eb46a001ccc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_459ccc96b8ab22b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..orkconnectionbroker_31bf3856ad364e35_10.0.19041.1202_none_d16f7d1b7a182564\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\OkDone_80.contrast-white.png C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsreplication.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3cff577a6a4d3ed8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.928_none_1fa9f09ad10e24e0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Ejei\ = "ICJIUERSVAVCLJG" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe,0" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Ejei C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open\command C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ICJIUERSVAVCLJG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8k93yDRf12N2G9W.exe" C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe

"C:\Users\Admin\AppData\Local\Temp\d7090f86736e59bd0a0424d1c72e64f5bb2807e6ac58666ba6fedadfc3f88ce7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/2440-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 7da46930a9ba3433e4d933160f7e9720
SHA1 339817403e05c061ff9213c13c6d673f443210f7
SHA256 b0708ad36fc59038bcf50179f0d2c19b4838b1fd6e9bd80a21ad0e1ed8723eb8
SHA512 cad4231f925fe41d34d4bac345ec810e180f872401ee3b8b9fdf3ae8d8fdcaa22f8b1208e9380ef4e0b87e133f4c5a5a8278b5f4de7466d681a84007f5bba63e

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6263dd008991523f6215a6e40cf251dd
SHA1 306606a91fae6ddb1fb964a72527fe219c3642e3
SHA256 4d59e03e036ee975df920334c0c9b3950e14c36244bc10d35a06c9931146bf6a
SHA512 3fc507f5148b9b5084e5917d755308459ce47283a487ee674e1c3d16f9a38eade7adbb2ae8055fd3ce230ee72c8db3acd749ebf40bc00dd2bcc9790849e6eace

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 dc9e3bba39d490e88c2ac61f5587193e
SHA1 037cdcdb6a8889799b5efb0c85db5eefc8b08b5d
SHA256 0c5b00d1c2df14588c330de00fea73c25c5f143390ae4026f8eabc695a055cd0
SHA512 c01bb65b14d3a7680d9c6bd330a82cdc8eb78e32c32212853d206c6e4bb8a4227de81fa7246d4ae73baf69c37302e4c0639879834c206515f1d215b9bc40de58

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 a86ba3c7ad6765395b44f4f0d0811d47
SHA1 fd3af475f64ee23ebb6548b5fa3d33d0ed219d93
SHA256 1435c7466643e8ca4727db4b1f1ffdc9782de2853f38bb2ae2197d558ae9b0fc
SHA512 77e5edc667176184b8f3168625274bee61bf189bb2176282e82d25edec94417c108c3c69cbe1d6381e964b367f1d59655f5e58e9d62b4a92f1a4a195e20490d1

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 1d56cf62c05436bc5f70eb99916c63df
SHA1 b0da2f28da7ee78e8e5f30eb41d3a00d61a5ed02
SHA256 951ebab9876fa37a392b9b5fc09eabd4620c3f1b5cb517dab72e9a0fe730d6d7
SHA512 ec7c4cb1e44dd52b38e7a2e6bd50333c0cb963dcc73157f0156c3f6d75394961f02e313cdcbc20ab53dab8e66ea8450a830711ef578254d5991c394e685cb8d8

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 43a1ddf97fe0479dd90dfddcdd15f83c
SHA1 f16892e504ef451b76de5e0b0cdbf8406c10a8be
SHA256 dc9c40eb0ab98134e3b702a0fb18b76cc9aa74f8c746fd4260954bba5bd9c02e
SHA512 e62513c2997a5c8f4beef85488ca67b4dcb83e257f269a1cae3e4adc95280f5347c0d087472096b927341fd1a96f7bdd571f32c612ffa35b7f862807e7f19c62

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 04b7259d6f18b42670f11f88bf5ebcbf
SHA1 95341d5ccf5f690b85c7017f65d378380d721bcf
SHA256 6d733bf2da716745eb2fd084b63abf403a152ae935b27f2e49fb9c31c5e53d06
SHA512 a710999383346048a06dfe1a4d9f5e254cfb0db11382bc0b82353d373997bf60cf98b7cc998d25ae489655ed051e1ed2fa53cb1a22deb1dc09364a2f76bb8599

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 c94d76c3f1d06df6e6df828978651a79
SHA1 7536c9d1b5e8a0b4f35210807d56312cb2d3faa4
SHA256 0ac9b16f0301ea8b2f0eb8e489f628e56fe3380fa81d51906aa2a0e1c956c72f
SHA512 6503cc73254e648d9edd5733cc7243ac9f66c9f939687559d73b52331566bff6a62ba1b9c2eee1aeadd86c895e9e473b872f8697c3f551272847f11e82570bf7

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 4278e02155f886928d54e087b2f6dd5e
SHA1 71adf51f53a691bf03ff4b3fb2cd2d4a25539810
SHA256 0282b21742e3344902baf7c5065569311d043051300584d81178de9767773b32
SHA512 54540fa2728eefa83699c7cc498355fb47a8bcd24b6e2a3566da681a922e3bf7f51cc8022efa5bc8b020e105438b625f39e749e8b15d451551f4b229adacb1f6

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 92416f3b3013d96ffb7172fdc87f48d5
SHA1 aece75cf96ee43defef35e75bfdd30ca74902228
SHA256 fa4323f7e1d2456db09d8dc05005610faa85989053545e9e7ec3b53ceac2acc9
SHA512 4555690d800c373123469f3b9c0daa162aabd1a212f64fad6d95c4d2e520a6701716d27124d6fe9e55cd988c5b82a61ee04e9f944bc735ac974536b4a1c61142

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0c031cc8d4defc1d7b82485de2364558
SHA1 58b4bc5862b70d959d3b3a90151360158ef1d952
SHA256 9b62c7a3139ddf717da95c3405b26d94649ef79589d3ee150338c5e4df61d0d4
SHA512 02814114792b55c070ba8947a4ab62127de5aa9f6f09a72ed4cf7caa180cb80deb771927f046e1bde2267cd25d47bc27d729f096c41b943d1247be3b3b63b3b4

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 652d6b707d3cb2f8459738578f9ba5d7
SHA1 8156ff12e47375d876f2ce6df9edf12ee3021f65
SHA256 4f2eb0ca10b6406a47ecfb8c9c6c5817fd1c1ed42d128060cceef9719a93de5f
SHA512 84cf90749c3e4e75159d2efa81462013dfb40f8a04aca6671962511a06e475a3281f87f30938725cf08332ab09e2d0fac907b295e93bda75e1d4380c8324c5fc

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 5858fdea6b3c08b5e14c3ea45599528a
SHA1 1dce9a3677321c378f30cabf1b61b3c2cf6ce383
SHA256 bd219111777dc83ad16d5a00b4e7904d1e33737daaccb3e3cccbb4b5b143d167
SHA512 cea836b54cb2a17c546c515823a997c3bf0b10e15faf2d6d895091a63d2b7d09d88f069c8caa04771e28391d85a265b0d7b72e5f7b2ed4aa3b5f198b58171980

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 39b46052585e37f75c63c13eb4f36210
SHA1 4c45e84959c7fe726d62ad5a7eae4a8d2d7be948
SHA256 8d2eb9dc8a250f9b46daea6633d1dd851b9586009f4495bea52f758848d21195
SHA512 c482bdb96c1ef33d93e1d7f0f11fa4e51621db9c41a7de44269da4fbac2115a06c6d9e3827178f7fdf801bc7095a12ef09b46fb0a0825da604c7f862950570a6

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 56c6b4fd3799a2c99fbd93dc849c4cdc
SHA1 083230f0248b27dfc5003d8f83f8acbd71a2585b
SHA256 464ed54d174fd087e09bcc5c9ee5c162da2bd37e8158e6f4a6fb0dee6f09c853
SHA512 cca5d7aad16373f0d395c7e63cbeb1f388fe2b7584148e33fc90d55354e46c4d6dae6c14df690dd87114ec4db1b27849d39567be691a1ed6140311be1605bd76

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e185ef485d8864881f5ff853f31a3610
SHA1 5c5f4a14fe1648070773140ea9a7d35299dd5d70
SHA256 8351cfcaa6aa62152314909e4b5da6daf73b2bf0b21f4073c6f017c9c6883a4d
SHA512 be56863901d1c8e1db566b15c2ef716f9cd0ccea18a92804040cc3e0a3bb986ed5d7ae92cba83882d92798a07aaa518590a8241a0e1a29374833f6eef1cda144

