Malware Analysis Report

2025-01-18 20:37

Sample ID 241205-jlbf6avmfw
Target 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe
SHA256 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0

Threat Level: Known bad

The file 735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2186) files with added filename extension

Renames multiple (2175) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 07:44

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 07:44

Reported

2024-12-05 07:47

Platform

win7-20240903-en

Max time kernel

33s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2186) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PINELUMB.JPG C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CAMERA.WAV C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\MCABOUT.HTM C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_winusb.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b6e51218f4b05a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_wiabr007.inf_31bf3856ad364e35_6.1.7600.16385_none_09776fbee41415f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.1.7600.16385_none_a68583f940737324\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cba8045b90e5dfab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_wd.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f358ed81eee18766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_229cd9b570ececee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7600.16385_none_e1fe941aded5555d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_it-it_50e13bd0c915c530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06efd698ce3b5af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\logo.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1432afb7b9ae4e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\gradient_onWhite.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e0470e20ded3c434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79a6269ce8d217dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_8.0.7600.16385_de-de_21b4ee41283f5575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2a35225d7d848db0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\9fab28f14be5a0da526b1ceaaa04a4c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mystify_31bf3856ad364e35_6.1.7601.17514_none_4e37a08175fccf3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a10d2391378d5e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.1.7601.17514_none_1a2a55cbce85dfcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4d46cbfc094f384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aab9c72954531b4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\msil_presentationui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f1055857b4a2b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0016b8d0e744a61f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5ddb73c774e93f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bc81c6f47434adc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..w-dvdplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_331ae4f7a8e80a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_789a038687e73e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b9b82aa242001e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0c53587702412160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_umbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1aecb5602df67cc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_606581884a1501cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e8f9dab6e2a5481\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_de-de_ba19b5fdc1addf01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_5beaaa2baeec35ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7aab257fcb5a97d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_508fcede0c563f82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4bb6a2c1116afa22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-tw_1dd8e99569324a3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_22fab47661a2fed2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.1.7600.16385_none_70ac69bab963d474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\msil_system.web.services.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bdb26af015505132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-10000_31bf3856ad364e35_6.1.7600.16385_none_240f5e8729f07c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_0703ef18cc0efa5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..tebox-isv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c0c672c7816227ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ifffilter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3d4f0e97b16f4350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_386c00971060a77c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.saf..oncepts_v.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d919cfebffad4437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e86e68b92763e0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "EGPKZMQGRDBQZSH" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe,0" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe

"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"

Network

N/A

Files

memory/2104-3-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 b28829aa51a24c0452689df2364c7430
SHA1 1765a7cdd572757ec40616946ec022e75ca77c7e
SHA256 b0ab3473bb61bf150b9112814c51895be2cdc6284a1a0f9e8c04ab62367755a6
SHA512 57e6c8f60dbe1c0e2124f918bff16c5b9809be0163cc646f86336f612fc087e70f300e3c80bc3ce2f81c00037cf1bf47ac24f2172110e1b20cb104a645f1caff

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c41678dd684bf06e53a6245b53968128
SHA1 2a027bf562fec840a1254e9ba4c48029ac7879ba
SHA256 8b46f27c26058882537eb34553d3d54c7a8c31c960286c16c95b6d90fa81aeee
SHA512 31016a9419edd42cc14d1f4e002380ac65c6d686e62ded7ad1e61dd507ef81930ccd2946f3bb54d0b2de16722e6b707043cc7fa8cc4f7b9aba93ad0f6c92de9d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 3b1403c22bd7611593a032024d74ec50
SHA1 b09751bdf0a8ef6c32428a20483530db5a429830
SHA256 920b424fdd13306ac01ce4b7aaa9f11501958737650771b4cadb90e9d69772be
SHA512 d6c34859346b6ba3aaec2719ed6cd12b3b98be2cc8a67d539868453cecbd9ff2a9f30c750e7bd18948d9850ba6d5e32d20cdd58efc2db35fa9a34866ba0128fc

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0e0e5839556df9e904504b261ca5e5be
SHA1 27ea17a924900e8ef680e0f81508a8fd87b456a8
SHA256 04bac402879bac13719d12e992eb8c877455089db1ddd5186d356b1712f6b2ff
SHA512 6ef95a1ad5664a77edafd25df0f021657963267477573d05b27f8bb03df320f3f90d2ea686492798962641d29c0e9c73de2299220bd66eb25a2ded2c560eb9c9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 cc302202b2c12a88b06b97f151a226a5
SHA1 76a7d71200a0eb54d0ba3c0d77106436da863b98
SHA256 eb9ce9d755191c3d605f4eba3226270fd05d053d5a1483fa01200c4019571771
SHA512 8b9913b719ac2e610341ae0c4f1343ce2b0162e7ce42a69e99afe27140f1afc1485142ba43101dd7359916cc42f516ea7542b0495a19748b4f4d4e9947936309

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8cbd3f245d63ba98961f0c62e7b3c109
SHA1 b8bc3d81a0444e217a027ea8fd96e068c110d790
SHA256 e3463ed21321e58fdb158594a6c59dfeadd030992e5acc11fa2dd16dee5be4d3
SHA512 5a788eddbc8adaea37afcca036ff282b68d0335aefa4fc975ce72164a19eb1a3af2be461e7c8beea9cf1dc6b6d38a6c270f5b575a34a2bf3c99a4c03a99ab7cc

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 53cb5133c51d10a2591bed7d459131ba
SHA1 441787b95798ac59c84a24d8fe3a623961b18ddc
SHA256 d1b92ad38ac64e056cbb672d070bbf0848214510cdc4a3764624344278056604
SHA512 a23942d8479d82eab58b0f0cd403db586094cb4c52b5b9b6f5a2c4c00f53dfa435db7905ac0c759813f062296c6fe1b2fcb70e52133d480d739b51194c3a88a5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ffe019e61ab357c4891f85abb5676488
SHA1 3eab2453f5bb691e1c99d30f54d83712cf8e7404
SHA256 3fcfe3237ec26e104bcdc61af3d46051ad3a91387c1ca9e2da4aed8821e2524a
SHA512 edfef15274e0081d69bd78ee42a15763c6f134cbd28e4b81a0ad9b4c3073130dac238c86bb1fc07863e04b0524a4e8859c7e27f6a43d85abb9774098b0e49df2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 908de2bc98a57f745f483aa2e0931bd7
SHA1 3fef5eca962a2a654e05cf6bf7fb3f0104311a74
SHA256 f9f59447b925112e172c3075a4f4ea6b737b5fdf05cf33159f1fb725d44fe366
SHA512 32b7b8e797ac5853029f81905d767f8533a60bbca37660718b8ab76529c881eee543e425ea5278c4dd37c3c2d0a01d1638fe00fffbe00d4d0872c2741d3adf3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 11033caeb9577a569cd716450ff9cdff
SHA1 5c7e7455e805c5db3e6b72f5bc5d24c2c629f5fd
SHA256 2097e26eee03a26a857fdfdf1c528159e5a9249284aac059d86dd92bd1843b96
SHA512 8fe218f09bc9929c715a21ad2483fc5c457426de390bd0e8f140b46e49e3482782b8b1e39eb2414484b83390397a25064170273fd3bec2d480b949030bddd0b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 01902b822231643ca127fa6fab68e7b4
SHA1 02ba0697e1278238ea88f21948daf4100423c534
SHA256 f84536d5b6d4496b52a4a3f647bd5b313e7a213d39e3266ddb562827579cba2e
SHA512 2f21cf81897468643dda1aba658240ba13a3d858ca5b412a6f6068107dad8717afdbe91c1a053e12c037e172b83e4b1b56888c1e30c157651b26f873f1e5f954

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 208de0b3a7c2b121f7d08c02e26f0b49
SHA1 b0102d0c973fb3ee7048c96193a26c1c5ef2acf1
SHA256 09888624af65a29fe9e319a630c5991b47f005f959868cccda67344e76ed2835
SHA512 bafa72a42097cb24b9c590cc156b1907e548861612521273254959bc2830ce4747ebbe5f8b53b2a97821b566e30ee98a672d404d494eb867bc1c8fdc3675218e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 48940896ba43b2e557343a6fc32318a6
SHA1 bf8a88d1c3e2fa4c882c299a9424fdff41ef9b9d
SHA256 e8441e88e3e33d8dbfaa6f8e718d58253e32f88c83c649de19c1bc3d36152021
SHA512 94ab53b16e22c3bd82e015fadc31d1f4877612559552fa04b87f473c7937cf819bab120dc12d6d2848d4597822c49b4a4586adc15ae1bee29e161552d4e1a2e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 736d9277ab02a3a8c099c44f7e0e03e6
SHA1 1eb0fe2f0b1c949b73c14e4ab401d1a13690327b
SHA256 8ad2df4912ba4fec336b41ae644e7fb1ec010e95a720d98a8cb6aacda2aaaf77
SHA512 57d31cb297207d47981f23f324eb4c8d6a1beb3c1d5732538ed9a0e90babed96eb6b67938d2dee5f0a52d03f6f877b151e623ab5c588af9a0dacb3e808ac45c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 5a732b5b44adb74fdf4f020e17b32c57
SHA1 7823dc316f3cf1a85fa5d56ef7ce07fa22e1d71c
SHA256 8b3cfb4c0b9ef59e0e53b7d961e8117c2aae22206f43b06d5dd59a6c8adf7346
SHA512 fa982670c0bd23a15e6ff670d26ecf984ea6a04bdce4d05fb0ce7c455ff3abe9f738ae21e43ce272168351c9c0295415cc0e842b3c303a6a61915b18dc5d72b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 2ac9363472b820a74e66a0fdc8013066
SHA1 1a3fb44feb1170986b8cc996ab55ce873e895732
SHA256 c8c2c037e024dfdd4e4dd34212bd623cd41404c6d27041b2b691324db59787ef
SHA512 c2db9547bf6e638372c0accc460daa8345066843e8c81e913b4fb123747c7437d20189755ad93ce8d5e1fe870ffe36a99e520d5dbe03ed64f123149f58f391a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 57f0c1d2e9dffcd42b77ed5330312c25
SHA1 8aafaf27d3d9601860fc8d8f89583e48373318b6
SHA256 c68c6965f21d5fdd3bbd418a2b002486877a2b30162a9995cd6c0fbdf6ef7a61
SHA512 ec63c5a09341cf3d936a64a31736e135c81c3878f0bca8a301e08719a85795003e85168337ce4e2ca6a3ac3c63f8e58493f6fe7d5fa40cc861a3b9f91b2a2ffd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 b669a7157d1c3241a67822adbb0039dc
SHA1 f599f9ae2ced4eea61116bc91c84c0daa18f935c
SHA256 24bed6699ac41603bf45b3b863a1960c65e01b0f4a23b7a5f65a7e0287e02b93
SHA512 46fccc7cda32b2f91ea0c05790109791e817530d2b98214574d690f6e16f638cd528186af56fb3a1e1146b6cede03030dd4bb6d3919e4300a6467f52a6fa42e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 ef6ca8e5c7c86f11d1d47f6ca8604185
SHA1 97e771ed85ec28312c8e6c6628382c802b79d9f3
SHA256 5299b6216059d817dbe3b35aa0223bd4f26580921ff648ff061cb4826f7a3772
SHA512 c6b4d310c9d4696c15cf8191c19c20f35c243d85a3e82251bcc4a117f9404ae94b6ad110ecc1518d952617a04b9575fc910e54d4d1a902baff93cd8ff9f22a77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 fe2b4dfe7bf65532e8c232294dbf4b41
SHA1 cdbdc86ad4e5e8faf62516d6a51828258331a7a7
SHA256 17e47dfb83f8839db355d4edc725b3ba793a0f93efa0da0546af3ee53b11dcd6
SHA512 a22b5f1e834d1c7589c6d0e8b449f41c53e87954075be3003251d7a7e4d20e1d3dc23570cb846e4b02e983a62bb2970fce9863e556c7836caa7eecc6edfdfd7e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 afe0d1582f9c59ca55edfb32735e4cce
SHA1 626f8b4d8ca1dbea3625d213d430d21003e49a40
SHA256 b0ea40603667802505ff49702a2f9565864ddf976f5c6a7a9a98e29260ed90b8
SHA512 12bb44f83817cfd3e488520e7a290607b4b694febebe0885ad555d8fe5a4183322b2374b1907c4bcf94546b7f0305087d11fcca74878bc07fd005b72a4338861

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 8f40e69c0d24b16e431f746d18c2d15e
SHA1 c6ad22ce548ad6316c0fa4bff654cc57f0d4cbf9
SHA256 7db52bb36766aba3b5ca795ac956a31e064a06322be5861f40cd99692cc270d0
SHA512 8e94d9773e4dcab5c6a0c6ba406ebea0effe97a3a74bb7aafa89455b0ea0fcb862c68bfb78c1be53603614b360a334a439356537f3c9755437a649605bb8c42c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 738d5e8f3f54d5f699e78abef78ecd74
SHA1 a752ec36a39109fcc183d0574c95874872af1303
SHA256 3ecb95c1af724c801cb2f3d914fa7fc0dcdd909fd304fbb70d131bd9210dc1d3
SHA512 062188f829aed7279f14fe9ed41b6a3af5b3472446f559f90da7941e8f9a6eb951b4e22147a9dc069486e9f95e37ee35f45817430301916edb235beafcda5d0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ace2fc946c21c16003ff5fcb1d0ac1cb
SHA1 ddb3b2d78b7dceffae2b8b6d24243f5c4d58ada6
SHA256 57414850ca9d258f4eaa034557838dd9134bce2016c7f7847049b0bd53cfc11e
SHA512 06e50d42c3c96ae23420921ebbdf9eaeb0ea135f68422aa4c8886c0011e4c037a30e9cd776ba18afdb79848c7ba781ffba128a576950c8d408943fd7cf6bcdef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 a0d0d21bf0b05f1133220df787f77cd1
SHA1 3ae916d954ca9e9edb8b3b1877cb320caa50b06e
SHA256 2fb4ff2239c9d4b142c2b66c632d88a41e9554cb5bc8f1a245882c4686989578
SHA512 b4922ed8af82459542d5ac83c7e264af361ba7990fa44d4642f6562500f5208c059bad9730668f2be8032f57fcadc851eff1116061ba4db5117b370678297bae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 7525b625f68016d05220d2022ee1bed2
SHA1 aa3956cd35c99bfe6dee5cb90576dbbaa24683cd
SHA256 c8a862e8f459e70d92ba1a9fd45a1f8f17917a450dcba7059be486c14b51e984
SHA512 067a05129cb886abbf39a644811b484fbf33a341f7c8acddfc3aac1e869f8f09b9e1eb055d20e61b7e3c129e31259ecf3e02b239f0bcf05207a08974a9418743

