Malware Analysis Report

2025-01-18 20:40

Sample ID 241211-fpf92axqes
Target dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118
SHA256 e4d2f2a378d94e261a8379699d8eba2f814afd6b8d4fb75eae9acb8135e245f6
Tags
upx xorist adware discovery persistence privilege_escalation ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4d2f2a378d94e261a8379699d8eba2f814afd6b8d4fb75eae9acb8135e245f6

Threat Level: Known bad

The file dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist adware discovery persistence privilege_escalation ransomware spyware stealer

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (6334) files with added filename extension

Renames multiple (5475) files with added filename extension

Manipulates Digital Signatures

Event Triggered Execution: Image File Execution Options Injection

Drops file in Drivers directory

Event Triggered Execution: Component Object Model Hijacking

Drops startup file

Reads user/profile data of web browsers

Loads dropped DLL

Enumerates connected drives

Installs/modifies Browser Helper Object

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 05:02

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 05:02

Reported

2024-12-11 05:05

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (5475) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\DisableExceptionChainValidation = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\DisableExceptionChainValidation = "0" C:\Windows\system32\msiexec.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wintrust.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q7YTNmTmY37Q8Dx.exe" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\NoExplorer = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ = "URLRedirectionBHO" C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64\CNBJOP84.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\NlsData0009.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp120_clr0400.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ieetwproxystub.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\migcore.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPZIDR12.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\icfupgd.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mpr.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_295.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\NlsData0c1a.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\odtext32.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\hpc4600t.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wer.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\CNBP_287.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\EP0LVR1X.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\gptext.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\sqlwid.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\adprovider.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\EP0LVPZ0.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Magnify.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140cht.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\EP0LVR16.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\EP0NMF6C.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPZSSWN7.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\appidapi.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dsauth.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\KBDROPR.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NAR00.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\hpz3rw72.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallShield\setupdir\001a\_setup.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64\FXSWZRD.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dskquoui.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\KBDAZE.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\EhStorPwdDrv.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpzlaw71.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WMSPDMOE.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\acppage.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OUTLPH.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02749G.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MAPISHELL.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SEQCHK10.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.jpg C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpnssci.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OFFOWC.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-ddoiproxy_31bf3856ad364e35_6.1.7600.16385_none_3f3f4dd85f6845b7\DDOIProxy.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.Watcher\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.5\1033\cscompui.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..icsclient-scheduled_31bf3856ad364e35_6.1.7600.16385_none_60a8c45de10f8eda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5323018bc77ad3d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba2335c8bba30fbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44419527bfe271a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0a0ec7f77e61710c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d12ac454fb6f8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..writerqfe.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f3f57f2df0af1c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0e7b1171f7308f0\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_wialx004.inf_31bf3856ad364e35_6.1.7600.16385_none_05b60a5c9a9fe11b\lxa3iobj.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_6.1.7600.16385_none_43a82b387da044dd\KBDUKX.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c3b4751804fd072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\msil_system.data.datasetextensions.resources_b77a5c561934e089_6.1.7601.17514_ja-jp_13b8401e5e1d25a1\System.Data.DataSetExtensions.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-k..-plug-ins.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bde893cd2bcc71aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-i..uestmonitorbinaries_31bf3856ad364e35_6.1.7600.16385_none_9eb4d5fbb391b282\iisreqs.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4a940280a6fac951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8346f1c49f501c6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-sisbkup_31bf3856ad364e35_6.1.7601.17514_none_5eeeae90bbde71fa\sisbkup.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_MCELogo_mousedown.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a84de90c942afc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_th-th_103f1cd3ad950892\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\System.Runtime.Serialization.Formatters.Soap.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05a824ea7447f385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c61248adcc9a315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nvraid.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_880d3ce75d345caa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-861_31bf3856ad364e35_6.1.7600.16385_none_cebf7c64fc8468dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d4bae483184c817b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_6.1.7600.16385_none_c10c2a29895d4994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_21bf86a74f104022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc007.inf_31bf3856ad364e35_6.1.7600.16385_none_2382b73cd9ebc32a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9d99bada699baa8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_en-us_deecfefe800d0d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2dc0ab930d5ebf5a\System.IdentityModel.Resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00d.inf_31bf3856ad364e35_6.1.7600.16385_none_ae3f8d47fad9c2a7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0d9ff43083875e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mobsync_31bf3856ad364e35_6.1.7601.17514_none_f77710eca7a33df6\SyncCenter.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4e0c2004a5e71cbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_rc.