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 7e024162a41b8001b284ff3d8f0cc91e
SHA1 ddfdbb8f674a40298a0f6ead0f0ce191de642242
SHA256 c596ba2ac54e2eaf5c185de1609ff3617bcd7b8daa5378407d7b3401bb90706a
SHA512 0572fc1642063d1dc7e74c66ff6db90be17773def596d472b77bc35190219b4ec577a90335488b19a9d930ca49febb142249459f35bdf5d7a65cddabd51897de

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 3d024259a607e4ccf06d0f1264a5211f
SHA1 6897bc7689cbfd6ba258257eb2df8446b4c3a12b
SHA256 471112db61e0c5b94333b1562a2234119082a0c65b1ba8c89810677724aefd7c
SHA512 9145db11cd133bb3851e66e549a3fcabb4409caafc89a5d5278d97a88578695d9485a5c2d61b9108e3b9a3b150099254da775d20cdfdb6572fe450c0860a53de

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 144072322ade80296d05ad833f06f922
SHA1 d24d5b8056f505e455baa4e64b9dc93be7b08bc6
SHA256 07752135e672091916634655d9f691c0544e28aa71fbb3237395ff09445b06a3
SHA512 74a41b8d065e6e5942036ef7cb630d96fc2c7008192ab5be6fbb1e000a81932e4a8df905efccb4b37ca85e2af2b7f6fde86c7c52d63cb539898a3d01c684a3de

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ea416b8c08e9e122bcdfbcba0100508f
SHA1 e9144730fd0f86f84d6b6bc3a164d0963b14508b
SHA256 181fde9a76eb84596196bca387a34db097a0e7a31372c3d5c06a070f697c80f1
SHA512 682e07ff8cdcaedfdd6a585a4fd4b393e60ed240a50351c8033e3d5fd800efe4689bea48665a47e2f8b4e33953c550f443cb2e60e9c02504f137addc1f97601f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 8fe267ca879102d7bbacc6858bb86704
SHA1 453a28529fb979c3c8b0ec469778b8d386119e15
SHA256 7f1f880ead920f16300630bae0693da89dbbd14e14aec6af62aa56870fe35aa6
SHA512 2d4b4b37cfd26ff57377327d9e0f871fe8acfbbeaaefbfc3a5815be55ec615e06573a649772127b7b32a5fd71c313f3e77a512c4ed6e55df1719656824f42862

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 a27bd9ffca3d7cdd39334031c9bc7945
SHA1 7d25ef4436de1f6ca07c2be188a53edf5145ee2b
SHA256 8b2de5fef4e9616044d5255b242870d5d0afe25326756e2ee4920e51b42f3c5f
SHA512 d096cc569b814b110278794eb9eba467065f619d21603cf77fdc2f8cd4fde1e3d1573cacf8e2a0c2016f0db44c0ea81471cd309e1b5ecce07dfd05e1e0e4db49

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 729695393e87fba2fc7f8fc8a088bf64
SHA1 164391320c336774ccc7e57683f0e5dda72c5093
SHA256 5df1d583c2209e4643626d5a4593882033d688896f11e69a4ca942ef7e4fc1fa
SHA512 515541379384300cfa9a3cdf6729ac81234644973c3493ab0becf9a353b72108a320f070f14048ca5620f3f8b02e81b03bb47a7df8c0eb82c015e3d6f4cf29ff

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 8b3ae3519170781392148a9418f8f508
SHA1 2b1086d4a2486346230fe7e8918188db0b3f8444
SHA256 96bb1bd6f43c8917f51703a8b431e34f7c008e9910936adae12dce03392629a4
SHA512 faabcd7b72bb33a623a065df6b4c13482d484a9f6cce6c25d4e772d92f55ea08d3b0df2a0becb2fa29cd2e607c20337fb26ae9b0945b8f510c347968545e4c0b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 f2db9a0e53c7eb245339f4cb54de1490
SHA1 03ff54fc8640d74cfd6ebeee1976ed7be59a153a
SHA256 46d802b3e0097b609976df7488dfe8f9ff5055c31a56fe4d2e6c2ec873f56753
SHA512 8774fe89e315d7686f763cb4ce3f52b59843cc77fa440846ef6087d2b48229d638aa693125aafe0a877228aa47b56974060cf548d7ddfd1e321ee0ed8b46754d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 f26681fc6b418d6587f0543afe569842
SHA1 f4473c53ea0e53abd13a7e7b8c48d67ea0a0b135
SHA256 a016e094a7cfb1aca1ff8355ac9976c6e9b74f3d106948591449fde688d0fa74
SHA512 3fd2cd0457da9313637a36c93c428b5264705a8d6a1267fe7cf4a2d82d3ab6cda9e4cd442be4dbd92f60e242c7aff15547fb4aee550a5937931101611db17197

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f729628c06a488d329000b0a150cade0
SHA1 41f9dd5266cf0c3214e0adccb33aac2856ebcb06
SHA256 69f18daf39e41e9de7f309d3d58e390808428b705bc3d9aee67ae3837a387714
SHA512 2fc2b8301f77a9efe8203fabd96f7b46b02ef830e7811ce26cc44ef0857da91ae8e12e09fd2b5609a723c300fbd17e6a5f1517be0bfbabb64cbc5d80c2771397

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 cb332c373fbb25efdafc000afd59eaa3
SHA1 fe8f3655516f00f2d2e2062f730c758484fa057d
SHA256 ba5a1b3bb5dbdfb00e7f42c40aecfb50dddc32f954dccfc63956586423fda73d
SHA512 13a0ae5bb4406072a287e6195af571ff8e3f494f279b0704adaa987911fe382fe9586269eb924edcc2ead0c57b003ab777a98c75afe4662c35ea676308dff10d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b663de8f5791874053ba8af659f83676
SHA1 64cdf610694139ab4e24e9301fc1eb1e643a846a
SHA256 90ebb35b5dca48421286a5619bd33bf8330ce0f3a0af5fd05a146b6413960a45
SHA512 5cf2080c7dd84ec5f9b35ed2278bc03efe226e8019607dac64e257c8395f70279c29b177ca28f30ae9ec79bf1e939d8197908d8942ea5e222c30d3197fa54225

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5f0722d8adf108ff7fcee0348e2d1303
SHA1 e1c70234878968f7a3164f0ef60bba4f3da8832c
SHA256 1582f29c02631df4b80e734c114c7f91cf41b2835c7f60cb692c96171338f53a
SHA512 664bef6e4442e1bc98e99e740d4e94a98e1c42b543327202fb1f5d403517ba5f5b0ab942021f7ee7051c4ab306265d5966731de6afb1e989c491d149549ace68

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8f5a0435471f6998ce821b68b10eefff
SHA1 0559cadd6be17c072770f9909f82bfb6cc2fc3bd
SHA256 f23d570fad9b978deb1d684ec2470a5195368f0bbd885bc0b8dcd8e8643efb07
SHA512 71a2f09ce03dc1b7d1176e98f790972d2a96d5cb36d1134d350c88f9907df8e2dd9959c41c1562e138d0305f815c8432d85f3581a854e79029abf10102a10ea2

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 be77ee87d4cedcef1e0b40780957fae1
SHA1 86acef263c667b54bdab5881b63c7d33af65e0e5
SHA256 ae61fe6abfdcdf0ee3725e661809b5ed744df5344b0376e7513c0bf47a772b06
SHA512 35bcd802f3ebe2d3c77007196b9cd51ad1a08bcb4de4084dd01af521040d238e72d66e9b970f1518977f24a35501b66984a4be4eaf923d0959c763e45eff4b68

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f5c2ae1c635fbb7b25767b78d131bba9
SHA1 e74ab24167fa5a5ad81d921c0f4434782d36b90d
SHA256 4207956677e22cf08d2cb48c02d33af49ad0d390958765f78927b7d474a109c2
SHA512 ea456e63552f62bac31d2cc19ee0626fbc29da8fdfdf0360235db7c61150b73a176f205f0841c1d21daa13d3913e1140a30f1abd1543278c9d3227a7d2aae148

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 18609d6773ba5a2ac6c7cff7e3958d3d
SHA1 9f1115e3ed7162eae4015b278f0830b929ac69be
SHA256 01db337ecc5c6199217680a39195cc9d84109138c3b4fcdf17b6f8d597d0c470
SHA512 c155864dd1da88ebaf6679ba156f1a6181c6f83e777aeefcb17ad49e182ac11b209d15dd9963bde0d1ae8152411075c761becab9bf79ba1db991514bfdb03579