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 50796f7db170be8c7228ad9afe86c4e6
SHA1 d299887be98233fb49d29560904b2fc9bc9e0f41
SHA256 441baccf55b265cda3b1890d80710e4d5f164db366f763929cab14e5ce18fa79
SHA512 dca7b95c1e4feeb51bdea09b2ed3bfc1c36d0a24942531043e9eb7e0eb9892aef13e1e554b7e9af79ece194d033bfa2965a2cc0f3b4f16fd9e257659580c6939

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 0475d3a01c163cb6fd6f6d6d2bae944b
SHA1 94d3862836362225c2c1aee0bdaa59c94bd39a25
SHA256 6b4340553e1a9070f94a4becdebeb3016ee7aa0a74db30bc46acc2da7ba55466
SHA512 78c8437f76abb7531debbfc634dc119aa532162eb10efa06c567287fb84246867eeadc892b148a6a1bea06de2117f7c37c4a77c8e31df5c8340927157169e4ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 a6926840f590a909b084a1a8d02b9256
SHA1 e4c097d72d51202eceb414a344644c8d90d966d9
SHA256 db77731fffe53a2961e976a8b9a463b29998c243648da8349ce098bdd8635625
SHA512 da80893e100798ef51a07ab3f3a8455508d9ee7ecf59b729cd945ec0aa82931a8b0227d6eb3437721b84225fd3354bc56ea989748313f6b15a45dbcaecaacb47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 69b6d2ad6c4daa2ed21198224a37be5b
SHA1 2326f4be3af23e3503dd056d5e866c1adeca768e
SHA256 e039a34aaab9194050b4828e9a5f2713a4b078bffed66a56a09663ee9e1d5544
SHA512 20baba0abbb8e390576dec02b74d464f28ebf7a0382c929dddf43b6a0a1b09ef586802a0258517b185a75f5cfe89cfcf604cebf7cc504d9573a9ce3e30897848

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 94f23cd41518b85b451e30f573cb2877
SHA1 60442f5667a9ac10a87ac2d5526608f3af7fcccb
SHA256 d1860940f2672f8ee9df1526247dbef8eb58b7ab2c3489b438fb8225971c0e64
SHA512 35c9e2eaf5a3fd420b0f5a85262a92b40717a0b4f3d5e1b6083fb9da8f77fe1b0f3ba1017fb6bcacbeb80b435098afda82d176e3367d99ac106417e2523abfa1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 0327cde4692178cb9ea747b71564a4fd
SHA1 329ea497453277535451bcafeaa399fc0da595bb
SHA256 d7b55732121abf6b7602e85bd50b74ba3641a76a768b1215010bc62552e0ecd1
SHA512 8a6c39ead090bac619ff5a7b511841301ffd0d97b64e54f7ef24e2fe4f61e0470dddc7ac984da68b7ab20c6831ca225d30513a606072e6249c0819dd8baf759f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 44130a125e3cf7efa7572831bc0946bc
SHA1 455d0833bacea948592fd0bd1a05b2b2d3f6e4fb
SHA256 3fe90f27a2f44cd7d9dd96d35c68204757cb496fd76bc90f3b0290cf40f3e2d0
SHA512 9dfa6a37bf367177fe2cf6383281ce8115f19d44806fe4e578f8be4e7d85e4ff91b8198151edaf564f316623d430b5259fd53027a1c0a98f45b56aa47b70d9e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 f08bc94fd429fdf68e7745a28bca344f
SHA1 bb999041afa2aa254d9197f2643ef47056f1b531
SHA256 7439ff9252ac211805769290e2e674f69016cf71f0f10c6a3e8865c42e517db1
SHA512 8c25a9de7d697e85cc1b2aadf9ad7ab8297c169d29c6a7949c6249da5d8ef9e05253497ceafeaa42432272f86e70f11a6e46737f60f41474b7a38be4b0fccf13

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 87545ff0f541ccff91dbaffbb35b41d0
SHA1 3f1053c860ea5d5e3c2f6a4d7ee99074d2c0bcab
SHA256 8ce773dd8cfd0cf2952088cd295dd1444734deaeb1f537d69b15a6f1e744f580
SHA512 6d07f7914230638b6f9aa6c4283f54d5f0073ec377042727d04901e25542393d070dc7ab8bc7c53f2140179662674a2fb5929bbe308bb8ac94e4e699fd82d637

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 c54e6516d60774c41bf33632d856785d
SHA1 6e8e7ca0cbc7d04de2da757916c2fd30d275ef6d
SHA256 bedf996371059475314609fcfaa204b7a3c04948ef23fc10068afb3f05b4b65b
SHA512 f194070a4798703b46b89472d3ba5180e170e54fa3bf5f6e9fb9efbf7838c3bc38deb691041771b555b543a81c37f39f4e6f5a2d902d7ee4e20e252787892772

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 ff914c132a9765885a9e02fd90b931ff
SHA1 83ca3993b16d708be226965730c7b27d269d88e8
SHA256 3f9f5b4f8a25ac8ec65cb2840b37db4ec47be54a377f197ea4d64576ca6bd8ca
SHA512 6d489256ec936734f117d47fd2fb9cbe108a8613502b521f34c5f5c2b3eccf3e0f3fc884235037dd2cfbf3ff27f59b266cb23ea3777d0c16affee3ed1fa0f035

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 26bad873faf1b871c033bc9a96ee11e4
SHA1 e34ed73d06b874b1cbd43285dfb01765c68419c6
SHA256 7a70e2e3c717bca7a8500a486faff2bd037bfc00b3af9f960bddd938c191e0b4
SHA512 a948342625dfc0944c59a936cb743493e7028da557e3f8263a81c6e32d63d1dee124294c202afe924562f68216cbf40a73802c29f75a46b76b4ba86c4a00a281

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 d7e7a719a8e24f172dbeffa06a190c30
SHA1 14192f875a04bc2453e4ce89b04710076810fea5
SHA256 f18a20671986b7448e82c69504d67ff80c2d24b39effffdd1547913f72247888
SHA512 90d45d67904bf8aa67d77eee718711ecfc90afc5b9ea91f744c59a800a073ef114f8dba41edbb3e5dcf40d7e8efe176d780ddd8857a82a687ddbb865eeed0d1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 d7b83fbb366ddb9f74602a00a3d0cc6a
SHA1 7921a966f9ac06275f94606c72c0aa9477ee5d9e
SHA256 77e9ff49264b0122605f991feb005bb76adcc29814c5377d9ad8c58d1a660e90
SHA512 e0bad0cdd667d7202077026b8ae6405a2b799c8b315d694e469d8198199b8d19b6b300426de6c1af8d45fb11d7367ee10c302ab889a252029bf3e0e233ed276e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 26d4dedaee75438fb2d2fe1d247e9345
SHA1 3b741dc207a6c46a699a8745c67d034ca2a28a51
SHA256 f6f96f412a6d8ddb03b82d0caa84747b8b777cda968c2e4b2d1915cd81eaf5b4
SHA512 ba84ff061283df7eaf4648dded6007fa4324d80cdded465feb6aa42fbfa15c7992307327cc961ea6f502133b5bbd99c7ca7bf92d43d311cbc43e00605a29745b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d8d036fa9ef16752c713e35f5e5871a0
SHA1 9ea852179888ab56f97c2ee849d32d312053bce6
SHA256 dbc438ca67d262360bfc8712b7cd69150494ca21408b8ab15fa879b86af48200
SHA512 406009b492ecef65f07b1d9722cccd9fed3d23ceb3ac61463cc98143bdac7f0c154035e6bd5ade4d55c960a3fa63fae9c42c6705fc5639cb66da08b1c80c8899

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 b54f773e4444d7c9169947ede8750a4a
SHA1 191ef35642aa870ade3bfdb122509e4cbe66702f
SHA256 dab1dfd88e39fae75c40c6c08fbb06ec001b2ad91a3ea06741659ba1858cacbf
SHA512 f62da12d288dfe3a326d4e6e099f4fa564e827f4a527ea1796128a77fc91f5c0792a2f6bac2c21e033f0f976817a05e779374093f33bf7a7412278fc088bd3e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 995cb25640d37f92b8c3606bfaa3b5e8
SHA1 a6fc80678446b15a62128269067962b1f6de57ee
SHA256 9634ce4feb46711164e5576a3c1d6381e6385799b75e254e0a4ac62d0ffda091
SHA512 7f39a94eb3d5bbc8e17c1ab8bd94924cbff13685a827c48a625d685a8e150b9f08cf3b320786f7efd67b3a4c979a1f75c5844c3366bf781612317522b03bd874

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f6fda4cb190f4ac4ab2b5525bb1d94bf
SHA1 af32d2c897f4cf6c6718b889d090eb620c441654
SHA256 dbfe259772dd54e31e97b79d2a7db9d7b41f8605016077dcfa2ce162ccf67423
SHA512 39efc74f12a243b92441c896b52a8b68802dfd220d6a067d054f62f6c145050f0e753e47fa982a88d2a217a626db53978c3ea0bc0e0ae4f189509c2950a96284

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 1600a40472815d6dd83242a6c65808f4
SHA1 43a6960e29e7eee0cfc50d992f9d0e22d4f93609
SHA256 2e7fe4ebeaa07479cf6f5cd8ae7e8d668a660929a60c12dbf74dd8fc9150cb71
SHA512 860590433a76422af37849276755016a3cc5528e86ed2c8552fd66380c754f3791c59c732a5fbfb74e43fac632f23f82973d7a0bdf759e0e3762d3446b8a1c49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 503e7746d715ad64ef1f8c02685de687
SHA1 018a39ec07a995e5aab9c6aaf2d2a547f7f96a80
SHA256 b3cde8261a8b1144dfba62a13b53db75706927f0c8543c765ec6372954ae444a
SHA512 579a0450a7b380d32c072e7cad88613c913068274495ccb34a316210f7e3131e480c2541b0487ade42793a6665da0a6514a759fbb5ec06db44857910d43523f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 fd16bfdfc3f011ff41455d9fe6723732
SHA1 ac437bb579263a60f010b57b891481aca864023d
SHA256 513c5af4a335e5f40dc46df8a8db403cb7b958f9800156ee870d00d2ce9da2df
SHA512 a67e5ca3e32bf6a1492b863eb53795e64b2501d64cde9e9f54e19bc1705ad97d0ff04538b03246c40dbd4bbb32917d5fd3523257be0ac5940721fae891c47e10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 6ca3041ed3e7f4e2ea1ff32dc13f0e16
SHA1 3ad6c72bc7410657983bdd036545ef705419d765
SHA256 1f5132c8886aa9dd43f1fce7a9aec89d117ae1077010df52b3adc43ae94091d7
SHA512 8361ca578c404796bb676e3b905a83efbf8bf596e102df17d3de13a6c379e309cbe788b7e03d5702d46d5ff507a25be21c9e521902d666be5d8d89e77fac7f0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 e4186daaba22bfa478dc51a9a160b5a5
SHA1 e5962f35adad84da9c3bf7237e635c72af6b6e4c
SHA256 49ec688c48c3ef28bed9660de39f64c3663fb62af7a849a40e78762b86ed0e09
SHA512 449150afb19871f2ad7524933e7d28cbdecab6bfcfbe1743d73a9ffd20fefa130031d591b7aa845519f7e48cc125ef95dd40ee7cbc4b7de923d902fbc0a2d373

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 d92321254ccdba68458180940c8bd3cd
SHA1 8d26fe3829ec31c00ce2a09d9a9a3e85f8a3b3eb
SHA256 a98a6375b9f5f1593ab590cc7d20c55453ecab8fc08fdf5ad4b240a2856dda5b
SHA512 9bf9d1684bda3baa0bd9848d0466a7c505a606c7552f7a5e4fe14331c954a2593614c6e3dd8119d93bcf837f129b56c947a602dff8472d43bd5a47abadff1e7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 1715b76a1f99acc23638924078a25f37
SHA1 bbae72b14eea92a66870428d0c6cacb2872ad1c9
SHA256 f17ae9b09c89b493034d02aaad4726834efdb91c14e8582f2950bd7a2c17b056
SHA512 a6a5cb7a53cd1e394a7b324909f21ef663e9282be6f533449a7766136abe33791696d6838985c8445d8ca48bdc5ed3563b612cf20bb0c372e47f3b2aaa30d4ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 19cb483fa74c8d56e0ee06c8b8379d59
SHA1 fd444693c5766aaa8e1fd04da78dfea691dc55e2
SHA256 55b86800dfcdb8a458ceec95ce92f2c633e45282dd0dba81c2716ad7b24b6dd3
SHA512 9840feccd5885d84c6eb23d3c30a69a62c422d5cb6e5ed12ffd88030fb753b2563d355fc92a02b32aaaa492ffc65afc3e9d8bfe18412301472dc1abb831d1ff0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 ff9d48a5852dc7119047d5463058911f
SHA1 a66711e67e693d5ac8d9faa56f028a0b71aff100
SHA256 cdc388bafee9575c6441046d276ea009ad5899235a8505b1a8d87dc4b86d88ff
SHA512 9a4f2eab06a3b4511d8f6000ecf560d903a221c822b08a719305598b5e5b8b779ea195d85370d1058653a2af3f35e05363d1231f9a2e6ba95594f04c627db0ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 fab24f0196b783052b835cfac43467e4
SHA1 653f6ebfa2a91065971c52c2840d11cc1e438398
SHA256 ec3e386fb2a85ac7257e05c60f8d3ce84d9a30b2dc4789c2e6631b9e81fc0339
SHA512 67601d1d56728ec1927c6dcfd27a387bbb88fef3f41addfca1336049dd3714328aeb3820d650d9844a29393fb064cedda2d2ab009d97bc748951fb841f80d068