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-fax.resources_31bf3856ad364e35_6.1.7600.16385_de-de_771af0c9e6a91df8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_5726e0135925cd59\iasrad.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_e8c8d75b1c4335e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-io-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Pine_Lumber.jpg C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\ximage3b.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17514_none_5d772bc73c15dfe5\crypt32.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_en-us_659f28693168f6d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sysdm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d893323239cfae53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9377df51142611e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f8fabe8ccc93bd3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\AppPatch\AcGenral.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}\AppName = "onenote.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}\AppPath = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText = "Send to OneNote" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ClsidExtension = "{48E73304-E1D6-4330-914C-F5F514E3486C}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\HotIcon = "C:\\PROGRA~1\\MICROS~2\\Office14\\ONBTTN~1.DLL,103" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon = "C:\\PROGRA~1\\MICROS~2\\Office14\\ONBTTN~1.DLL,103" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}\AppName = "IEContentService.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible = "Yes" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText = "Se&nd to OneNote" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ToolTip = "Send to OneNote" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon = "C:\\PROGRA~1\\MICROS~2\\Office14\\ONBttnIE.dll,103" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ClsidExtension = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\HotIcon = "C:\\PROGRA~1\\MICROS~2\\Office14\\ONBttnIE.dll,103" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible = "Yes" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText = "OneNote Lin&ked Notes" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText = "OneNote Lin&ked Notes" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ToolTip = "OneNote Linked Notes" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}\AppPath = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}\Policy = "3" C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOLoader.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ppsx\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\Version = "11" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB3F7806-3CB4-409C-BA3B-12D642BE371A}\Programmable\ C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\ = "VSTO CTPHostX" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{096CD76A-0786-11D1-95FA-0080C78EE3BB}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OneNote.NoteAnchorCollection\CurVer\ = "OneNote.NoteAnchorCollection.14" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{803EDC90-F4C6-4B8D-BB5F-869EA2AF2B03}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vzlom C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9230E09-3737-43F5-8C78-BC4C83DC296C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\ProgID\ = "OneNote.IEAddin.LinkedNotes.14" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3CA78EDC-E48A-4A21-9562-9245BF90CE3F}\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ms-word.document.12\Extension = ".docx" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\edit\command\ = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLED.EXE\" /verb edit \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-compressed C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vst\PersistentHandler C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsb\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BCSLaunch.Launcher\ = "Launcher" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TaskLaunch.TaskLauncher\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.ppsm\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.accdt\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{096CD5DE-0786-11D1-95FA-0080C78EE3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OSPPWMI.OSppWmiTokenActivationSigner\CurVer\ = "OSPPWMI.OSppWmiTokenActivationSigner.1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\URLRedirection.URLRedirectionBHO\ = "Office Document Cache Handler" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FD34A377-115F-43CA-8D6F-BBD45FD6F828}\3.0\HELPDIR C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OneNote.NoteLinkStoreService.14\ = "OneNote NoteLinkStoreService Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5554F805-47C0-489D-AAE6-2D11C6E4A3ED}\ = "OneNote NoteLinkStoreService Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5BF6FE9-913F-4117-94C7-5040C7E3A6C1}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{803EDC90-F4C6-4B8D-BB5F-869EA2AF2B03} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{FC8E6CD1-E6F2-4A8F-A99B-2F3BA2B3DE6B} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{096CD6FD-0786-11D1-95FA-0080C78EE3BB}\ = "IOpenXMLDocuments2" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E87ECCF7-3CBA-45CF-B58E-1A6630D39199}\ = "OneNote NoteAnchorCollection Class" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\edit\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\URLRedirection.URLRedirectionBHO\CurVer C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7DFFDF1-BD1F-450A-B98D-96B6D30BA4C1}\ = "Microsoft OneNote Windows Desktop Search Protocol Handler" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{CBBC4772-C9A4-4FE8-B34B-5EFBD68F8E27}\1.0\HELPDIR C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{760681E7-B985-41CE-BCBE-2985A1DFC61C}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOLoader.dll" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ms-powerpoint.12 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\XEV.GenericApp\EditFlags = 01000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BCSLaunch.Launcher\CLSID\ = "{CB3F7806-3CB4-409C-BA3B-12D642BE371A}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4}\VersionIndependentProgID\ = "VisShe.CVisioFileFilter" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\odcdatabase.1\HTML Handler C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{807573E6-5146-11D5-A672-00B0D022E945}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VisShe.IconHandlerShellExt.1\ = "IconHandlerShellExt Class" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\ShellFolder\Attributes = "538443776" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E87ECCF7-3CBA-45CF-B58E-1A6630D39199}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4}\InprocServer32\ = "C:\\Program Files\\Microsoft Office\\Office14\\VISSHE.DLL" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64654B35-A024-4807-89D3-C6FDB5A260C7}\ = "VSTO FormRegionsHostX" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3CA78EDC-E48A-4A21-9562-9245BF90CE3F} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{95F35795-64B1-495D-9DE7-390EECC31EC0}\ProgID\ = "TaskLaunch.TaskLauncher.1" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1148 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1300 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1300 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1300 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1300 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1300 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 2336 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2148 wrote to memory of 1344 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1344 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1344 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1344 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2148 wrote to memory of 1344 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 96A7ADBBB1D05FF58C9942DC99891B17