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 3a648ee8b5192557c8f214da8366eadc
SHA1 fb8cc9e5585e61a1d07d889842d4bf5b9e77f324
SHA256 00c14b23f13b576e2938ee7c1021f3107d0faac915cfe33dab6659a1e377416f
SHA512 c0194bd5ed8a90a850f00bdf5bd798362df873ad42d64ba3e403c13aac380e30a7afcb7420bf24b5c86eca6df02461a47068825d5578495772561fdf8bdb8a10

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 90b031d8f75548361d72fd8cfa23ec27
SHA1 5a1269273865dc96cb81908830da176d096d5637
SHA256 fbafa397837fa50b98984178506ee78ec9d894077ef4d12c0662e59c65b6776c
SHA512 2f7294a977a0778ab8ae32353c807ef2024353889ccfa631ce0ab15777c474de4bbf8816d26594b97a7fc6310048afec716d5a113cf7cff0260947a931b00f2f

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 00ddd37d7d3bc2cfbba165750c3474c6
SHA1 ba777b0791bce0599a9731507140274fb9741c37
SHA256 e303b5bcfe562c1b607e7342a5b8f7264bec32cf21d2fa098eb0f0612bb1624e
SHA512 c6815b0ee6ca50873f6a9f5ea819cde8f1c7946731c3fbae57d2a546666b0801c42b884da3a08582bac6543f12d92ef13018c7277c65e4f4d0e687b10c1cbffa

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 6e0a3a3b57850ad18fd5dddf6a94830e
SHA1 651c55943404b9878eeebcf5db2b4536ccfbdc08
SHA256 523e48256fbbc677e0cfd45de73be8468582bfdb061d27180fb18adc0bd747f6
SHA512 e0e0995cb48fb28a0d7ceb6df93415d49cb60796891e2341d0b53bdb5ab1b7b38d61ae30f4b0c979b567a424130f4dce48dd170109955d6d809573a4f5533395

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 230c938784fcd405cb59a11b077cb426
SHA1 8a6f40a2b3ca00b713b07da478a4d7103335000c
SHA256 288d7ef8151ca14350787d6ccd28f6c0a0572272dcd80008e279a3f57a168b71
SHA512 3805882b420bdae4ef456fa64980b5449af86951fc588749a8fa85d6d829da000657574d76781779ad1ee19839c961c2388725db8e1a52831af77084262b3d33

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 6c96e493d8b27b3ed7217aabb1c5653f
SHA1 7b5a2dfd0d2fcdf4b591c81fe41ffee024cf681f
SHA256 c7c3175360a554ab77201f14378ee5cafdb6ee14d5eca29e3ba829891491dde0
SHA512 a49d45673817abb9f09ef1dd10e11bb318062df01daba7a86c63331d56ec2112801c9c0ae93a552df9937eff74e671c164af2b5140e7536f9b4b3021a1ae0a06

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 09d8e249f48e4aba12cdceab3667b007
SHA1 dbef70a06efc17a1c0330f8f5e97636dec645ab6
SHA256 2f34e94de87a94b3c9c345d55440e5ffc5f8d799d2db1d779bea76d54c6c2b03
SHA512 226e6e168ec28f8cfbcf86a8a859d988b5161b88f5bf0f2f7edb27f7fd6d58e8c2808835490cdd43d01ab5f622e6e97a1020cf15d54b7d74c3c7d29b82881d9e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c86f8c1d8c7a60cfe33cf4514109c617
SHA1 1ef6086a7b86d2565b94293e79a7363e77467e59
SHA256 a0d263d87e70056b2fa1b20449c27e7de498cd0417ffcb716bb4deb7136ebd67
SHA512 19dda4e856cf31d0d5cc84a2d732fd669427015a85beb6efb38d04605b66b849ec72c175e0ba290fe010e3432c1ac3dfb298dc5a2d194995509c0761ede27d3e

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 73370c0a2a40815447436686bacb65da
SHA1 a23e290ee3d273f7b9e01af09501f85e38ab9836
SHA256 6147d84a0395f711aa286bd4b9e68d66bb6bc965ee1bd12240d0a9112bb723c1
SHA512 3bd08790c2481dc3900da0b46d4f31c451eedd9d9f4d9e956b4de49e7b4113f1af79e6a1f8dba786273bff6f63c74549168335651b32d5448164c655671dcaef

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 80bc3c46eff5bcc9287a3416aee3c53c
SHA1 1246bcadebc151e07bb6945b05018184b383f66b
SHA256 7d0b2bf2f9cdc02204f1c0582cdc3a78b5772b8687881b699b32b0f57086b973
SHA512 a76d1a63314bf4a08f69fd525f3a3ca156d0f79ea4f19736105a679965c760b286083ca24ec4bfa102274f51e68ec44f8c7631bd90fd482957ba1c3d2aac2702

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6601882887d1710b5a11b693e4ca375b
SHA1 19ec6d14f3a6bdf5164949dbc579222c4813551e
SHA256 9ddd63fc003ca7708803b009926a05b66f949db921e24dbf6c62e932588cebd7
SHA512 b94210227ee537422eacd60faf6c0a1c4b955f08ee970a689364350d65455240fd6ae1503dde617ae97e9cfde095e4e8db83f2c82c0930c4925134e764965e2e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4071637d767934428991f4bc65a1181b
SHA1 50075e362bce449affb885f486513ad8f72d7273
SHA256 bbb38b2c3019a0427ea4e04e99fa8312916dbe3e63e7828f776c8aafb11fd27d
SHA512 779f9721d09b5e5ee7f31c6b13b70bbc519bf240b735467fc7bfc0e2f205a469d080b8eb30a4d6ef2cb9e0a1f6d9265503917964eb20ba9983e509c85d9a8dc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2daee851f07796e6d1168fc80fba942c
SHA1 2dfbe66cfc6e22a931695a811f2ccb26da0b425c
SHA256 07cb852c6d58245522f8a112fee46b6fef9adbd12e7f25fd2471252ea3460778
SHA512 10ad63630be792215522876f14b982dcda23b4de9409e676b9597c7dd2abb419856954b721dda0dc55d767123825da1d52a84db5c0f498675ed513fe0ccdf4a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 59bfe1956b23de0acb97ace0b247016e
SHA1 94392ef930549c3b9138522a4a1056b9338ab92f
SHA256 5ea89b7cb148fbd44210cc9b1caa92c166815689b09a3036f873accf9df4cf17
SHA512 b72f7e9fad67a4c70df0e626b44a0be652f53bf73a7da76f6edf6ae7a78037d24730abb204571c31dda86059cd40c4b8c9fd6350dd4880bf5ce1a612a9647bd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 49e4f1e8696024dbfd1093dc18b14541
SHA1 78c12e3101eb5e63e90c585077476ae93471d81d
SHA256 b9eb64287c7c0fa68ef6159c3a63eb7d647fa14d9c4de2e0c37ee116792e6237
SHA512 2de1a33782d8198c4fb36ef394a3cf9c1c4562af9431a07e579f9fab8a1a1367dc686239901adfc1dfce6d2299a6ce28c43b67c03cdc6fd5d647978f7b020ea6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 9a58887c556dd09bde774a9a45baa568
SHA1 1e0c9adfe9cebf98120bbec1b8a456a08a66fbd1
SHA256 56d09e509db0befe388cb99a139627cac6a16acb69f982a2945abcf33d8ff164
SHA512 55cb04baa9b061b681c19d23c41ad36441a999565b0cea4bac3fedae8cf543efca6c95fbb2059a4c3ef745b599b4bdab39ee7350485ce271b72e5834958d17d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 0998aaf21f804e5be3ca89aae25cbd40
SHA1 ca11cf31ee8f03eebfdfc246f3db231c17116cd4
SHA256 56f949a0716c326282239bc8c1476ed54ae49418763158bd4538e7e8bcb737c4
SHA512 dd33663366a9abfca82f9032965a3c7a074c243bbe67fe5740b5e6e681a5629106e3073b1d589b5771983079db1a5ede7059cf880c99f87d794dd0e6d7d84a0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1c3549bdb960b2f798d664dbb8079a15
SHA1 8041aeb83c0fd4ebbdc78a663a5d209b2f0f1447
SHA256 ff0293ce21b5cb107ac79a0bfda9b2b184ada33844f9aa4a59ca0215d40e3558
SHA512 ba19bd7b499629fb31ff257f769ac46b312a3733f4c4518e9c2b4430d381ea0159e423000f73c1d16b1b0294dcc01a5fb39477a35f2fc7b0ab904a6b3e2edf67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 be591e098ac14998f29f38f92b458269
SHA1 48f7de5da2858f10db52dd06c44b1f49871ded3a
SHA256 2abb48ebb3c1da62576b056b8cb2a8d154aa44782689dc1b2277431d7a0bbdf1
SHA512 613e795b2f0606acec9d1d397c705b8007927d031d86b9b877516bf6437b424955ef7c2bcff46e6362ff7a6d44232d71295bfd7261ef2fdef5b5398bd347588f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 13767a8cc17ac10c9e9730fd67d6858f
SHA1 ca613ba0bbe09fcc4644ec8bdcbfa97ae734bc88
SHA256 a4f44c5dd872c747822b7fe98d4fb8f3880218d86cbafb0e8541d70b3d5b01ff
SHA512 9bcf2b35cce6f43cc58a27226eeb99dae10af8a82168ced82897ace7ee8beb277f2e01cc4396bb9c77eade91b341f34e2391faa1ab6a31e670c647314d2dd7f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 e83d217e94edad50eb071deb0ad9e983
SHA1 9b37ab2268a0735c7e38a40b2b75b1fd5ddd9c31
SHA256 28f02f49ad1bb97c113a61825378e82fda15de4a23b63a0b27374a9d40952778
SHA512 bcac03e0976ad6f12965b2279c072c263d17978c704b98269c3831b5abb02f9a032cd0a0a41a35270ad80610a55f024f28703df5478f3d12c28cb17d4eca8a70