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 660dfce18e3553d4eb0fe9a9c742b8c7
SHA1 0541bcc091e513bf63f66d22f1138a01c8923ee9
SHA256 69503202b210f7d17625ad2149d6a355169dc484cc984f07bd226ad89cc8c6fa
SHA512 fe25639d25ab84ec4e90d30439a28c3105b1b5d6c75f0344c7409324e247901d95e1f13d1ca5eb9436e4c794dd7330334de1e5de666e1d82c880ad2e963328b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 0640d2f3ef7cf477eacb4235cfc8c6fb
SHA1 79f0eb28fc40a0bd73e787843604d11beda1cb7b
SHA256 e739a77b184d82b16517ce2538e63f4864922c5157840a4b2af5f5bbcd163e2c
SHA512 cb1b01bf8071d199aff34b05837ee723906c56e48afefa86622a8a5f5899ada5257e1e1ec5f80ec6038910d5ed86af4ba3b7c3f2b7730660eb1f62e5de46a95b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 0bb6eefa3954c4ab5d9c7996923dd970
SHA1 4a3c88791c7f38f9e8f8af618df48f426c8e8d5b
SHA256 27cec81cd638fb47fac81fccbf21ae4e22ad616d04a96c9870db8d3685cdf105
SHA512 3fabc5fd9f17de06dc6e33212f41ceb1329c46937eac7a22b17f8ccb12940c0d3ecd0ff8bdaa402f0da487333bf558bf2acb356f1eb9da021753e39fff7d964b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f225ddc9638a2d1b11a53e9e98021448
SHA1 b73906332a22763085fb4bb15dddf5d74586b595
SHA256 aa25b8b874b0c1bdcf854592d82fae4469809d20a8e61db490fff1ced0bab912
SHA512 ae93ee0bec8a4d607009f1e33ea79c7684387fea481566787f64623d4cb082e0a4aed87dfc820ec2be3c6ba44a1e89d6c79fdd942e924e76012d009e8ce32734

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 0f1965d16a525b3e8d944181917296ee
SHA1 ed17a1be61349f36fb0a163a0538a04fc914aea2
SHA256 997bd3d613a978ea70bd9bcd155ba68afaedc1605eb5f8facb6b2e3eb49fee82
SHA512 6e111e13ea4ad321e230df174930fa997876a5541e610d7863ddca0c9549a3204e96ce15bc8623135e7abde789497b2e8c8b9779d239d1eea378e4737dbd2d9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 b0150f58ac7302df844f5adace0e701f
SHA1 baed9bf1c8a7422b539dfc26148bc4c1ec6b02df
SHA256 69af0f20971a938bc479a93278a00d2032053ebcea78d8236e784a12f4cb97f0
SHA512 08cb20a4b010f6abab23a21056ca74007f95f15e78aac959b292dea5556504991088862523f8478ceb73c2ecfd6fe9cc1d733de438f86b1f38bc2e92b3405659

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 4dbb5a129a0e5065c435415b8f6b92ae
SHA1 7d85a63151e3d0bcd52bfdf91fb318c2e1f2aa81
SHA256 0a93380b9e06aa5bba122345213afd6a4732361827450ec5edee221cb2945f3b
SHA512 88f9e02437b8c2784b36d0bd25ecbc4dec7ff4908296e29114b7d27de5b924852dd172172a1dbd637a39caa8ab56a416789de7483a8426a2e219e837c8ac4c11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 392dde70a6a2f09030a1b157c1b58896
SHA1 20dce5a5a993bd094ead12005824eb2fa87b958f
SHA256 0af42ce7f7f212535db72956833f076bef63482321f4a9c03b965594e0ab23b8
SHA512 0108ffc34450a8ef27fb3e1711ba9d123c3cd056e7951fb30a7e58d6d26bc2fdc5432c8037732e7d70da9f95adadb3d1b4dd461e8fed2a742c6fc24e1e7ef61d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a98afb980e56b2a55d58dc8d13d83af5
SHA1 8fc9e2b80a5254ce0bf191c29e394d770586d4f4
SHA256 d13bb032c4cfc14225804e142f649e8827c7259f1bccaecc2939088c9aceeed2
SHA512 030d83f02e5bcd1ba231bdffd7456c5e6bf743b7683816d5813940df979c452053f45509d5f8330d54fa675c10f6a6c92cc33d5b90c547fe14158e8f156a0764

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a69c53ff5b46f4a774e4b1abcf3b5c2f
SHA1 d6cd5b92e0ea256fbe9443db7577001a63189944
SHA256 99b9e0b47301203215de76531b67bac8f0555a2c4d60346d4c80bfac189c602b
SHA512 df3a07109ddd9c921e94fb22a7410b3163aa0cc74207d14ae8d0d39ba98406ae8525c46990701b04b69259835eb7f6babcd20922858cc0a203b07dc963031389

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 1f6610718bb7c4c12208478af70b8313
SHA1 7469149a60f41fb362d4b06d136be6f06e3b077b
SHA256 c763525e208cea91cd8cc8803ee0756b51455c2648f4a19dd11bfc20ceaf6e94
SHA512 666bed9ea6c8fe7e783b77aa26cccc957b61ab0728fb11992e625d79e3f5a9fdb3fe9aea67d43ea55c31c08bdb7461761cb62fd18620e6c44059c66db64b3595

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 958ea0e3c3e4d9d1d0b14347588ad087
SHA1 3cac504e31e2873705bdf0ce0d2a037a3f842195
SHA256 7b834141748e5b88b22e7481b2a02058875a3e784e20f773e04c676ac88223cb
SHA512 84cad66f93a1fe6464b40afd3f6a5be62342e123e43e85cda773a8362594a7c6d0395eaed80fe3ef9c7e2aa807d4bb9539c273ea2aafb2266239e3ef97dd982d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 215a0341a30a24fe9212d079a9b771f6
SHA1 9f3b1f436d9dec24586ea21eb8104d4619107e64
SHA256 abb6067afa90ff3508cabd61f9ca121d0f9c90507fab1b76d10f6331999d5e12
SHA512 dacd58c8c6736618e535e38d2e7161ffa010263fc1431626abab931623a5b203a1a0540afb0ef30bec06d88d3693d5602fe6f798b77100c24c0a80495e4a19ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a5b2a9795e86ed6a3d1e0609abd402af
SHA1 c4c26660daf86eb2fa74af68fde94acefcac13cc
SHA256 a7c8a59ea1a7b08496b9214a33c28177f6f7c7e9749fbf0660527f72382f443c
SHA512 45d8c2f92a62eabc76f5bb30da5b36ada7ad2374aa0971ec38b87488e9fa986ee1b61c18998015775df88048bf673e94fe74dca3a1cefa8e4ca6a9817a79c513

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5cf7971f5124a38214350c465cd3aace
SHA1 cd4e0f6ff4e19d2475b303d8f9c5a186237b8af4
SHA256 076acf7238d73824dbe55ab10e2ff8916a4e03c5205f46e59905524fa1650641
SHA512 735fe04c4e0d436e36255b5f399f66db807d280d627e55ec931da7f022136b3f6cc8ea56102e46a674baf0d2b6844409bc06edb092128cc43f91bc4ddf89ef1f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 9a21d6541be97f6ae6b0ddbf5a39fe88
SHA1 500855f31b919d5f10b46b2a3807c022e147b9ef
SHA256 5b6af7e20b6b90c44413900234e9ebb461679e9017c2b52f2f063c416bfbb96d
SHA512 eda142a3042cec239453f653f92d3a9131ef1de39a6fcca641a6480c92e1a056f2fd47d3c89ca2892fdbf3558425917b3746b25056cb77bad71eb80c547e5c07

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fb15ada5b4f7cd0bcc8d0af4d0d7ef7b
SHA1 253aaf914b4c6a5219e7ba6575731d6358cad098
SHA256 c43e561058463f7264a3859e4a700bedef54dec862ac1d264082736d6327d933
SHA512 fe1c7ebe96a5d65cc25c3fd2ae4ab311115c076c770cad3cd9cc25e9f7b294fc4ca4b2d7481f4516cc6b76be0b7ed71059be07694a4506f9665ef7dd41ee1867

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 15d544996cb9c3a47615f5de052ed8ff
SHA1 33e535373ccd36515bf12e566df82c477e413db7
SHA256 b4e2bcce0b715f490ad5977f0bcffafebc9c1558c42a6577d2baa074498ffdcf
SHA512 4a66a869ca1fac68aab8730f2bc559468db138204a4dfdc1be760960fe5d5a1fb755ffdde9510f748820b9878ddbe54be3c56365191a3cd7d4e374ba5cf4c846

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7601755b5dc9a5fdd884aaf45b1153d5
SHA1 98cda7b989d5807347f654ad8cea8761531b5b7d
SHA256 0c05e957dd1849724941a1e1e19b200de91dffae39a65eac2ee5a2da648646fd
SHA512 29504f0c4cfd106625367d401ebce2238b2e7083546e667627dac42bc3b41ed326f5389ad2137821a62fe02fcffeccf856515cfeb6f4eabd05196c36393db477

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 722240bab399566bc270306f9df8600b
SHA1 9132894ed87ceda4a1f66e6d89ee502d57bdfb08
SHA256 2c2636a6c3c53631a37e5aee914478ac6a224187ac6d48be5a9b9baa7c6e5fcd
SHA512 fe79a9826ded6be6ed8d848884dbe46b7402567794159b8112a549ff6a59869afd5ea19d7cf5a39b8423bc3ca57d31ad6f2a5ca4f72acaac7dfb60b8f9e627de

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 567ba6759c00c7773e2a2423da61089e
SHA1 cf4272372a4c1337abd399f17f051f9b6e20d846
SHA256 83a5ca5ac43f9ccd9c705802d8134cdb31f6095a903d4b7b03381279c0c542ba
SHA512 cd13dbbb01b5468a0634f1bd406fe65643dde862259d7008433894275d64da1985c9bea6f69656611a17e5cba0694e336be84bf43ede1ea1a38ee0f78454aca2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 fd41b5253c55d14fd75253b1e2639e88
SHA1 9fe76ee44322b2ab4908ba50a286fa3baf2b27fc
SHA256 03d00a628dbbe8a63f9948ecc618928cdc37fe818b9b2208fafc6cee31e191d7
SHA512 4a8d49245bb7dc3b86ee52bb0ec9fd4435150d44700e94d650f574a77857a91f4af95d734ccb3bbbfc54fadd0c0bd76960599213441bbb3e57daeb3cc26794b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 171a23b90edbbbc9781182967397e2c6
SHA1 5b0f85aa42410d06e375888ede0c335deb8f2c7b
SHA256 7bc1e27c44ed401fddf1b63799e45107c830ba8bf39d0eb953614a0c4991b47e
SHA512 16fa5d38732019292a329ced8b136f30b482c449fd2c28b8519dbd848d12bef66cc5abf6e8f30c1c65f9fa86447a41a92e10d6c6e04ac7631e8997f1acadbf68

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 80fd59f8c4eea72d54b11547efc6fd88
SHA1 21149de9c5e9b6187de1a66b7de1c8670ad0904c
SHA256 7094c18efe63460741857977ee74b454a0d7eb7238d9f1761a9880f9313cabd0
SHA512 dab9abebae58b1e55e6b083cc0d471cf07e57fbad7f033a5bf62796d5921c1fa0d8d3ca863c12983c7fdbd00a4681eed6b9dd08de79bbf9e914cc2d8b49fc300

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 699f2fe8a792fa2ab89e49233d47875c
SHA1 ddb5d48ccfca7b02203038c68db3e3e50d66d655
SHA256 9477a12bc94c0e94a243db6d5de6328d3112759ce45b10ff7ac34ab0fb67441f
SHA512 3e2d15ec534cf8e1e4ce2c7a4ee01b0e7c18b6f6ce0901e59aaef3ff9bcdc70516f25672007e919464c7285a47efbe2c8a25bf3538f9ce0645ad53233a4e8804

memory/2104-8821-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-8820-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-9053-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-9055-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-05 07:44