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 788500D05C56CF34DF4EE527C129D5E9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5B990E5403E122D99CAD2927A6D42F0D M Global\MSI0000

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding C76C575E1218C4BE3D6D32A603B759F8 M Global\MSI0000

Network

N/A

Files

memory/2360-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0cd041f14b14f9e61c211e3cd124cf58
SHA1 dd30ac530b7e998a562acf27b8278822ea6579ef
SHA256 69c9ab35204defd8ecb90bb9280d3ae4df7565e89539e5c7bd2364cbf8880f11
SHA512 687aa7f3e6036fc5bc2973698eb7a840fc6d58e6c5b87a733b9c26bb78061344ae74a89832bd39d58dca7f8eb1892c7bc7fe94320a70cb723fba52b273dbe8cf

C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

MD5 405b6182fa8f9d71b11c8e41587cd6ed
SHA1 95a0d2b64a791fd544839e76daabd4fbe96a5551
SHA256 58728119baa5e385f8e3c8e1af9a1ce60c49fafee079fa1fce1eb6166270b365
SHA512 01bd06cabe6a2319f47754231e7a5d340072f2c7d5082e72d1cd2bd96a7eb757d089b67f5e450722cfeec7d419f681ef70b93792c1c43b7b67e514464f70e56f

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.vzlom

MD5 d9a31439da128966aa82ea0607539ec3
SHA1 9efd7e4b84c05c44515b8d8fcb193f799354a87c
SHA256 e5595fae5426376a88c97250fd0792a8ed5c96c0678579b2a008c4984a3512ba
SHA512 b01d513ea5af119b809da4670da608e41ce130c7b7f3b06b59bcd7602e7cddae181def75beb133bb0aac4df93863aac29d0444fdc23836caaf2a1b04b66c6ecb

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 0c39fceea7319b7df07725597bfdbc5f
SHA1 fbb6e0aa2176b3a49821ed73b79eb31fcbee097a
SHA256 1b854e7461dd7e343b21c9a78846db34b6d55f8ba4d7c415d78779cd287c7f4c
SHA512 244471bb737b094648fe0b73640bb989663bdaecf97d927d30e31819fb6bf00687108c4ee21a208b380f4f5ffe9d808948de56ffb5dad6d67e289cbd99790bb5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0077a8e2b1a80e65b4435219f340fc56
SHA1 d695069d013fcb65c093d84e014fc94560f3d2ed
SHA256 25ce4dd701956b1d4d80eaea2b7bea4556ed2994202e7703935615eb531f9e2c
SHA512 d025d393efeb5237e0dff8d11ecf7fe6d6c63014d435576af6c718e794263a09bc12fe28fd38b56aa92594a8d995fa289010af610da5e42199d0db76f37c7973

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 86f5b8e1b6845ab0f66439521cbd659a
SHA1 51f6c889c0c9ad6ae07de35bf522c7f7cfdfa866
SHA256 f2b8209d18cfbd72494386bdeaad2529ecb12390e45f44ea10efd9fbfc0e003d
SHA512 4c74baa9cf63d7844519d5f3a6ce6eca30f8629e0eaaad4a27faa50c615661149291aeec7a55f9a3bb0b1cc29117c1098274c0003feb6b3c01a971e69bffc355

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 428c140f542a0812473a6e011d6a952d
SHA1 52a4af7a403a59a88e46e500805f5173d77d8438
SHA256 a1ce52e73432ad397be410c0c7c9810974d69d6e2d3de3429cb376ee6662f250
SHA512 0a8f3d54867db773dfadeca414fd82e74901e0c3f7d6399fc147ff39534ec4106907d67977e9eb0f19946ae562925048bc2e20aab3a8736cce74594b40458386

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 fe0a41aeb47c6b9bbc0b2fe2c055b64c
SHA1 786ed07131cddef0c5e608f007b6ff6c14192c89
SHA256 5ae261639c04ec11566efae8a30aa5d3bd2b308b6d461cdcd69b7332d21b8dba
SHA512 0e14535ee932071d1b63fb06e0f7eff5080c3ab79c7081b5bc30ff11f159e3a865f25d6fa4e001f8481af5400a1355b1b5de8e8d1a7ea7d0a2cf7bfe9aac27de