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 77a43af960560de5200b920f4eb2e5b7
SHA1 a987ff36c6ab9301a281ec4474a9d7cff4feec8b
SHA256 9b9f312016c2aa1e43fe3a96d5a465e91d36b2949d70c319195e181992bee1a4
SHA512 639918afe47655493bc8f73ce97eb8bc492964c0a0b402e71c66836299919cea095e2c6312f4be950eea83a3ad892a34b79bc0e2be193dcf34afc9c4319cc305

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 286e8a6705967870eba6d9f32bb9b869
SHA1 ee949fe5e7737022bdc1330fdb1e875084d73ec2
SHA256 cf80c9a20bf53cc1742052f6948d68a7247ec708d14005ca051873fb5498fe58
SHA512 e14c820e7ae5b40f171ef0f19355ff2f41ef2b7259c15ff640f1671c154c635fd2f6b09000c04e964aebe512b462d4de8aaee31a85e4fb3964786cceaf36b0c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 70815cfe64f88e4ee19ed7ac20d891d7
SHA1 20339a4f0cdcbd5712373fca3a91fa9a75c3a72f
SHA256 524f780b60ef0dc0d2b0d73d172aaade80f07577156af7a1f18167d30d051e16
SHA512 ef92e6e59fcc64da218f0cc4973e3124bbdc8b7d01636f4653de432adbe1a2f29c0442ff695409a4c3da68d31b9e0cc2dbc6122aeffbcb264ab0d2b9655ba2e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 83c9d738a80f3dbe0e053ae425af561c
SHA1 169cf5bbb40331f3aba51c1a9f96905af183db33
SHA256 d19fc628b0a27be4edeae04e7e3461fa9d242a8103510b81627b701bc68b643e
SHA512 67f66ae0eed3a8ba120620d5647ce83eb8fcf6b68678934dd061e2fd82452bbaf30003130b6dcb3b7f82bef8f2eaae5256ad58a2c6ade94ccc15b4c0c86bb0df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 d7c996b1e4b90032cec6af3ebde95ce2
SHA1 0efe5ea05652e0abb62bbf6077c947ea3823cd2a
SHA256 bc81357737db3ba3a7dffae1df6639b8027ec07ce706d8cf9b93aae1936a040a
SHA512 e09782a71b4a4df23d0159d0a0b34d9c3fb1f3be33df1d07b92af27365ac8abf9dd3a375420d64ebeac375d123423c2863dbcaea06d18f0113960af9bfffaeed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 70828a485255274ffcd6a0720c26e158
SHA1 44dda65bb227b459bfdb3e7b63ccacebed48dea8
SHA256 90010618b5b1496cb86a741c46bb9a89bf1b233d389e9809091fc789fd3b5be9
SHA512 76a1deb2f1bf340ebc50e08f7c07e8540608b8f5e2b050ece990862797990c68831cf707848dff2bf3d83080bcb214805b75d66669e7b46af4487489b1111378

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 7d9a4494496d1dc93a2a088e2eef22e5
SHA1 95e77bf054c5af4e39729c5ea899762d34d605d6
SHA256 ddf901fb3f0b85affc4f2d3a54ae7d3655913190f1ce125bed9645f9914288e5
SHA512 82e494dff563571f0c383a34010054c3b99ffd97924d2c21a84c2518fd2f449b8d63b5cc49fe027890db32143eeccb1d9aca8c5cf8247444c1c89183ed59b8a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 3ca53ecde15d3ce53e158cca2db85976
SHA1 59cad511c95c3352cc408d14b5680109ab3656a8
SHA256 e8531791191e88bae17db56a283ebb1e16e2ed450366c0cfdfe594902ce3e74c
SHA512 744424d1b33159aa6fa020811b174e00926e54f40be449e2c529ed1a8490203c91b57725f467c01d0e1528cb89a2c5bb0f334ff7d43850b468c1f026b4a856c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 c925c48e181124f12808e227c12c020c
SHA1 db6762a453b22fece378745158501fba64bb3cb9
SHA256 841ec805766517a0df361e12c968db73e0d96e3ea0f776eb6f8e4eb50b697c31
SHA512 44917c4699100b301c7c65457d0547e5e2631842fc14982f406f82cfd496493c17ff3815e3b4b8009f53de1ca2add61590a886c92104c06f63eef422db06b0b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 9ecaf521c292a37b2dd16f467a391f9a
SHA1 ec162a1d57931df58cd79c62467665b91bad8e22
SHA256 5b3a12febb637cce355875bff20ee1325cb33eb0227a098bf15d95a4d6bf90a4
SHA512 318474fb7389c1744dce79d12437addd2374af62b5f5d500363a9b811f1b5d18b715cf9d8c94cbbb372a1cedb636147544248909d85b497fd4fa74015551b1c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 527d731b06bc9fdbe0aa0afdb6fa3023
SHA1 4c5053f744bae1023767f92ee2b3d8de93c6f72e
SHA256 cfe44640af848b196d834391b050369858960d9bdd7ef08f215aa5565a240ab0
SHA512 ab8b343fa9915293eb19dd620c49011a162006b2b1445bad391f0bb0d09c40b1674a7c62082d14822aca632f2ceb5178a6233fe50e648c80cd319a06700a3c92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1e20159951e6a696ae2a9fea3d25364e
SHA1 32ff1f57a69686553f7fd348c094c368c633b986
SHA256 4feeaa0626e5e507c804a3818ab22c4b351d0eff2105ae8a01851868e44904c7
SHA512 ecd22b94327fa84a699092be179dc1ebaa205d90d9ec72a607d36b53676634ab93b6c3dc1a9170ed97369a57fcf660ec4f5e1044de882d6e1474336893353beb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 4af54ee59e23695126549e3b75ca5e66
SHA1 f3ea7c92fb236eca190575807f45003049051357
SHA256 d233ef904b497f8024bfd5a24ecda1ded2333d36463881e67a2f585400049ea6
SHA512 12432fa3023e34eee13a2689c43879caf41b667332f4a73a74a7a9278b64156af03d96af6510be094568d8fec3ed5e996c8e3b0d134f471e792f5f7c39c242a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 290ad11f292ae7ca0b2231451727bff1
SHA1 7787e23b1ab4699a9f32bb2d85a50ea935c2dfba
SHA256 985f50094a000fd073daae6edb6b4b56206d2ca3644dca89e9ec7ee367ef935d
SHA512 3002ab1059421d8253ec3f5a4dc8fc6abcf4d24fefeb9a14bb5bb5c39b7118c45b00e806cb610bab3f863ba46e3978b67a8a0ea5dbfa5e9eff622849e36c2fc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 390982fe92459a1349526ee1479527ff
SHA1 cbe86620671303acd8c9581bc661a14f9e5fa196
SHA256 7767d73c5105a8ca6225442083e21c3a89d41ad33609f962eafc50db82f1cd64
SHA512 0739d56b470daff674b0522590e432736c9c4052242358a76de11930a03fc5f4f79974182e3182005d4129fc1be8f9725785edba79d489dbc2bf70be78228357