Reported

2024-12-05 07:47

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2175) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smrvolume.inf_amd64_1d430c5b72323a1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\10.jpg C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_05.jpg C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-200.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-200.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-336.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_LRG.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\69.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Snooze.scale-80.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\weather_2_travel.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Windows Media Player\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Microsoft Office 15\ClientX64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_06.jpg C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_29613301342ded65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1266_none_ab5bdb26141e0be5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\tsfileicon.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_ndisimplatformmp.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4678d79cd71162cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..factory-handler-dll_31bf3856ad364e35_10.0.19041.746_none_495490621a6eb2e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recoverycenter-core_31bf3856ad364e35_10.0.19041.423_none_e8f843a4b932ca2f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-200.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_10.0.19041.746_none_ff7e6acf5d4db486\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ation-mfmediaengine_31bf3856ad364e35_10.0.19041.1_none_c09ad1a240667a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.117_none_5e3309e281dbf6f3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\500-19.htm C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-voiceactivation-hw_31bf3856ad364e35_10.0.19041.746_none_42bb68bd810a9055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_dc22c8f6a2b16b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\StoreLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvpcivsp.inf_31bf3856ad364e35_10.0.19041.207_none_e90623c3f0674d4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_it-it_bd0959d543d529fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.84_none_04b8b1491897f94f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_44060f38c5cef92a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_es-es_9961d6a5ff7c79f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-telephony-phoneutil_31bf3856ad364e35_10.0.19041.746_none_bf1f8947412bf622\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-terminalmanager_31bf3856ad364e35_10.0.19041.746_none_dc766e62362ad6fb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-serverrdsh-license_31bf3856ad364e35_10.0.19041.1_none_5d5ebb89cb30b1ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-perceptiondevice-dll_31bf3856ad364e35_10.0.19041.1_none_51b0f1e38713aa1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-idctrls_31bf3856ad364e35_10.0.19041.746_none_809411394bf77629\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime_b03f5f7f11d50a3a_4.0.15805.0_none_9472c4c85467e5d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ntprint4.inf_31bf3856ad364e35_10.0.19041.1_none_003f1b632195ba8c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..ofile-cim.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e97f718823ac7675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Routing.Resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ApplicationGuard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ratorcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_af404de46a9398e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-themecpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_a61ab00c3295f3fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_de-de_996a620ae260fbb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..cknotifications-adm_31bf3856ad364e35_10.0.19041.1_none_41bf6d8cc2a455b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-machinelearning_31bf3856ad364e35_10.0.19041.264_none_de9177187385f109\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_de-de_b782f28207a4635f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_dual_prnms003.inf_31bf3856ad364e35_10.0.19041.1202_none_8b568f04f79b359a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_cc50c0457cadcfd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.1_none_6851b34c2f697a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1202_none_f4d88755d85c332f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.19041.1_none_ab1cdb679f059ace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_10.0.19041.1_none_2f6d9cccfb410134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_ec940f9ab15de0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_10.0.19041.1_es-es_3f352b467a8508ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cameracaptureui_31bf3856ad364e35_10.0.19041.746_none_560e4247164f8aa7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_pt-br_35e66098dcc078f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..lter-mgmt.resources_31bf3856ad364e35_10.0.19041.1_de-de_26ed3b4fbc1ceda4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_it-it_45d91336ac06fddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1_es-es_17643393191b5c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_es-es_18ff78bc4986c4e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_de-de_240f2e28a3f2c5f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_a86a789537648b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_10.0.19041.1_it-it_deb1aded688e56d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.746_none_c44b2d48ea3fab3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.configci.commands.resources_31bf3856ad364e35_10.0.19041.1_it-it_e0e7c3c51cd78f85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5f1f08ae6fdc2272\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe,0" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EGPKZMQGRDBQZSH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KYiWj5yFXd01P6p.exe" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "EGPKZMQGRDBQZSH" C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe

"C:\Users\Admin\AppData\Local\Temp\735dbbfa211a0daae417dd9d9d44490a9053c4b9963923c954528c49366e28d0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/5004-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 b28829aa51a24c0452689df2364c7430
SHA1 1765a7cdd572757ec40616946ec022e75ca77c7e
SHA256 b0ab3473bb61bf150b9112814c51895be2cdc6284a1a0f9e8c04ab62367755a6
SHA512 57e6c8f60dbe1c0e2124f918bff16c5b9809be0163cc646f86336f612fc087e70f300e3c80bc3ce2f81c00037cf1bf47ac24f2172110e1b20cb104a645f1caff

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 c41678dd684bf06e53a6245b53968128
SHA1 2a027bf562fec840a1254e9ba4c48029ac7879ba
SHA256 8b46f27c26058882537eb34553d3d54c7a8c31c960286c16c95b6d90fa81aeee
SHA512 31016a9419edd42cc14d1f4e002380ac65c6d686e62ded7ad1e61dd507ef81930ccd2946f3bb54d0b2de16722e6b707043cc7fa8cc4f7b9aba93ad0f6c92de9d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1dcfc3fa961184bb7a78e0cfcf1f0e87
SHA1 7e89cc6f800cb7365a4162f78652c33e0ffa0be7
SHA256 c5a87dd949287ac9a6752ecd5cc43ce6fcac11a2a5b91a7cd24c828cd41bbb8e
SHA512 e128a2838de2283cadd59a8445acf17f909818502817be2ed94db5620942a8e1ea3a16f7ee3dbce6d201798be6aa8dbb543c8946512a2470bb9de1009c8bc2c0

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 cd69f12ff5ab2aae7cbc52fe67348c74
SHA1 b9b745eeb3c0f44b7cba3e374a7750ad83b2d0f8
SHA256 3a6d61b276a3724e929ab2140f4c2fc435ce9f4552840aa857e4c7dbcb562d5d
SHA512 ff4cb13a4af948cc2051091e5b15ab9d0fbf38b1328451eff661117cbc470d4d24bd013800a0a98dedabd81cae14f37cb264dac1cea77952d2915f197b9a2836

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 2b2fb3cbb3c4a44e4fe076e0dfa8d833
SHA1 0f6a768c780998d33e36647b823436608de4ab00
SHA256 824ab515be1c643cf15c4067883a471795e6ec1b15c1b187dc7ed4093018845c
SHA512 cfb5a8b956ec5c37b3787da6a553cd18f4b65a3a1610a2725ba0e92ed2c4dfd84da2da3b923cb62fce54f3fc6c8dd35ca3b432e975de3db9b787069a4eef26bf

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 18deb01769cd0d87038d6b11205dbb00
SHA1 fe8cecd94d6c641b95744429875ce7c5bb370fbe
SHA256 6a762938542548c9ab4feee67a1c661553dbe7f214361e28849f5bfc486136ff
SHA512 84aef2c7b8f9017dbbfd61b79cc6aa359357053b5560bf43cb6a8774b25b0838f75b563482a035725571c1ac3a47d7df9fda001114554e11fb0bce10195ec0e0

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 3e9eb6791a16d9fcbbde27330f810360
SHA1 ffcfa429f3d71274f2e318b15270cbf1a7c61faf
SHA256 756473d5a2641f5e6501ebafcebedbb1eac88361e178b8185888f8940265d1d3
SHA512 ba98461664ec0f20e92056a86c322b1c5cb0ef00046cfc4a64230f74ab9b71474bbc928d356fab322a2c6d7cc96d2067557bdea29b13d0160cca2a6e41e47191

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 e21a69c25feb81b9b909ea133f34bed8
SHA1 c7c99781bce576649a384dbe2c6abc46bb82b07e
SHA256 1682f8400f94640bb31da0ea6ebba53dcc12a0cf1b06283fe87b240ee1814890
SHA512 148e7dab7c5d2228a5fcba47c55a10ad1d211e2608475c64baba9a0aff8e2e6abe3f630935f2b09b22ab63168e510f514fac0f414e9d3885b971ad3b9e355c8d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 0979ec92e3f17b172df8903bb7424211
SHA1 fb1c8aeea1f06598124d4a778d96f444ae4d9e28
SHA256 aa5559c38de91859f0f52a915c5cb7e5034ecaecc7e8577cf6bab50e03a16574
SHA512 aefa34186589417db3925d2461f9615e28f20b5eec7a6c9e380cc682482ed313bf222733ca644dff8f7fc00335b76ef69c63cafb48f634622aebde6efe677057

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 74a6571cec5571c8e23bc258af4af803
SHA1 d2ade6e6f341a975c3138927d44ab584135d707e
SHA256 027c46bee3bb3df267a7bb5e03fabd0af97206db5072466a54f2581c5c58afad
SHA512 14e20ac20330143a1074409e4191674f0f933031c953d72b8cf617b296bba78b92b0d28c831b7cffeea5d4da7cad305af9c21cee2c99601244516897c98e5181

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 41c052088431367430fa2b583b04e008
SHA1 0339347db80eb27d378bc40b6195036a8a46f4ff
SHA256 968bb45bd5519b043a0b691914df11ed3e9e88b581836602da4bccd212feedaa
SHA512 c259eb7f2e342b2ae321141c31f77f83ded3515c4c732f49462be9c94f647a18e5a68a33cd8f5b959213a5c0273c8b31e466afa72e49409d761527593a55644e

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 164f23ca48a11840aeb1c5d1f2f68360
SHA1 b5cf4aea2a363e2f76822a25667798d076274ad7
SHA256 32453cc3a871d7325065688d1f158b820c871adceb7034551f9ee3bb6fc57626
SHA512 9561ed3686784c55ebc6a1b970599c7311e0d0911b0f2724985517dbb62d5946205fbc916c828e8e2eaaba743e115f6152abc9c19d9ed7267e828f169c16254b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 d35bcf86f09ec70e759a1fb71efc60c7
SHA1 83198bc523a13794387737d0062fd92c3a94c782
SHA256 99d29f97a9230f03be8de5f79ff3d96141664abf9478620811635013437674db
SHA512 f7dd9f3d6937dc74a4176a0b3212e4c7e64007cac9f9280b6328c4bb1285443fa5fc326ceb07c6829ef2e0f756b1021755503343a64279b001e2871756d851b2

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 116305eaf305b60931be52ac7012221a
SHA1 5dfc3f783c6823ab0fd240fbf92b8b347cc1e02f
SHA256 88ef31b9a2d40738be672cd58d66a303154aace464a9fa0afba5334d83e0640d
SHA512 66684d982583780bace6a283fafa332dd90b41e09eacdc434d94bf664e20b98ea2519e1bbf7addaffecc45f3eae83a2b77545f458de107ef8e75799eaa6e79de

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 da0899df0fb11c125d3928029344ae00
SHA1 feb609e9bf51cba79370b623e59c32fe1c21adc3
SHA256 0a7886f6cc5dedb8cb57b1d43e1e0950c5b3d53e380e16f1ef2487c9371d9387
SHA512 4f437bc9bf46b2a5fdb597cb31f53216ed8fdd20bd2bfd5d60677ebf4f3b8d7459ed320fd04c8be9a5d3fe1369312242782d304e56e87c89b59b160c9ea0bcc6

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 73c669e39144a92428111637a6919718
SHA1 7744b177d3153a32240180166c7e01b55b30b4e3
SHA256 07addd7103d76b2bccbd40149adb8f69bab18c20032f35fe0614d5ffd4c06b7e
SHA512 577deed428d3099029977b74d8658534221d7efb63725975988876cc16ad6ff8f931305061ae56992e08e96164d99868500013f184e3f965f1bc2b4c5f7bacb4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 37e9a2495c0815f2c345272eb60690c6
SHA1 480bdb98fbe7aed13855b96bbd6ccb51f2c0d2ef
SHA256 62927ec2fe4199fbc4d7c9c5fcee970933b0c9b88d17d3ec7202e09d23679e4f
SHA512 40b420d7e911b6d04bf39ea1c19a312c57a70f0358ca2c5f32dcc6eddec7265436abb19761ae1862d68197cbbfb9aa9333b680c149c84d0a0e37cf8ce71ff290

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 bce3a1ac650bb4c551ee5984de07b67b
SHA1 18a833bcdf04cbdc497950a8e4d5455d50c3cff9
SHA256 741dd73cb736eb6c73dddc8b062bc9856cea0f12e2ea1af16dec3343b429d9b1
SHA512 6b0a6742dd23daa3733d8ede9e2c1ff003e5b2d970bd2812787691329641e868351e09d20b41c4c609e7c02914efebbd0d4b4f402b1bc6aa9678b9b059ecef8c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 9fd515b6401a71b546a0b2e3ebbf95d9
SHA1 7f2d98b4bf362d6110ef7857711f17b2bd12e66b
SHA256 c1899b6d481fb18e82ad975fbc13502b802273a183f852271ab63a0198326230
SHA512 cd27ace2a9cc8ebbeaa68bb09502a50b2381d8ceef57289daae66b108b0ba8da705595ff445ba2e2e6ff4ae3f92a8ca43f88dddea453507276a0b86807dfdc6c

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 7b0928fd776037983263908b7a28bab9
SHA1 c99bdb01cde5281e2b4e0edeae59c6259305e451
SHA256 9f0cb784ef48ad2ce4107b5d052c34d9fc3a3d30a64d3949bd1ec36691236472
SHA512 ac093364743078e35033fa5b373d778110777774ef13151a81e8ca2b7f412961542b6cf2ce704c6062c9f3093ed0d283f1bdd375e04423f68a3ef74950497211

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9bfa586b05c289e4bd89fd6187b97477
SHA1 bd1ac61ea3280670dfbc7e128cd8c960dee92aaa
SHA256 d25afd5673543fe366e41e0fb9266cb19273d69376166c34333b61eb92496e76
SHA512 60b7a6ee279ad5058fcc924fdaa76bf2ca4637e394edfe2ef3ce28f14ae2d051de804ef3fe520a12a0d7a3e9d406843c47a236806e1eda97250acafdf1085f86

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d9d7228d0922be95d9adeb3f24ec0b8c
SHA1 340fac34e7e3816dba960f06f2abc7c4d91d4a81
SHA256 7e63744805dd8462351a5469ba379a2f0ceb9cb9a1ba2577a4f291651348c1db
SHA512 cee4cc64de9e9e761a7510eaec932a512925920ace521da0f8fa63a63bc5b57144b5a4b8dd55adfa5d4f02dc8e518d77e36c676e36029b2712a3094b65fde714