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ebf0c82b59faf0451a3a2a6c6dbf3f9f
SHA1 84201e393016e28d8bd671af3d1660564f9837c0
SHA256 11d8206d3bbfe787b8812a5ea8ec3873bfd37f9cc3a0ec90ba16f8221856d0e8
SHA512 bd83ef30638ed4bfbe3f99e202b4b1dce25089bbbd260e6456598d99a80cd72a4763d6ebde1167334fc9eec1c65a0bedf368b8f052b7d46cee72693590935ada

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f2a38f6c0796c8df5e97be70976eb51d
SHA1 1b68d65e33db5661748c89f1ca025b8d02aa9905
SHA256 52cdf7a3b7961eefa7bfd794128b5dc8b7c43928d8c6f28c5b651678c8e56328
SHA512 4558bd3bdae516cbb6968ccdaec3e4f11b9781cb5eb549f3de88d5ef3b8387d114a5d6c8b46e09657d2b67b7ee8aeb375b6d90bdc70d59e57eb9324aed69c71f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 808c477adb0ccbbbab62ef1ad6584579
SHA1 8b31055841dd1e0bb8c0833b3464dedc7fccdb27
SHA256 221248574cefef0b787e422517962df5b65fe674cf9203209eacc2f55feb0943
SHA512 4ad25a575a268869c46a7b602d71a130da83146b03aec2219e68f32f28b849e77a91ada4c82cc4c9b2ac0cd2efd985f2fa6f473179f89f462fc6cc36103c33fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 840849f25bd62acbcf0bf675a5d1ba40
SHA1 34ed53e43667be8970dc81f1ddc3d6e7627b9614
SHA256 28d6d2113dbe941cdb30b6c120bf10e0748e73e82d3ce726a85f4f438c625253
SHA512 ab33ead5fd49e5a31e8515ee2b368464856a38db9d5be869fa840238bd50f7c6d4bc04791ce32939d9b8332b838c5a05bf8ef6398a2f0e504d128ff5edbabf5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 67183c7a7ac9e4ccb1e551d9cf4b5c87
SHA1 1299870b2739c19a2a7662099ee5661b39d7701c
SHA256 83b4d8a8d8c38d9eb63cff87a1977788e5072f20a36c7e7d9bedd27f3ab5ba2d
SHA512 44d5bfb3d3146de25df447ee48bcb0af560024e3f7bd688a571f1363be162b94a8303acba40668224fb9005f4318a772f4a8a7e57f99c84031f01ab243aeecbc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 f0b53f12f6484f376edeaf85a997da45
SHA1 0ff75a13ce86293aa33e4dabc3b159d0981f6290
SHA256 68485f9ec623e8d462eb14859ed9302874cce43a660689ec93a48250aef36c43
SHA512 d6f8b1a2a8f83f72313de18e3a50967ea61ee9cf6666694548c36eee4031ded75a7ca4f6c54b397befa426573ce3f27782fa871ff95b7d785fb4b4e37fd57ded

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 8c95eeaf1d03baab171ae5ff84c3faf3
SHA1 8358bf08bdc8373ec52668f654428132fc845a12
SHA256 610006f677a538604ed003c3a6b144217e6d1d6690198df8dc4a89ee473486f9
SHA512 3ab37280fee5063bd1ec79f878ccfcc3190d38b0d98d278237ae281b6a71ba55765b50b8fc9d4e3abf95917964bb01f744af1c1ff8c20fe4fdf4858a5d7fdeba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 31bd444e3d4d171f17dd004bbab6b79b
SHA1 ed2b57ff36c359a65dbbd63a9b3640ee24e5fabb
SHA256 f8a0d2b50c614ba27340ad5e50886ae0352e3bf5df8c7b33789b2c057649f772
SHA512 3b75af5f45aa0511921c5b369e0078bcf4f857f794e98bbe2cf2cbde5f765ead111279e4544e0bd3d104a952246c3c68ec518b57bf2a8cd8f40d9591c9d3158e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 7eee91dbc05acde9f9ab25d718c6014d
SHA1 46ce1eaa526ef5ea98653e0bb449102c67441b7d
SHA256 4c7c3c5f883b875ea7137a0ad6970fe784b6caf6a94195ee5bff4a161f2bae32
SHA512 a401c4268ebba9280dd7a3364680a11a8eade170d2c4374371d09626738757bbebd816c347ac7ea9ed9b56705e9cbd96af42d8303643bf66c8f8759af0c35bdf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 3348ad410b2742a9a0ca9321834f63fc
SHA1 682959f05d01a1a9aeddeb747eded7dbd116a4d7
SHA256 255faef7ff66a812e290871acfd6e28ad104567aaca8c4b64899e944101f51e4
SHA512 c6704869307fc051129dd3662a14e22e2f7b89cd314deef7e469dd5bff289d2f70f04d87415bcd7c73df0428c40be7d0d09f0a7bbefeefd3eecb06d56adaba98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 d7bb26173885af7f9cee2bd25ae8ab8a
SHA1 755f6e11197f5cfc7e8e8b0000ff3a9c14a6d9ca
SHA256 d7f45fc8f50709c92ed2fee1f374e72e66068c24a8b3b8872ce2344efbf02bba
SHA512 697fc72e9733e7c186dce2eff029e27e059c92f1ab29969e7934f16744ef855ee3488fb03b57eaebabf426524b53c0f08c13fe822b27572b7e6b7ee69f2f9503