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 2f235db759085976ae3046286b35c0d6
SHA1 40f6ad9880b8df80a124fcfc9784bac2ced604d7
SHA256 5c416255a76ea55f45691116b76d62c54da8d07cdf54bd1caa6dd2fd5f2ea9ee
SHA512 9755e9dd4996cec66e53c2d9278ce763cef5108c60e983596313c8283c7e83023bbe3ac9d68b06c01944052100d84c2c14c91db7f9e4c151dba0d6e2add9573b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 ba305f78c7216aa062e18c39b66cde1a
SHA1 a75321cece724b1d0fd13227e9fd4d2290df4ad0
SHA256 71d37e01787189dc4ba8fcee699ba1203242900f2ce9acd3cb6c3cd7d53bbe80
SHA512 778868aa2e16559a098f4726b55f60d5b6019990d6c9cb997caa1bccd0d54472555195fa53f70e775099756669387d55de01e3fd33bffe234531729d12fa3d86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 09142eced7c2fd3558c920850c1d2ced
SHA1 54c251b956dc2f46ba3c45fc1e7a71ab7452b391
SHA256 798b01de11e46fdce172715829621fcccc258cecaf1d2da91bbbfb6e2f8d1f23
SHA512 46ac7b3f57017428b2a7b3ddb8cd7cc8166a82800f27f1a0ecd70f82cbf52907435410907a6941c89f696970e30812dea51d87c8614dbcd380aa2696ed02a028

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 b7c5656d7b10e62e8d5439fcefb0f7ad
SHA1 fc36305f906533d605ebbdfbafb25bfc0fc5f015
SHA256 1ee80decbd4b5a6ca9ddeee49903c241ce82fc1a1616a37e36ebf2182d418e9e
SHA512 c8adffdec1306552b44178da741700552434e620bf83a7bfbd1f3fdcd85b55db4fc7a2674ed3284b8dfece4072bb3f540078c19b21311f7596e50911fe2d4d35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 d1ef63cd4bf0ff9ea94259d18d1303a2
SHA1 895152a4d385ecadec524366ad946fafd44cfd43
SHA256 a47e1375782e39ec165cdaae76dd4d51613c1070147eaa883718d2ec87561d08
SHA512 5c048e389e87d8e76991535fe6606478812095501b2c9131af3f581a93803f0caa0d71dadf691786fc98da7db5a9eb16602272aa07d03fc8eb682662094bda5c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 54c2b541a91bff00eb6b92aeb39b22bf
SHA1 94a14c3918d45898740c261123be48b40bf4739c
SHA256 a77ec8444a8bef94b02b9a6dd6ae3bcb6213e726bbf051b0ec0a3302be115b15
SHA512 ff7eb356037edf907a378855896f4d46454e04f0ecbafd2c67d83a8f33cadd955007b714beabd4220c0063854881740b1c747bb87e3f9ef9448f6d544110faf1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 80182bd19deb7b17430b6f3ad2ea5ee7
SHA1 0f73a6faaf2cb8e5c8a53fa7a2931844ad5cbc1c
SHA256 1a55ff20d99170ea656303ffcca91018f940fc6a82b9a6e138d8eb1ab7562038
SHA512 da26f51b8a4f4373feb0a9d91700f6fa1e23d7ec77b27e7eec704b287c78b35a2442a96b5db88f913dfdc995607246b5a603bec73c956071f36d54c5f2665294

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 56f65066f70a3b929b0a4e2a45caa47a
SHA1 37672d33cf0d7419f47d2c769c5b06244245e0fb
SHA256 84127b704e758d6d58df54c3d6cf93156704bec3f29b9858b2bcf1bb4036e8e2
SHA512 4267ce9dd9fb64b28e48fecd81299c75345cacf6456b354fe3176b83eadf2ca23c18819356af63a5355528a5517e707765ff253cf5898bc17b05e26e7ae825e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 e73d58214c57de744f79133dde45e22c
SHA1 e16f7e118f357fd91ff66edb55cf6f2b89976faa
SHA256 972e3a27f572c99760b7456eee79d239cdfa5bc69017eae87c4d793bdec378f6
SHA512 08e506421808395e433f51618cdaa56ea56b5f5582e2028e4f877b08ce9799a2f8a7ed0013b373e72e8ba1952367d141f05d2d18ce233508a3267739c0f6d33c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 72b89139b47256d1669f19836e5417e5
SHA1 199f0c1b663d0b105b1af1569f9f53246fd38811
SHA256 d6455e3cc98b6341fd9b17e18a75f1cb606a1321004e37e1006d85762d95e24d
SHA512 9540109fdf13a5c5c25f1408d2f451b7c505c0c08c9f8920a49298cc9d38d715061ddb69b5e663a448d5095cc5b7b711b70a0ee999a163a90aa98cb40e67c8f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 06ddd321a2505e3350805843bb465c65
SHA1 5272428147ddd003702a1bf1c858f3a0f5c5724f
SHA256 ac424c98eb118e979999a065240ff3b756307083096d9ed360209317d87cd06d
SHA512 da7fedd82fa260de6ce137ac16636294f4debfcd046ce426604a55378af6c697d67c93593e60fa123ef5f6b91b30bc6b3f6585cae0ec06e193ec57460f91a9f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 422f9326452ccef56f834afbc0886eff
SHA1 ba915434315ec3706cc6d489ae133813fbd91a9e
SHA256 fde32a6867cc490a2f956c00d91f94a6d7ff07a2a4ce4210c79cbe100864392e
SHA512 87f90dacea9256a4f6fe64ad5242015d5dce3fdf6d7f8c60b939c1bcd10cc1561cfe265cc347de0e4032a0c26c98e8111dfd01152ec2bb8c7e2bd20036cda073

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 88d8970400ed69a7c7a247b7f1a20644
SHA1 5c525f4d023b98442e6742be48f1419474b72d7b
SHA256 32b53177f11e7fca4b7cc2feb6730bb6cb739a741a5f38d9a3cb6def59fac739
SHA512 3d177553468d2a878a4e347f651283505e71e464589e1aa8f5bcbfdb545ffb3cc4fe9cc749fcbcbf01e8a2648e1d71cec28f53f2545b4c39025dfb7651cf6496

memory/2440-5508-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2440-5509-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 1a3c12907b1bb4453645394aabe8b416
SHA1 a413967fafdd22a64320c8b943a31e53086e6098
SHA256 4f6c4a4b81611952bd1355db0c69b3aa7bd70ffe41afec3ace2070a33624ac6c
SHA512 4837bb58edcdf662f954c176c26173a7955294630ec26ee5e91d1b894b10579e58ca7f5e324440dd1f7eb0abe3cafe2c95825b376dfa8ebef7eba08ed5cc70be

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 ccb5606fb226db04a049baac1120e4d9
SHA1 5650f06a5d79c70528afa9251459f1d972b3516d
SHA256 9dfd86418d801e63dcbb9a47051d59e9e297d8136ab74cec97a71a60bee9971a
SHA512 a36f9b4bf9958780f735c945e6e6c6e674cb352898a120280e4c3fefa242320531793c803018eccb9b5c25e782519dfe1118821ea49bfac6bf473724445a7459

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 b11984c6350e44fa426a330ca99f2da6
SHA1 595c1f07d3706c49c4b1f69f6dcf74b49b1fbdd8
SHA256 fa0ebe167500c873ed9263eb65aae2dde8bb8a1b7d2252801c317436b56114ca
SHA512 f9e181ae3a44d9e9e89224a9cbc5de3fdd53e4d7ae27239012fb0b25e6edad517c8edc7377a9266c7c81280a8b6074de7f8b29a67c21b4d23bf13790a4f2c112