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 ad675e7ed2ec72c1906fa587d53bf14e
SHA1 552d91633c7e11a3bf4fe9403027a8d07d92058b
SHA256 e2f50e63ec1c92168218d56b41897d416cfeb2788698de8c0d984563565f7ce2
SHA512 da7d7f47ce308c0d782e4abd4a036195bfbe9d44566bbc178cce28c534aa87ff69ab920ef2d6549605f4ed92b95533ce627ea85767a9ec832c604668b7f3252a

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b98baaa9d8b46082cb8252b6ddf9363b
SHA1 6b1d0b2dd32ed35f329ff003c02279e8be09456b
SHA256 bd637c9da7d67c080f70258da9c9c6f117ef78dff911fa0d9cf22e2187e7ebee
SHA512 e95964e5ee8a730a883c27108b5f8d3a4490382f6f3128533496c9eb8cd9816eb7b4e0b49f18c36b029b272242e02bf5ba4781ec1bed59a8bf1a0d06e3f9588d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 5f5e88098583ceb0a309edbea0703620
SHA1 4b82a56e707c12356928315436ba215427f07c87
SHA256 72a37a6ea82e1e51898cf8297d7de6a6b4e58a4e22974aee94713cdeb971e158
SHA512 3aa6b4b298579c0dccaee355d06b6a049ea6f575ef1d51cf449d719a328d015fa54d406fb035dbfa27b6fc8b39822c87094177082f4cdf0efac7a2d41c781470

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 dbd61b1f72433181de79284e9f0bbf45
SHA1 bb4d13bc13db34700f75839162c77bc00fe68443
SHA256 6f0dc47ffd443c6bf5d798208d6e8c4497ba4163f3edec5260fc524aea76c56a
SHA512 4adcfc36d7c1c223c2b07a3b75daf512bb35ab8bdb82a2b5108b04687a62200012f66ad1db1019a0f3924576dea30ef31153e0b42e1beaa4e3c8a61e3f5b368a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 4d2dd2df509fdc918746ae3e1d7a83c3
SHA1 348c03eca5fc5fe84a7d309e9030bf7341cd251d
SHA256 ebfe54d0f3cadfacc07641cbb4191cfff81cf04fcafff50acc94cec89aba1898
SHA512 40697672b84b834d3bc3cbf7fd67f88843bae86668c9b55385ce1ec10b9dab288f00608fbd2ea213fda7cdf1c63777d054c2cd7f9668d3003b59508676d1bf47

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 5fdb9a5b933462d3844e55fcb90e6c72
SHA1 fbbd4b84005fa42f91de1a20bc0c02c13933fcfa
SHA256 514c6f9d6fe1ebeda5be212acefec5859b91c250d28751ff377369de788a77a6
SHA512 8c35f638ae25bd60052dad16f9f511406e5b64fcbfa321faee9595ffaf48bb5803b8a01321f7ed04cccf73581efe64809009cb9537b5e6b450043561b0bda697

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2678330b22dc201defb9f037191f7bab
SHA1 a26c6200e309f6816ac40c0b859e0123ba5a2126
SHA256 1e741c864782d109f508f9c72cd10b7bdd851f77010b3e0420217c3054412a11
SHA512 9c122e40f398c9efce586bfed1794be2af911558620691f1ff6a9d62af826c68a8b49247ca6b2cf83858da2599114a32c4fe228cf222e671c190cab7d65be42d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f82b2c03e0629824e4839ad65f16946c
SHA1 bba2c14303e6f51a15288d5cf8eacd985cf50809
SHA256 bec7a88ed64356697dc539a1a38e5ecc51f4b739dfcf99213babbb9cbf335978
SHA512 3fa79ed8ded925af652935653b004a37aca4e5face960449c43ec56dc8a41e97693124ed4ad36a69cf064bf1bd6c2de00b95e22822cdc4cb7c5edb614c51399d

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a94ef89a5258b227aa1520f0505fcd39
SHA1 0466197c633b6dcd6ec2aa25e1692c79fe5f472a
SHA256 08d9cd331bc0a8592843b8e7b00e6da660a8114cc11e8b3ca26da4d71fdf7845
SHA512 6bda7658af734906157822d69cf4fe103cb008653e374bba8526d201d04359ee09bb5be3ff81350bb49b2a23f7950f7c2e21d8707fefa0dff8a2db014df29510

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 3039ee7c958e68131ba1097746c3e1a1
SHA1 8edad278bc3954f19877e4914d454118aaaadc78
SHA256 a967a64eb565310084129163ef988a61468a6c71b59579383b499d729df26258
SHA512 1000855c3e22784d3f523076aac611c8cfe20b1d1d2de6b7ade4e6cb7c23aebadfccae2d24fd7bd854228c539ef8d4bcdc5ec6731ab705b615fcc496ba9d5880

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 ca47f259a1d4c6684ff83410432618b2
SHA1 66da06b5a8caf9544bade5a9bcfe99a646003da4
SHA256 5b839013c1bc2a4a24f4e5587833ceb09b3a7d45c93abf4d2b2f9d37014115d3
SHA512 226f9d6aa5bae2f8e7d7f6b6b8dc183ef86ab69bc63744f9b9aab0d5cd202b24a0a1b6c9eeb7c79c944af7603e8a7a28a018db8f9ce06fafa30b2c284f935579

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 b077876cd032788fd466b9d3a792c0ca
SHA1 870d7f547efb8ad14d9e163da6eb174fae77ae62
SHA256 60812dc3ea69adf7a5f82481b818bdf834e9b866978af5c9e60ecc1ae81a75f2
SHA512 5401fca236e898eab784f0a0ec28c71e8d929fe3d237574b6254ab110ac672a3b12f8d14bbc1a102a99a903a1d02b2fb1304c7fe9cf3b35ff26ececda3370593

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 97c3e335b6c2472214a54bd30ee7780b
SHA1 17925c26a031df90bcfa112603775df23f737a01
SHA256 10a29752df987a575136706bcef9bf62e6a64f84fcd56357678948c1d68b50dd
SHA512 a2de61c278e68bc6db0055cadd6da58f79c23913d444ef12791a104d3c4c38eafc8d3cd73b7f2bccb79b214a67db1f334ee4b24d94c06196611b8963f59452ab

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 524f4f3c90223125a934c140db1bd4cb
SHA1 2507c31306a394855a360d4294a17c02a8c3bc5c
SHA256 ea762162db04a8e79e8fd6269437c7e43d2c24d8880985fdaa6df3696b96945b
SHA512 1324547fdd48147f3cef7f220b6cba4d81365ce944229d26db3aec08e0ee372882582331ed1593a1d71e2cb0fa60e8b3ec33e152c8ec2577046e2409705e5b16

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 37140374ea72adf361b938e13539ff70
SHA1 4123bf1bd4de7fcb31a830088783c3ea28e1855c
SHA256 197bdb2ddf1f64b26d420083c3df4f47a0bbbe496507292df98b68ab445d4d74
SHA512 f5122dc67d1fc2ebfe7938d9dedfa71d1e5b4bb28103521bc73919eb395f6c55e1556236663ae4a31a4e7953ee6aac0746e858cf2b61fe4662c8e63775fe97a5

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2b902c14b1638a0d1ddd0fd6ae951e80
SHA1 06adeeca63f5e3a06f82258ffe92dd7dde47a33c
SHA256 7e0a463fbf9169f66cb6238a26984a4f49f335fadb863406e770bc7ae3111097
SHA512 58462a36396ad46542239ffc9f53af098abc5c7eb0715aa845b6ba93a8c17f4e96024d4d2d3eafd46842b1ec2ac5e367bad6c45291a392171ba524487215c119

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 23945b49eafa249c396070f96c11bdfa
SHA1 bc1b463a618c92d931b63f944d5a784f06c442ea
SHA256 b101831e3ea455cff2fd22c23d901fc5641baf945f0ae04f6811c59dd79febce
SHA512 bed99a82c86305e787d2dc9b41e408d5b92d1a23a0170137a0787960d07fa1327094475bf2b0023d4c0d7982c45cba1debe4d4583f28f7b4932bc23358aa5e14

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 a86261513de1611de0069ad26580a15b
SHA1 7c91810441b11888a2e09689fb6159410041536a
SHA256 3024dd9f170889348674624815224a7bf1305884abcbaf4466eef24ee59c95b0
SHA512 2741750af64971aef230797b680c4c461fab7101635f25145813d56255d8a6f120d1251399b4f5c9508adc518455b0ffe916ecbed22827be50bac211c76dd55a

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 fb6b12b130573b1788ae99bb4f67a9e9
SHA1 5d1891dd4d9617280bebc586b708324724740ada
SHA256 adc70bb18ede2e05ddbe6b80b15683b124e921dcee9d5d5be75b083d37556f6e
SHA512 ff5cf7b41020cebbab191b4c6487483c211078293bc0433be679c61feae1fc5fa3b56cc1bb74bf1c5efc854a1b62e51b0e1b6d69f0e4cc124e3b5c87657876c9

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 a435cb0138c40f7d932b83f6fda2eae0
SHA1 801f74b06ed80615322cb834a47db84a37d449a2
SHA256 4cc7f51fbdc1ee34a95f34ff7ca4a9a29214d073baddf66efeafc123e8153612
SHA512 07655fa2313a952ac3f4265ac431f0f1cd0315facadd17038e2e79cec016ddcf8ac5c2b2d37c7b2cba92a626eb31e980813a57a46afcbf624e19db12d016edaa

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9a54ef67551e6071fbf294efe8ed21c8
SHA1 e1c675797de1fef5ee5d25148fb33e36b954f1cb
SHA256 1917826ad226c47fba3d735b6558dbd6f9026c3badbbb5a394d49709d088930d
SHA512 373630ca5952475cbd6853ce8c41c0206ac4da674750ab9ea5912537e66b0241e4eec4110ff4864cfbcc940bd9c6532919ffd45151ec09cd0b42a4a0c80974a0

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 7749c8f18bc81f0fc5aed71cb645bd2f
SHA1 3964eb5c505e97069090f8ea765bb7186c77d8c4
SHA256 c31f703329249d2f3e4745638864b1f06866b97db2e76a1ab1b1166cc3624e5d
SHA512 4e0781451b101e867fcce7142b96cd6dab81f7323fc09bd693bb297b347198aa027dd01fb88884bee9b225cfd5448e7319698625a41dd0349aebc32582f08b33

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 91d77ab9c693803647adca4d6b666eb3
SHA1 4c95449b0ab58044b4b49d2238b261b5bd5f29e2
SHA256 8f0ea4bc855d969f458a86ea4cc46a3850ac7220145cab59355a0047c4666407
SHA512 7c2e0a1588cca1d8235b6cda7d556494ff2c290523363507514aefb030e2f99c2ffb3097aaa7b5739df0d8fca12306fd5e656744bc281d376cb9cd43ce0e0c43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d65d54f98e8eb235879550e82505a1e6
SHA1 cce984fd30d92219004c63da4fb4009ef5e03038
SHA256 94537fce208a84fb0c5e77d12af811a1cb698cfd57e0e7112ff40dd2c3e5f20d
SHA512 9a4642fad3ca30d8dacd0f25bc6782c9ace4352b0ad93fdd8b8a350920e78c7a2ae59b52f765a96aac36f89f77c00796a94579baadefde9d7ac4448a0494f8dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 5fa1bdee6a9f8000b6a347cef16f76ed
SHA1 1fc30d5d1cb5591ae330308f7708e7d66f203488
SHA256 426349fd044aa1fb239f43347e610403f5feea4c22b8f99025add1c06025dba5
SHA512 28070d69d94005551da0d6eec9ef17c05b0cdde885a4cf45590f72a10470f38830f2ef13f3604b379c5ccdc9b34d82ec17776aeff1ef1340c4dc6f9e6b85743a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 d2e00ca0c2975077757a2d5a97ad698e
SHA1 352f66d24a4a804e4ec9083b86f17f5bac30be31
SHA256 fa7f2130f1cbd6aa017d38c92bf32d86bf1c64aff6285b82b5d2724c50d9c92e
SHA512 0d11fc92a8035deae9b0513cb16f45b0878129a14948b3841b84bb03f307ef61bb27b1a1ad060e15d6829596eb7eed47a10e5354c62fbae90188619a346f7c8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 d4b72e97cd63864b10964a7e28bbd51c
SHA1 f28b81b85a345b4f0850b627d9fccd1b4b21c0bd
SHA256 6dc16d0b0e61389bb03ab10d528768af663875a30f9857f4ae141f9e317b3af6
SHA512 002151531f7dc387494a73bfabc315db89d2774e5c9e00bf06eeb5ad7bac45831cbb82add7829a4e1a7c503ce6f6543fb91113f2ef522ac7e5570cc0817d8547