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 ac4fcffc66f7cc84e08d07858c1b82b3
SHA1 4cc02e5f3f3722dad903c4892156429f5d9f99d0
SHA256 16363fe6538bfdab2e96d24c78921c1ea9aee95b6e40c1bcbe27e81676cebaf4
SHA512 9ad9ca33acd20764ce6a6d3b5ddb365dc903e35d9b60fdd5c65c7fbe308d1af5ef077fb0bf7ceef3060ba01f6a73cb6160f89f18b47fe12576686200ec1e9fa7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 ad763adc0de237de2bd9ea6f44d5b4bf
SHA1 d3ed4fc75479b62c78c2ed0080c2953aa000124b
SHA256 06c922e2c2d5581105bc5695f84c427d5733703041254c932a79424ed1f72ba7
SHA512 4b1037d3ce40de148fdcceb75e80b91aa394d410e081f689eea3f0af36ce10f1cc1e1364d55cb87bbb8a85108a87c39dab9b75ab52a8dce8bc98ab35c48476e0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 69a4768c45749c29cba9e6671eeb3f5d
SHA1 71943fd5f7515455e61884b5c80f73921281b395
SHA256 9eef911bd061d8fa9ceceebee2e50c7ed4e4cc180bddd26603234dcc6b6156e4
SHA512 d21fb95007cb452cff3b6ff3580b37f75dbe55b353943658ff025803ffd249d606f118fb1444a0d0687d1c047aab4a2806b14c53919caa3b24e652082e20c884

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 67de34cef79080b4d3b2448525298f7d
SHA1 2a10171c653bccb7e8ec90d1d55665043be5df36
SHA256 b5ae494ce41bcd57bd81269370fe986f3deeb419e854fa92f42befca3718caaf
SHA512 caca3897a37c57c2440bfa37dbd1659dbcee08d27438525463df5baa6eb54f3e496bbece8ac3b0ba266168d72b15afc25f308a265f5a4d6d013dd7da8d140f52

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b88f055631baaf98f9f0338236112ee9
SHA1 2fe0baa6a572f9073fa5ebc210e6b5387bdf88c4
SHA256 9f8f0f9804a8e48c7199785e83c8f96450fbc252c18d06e8bd1b5c44001ea51a
SHA512 14e9e3e3f15c1c8de9ab7f1ea505c1c00a06b1e12f36637ba5468e6b2ee3a0c24ce46b11e39f7bee3e933d3d48f61620941f88de5a19ec643575d78899e7ce2d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5d80667ffdaa5143f22a5f28754efa03
SHA1 5f2177600b8c273c72a38a394eca2e09941d18e9
SHA256 c16e8d9131db7ea3e1d222b4d58a02050d2e8712a78d0ec015e5bf3e16cb746d
SHA512 cc76a54d258d2473674f052c7413cc4aba575546b75b9d83585d349848fb6e30bec1e9a592b48fec0dc6650bb2bc4c33115652bb84a338bef543bd653b7ba99d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 daffe9fb7d8e9beebc9318218c20f152
SHA1 95b05c3153d4c53936f9c9bca9f843ef9ef5c8cb
SHA256 768d05c108294f6675ed9019abe2d5e9f371765827aaa5e28bd829c57ad6b616
SHA512 3fa173e491472971dd89432ee00751fbacaef8bd153dfcbaca4040cbca300cd5d5e42c495cb7e014ccf7bc43245b24ef19e1242bd9870ecdd3a89d624737551a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c005ae380989b3fd60d65228e2206f46
SHA1 5da73697cf62283f6b24e7e9b0c2e1dfa7d49d6f
SHA256 7aad57fbdc7f8b25cb8a9416aaa2b935b7cc98ffcd779f14b7ac4c8214ba1b98
SHA512 f542ce6581c7c2c8886480142542cb469e7c420011ef94bd7d1150ba7a52a8bafe158d130a0814abace04a18a9a6d3a52bf03842f31c5ddbddf037b4a94f9e99

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 4c5b4dd033f171b7e9006831b85c49ad
SHA1 3c0777ac62878fdc76456a5668b130fb2cb81d3d
SHA256 8a00dd0ec28a8605e5fcfb6643dce64ed71bd3b54d22c0c8ed80db92fe0a7d4f
SHA512 a6b6e389b4198dfe6a66b0d41ae62e27be65c305029f480363167ca44dff02ad08bd552c369394eef92332b1610b6bd293c747778db9ad4d9bfb8da5979bfa42

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5e29432f58dc21fd4fd0ac46ac779544
SHA1 ac8b1828d1c1b02c5f7502dddba0c5911d5126e3
SHA256 89a8c942f3a9a2082c25738b3e7e853ed59e1493025d5b7889fa3623e1fbfa2a
SHA512 a65d5ac5231d075068a310fef96c94182c40f55ff14407700defd9a4da88aac562a69bbe731f2042aacd57cd26bc817411b0a47a43410eecbd60eff345ec3c6d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 19fbbb9855d3e772ba0ddaa2b120224d
SHA1 b8e282743ccc4e2e2b5ac4875b0dcf0ef697b3aa
SHA256 8bf7f9edb0f5940c6ed4bef94f1853f15f7e4baa8b36bfaaec57d3ac8c3356cb
SHA512 c5431a65b4784552ea559d06595c6a29cea5841a0784f07a838a26ebee149c190fff767314f054edfb87105a423d20b7bc6e6e6d279b497039f3bfd86bf0b351

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 fb76f6fd721ff94ee6f9ef86a7ed4664
SHA1 0bfc56bb8f7780b7645c65d417bcb7be9843b6c9
SHA256 0690daeeaa5601d829fd8828e1c21a2482d580b071a6211f099bcd62d98a4ee2
SHA512 aff93372875e366872c765ac57063725b6bdb1b8ce775fc376faf96243943796ce98a116a97ce2f3bb6e5a0e2ed0fa11f6cc905fe03c0eec5ef98c86fdea2408

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 16e0c2499230da69eae2800cc6c1903d
SHA1 69993b3fa4cbfe0130a1f542ac1e68bdcf94511f
SHA256 b565573363144da63d82dcbc434a1756642d7ab452931ef4072930678ca73da7
SHA512 368731733660c4fe413a114e39c9c6a700aa6c12ebc83498b603447e6b037348ed4f0b74d2c0ea41a30c8b41431643f9dce9256853899f26a4af9debeee10fae

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4f62202b51d77afe278e6319b853ea8c
SHA1 96257190cb674038d28f4ae04e9c9f1ff07c8a33
SHA256 cbcd2f2c2f455f8a79810c92d49273b76ed5c2110964d5b15ff6c336264631c0
SHA512 d4e61ab58e010fa3108bdda5c06e238ef79b9c33a824a82b1d84bfac6ffa7d43813b9868bc7aced6f5bacfdede68977a494eb043bca0190a9f12dbfe025dc494

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9f6b5189c9ecf7fb88be605f2273a830
SHA1 2272ec8f8e02ccf38eafb029b821f4c31f2bc8ee
SHA256 091deb94f9f913ecee9e1c0372e2ef4339f7f54e82fcc49a71b688c58ee9e2e8
SHA512 e4ec7ae8e34b7b2893221c3d6f7ff976b9b03ce55c129557c4e8daaf873e58d1ec61ab70327953ede992983507e5e99a5127284d25e58220c43c45abf2865b6f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 25a309a1d6b4d1c470e3d29cece47be0
SHA1 c833d7616cebd4632787ce0d429c2fa5b4f95488
SHA256 0ed7c58902368cb678ac383266f5d006f93ef0d119e27521e5d7eec1a862d3b6
SHA512 6c0ff60342adb2bdb9491df1c6a888f9f19673c7a26e9e888e8ffd96317f989f34996d5bc43a1f12618f9fce76ba77486619148fbec5a3edab9d559e1c1238a4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 7e3b9a7e5d1be2d3dff73f9023fa2494
SHA1 783ccd30bfdaf1fa66fe0ba6f55ac5fe3008c145
SHA256 d3b715b3ee3da73b84ea93198082de34264e4b6e1a6c135cdc1e8cf4e0f2c001
SHA512 b65e95dd1c842e7e2d57f280b61599f3eb50d0f60b1b0561f34204ba6c9945f8858e0a41eda131610cdd390b9830c502b81737719f3d9147a0a5ec234f1e7423

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2439af6f556b1df778939ba269bb000e
SHA1 3c0b1f941ed149c462102b98bda75745b1982986
SHA256 3468a629b91cde7113a6507e2a113c77bd331c6e647d1b5734eb196816a23a39
SHA512 2c7320df22fba35dcc1e3c3efd5e1988cf3c112d08057c30dd3fd9e579acb9fa1d4031dd0e93b35a6d13c2ba79bbbcf39ebd1a675d4105aaa65556bed3af49e8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 6f89010beab3ca53d8145c882faf81c4
SHA1 3c7741e0fd3413e14ab14476ca4bda2b34dc8619
SHA256 dea1cb2f722c9a62854539c326923fa1de4e1615db44b544bec02d62b36cdbc5
SHA512 5c8e7953b518a34dae75f8caa6fc9b9bd88ba0d17f7a37ed713baae0d07558e3413e8ece8ae33d434b079a2c1747462198ba7e054595b099d69cede403151dbc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e7edc9452ca9efb5ff4eafcf17a1ac69
SHA1 c18dbd712bed46814a9ce62f935ef48362db558d
SHA256 88e37b7294360cedb37adba12f4e41bf506bea985fe9029dc1e1ee2485f9b3e2
SHA512 406954d4c0b18b65a614dc3295dee82df5f5eb8490df5074802bb2fdca70427ae1ba27390c6060ec4f38127904794a84d28df1942e391e5bc3c49f0b55388046

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 340dda8d7f948d8ecfc4f38993e4e2f7
SHA1 2c653fba041e23b65146cd977d72520f585dc75e
SHA256 fbd7f33b590296f9942301e89fb27fbcd54f23c11100c70eb621170663116c5d
SHA512 868ab1c0c95072eaef17e9e1871069d6809768e0c3d70968c3f4e3214e7667b4bd3d3eaafa6c1f1483154a6e1006d71d313209dab1fbf7d3fc32e3c8e99e0721

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 3d4ccd1eb9dd9e40ca82c42d1e02bd5d
SHA1 3df87acdea07662ba8f089009c253525cf3ce795
SHA256 df60f320ccde6f6d696e0afbc4e8fa67ae3c64d0514ca4fc7bfee06b6d6ec968
SHA512 cf7e975d5fd79c7d16642270724e6a2c3f6925129e1c1fc96d6b49ca77ab61431e754263e3f1f74c7274eff19f8e4794c59ed358f619286a0a6d9c2c7852605a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0ecbba47b759f336a45269b7528a4f6f
SHA1 4b961c687c49bd7fb8f682a6b8ab93834b678e0e
SHA256 03a20dc340ec10dc79b88cd90a2f9bf40003e7cf8dee191b88431ad85a6b7fdb
SHA512 2e8479938efe6334b9d3b726adda9ec51dc0622b1763056d5cd472288745a1a712517c4b5372b538f09326c246151913ed09c0375b55a83afe0d0abc42b8d9e1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 1a07f79072f91fd13f40549c7785b3db
SHA1 0a1dc2cf44af0615de722de84299350c49ce2f45
SHA256 d7765adb533148de1af677775ea17f7257db03f016d5eee3e43e5ad21bb185c9
SHA512 d86590f3d65e987dc722f8d36dfda41abeebff8b016d5ceab8ca060948fe643fed573f5acdc93c5e3b947c15a9c34c84ed2a1b17bd7466428ee29f9cb7c7e80a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 5b271d1e001ae62524cc62e9668cef4a
SHA1 6dd435ab798f7304abd1904009bb4ba9488bbe17
SHA256 446c26f23d0972bd16b364863385da1c2987d9f960605ebb94fc65c74ebc4fc9
SHA512 de2519ccb5a83584aa2cc7e738d39987d11b4151e44ca3989b02dbee793974f24bcb08d168e261066dad55576ed9ef1f4d0d9cd60154fb1db364ef848417d054

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 aa4a36f4dd30dc6f1d366d5ca60a1bb6
SHA1 74b2f02cbd992d801ef129c31eabb8adc210e5e0
SHA256 2a8f957811acbbd8b99f7cadb01425ff3e3676d677cd83abe678ba41c609fbab
SHA512 7ef929f09643cae069c3519d52c233aea7f73ac776dac893a8f89334efec9ee0b0fe29aad88d70188b1255dcfe6cabe0c9310f906a68b5560728ef085d86da2c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 406b089e3b255f3fe4c14980f70f9b61
SHA1 498732abe929d8bc836e46ef8a730a9f43537eb0
SHA256 8d8dfb27dec40752ec49d82132b287656eacedb3989efc0c2a660581c8f15773
SHA512 90009793273f6acb4f32dcd6ebf20020ec277367663fab76e62da5847b08c55b6fee3a1356193ab9e52e258d4b3059b42f0ba91ed1ad85e39d385fa3f69386b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 6c47b451dd449f4f08b7feba9cd23c09
SHA1 58b35bac63a5c009a5f41fe300159f233fb66d82
SHA256 59e025cafabeaaf9bb5103882f2f615f1a89de03b05f46d55248d34fb60f63a6
SHA512 b6beff4f34f0a235037e83436d38ef9c1f52ed9c29e7a795ea85993ae9a1571ce18f929b4aa32fb4728cdfc2fd5cd5b3a1d9065218d7af08782c857b98b3ab22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 767603e074b684c7b96ea7052c3450ff
SHA1 4240970ff4db342abfe60b151691ce003a0119c5
SHA256 d7cd9e2690486dc3b76363391db7c9c59cebfbc531bf2846932dd4a4d3573569
SHA512 08cb243dc691a91322b7228665a338d9ce8b8597732d3485647a2007f348a321d4eef00d06cddb4f6715ad4f73b53c45c569a70aa62150fe65d23622ba9e6656

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 0f6d4de2f247faa25a2e718a98e12b8b
SHA1 bc6cb1254f068c1aac74c1fe1d0cb7f2a13621fb
SHA256 afef134a75c9aa8578a78ba66336fc75db4c1cd6770453ad3263fa41c0ab7868
SHA512 c005c0b1db6bf3eed2661b1ca407cb6035690444493942bf1328f83e97a87726668b1012f61ee87b18eb9c5b4c90e8ae7dc95b461a562a75df8003af2867bd5d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 0b62484275a9823c2d4a7bcfe04a3954
SHA1 1755ae1bb16bc45df54f486f2844da93530fe454
SHA256 596983c46a83f56b9c2d823fa2982d400c270e1016331142dab1d77266631c8d
SHA512 3c65fd5ce5659643dd3c3504b5bef6eedb8f2c4824bed000738bb7fa9d64fae20076283d68b1f15678c4a3c497dd0879cb903da5b3364822e09535dc8749d817

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 0477baf1221a1d30ca65eac1fdee1796
SHA1 8358a448c8150d48237e7dfe11eda8504b4871c5
SHA256 1d5d86c58137b8e87fc968f897e6220ee6f773e11f86523cfb27bb1fbfeeffa3
SHA512 76ab5e9a70c04feaed661d9f111fe4a779935caeb542237d5472149d13ebe54c531fe046dd3a41e83f65f5f32191afc1cab34a7d6330dc0f396715627fdd3f0a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 def96ff5f2a1e4d935504dbb636cf806
SHA1 8723a053f2ad2becaff6841ff03dd9f6a3452a7c
SHA256 5ced3ec3398c018b622778065b0f5379e212ad5b646f004819f06cf09cd213a6
SHA512 5dce0a7eb129b56de2952400a26bff61402f8ac3456a92062b1e6bec19779b54332a7c4279ad612ecb83d3fdcb8468cabbf4990715ecde097c134a09c592b7fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 9f7055c82c48105afe4c074db5c2498d
SHA1 1e770a79afd54cd1d0f901632845dd1b81948472
SHA256 01cb2c51318421fd3dd4531fad4ef994dc3c6a94fb273a53d7043d52bcb2bb1f
SHA512 0861a983eeaca229aab68a0486090e1db0dcaea5d9fa0160040257bd4d5f38f0bf3f08ce7153e9438f34520b881f3c4a53e844ad79054e4d2bb6a995f460637f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 3597831998567e62c506e3999e6aea8b
SHA1 e8d466301ca10e8f83aabcffac4d9e991f807cf2
SHA256 f4c065a940ab041443528e011d63a72630e4cda39cee652888b0a51d0594ffbd
SHA512 291a0ba164613709ba493f861d5f43c0fa7772e1d06cee739e440ca5270df17d9e233b94212de0a17e181604c4e609842342ede8e31f5864a25397f9629ceb19