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 c55fe55297352f23ac37dd0577ad1180
SHA1 643e2972a72d523c63a9cc616beb6a7e18171243
SHA256 e10d4c56e497d3ca8a34f18315fbc53fbc64ee91abccb527246ad6db948d8b39
SHA512 459fb7baad651d81064e9f0ea2b75848a7fa838195f169372b66e920ad8aefc764186dde28cb0429cc442dbde65201598e58dc4832155d1a92e55d162ed81ad9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 5e320a7ff8f4f3cb0c824796a756fb72
SHA1 04c598502b4d35a4b1d85cadb7e4302ef659ffb6
SHA256 2d0ac2b07d0aa8456bed5986d4598ef0ce0c46088c757220a34eaa12ccc4dddb
SHA512 45b3766c192c846e6a8cb8f9c1556c0a72e0deb5e79b04fe228fcbd2e129e830f8f3b6dd1e17527097418504bfeca74cb89479107fef667e925727748aa9bc0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 05c5943c83ea138f3aa029d25fb65825
SHA1 0fa44ac0464e2f75005caabc7482301816cf0b58
SHA256 c612900aa76872f35dc643029747a21ab5adaca9e13d9a9a05c08442d466179c
SHA512 149427703c45b51a4feaaeee887cc839e4f8979ee1f534ddcbe3ca3348a7f896692228b1fa2e114adacd8467db22a4dbddba8492dbce774e119b9de102f0724c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 679462615f34ba5b34e59fd1238ba737
SHA1 6812f63fc218ce948c040f04794d9e8c386f2bb0
SHA256 673a21e31091df4aadf8fec3f6c7d453288dd306fea3a70b9d5b967b0dfec8af
SHA512 bc674b91759950bde00fb84176417f4971e104088a2ffc7821d3b5400c7e55dcb9b832edb26f9fa66040e82abfddcd3ea3e297e2cea058262a15543e8db5eca5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 4c7e5c7bf7de4fbd4e4fde6d91b89649
SHA1 4a089c3843e5bbd8143de9b9df7babad2131cf9b
SHA256 835a8b580459fe1b19a9dc1efd7bbc6003086614b7048952948e6e6c4a41f31f
SHA512 0200bc6728252a5358511a87fcc70085caedc18f06b6968c3a2552304ab1ad5939572b1aea0a09282eee21dedb1effadcd84cf4c7276cc524ef66cffa0f9042a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 9ac8fd4c4a245353892cf13146eb41d6
SHA1 8753a5ac27cc1d62980f7f6b2f5e2f427155c3d6
SHA256 ff1f7b75b5a63dbc5e913ba45b8b1b22e7173443e357933fabfdd2519cfacf04
SHA512 08be94c6a83681a5749f0f5582e012368c8884a829e06b861f6871c80b6529adf237c645fd9f02dbfbec09b6eedabe7e10dee129dd78ff362d7621c6ab37390d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 c40c8520ca78dc42e3c0eefc2738ff7b
SHA1 c8a608fad3a0d82ec2a784d80c925d04ba433b1a
SHA256 7b66ece93a24b665af0263291782b3a8cd91e81fbdbd67c28bba5981b82351b8
SHA512 a2b156997441defbbb802a88731d340260a3faccdd1ce7732ba897a51f63efeea8f35f40ab5750c07254f5dede83a690e99d90b1a5745f94f2ea942bcdf75958

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 a96673054253eef1ea1c89ca58f45318
SHA1 54fb60f8f2ad1aac12550b517e5c92ef5070af05
SHA256 187e82abb533f6f550c0fa8a888c254ff55a3994e2c55da10cfee71df3da655f
SHA512 630c650f7c8786f255f5d3d46a418e2abf3275c55a6b0c8f877e4ed225f662f5ebb5b222a6a58887a67bdc4de32f9eaa77a78add0bc5cd8c8fcb205144c19878

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 010f950d261b03a8675cc73526ae8b61
SHA1 80a72230ca4a59a89d50c312549b698a5b3eda12
SHA256 ae500e1356059f5276b3a77df6591418506f0ed530fc0a20e8c35c62d0fcfe3c
SHA512 ec609d152a010c00a104a1e1332c7f03862270290e70f0cb36d021ec651168cec14fa8d16928cd6d9676e926024fdac423c972426a1c76c26eaab664aad8d9da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 bf59819bdaf990f29dc9f81e7dae60a1
SHA1 1343b014c737ebcc3525243b0bae38fbe3a3b4a4
SHA256 5e1ae300a6b3b7fec798a9584e0a1d037ca3fd96e06d34cdde6bcd919a8ac686
SHA512 4d0c5d36725f7651be648a4ee5d8c3d5fc6e364595134dbbb96c5f198e28b14e25c0fb0156a8593affc7f222adda54140e2315b7dec841f720c3b5e683661733

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 05a8b88b36fb5b6e5116707a597c499f
SHA1 2e3084d2c4209da9bb35c0ea0603edb6b4eeb452
SHA256 f40fbe5268fbead2949e7f095b4e33a46cce9c2105aec1dbba627b0d97518a6d
SHA512 45f78dd831fad878825f027329edbbc94884a62af97732498194dbe0d6027b0445a873b855c083ae5ed20fe0b3f389ddffd719c619534c3c07e45d99e70fd230

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 aa55ebc904e5f5a5fd44375431582788
SHA1 d37154a6ed3b37729ce7e105bb5b853ad558dfd1
SHA256 6baac410b211e5f8b7b6147cb899a15236094bb5e2fbcdaa6f0dd374cb81b75a
SHA512 14ed1eba5e91f63c89225a0c9605a2910753a4b64357fad51c1fd87ec6e572f40e325cd2f6c1e09ca9c3243d0d5adc2cfe9d6e90dd0ab24707a1c8d6f5248105

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 0af11e6514152dda6d9ecc764b0bb112
SHA1 e7bd04c6d83a4c952b39b4ba3d9711b15b8e0c00
SHA256 06f7044a312a8cc20d7f394097df5390a4ef4c36f4b4ca6e56babdc8ced748be
SHA512 66013d8f49e50b583b1790ff247d4735b146f5bcfeb41ef20e77b7eed4d632cf55240f8d1bb8b7a18e81fd016b6f2b494ef58b9ecb6b5ff85283587810dda8c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 4aa2671ec8a7a5f739a8968495eb78cf
SHA1 6aa181397afee807a68053a37be954299e9a1b92
SHA256 15a8e64a6a887833d8fcf56ac26d62122d4b290b2ad547037665d639fe73ed01
SHA512 c2ba77445c90f89d321292ebdf5e4c369c99a2d68fea14a853bd6b78c51247d7350509cbb58d16473a106a378c274f18424b0f3384ab8728ed01c6a0fd76cca7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 526603807c853ab6afc8493110f30fb0
SHA1 516cf196685ba646c6c8ee1aba6c1a8241544b21
SHA256 8622348bf084a09f2f46a8fa79c9c3546b0346d861fd3da8d5861c4bc799c953
SHA512 b224eef87b0601d965b5181ff174965f05150881a701c1a92ea20f5e7d2fcfbfb6a6100334927b41c4af3c67109353e6b46a026dbc23c0ae80f7dbf8b5e50dbe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 f10c4945dff4e2f3cf9380584c869280
SHA1 48747ea2bff757fd235e3601b09a9a09153aecad
SHA256 50bca4529b1268fad836feb2c6c8dd9095acf5fcb9de412c6bec7bde3d102d02
SHA512 f939c2c6c91d54273057399e2063b3ef86dea3a73e3fd675c3b09fa2e77370f0420b9b8a265ba79f081e9ac19807a5804e7d6d6e8ae17a933cc35f8966fa21ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 d4d26e0293b9717bbd3cb77be8aec87d
SHA1 c2ac29f28db998aee9b59002a1dc1643f51eb0f7
SHA256 12df0009168235b38cdaf4a978087dc5cdaaf972cd29fd54bff0e3d523ca681a
SHA512 b03df6615985cb4ef787884efcba0faffd1d3bbb8d48a74dfc7c5bac78de1a6086d8b2c19d94b544441420aa0a48f2858fa55b8ab9fe5dc3619560386a0a5311

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 494801992617b179527c7ad905c77823
SHA1 d87c3bcbfe61d8abc1b4798237db4aa469154ffa
SHA256 49b6cd748c10e6437dccbe9f1cc080fb9632dfb7ae1aa6706ec9b8aaf12dcdde
SHA512 5705a493a9cce26db8deb6581a1b4bdb562dfe3d735d436c36c83ddf06cfb5421653d88447a410638def5f01d8ce92b1a316419686cab63bdfddfd0648b4b144

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 617792ebac4447fee64807aeae4aee60
SHA1 4c69f7d73498ed4a665c10ccdb36f5c85781ae58
SHA256 176cae6ec83c8022be263f610074d136ccadbecba8d2e7dab2b5c20a36156abf
SHA512 07e16b53940289b911cafec4044bb5ed07e6b1773bf6a95cd5268b887ebc4a251b0734527d2db5a9134a10aff93d621ef3b08d4162006df349b98f5c62264240

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 045cd635e6e372a624de76172464d19c
SHA1 8d1caf8e572be690617480944d3b7317f86f1489
SHA256 824aa42d6d73a7a89fb6308e34719d420e92168650475a8748b91fcf66b8c676
SHA512 680a1f62719ac46830b529d5f695de458e67791e87473cb77100a957125591ed8db6df7af7be5f4ab8e7305d0799982a52d3f90eb80e4a8004ce3415d46b6409

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 938e4a30075ee0863b52e52dc8b3e83e
SHA1 80fdf2d4d820651705aa3e92f958b7ba8d03599a
SHA256 71679be4b3cda15009966fa7ef004b557b2c6e9e0f0baafed9f4a72d9e3afe71
SHA512 916b29b9eefda5d592a1b31635ffea5901d8a50dc6c6e8c0d92306e9e58fee65e774779b2a047671d4e334b9a69cfa60017867ec7a07e25c13d5179616e17e03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 efdb15070097a0f6763f9d8cf2cba347
SHA1 f2f1d561e596a26078c9feb5fe839852c5f1dc77
SHA256 05a7edbbbb4a29e6db9c0f70ca2248e1cfa5a4e689b82f76f71aa66b2f9f8f4b
SHA512 acd257db865b6e5194dc50f2aa3af4c90de7219824e8ac509b5d5feb00b730b14f30b1845712d83fc1516201583457d1276be7ad3ec6cb2e6acb7cbe2d952e23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 5c1b8265f8602cd1edc9fe5ae7b98ee6
SHA1 a8a64bb9bf0f93fc4cc36754b79597e41f6b1d73
SHA256 6c3de54bb848d2ca67d172d381d3ffa7fff60fd982b019532e6d9f0886fb612c
SHA512 3353c81cff709df5e2a103c441a7b12f05bb85ea9a9320862ffd3fae92f180f31c02b7b1f5d598a36bd112fc889d16eedd2db69ccfd328688cbc5e4095e35387

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 b861d6734878db9906903a396592d63d
SHA1 2d8e5ea9f00d9073c69de9e5b935c030f368b9f3
SHA256 f6c173f531190fe3aab89154639111f3897a6d1fda4bbda18a391a6177f081f3
SHA512 535fd478870d0a89731153b4ecd9ff4e1d00d0b252315e18df3101c48fbea05f101c1a2623a731a33c9a7b0bee539976b789e121f07483616bcfe01b2000b762

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 33007f3e25f43c986f9756d3e3d82214
SHA1 7d488958e633cbe4ba1c1cb2646db2b3dd689922
SHA256 30556f35e2cff1a3d04173c240f5b439473d4e62812430c2caa301aa9feaa390
SHA512 728b68be74668578b0389aca3f31de35f0d2462c6547ddff54b7cb151537f45bf084c8e336eb8a7dd7a4a097e01bdbbebcff9568a48026a352e0443c3e0ee1d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 9799ea1a799657be154ec755af9dab07
SHA1 ed4b39b4d36b8c6724e0c8987b2a9c33a636807e
SHA256 ecbd78868d45d71a10e116b7f1a741601fb9a01b80e5e0d5064bf69b39d393c5
SHA512 229230f45e1db869ccec57621aa5fb32a242ad1bd63f50aaf08b46fdcd3e46f1365a857f61ce9f73c547055ec52aacc941fd9ba0f0ba6b79bbafdb384b3c2345

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 6153bcb2e83dc5c66442a9faa1d0ef1d
SHA1 30983f8d306e458057a5708880a42f8d9c9be917
SHA256 bc98492fc614337331799e6c1468801698353a0e8ae8f8f2a48ce1819bdfb0fc
SHA512 709333107fd9ec0563791a109e40ac18978a126b8bc90dfa6ff7a6274d117cee377af31167c22d46cc6f545fd0ed093358e499dd540d1309ab76fcc60e545b3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 d88325d98c2e77134c3d7cf7fc0910de
SHA1 f28b570cf3fccc7514e79b5b68b0ab982edee937
SHA256 691c2456774cd8c9f7ffbae2c20756b96a9c56a82cecca6640a690daa0aba36c
SHA512 21a830fb2df7b172faf8b299f81c584929c8cd2b904fc198d2f150ade5c28e166589829399181e88c482d4b6e0dffbe6b6e7342cc281eecc16aa1679010e3c6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 a064a5db769dada413e9b16d4704105a
SHA1 3d2747f487854119eb0f655ea960696beb084ec2
SHA256 a54197b1b6152ce8ae269a7cc95138c6b2de71321f48fdcf032403a0dce1b971
SHA512 87b5d0764b95cbfbf28e5d927aa04f7088d23c2512e762b144b9d5e4585b788fcc17989ad0abc0b34f664cc76a9254351fd589cc9bcbd80e07b0200d51d35672

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 4b1f1073d1e85a35a766b42a28d44a8b
SHA1 435fab273c952a08abe4b01e9375e1a3eed38e06
SHA256 6f32ec39b32499416266a0ee1f75b970f02dcf69cbc2ae23e754f8fb2c26cc42
SHA512 ead57c953cdd4f2902dfc5589939c432d0a82a0c092b9274a7a246e25a0819a35b4996cf3ad02669bd8716444ed0aa5b2d8afd295155030abdfa6fff04e1f599

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 78be5353f5f594487b901035b472b268
SHA1 a2a5e92034c4d50ab47cb1d7df609d2863213fd3
SHA256 4c80a4a6bd3a1a8242afdc0083c9734fca4358a0e7bbcf7db41a2df90a2ac87e
SHA512 bd836656d1a054c081c023695e7a63fbd5ffca282f78bfefb7059d9404470cf3c16ce809ed7757e05bd2e0226648d4e8c7fd25caf860cfbbf995d38913a4df4a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 b7476582017c67d4855146eae80eb507
SHA1 a4094bb060b6b90c7d6ca53808602c196d343686
SHA256 9baba575e88a00e4664d649dc07b279dc70ca06b098f3036d5a309ea5f177eed
SHA512 9656ff9d11c25781bc714f9223425b245774d9a3269f56640077c2e2c22f01ce0ffe39f4748c9b7a69678a31f75e4ebdf1ce67bdde6810dc917fcfa08a7e9d89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 94af0e31d7e5dcbd9160d2ddbd822b21
SHA1 cebd67e9ed7c47cfea7f1572f9017324f805060d
SHA256 15e9ed49c17def52748ce3b3b5705ecec6684bb9995cef7c2c4a2562f3768073
SHA512 6c6706b6e4d323554033ce5c9bebed2c62e22206a775cb0e0f89be959c2152a0d09062dbb0bbf32f345afa8516c24439b7da915ff2b4f7201c74e58ffb7e54a4

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 59616ad5226c1ad7eff6e3a70385587b
SHA1 925d5703602f2c2be574a0a233ea5fd3d75cdb2b
SHA256 ddc27f07a57287e219a78475e3e0bc150ff5237214f2a3529e2345d4b23565a5
SHA512 51e8b3d5512ed20c74676ffc4c1ff7b83c87f50139987cd7675a6b8579ebed179f96209ef33a140a058fb330775c01727f64858def09a64c8d999c4db6da76f6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

MD5 4ebcdac762ad250144ad04f5e1898bf4
SHA1 27371247005acbcd232bfcfa5d348e891f722da1
SHA256 867971aebc39f233653c33efadd6f7ddf30caea65c74d8c405f7d14085f0abf7
SHA512 7606c9dd79ab94dc40e17656bf8bf213181aa4ff7f7cef3f5ea8e325b76593500187871d7186f6a44242fcfc3d3881c024bcc81eef8697556639f02901095434

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

MD5 b6aeafd54307f2e2efaedbee25409cfe
SHA1 9cbdde9f84f6cd9d6543a78c109f7a844cde1f48
SHA256 584909b33296d2618df52593f51bbe52db160fcca6c8e9a7d76631caf6919968
SHA512 29fea50af732225053680a779d9a90479fae615116ad5ed03f14833e958ae78912cf65df7ba55f10e37a3241ce0dfa770980ecb341e36c7cda8c69062d9ecd36

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt.EnCiPhErEd

MD5 d3b1b0c02756269e0276fdc44a6cc83e
SHA1 6eb4bc8972f33edd51b3f31c66fbd58ff1aed214
SHA256 7901e9429d1c331b97beb2384673312500b07594be70832af554355fa0449e8a
SHA512 42202c159842fac3d6d8df07f989b18435a29eca6ba54c7c7e682ed2f3a1db3b30e3b8810b3154fbd4ab0f689d31bf3fcd969a913ae31f581007975898ae4421

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

MD5 9083e254f378f3f0d282e117b1b7e3db
SHA1 38150245e28d19e9d42ec6648d49b9ca4945aaff
SHA256 3f6394b2dea8d94275b57d121f27ae4b152f71498697c9fa7fde3795c3462db6
SHA512 bea19dd9054c20f822f75239a8ba9bbcb22f4b3daa548262a6668056fad3896d32741b7c1bfd9529ae0a7e2fef1625a0704e65739faed1a131e854d1e4571131

memory/5004-6444-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5004-6443-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 5cff226b0890ec2fb977c7ceef2d1154
SHA1 88249b74e08422f2fd6cec55b11fc9a4d9519695
SHA256 1ba66ad37c86c36b8f4c71010203f14bd894edc9e6f77186d2911a217e6c922a
SHA512 54abe92d06ccf8259450b1e6b6aa852fd5c41357f97baf8ade78904db6082d89f1d8f89150dddf31098e6aaced5a314440933043c85b5e031535891caeb7ff1e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 958ea0e3c3e4d9d1d0b14347588ad087
SHA1 3cac504e31e2873705bdf0ce0d2a037a3f842195
SHA256 7b834141748e5b88b22e7481b2a02058875a3e784e20f773e04c676ac88223cb
SHA512 84cad66f93a1fe6464b40afd3f6a5be62342e123e43e85cda773a8362594a7c6d0395eaed80fe3ef9c7e2aa807d4bb9539c273ea2aafb2266239e3ef97dd982d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 215a0341a30a24fe9212d079a9b771f6
SHA1 9f3b1f436d9dec24586ea21eb8104d4619107e64
SHA256 abb6067afa90ff3508cabd61f9ca121d0f9c90507fab1b76d10f6331999d5e12
SHA512 dacd58c8c6736618e535e38d2e7161ffa010263fc1431626abab931623a5b203a1a0540afb0ef30bec06d88d3693d5602fe6f798b77100c24c0a80495e4a19ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 9a21d6541be97f6ae6b0ddbf5a39fe88
SHA1 500855f31b919d5f10b46b2a3807c022e147b9ef
SHA256 5b6af7e20b6b90c44413900234e9ebb461679e9017c2b52f2f063c416bfbb96d
SHA512 eda142a3042cec239453f653f92d3a9131ef1de39a6fcca641a6480c92e1a056f2fd47d3c89ca2892fdbf3558425917b3746b25056cb77bad71eb80c547e5c07

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 7601755b5dc9a5fdd884aaf45b1153d5
SHA1 98cda7b989d5807347f654ad8cea8761531b5b7d
SHA256 0c05e957dd1849724941a1e1e19b200de91dffae39a65eac2ee5a2da648646fd
SHA512 29504f0c4cfd106625367d401ebce2238b2e7083546e667627dac42bc3b41ed326f5389ad2137821a62fe02fcffeccf856515cfeb6f4eabd05196c36393db477

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 567ba6759c00c7773e2a2423da61089e
SHA1 cf4272372a4c1337abd399f17f051f9b6e20d846
SHA256 83a5ca5ac43f9ccd9c705802d8134cdb31f6095a903d4b7b03381279c0c542ba
SHA512 cd13dbbb01b5468a0634f1bd406fe65643dde862259d7008433894275d64da1985c9bea6f69656611a17e5cba0694e336be84bf43ede1ea1a38ee0f78454aca2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 fd41b5253c55d14fd75253b1e2639e88
SHA1 9fe76ee44322b2ab4908ba50a286fa3baf2b27fc
SHA256 03d00a628dbbe8a63f9948ecc618928cdc37fe818b9b2208fafc6cee31e191d7
SHA512 4a8d49245bb7dc3b86ee52bb0ec9fd4435150d44700e94d650f574a77857a91f4af95d734ccb3bbbfc54fadd0c0bd76960599213441bbb3e57daeb3cc26794b4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fb15ada5b4f7cd0bcc8d0af4d0d7ef7b
SHA1 253aaf914b4c6a5219e7ba6575731d6358cad098
SHA256 c43e561058463f7264a3859e4a700bedef54dec862ac1d264082736d6327d933
SHA512 fe1c7ebe96a5d65cc25c3fd2ae4ab311115c076c770cad3cd9cc25e9f7b294fc4ca4b2d7481f4516cc6b76be0b7ed71059be07694a4506f9665ef7dd41ee1867

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 171a23b90edbbbc9781182967397e2c6
SHA1 5b0f85aa42410d06e375888ede0c335deb8f2c7b
SHA256 7bc1e27c44ed401fddf1b63799e45107c830ba8bf39d0eb953614a0c4991b47e
SHA512 16fa5d38732019292a329ced8b136f30b482c449fd2c28b8519dbd848d12bef66cc5abf6e8f30c1c65f9fa86447a41a92e10d6c6e04ac7631e8997f1acadbf68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 15d544996cb9c3a47615f5de052ed8ff
SHA1 33e535373ccd36515bf12e566df82c477e413db7
SHA256 b4e2bcce0b715f490ad5977f0bcffafebc9c1558c42a6577d2baa074498ffdcf
SHA512 4a66a869ca1fac68aab8730f2bc559468db138204a4dfdc1be760960fe5d5a1fb755ffdde9510f748820b9878ddbe54be3c56365191a3cd7d4e374ba5cf4c846

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 722240bab399566bc270306f9df8600b
SHA1 9132894ed87ceda4a1f66e6d89ee502d57bdfb08
SHA256 2c2636a6c3c53631a37e5aee914478ac6a224187ac6d48be5a9b9baa7c6e5fcd
SHA512 fe79a9826ded6be6ed8d848884dbe46b7402567794159b8112a549ff6a59869afd5ea19d7cf5a39b8423bc3ca57d31ad6f2a5ca4f72acaac7dfb60b8f9e627de

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5cf7971f5124a38214350c465cd3aace
SHA1 cd4e0f6ff4e19d2475b303d8f9c5a186237b8af4
SHA256 076acf7238d73824dbe55ab10e2ff8916a4e03c5205f46e59905524fa1650641
SHA512 735fe04c4e0d436e36255b5f399f66db807d280d627e55ec931da7f022136b3f6cc8ea56102e46a674baf0d2b6844409bc06edb092128cc43f91bc4ddf89ef1f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif.EnCiPhErEd

MD5 a5b2a9795e86ed6a3d1e0609abd402af
SHA1 c4c26660daf86eb2fa74af68fde94acefcac13cc
SHA256 a7c8a59ea1a7b08496b9214a33c28177f6f7c7e9749fbf0660527f72382f443c
SHA512 45d8c2f92a62eabc76f5bb30da5b36ada7ad2374aa0971ec38b87488e9fa986ee1b61c18998015775df88048bf673e94fe74dca3a1cefa8e4ca6a9817a79c513

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 699f2fe8a792fa2ab89e49233d47875c
SHA1 ddb5d48ccfca7b02203038c68db3e3e50d66d655
SHA256 9477a12bc94c0e94a243db6d5de6328d3112759ce45b10ff7ac34ab0fb67441f
SHA512 3e2d15ec534cf8e1e4ce2c7a4ee01b0e7c18b6f6ce0901e59aaef3ff9bcdc70516f25672007e919464c7285a47efbe2c8a25bf3538f9ce0645ad53233a4e8804

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 80fd59f8c4eea72d54b11547efc6fd88
SHA1 21149de9c5e9b6187de1a66b7de1c8670ad0904c
SHA256 7094c18efe63460741857977ee74b454a0d7eb7238d9f1761a9880f9313cabd0
SHA512 dab9abebae58b1e55e6b083cc0d471cf07e57fbad7f033a5bf62796d5921c1fa0d8d3ca863c12983c7fdbd00a4681eed6b9dd08de79bbf9e914cc2d8b49fc300

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 c33f3baf00dcbe6dbe06bb56c74e8342
SHA1 f09ce7f5f9265fe43fbaf49dd67bea725c0d09c3
SHA256 cac410164eb80a26c02b7553dc80af2b5fdee7f3ffdeb75f9834bb9b6cbd0742
SHA512 9f4ac57c69ea30199a9e08925333beefa7963959c477427851e0e51fe2003f9c5988aef336cddf93e34a381bfd708583781e198b44f3963176dabda0d5f5ba39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 aedc8615d16bc3dd4aa38ec5fe56765f
SHA1 e4151e733a0810622f56157c5c65a32c70343423
SHA256 23d7667b68b6c79b630784950e7fa796a47b9fbd02c154448164a090b2635756
SHA512 84e704730a674670777d66846b21b30955798ddbfe39207ae3f924d4cc0e972b37634eb9f870005748a7ba5d93caa494f1e751a57b9070537ce40b27126b88d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 52ca14f6c72d55839c7426d8f0100969
SHA1 5b78ae0b47747a24dd95f801d23061fd109e54a4
SHA256 e37edc607abb0b2f5c1052f240e5f693b65ed6ef3ccfb52d190991490abb42ed
SHA512 bb67eb100946e9a6b4abe1713ef45400bc661a076bd0467408defeb4069f6bc5f78437842a4691ff4bcd726814dbdba2543e9f9ad60e682b2bfbcf7c2b64a115

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 331bf478145159e38c6101ddf954c80c
SHA1 c6a162d8fb3f9d71b47466ee8337a095c10eec2d
SHA256 9b01d197f037a2a1d0fad35940eb11b636b73e0de763431b1ea5798a27828298
SHA512 0fd993cee69611b45abfaebaca5c1d13196450b4ba0f8ab69a2d0352aaf20d82d38275afe94f9febb668f9ff4a1a664b5258cef1352adad500eef9516b42ce69

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 cee4323a18e591dd6f80a831f626feb3
SHA1 41842c1391f298d71466ebd51cdcc9b376c62fa3
SHA256 6284574f712e23eb1fc6b296913f892862e8e5be51bca037369fdbf56c03d24c
SHA512 7d99a964d5b930773583973baafc0f91029c529cbd84a06ead381fe5598c346753f961f2ef7bdc82f2cf200a39d51c0368d12651297a02655fa9afc7f146bfc1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1698b6b7520593e0016c32d228eb6ba1
SHA1 a33462f875591b2ff7e3ae4c3084719cc43f23b0
SHA256 aa9b499f6cc1963ca88406b899aa9f39fb5d695351818dc7dd72ff9a482913b1
SHA512 08e82e6b744f029d2207bf89a9063e409967087cc6efa1ea2ae6b39522356a0ca0fb4d98576de18c2fbc9ec45e342a69af8d21fb1db9f999741c3794bd638356

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0211117477a4e292d995ac147848b2e5
SHA1 05fb3691ed9d043d599d5b3d36408e3d3e3f0120
SHA256 00435c9ce5cf31800e5e2a61d71a32168ca008c0f813c926771d5c86243a058c
SHA512 e878c530560a7226954b592d21f549367fe438abd6204777985eaa2ac3010c0b147021773d03016bac97c918adfe8fe3d33a841d9ec752917e36c9c9b529d290