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 d888bd3b411d67e7b4d4da1160bea1d6
SHA1 0c923d64c37d04f3728db366e0f18965ec7d0afe
SHA256 3aaf481429b95b83b67f71bf6f75be6caf42c3e49cd94e69775c9eda837698a8
SHA512 36f437666352705862ac17d43441f24cf2a515f5ea8070ce396fd2dd8d90a227000f7b7e89d7768fed3f09c5fd0d163d4edb42a681f3a1f4ca34082767071734

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 2d2c99cf69fb89598462729c3f4104ab
SHA1 0e2587c73077f48188d8a8bc0af87ed98c002901
SHA256 fe34061d335c4698f0ad7b6bf8511ae28fe83427c7f459c5c697d82cdabc3262
SHA512 8c46c826ce078ca5160234b48c888d4ec01e697370c5d37d33bc15628637e17919d9164d27eb47c1d8a0340164666a2120e7871a038eabce521962fd09c8fe34

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5e76d128b97d17397f53ecdf7280f5b4
SHA1 95a724f29d4cba2032d5826d7f2e1abe3ce57604
SHA256 7502d9a5f2c06920d8399e5e771f1650ee09059dc9364104afbb6c26c5f897aa
SHA512 fc254dc9d64d64215ca3ab4d502737210be8fa9240c52f6722ce358b7958db2e5bc4c73422a93b9f859a3f714c1f02ef9c3302f2515e1040321062e72ed1c0c2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 491aa2453fc9e8e7ccc0fdea27ffcb5d
SHA1 9539e47bce271ee3be2a837546559de9ad47e718
SHA256 a9abf6950e36768ceb0e010f89d22cdec9d46de266c40e85b111fd61e6b23f81
SHA512 f566bcd52db71302bc6f780d2dce15a93c33430e65af23ef6127310390597b525f2334235b346c8bbcc6c39036676dc05d97db0ba3192ea0acaf0470768967a7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 824b33ff1125ec518333aff4c8773d31
SHA1 1b660413e47e073baef92c82ce45e2788a9c96e8
SHA256 026b27fe40388c42ad5f459ac0bf28d02dea0460468bec541e3f1e60db13ac9c
SHA512 fc6ac57658c5c41a422892c4204c6cae4eeec8db0460b53a1fc64cc84a9df29f4eca1ce16aeb40418c7121a0d59e6a2b5f1f9576060c2a6ad30561d9ef77954f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 015f364288938affb979c476399adaca
SHA1 023bcd81972d0b34455f6d5a189ddb053f7371af
SHA256 242955ab885582f526e387af59c6a09387875e4970e55d69dafb79f7998f539a
SHA512 bc92201fc145570553aed763fe79c352ac105aa966dad1b04eab821e90f2b85586bf27f21e8a07d1129d9200c48b3b9effd0b90eee4025ae54b24ce21112c713

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 0c82ba8fe0d7eeddbeb361a385e2dc00
SHA1 51314fec496e7d8a3f05f1db31e0f0b761c3a003
SHA256 eb462b7e6941cfa86795ffa80e9d5e9023ac24c03dafd406a104c21600110947
SHA512 15ca863e50ed9359d796af174725ae680047594adb91b37b863b111cb2cc2cf289b37ad9e09ac0b013a04e65d8d3da4b90dad11e10e869b4c07bcbf0d6df78cc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 03005d3c7e95e3b6da33d0294159ef4e
SHA1 1010e3f4732d3423aa798f5a357907d75dfa8fa4
SHA256 670f3c8333ad824b0c79364c319b9e8ad9082559c0effdc6b4284c056a9567dc
SHA512 65b39557a2bf88e682e3973e3f5e7f769b0bb842fc52b495db5b29775bf2fe8d33d18f3818c2644947ad200aa8e64b3ffdd49aabc5e01209930a84b5294a2917

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5ca7459b71c09836df7efa87d0371881
SHA1 01de84b9c1617509bb63b9b662ead002db3303a1
SHA256 ce95c3172c7d9f4afe348e0e906a6cf1ec56ed5c4b20621a677e75984c866c94
SHA512 3400f0ebd46d59486ffa7c5502d2483b21b140b0b29529d678d8e8c0696b7e22fdbf69273660c2bf340509ac0ebad8c1aa8e5eb1012ee21298b43ff22c5b2c7e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 3631b31ef61be8982ee9eb5d961856e2
SHA1 58c2781bcc63be1f976d8b0f3ae65988cd42ede3
SHA256 cdf237ca97644fca278a192fa631c1840aefcf6647a4202151be10701371aa8c
SHA512 ee6573a9d882a0bf8c2b3292bbb93e83d48ab1531296d9efd374221105820d12d67e6cdeeb449e8ae83124b352c23d5fb5cf8f3a4b03ce1dcc469dba8b5c5b3b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 66323863b5e1ed0bb45236d034b46524
SHA1 e18d74f9bf93544af8858ccd30015a3a42b11cf6
SHA256 b0ffa22008f9be879a27d3d53e75c1f665a0f46e2f414adb27e9ef6b1cfc814a
SHA512 d09df32c50fb7c448c1fe675c853f2cf1880c40676ebfa7a0344ef0fd6d58402d0dd7ba31a89305484ac1a334ceedeed4cc396b3226ef68e40e92d077b78ee56

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 9701817505d28278f7cfbdb74dacc28c
SHA1 49871e9d99344f2c1c04b8471828e7df2d5969c3
SHA256 68b1b20193a86e303d8416207056eaeb72e7fa81874ffa67f3abf93949d574fa
SHA512 11ba7df920d1c3e3156d7004704ef608a4683596b7a76de25880d8c2310ad1db07a8008436e08828cdb33f093ed666def4aa086716c177575e321880abac57fd

memory/2440-9821-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2440-10824-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2440-10947-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 8f009f0509b90c94c90a6d69696db159
SHA1 4f824ad9b38ed195b7c7dec608cd392b9e91853f
SHA256 4960098e8dfcf5cb47baaac002f29500b4ecb760d4a4b5b5669f1069bd8a8e7e
SHA512 0e787db29fefe12c966fb4b236798e338a82cd5bb27aff3468d62a01413dcd28d556e3630cdecbf3cd5c65ccbfe94cfa2cd7970016caedcb786795dfd059940b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9b703600a09ed0acca9010d246e09433
SHA1 02d1d7e17a857e7598cdabd748bf56b661e41b9d
SHA256 2135151f073e4ef571062d76f5e7b543a628fd3fec9f4baa4365705cc1c5c746
SHA512 6c3bd46226d4b31a033412d791ce503ccb570d35c075e61b353e390cc073ae10c3535a17bdd6ddf6d877cb2244fd692e1240f84e5c4399587df33cb8823f81d0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d47e4eea6700bdbdfcb03b6f674d294a
SHA1 1cf870dee69e1eba51b4f0b8ae3bf0c2e060b94f
SHA256 3984f1bfd80ce518e2aa1322124cdb9bb371cc6467f65bfd56e97fc5d9221ae3
SHA512 7bf0c05f4e347f47bb9da0f7599fbe6c0f77d22dec4cd7065b6eea57e339519b79758e3f3ec2798a4119efa6efae0bda46af6b02350bffe9fb1b1a0d7e5cd661

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 1ea2b709321fff50d2eeeb05b6055e28
SHA1 005f4cc5a241329d903c17d6df1a855984d9c235
SHA256 01d957f841679ce7f22664a3a059c61ec87fba084f67a9f44300cf631f3cee3f
SHA512 2576b038067f4c1f801922357dc5874339f8f106e5be2a5f94e76766fa0aa0ceca5002f119602d5310d9762c99c0a5f0e5735b1b39ff09c831fcbdf3be9bd099

memory/2440-11224-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2440-11225-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 5ee6b3866309fa4e6a3bc1f821ba9690
SHA1 e6845f8539649d34d9ecfc5c3e6b57def00cc4f1
SHA256 8a296216dae0c585706fa6101bce0cb32d5941f50f91e160b7106cc3510f727c
SHA512 a31e18d41d6f38b9f2e40f7f273372b269d2d674d72ca3ab75feb1ee37e588e9bb9f3f25db05a9794af8e04e0ff9cf6d4f120c86563a46b08868192c475a8ddf

memory/2440-11230-0x0000000000400000-0x000000000040C000-memory.dmp