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 537a39661d556b9c5c83df1b40f2a2c8
SHA1 3dae2714e1f771e2d48de9d45a8400b96a0e672f
SHA256 49f73cce1f98a9870d83fea3475413e5708c381b57de0277122f02f133ff4431
SHA512 f093c8088710c5bd22b171000e344ae89229be906e528ee7e325b0bf6ee6cc5c3b2a67ae51c1afaf0c881d1e4a4b62705e98b7f7bb682288d25eef1f6cd5f9d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 864ef3eaa0b72299d2e3d8cc2826b6c3
SHA1 a5313d65992b3fb708832313b9cf56f34baabf8e
SHA256 d40bbcb8b5162793463ae7321712d9501c5e1a8e5e1007148b25f55ec1330152
SHA512 d817c724e20dabafa357ba8171b13264c594735e9e7b66753e24104e773b00e08fa431bd28a132b67d9094fb7661f9593c40256f0bef6ee5d92054f6c8e13817

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 f999bfe1583e6b7e341afb5b1a07fcf3
SHA1 a62ca12916833055487befa17b26520e22656449
SHA256 5d84cc43956c329ce78c3d70ec49144c66cac51b7e404e507f0c26671c819ba4
SHA512 529eeb0131529179659008a4fec6d508d6db1b0ee60c84cb300ba7d2c9d05f5a3210e8bc2b75ea1928421010b6fad4002bc2cb495b71e5c959a19fc84e6a272e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 86372a36bede652e5c00644be3a44c3f
SHA1 359ca0a2f8efbe25d46cc604906e02baead2ac49
SHA256 c7cd24cd954467bddf82c6bbe907656c30d804452dc4aaebc5c188dfc58443da
SHA512 9bc869a1543c170cfbb83306563fb3072d07b6c3296b789df91ce6b51e787b3e605bf353287da60ab7b36064bcc3abe09d97ff0c373cf9d65aa1219be7e1d4f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 dcdb3c9297b4dcdd8099afa55c35bf92
SHA1 70c5316c10b479723996b5bec13cfe7691be104d
SHA256 e9d3825c9db2cd50d3fb5437ff4aec78ea5252cd98efc1e53b88c5a9b26cad3a
SHA512 435bc4e0dec24f2fbb7b6c520c62a7cfa9f1d199224df0779cf2a66e43c7a89f4b287e52b1067ff7739ea0b34c9a815619112b91dbd4e67cdadd551c8a74dda9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 8158641425c48687ef62d3571c010633
SHA1 1b3029f6303656dbde1261382d1ef4315e497be5
SHA256 4519e9cf14218c5c429e5d67bfdb41ee96fb1437beec48068a1e4f12a7e3ce8d
SHA512 052e5f963510cb2dfa3ebb668f22287b105fb7cde946549953c74b2b08f4b24fae6782752a3dfcff22a3cbe0be280f730a2abd60e201b460a84ef466f2000f9c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 3b73deef2db58d1b113ff6790e923def
SHA1 06162356ed8a217cf008601c202d4297269d048b
SHA256 0903d0208108a1d0921b8c2ed0d41303b4138e95582c00a45525dd8380dd9e92
SHA512 66b320fd0ed6ed5ed97324aeee0b9b3902df6b5a35012c5b6c2d765609cc90908d5de0ccaa8407c2629912f9476b58612529441d1ba8e080e4f542f43c3f26b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 5f56928a3234523a6ad04a828768fbbe
SHA1 76cc34121d0ad5a23e669d6170f3471b97c204de
SHA256 38813bb5aba709a23ce12eab5ee872f7f69b81d041d50104e789e91cbe50c177
SHA512 6c0f667c1a8e5c236e335630f2bd7591dc1e95bf0a87cc0782fc968cfbf31f59b6ad73270b7a663e54855bab1799d58738a3cffd710840513d6480eb1dc24f90

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 44cff927f549e011f43881969e319316
SHA1 b7447cbb6fe7f711908d49f8333fc6168f4f51a5
SHA256 d221e81fff63cbcaa5724dda9e0a9c778432cf29e5cfd45f817061eea2ade936
SHA512 705ea9de3d4756b536f8f10405b303536387ce4ed5cd726358d0de0b47ff618d7f0d589fea4c45eb16d35316cfd33a0127a88d8b7627eccfe1a5b50fac22c95a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 9966421fbd53342b04fae851105a1532
SHA1 3ba2d7c44263f7f724f3bf8d3fbd093ac47e894e
SHA256 512342c6b3e0321c3db67e487e9afc110b40ce5fb0c212f7c7ea392513d20ba5
SHA512 cc6f24efb394a592c8824cd46dcec2024cca7cbe6eb8292aefe571bb249d95633c62f9736a9db4021efa6228d682d4dcce2342a18ee2c88cc59bec7ace931849

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 1245a7ce9c25bcb51851a9ad1bb74c52
SHA1 d09b6cf56538fe46bb1350e13140fda78924bf7a
SHA256 dd61604495421d9da15ddf0d4f757e9c51b5184bcf8c56fc9beddf552f11163b
SHA512 659b8a56fc21a031fb1bdcb770812a35de0c0ade9feb712a76c8ca2c7c1d2edc0fb29b5422ab9349df374221d1a3ae1253a1a61b521d903f7a68f7eac36d944d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 dc3ec6e83a0a8c34d1a81394bdd397fe
SHA1 164962e779740198bba71532b7391ff34658322d
SHA256 95279c01f3aa85814e26fb2489c5febdbd4c2582208272d4a1ae5037ec7ac695
SHA512 a940a3fc1ead46f7e2077edf8fdab78fe1750d8ddeb898fe0560228afccc632e265e0e6e4213ab2e4a737efbdac8e2f93c0e3361f542b592e7bf7f534876827d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 7bfdad03631a32a93ec9cfeb29bb52ab
SHA1 e84906fb48c7074bd609d78539d4180d62943da0
SHA256 b613b78428944ce862996efa8cf2c0c1ae8c1ddcca0170245baf28135694ce30
SHA512 7a9940b35382a46c3f9ed3c4680183d06cda42d10c90da85608f46106d876cca9fe9531659e16fb1321bd5f77faf9e17c38202d58e8bf8b625a68dc9d50632c4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 db4585b7253f88cddc44688060afe1ab
SHA1 c1514ce08c04c94b93c7d3173cd7b0790d33bd69
SHA256 e1c4a01ada19fb6cd1c3c18bf6a14d0984358d5a1ae1827665f6c28f1a4e00dc
SHA512 73e1a3c96903e0e97638fc39a040280ce0ec67b42fac0af6b28674607fb8874c906418917276e86473eca106c27bb3b08f052bb4d31d5879b18af8d9a2c22730

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5edd74ef14e683342f8ea644116072d1
SHA1 d6c489ad8a301845aef5104b42ec067ad3aafb1a
SHA256 6ec7c521468586192cbe2adc161e4c94dd3f2199c22ab7f24fd036d59b9ddcb3
SHA512 eb07fb5b9f0d67c2ad7e8e2b5cea117e78dfad61cbb35b80782725215f720659466784ca4ce38e08728d7128c08c573652fe5822a46bfcc022ff9ce312c02253

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 68f3aacaa662377b62fb54f4d7850739
SHA1 00b34c21c9ca52660c73f7d600fb23695d28a1cb
SHA256 04a7c279c1b4c0eec3a40fcaa7692856e97c23172190088c89315cec80f62576
SHA512 c7a97119cf49d2ab006e6c0ddcbb8f99c1a65a2880a1856b2f5f9bbfd6a7a4fa5646285301999710b0ed8cb1926c57aeec0a3fafdbf584ccc44d7efc0c96970a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 dae9c786aa0fe7b4eb3061c93d30e957
SHA1 9b03d81a2651a4dfe38c9c478fd734e02ba64f2e
SHA256 3e2391cc91c167337886766446c874df6dd3367c2196caddfc6831a36966dbed
SHA512 ec7f480d2563ef2c3cf5667d47acb7270fd0cb45384badb2d61e8c37fdd3a2ef7dcae624844fb0c87b54c52e6d13c178b1fd1e1dc0085672bfe4cd706ca9a520

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 19b196fde0c3a4631e70abddf899e764
SHA1 31ec44a39899f30880e367cf03c3214c87c8a444
SHA256 18fc79afc6c2ca415936b9d63b5ce355ca0dab3391d539a84a9b48d80d7d4be0
SHA512 c5d44575c4745701d902d48175e8657fa624ba08929a91747c5985e66d2df53910b3c95d5f3454b6e9b7e6e896ecfa060154aa9b9c452dbde2fde235792d62fe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 dafb0c51184745f6574f2ddfad83ab19
SHA1 717fcfe8c7285b99ccb425903469317a3067c80f
SHA256 d6b5eed56eb13d6d1d7b259795d4ac178123b552cd60443d7190d6861cbfe139
SHA512 dffc68520482a0ad3b72ac5f68b7ea5981a02b0fb4bd9e27bbf5358b08187d411092bf50c40a8f42763009331adcfde4d2d7a2efaca7c557163e018002daac06

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 1550921e8ae643fee99b7f9f0178f288
SHA1 623521c41d9921ff558728e8305d29d4a446dd5e
SHA256 33a2c79ee12beb8ba54e52b2e15b50bd90aa29606967bb67f3e2b9e5d0c08a09
SHA512 b2eb096fbee8d30bc715b5f37f09556fdf4db6fc4725d9dd8a91e3193256bbdc4fc0f2732dd4e3c9d89071024b2470834fe860c95d47244a098374a9689dafcc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 10c8dc3687296e9daa9934ea7cd2c7a3
SHA1 4d7d131906b4e9ea89eb1df16a026f652ecf8715
SHA256 ccea27744de7f0244401e37825ca82c242d277d89a190c28ecf876993ff5c7b4
SHA512 c46cecd3ac512b886424c6ae17c878fe9efe48b3ae63e6fb77d9abe9f334bac9ab99ec739b05a9501269687ff717b5b8a586c2edc08b366a08906a72e773e780

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 6560acd737e677d5ad7c98a36704f9aa
SHA1 f32db55987f58e5c65adf7b68acc36a500386eea
SHA256 38f3cda839b9da80d51dcd67aa85c4da958354a9d4d5ac0eea9c001584718f7d
SHA512 59ccbb6d5d1d3767018e10cd6c08550692dc3562d29f314899affb972001c17ad553c4f36d7938a49469a15b3006f309d2c6c98a224215403b63c40e8c1e77c8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 148cc1c79e132be581e88deec3ea8c4f
SHA1 bfed8a513cc06e2a402e527b4e257abbbd8fe34f
SHA256 e030e7ea0b241831cb5235e2e66c907238eddf102bf151b3b324244f69012203
SHA512 16f49aa7ce0a97bbe371b6ebe0e2a70b3eb338c9f4aebb0e5afdd0e5c645a2e6e1496608f7488bdf7aab2c3920c4a435335379bf050818e3fe8dcf78f475ac07

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 85d6bea4cc03d439f5d6aa1cc53c9ef7
SHA1 74c7e9fb96b0716529912a59cf642f259ba02a36
SHA256 73d0257a3c7527f3efcc68ca901ebd61329a034165c17e00bb954828b7615143
SHA512 bf629a3f0d4bffe47bbf97336a8fc1a3c11fd541b2140f62e06a4b4ccafec13f3b0cd786ad05de9ce6324544b1128f4db9edc555a562f614b021726e1b598895

memory/5004-10569-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5004-10877-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5d572ffcaa443966deb92d0c69450d79
SHA1 3fb606e9b6faa544c7d0a2b11ca56f82202ce6f6
SHA256 eeb0dfb5cbfa114f7a5df530250173b51de6d0c85658fa0a14086292f95d8a6b
SHA512 ae27f92e087be5693a7608e32373d3fe8a50255d60b4f245c458dc556152256226bdae70ba792e534500fceb943795986686c067b601954734c2be96609d8fdd

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a059bfc78ab352c123d3502ac2223944
SHA1 28c19b005ec89760736164fa6022ac2ab3dbba16
SHA256 29c8e1789a47ecd2848aaf4f3e2d36ea2e4a0116d097ae9d9e2cdfe5cc3ee171
SHA512 a6517aff09020fcd6a5299269f38e617e7fde4ebf6b97e674cec697b1df2ac955891f445c8a6195f2f43a5e6b6fa69b83a50bb01d8f9ac02bad89cf5b5a82f5a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 d0c7c73eae30ec93c268755695eeeb73
SHA1 08612c06e9f288ccfad6e4122ae8287fb8f8c68c
SHA256 ffbc7f5ffd680b72b4c7ffe7f16dfc13dacd40c279d881e0c38ee34db4f046ba
SHA512 9f88db71aa535a81571c53e16d63ba9aff96ae38a77fdbf64009849b109c8de182728a686ec23528462dc6503940eaaa5dd70af7d45758e6cc1cda8520d295f3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7a2d10f86f20c7bd79c9473aa2bc3d97
SHA1 5e321968bccccd08e48fc9ed930eeb412787b163
SHA256 02c97cce992133b60115cfc1b740eed852f33b85e3ae0a9f23c7703fc219160b
SHA512 bef5425b42de012f48480948746eda02d4997b22cda07e3c727eefd8cd88a597b9475b6b116142f93a95727f687fb2982080e0146a831cb906e6f96d8d05e2d3

memory/5004-11192-0x0000000000400000-0x000000000040C000-memory.dmp

memory/5004-11195-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 cf1e9fc41467c687c1b7597dbab56c93
SHA1 4c4be43c0d046eff78d9d35dbad3ba632539f1f0
SHA256 b863149dbaf7aee48216fe00dbbb709535fad30f6cacd655f777723b4b3c9de4
SHA512 ad6a074bff32247d91398ecd61efd11cc76809a6aa1a7e8aa37878e48d7ceb9d6490e186e4b6845ed17232110acd877c5f10e2a30cfd29a6a17aeea9746f3268

memory/5004-11198-0x0000000000400000-0x000000000040C000-memory.dmp