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 bccd10f5532b531ce9b34b91ecb4698a
SHA1 a875441a004d0ca98c0adb9ea09064c4eb7508be
SHA256 8f651d05829875c75290a4e88d6c77a42082e08c0e3be403cd4b6066db411829
SHA512 3bf7dc3f08949d856df70847bf2598f13b35438376ef79254d247aaa0220bdab28222c615e29af36c2acd17e0eb7547d0e086ff7dc0b62f4c907b07471555629

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 f5e7bed327eeddf62c7963861cdd79be
SHA1 843d20b3e6fbfaa8e19f5286a2201008e11820fa
SHA256 06f8fdf1ac1b11475a9873562fc942370513f124260b3b260a3d1558c2e29eaf
SHA512 3f865947b423907c472e1cc44a9f39bb53e6b4288c1fc6f08bea979e264383f03662fae8cc34ca217401978b9cd2568a8b0fdca2acf75f38a7c09362c1b81555

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 eaa2199a86dde15be5a0b29cb3122afa
SHA1 78f0da6432b1939a80d5e935f99209ab812e3b88
SHA256 81790040e783bbedbeba89e105bb2c7c9ec01bee41c1fca28a57372466c4d0c2
SHA512 88ef176c2efa1bce822cfe05b6f3cbacabfaff4320fe5d757a3bd5bd3c06cf7c8cbfaf8a3bac2e4034f8f9c4c1b3ebb048b3d8ad67b10ff0968efb8e6d2553ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 c41edd0968068b89540b7e561c0336ab
SHA1 0afaa0e7fbc940d4460e6453d1eecbce6b0f5055
SHA256 e0725cb3cf72d4c9349b674dc28b43f2232ce2b989c82c323af144752942f842
SHA512 daeb894fac439ae06db6066d5efed11684710547138b999fc54291747f8d1003a3fa43f9586936fb3eec1e9756723b17126d235cefe372dfa86e4ba2ba3b5d7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 74d12cfcbc67119c59edf8b23885bb89
SHA1 972603605d5c864062723d9a3566c78c5268465c
SHA256 5bad15c4a80a5f01eb44f9c3fbeab734c715ac6764d3f0921b9fadd059633705
SHA512 57c53c7cb51eee133fd7a8b6ccb95dbb9378c072ca3ab86bd1b0aa1bed28f9ee037b1a58b6b0e8b8cc99df5fe78d9688f3153c331bf22105be8969959797b7c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a1f16cc274bec02b024cf2cfffa4e227
SHA1 5c57f102961c96105baae657af88cb3091777d59
SHA256 9c900e6cbed89a3222af1e19656df8cff301e1b17a36672ef066a31fc8e823e7
SHA512 28e128028774d65f44e8d3ab8e56dfbbb0ead48ee6ffae5d658b585fa3762d5b9df11df7cd2022e463ccd97e6e75c327f0763e929b81602c45f731106b00b2ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 27f9ba74b786e7037d12538a94b07cfe
SHA1 78e73c471bba968d5dc3f4b23397fcffa56b994b
SHA256 cafd678070b0549f77c0b7803780d63215975ea01f15578c93ba419bcb983203
SHA512 ed3cf1e27c152217a8e47fb93d46cd13e42b904edb054ea9d7ed50dd285f923de54c11b178b703450c41648b2ba8bc993db24a5616ea6d39387a64824d85c5f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c21c34b479f9765e6078ea3d91bfc2d3
SHA1 60d46744b55ccb1c8cb317209cfb51e0dd2eb8e3
SHA256 f4b407b9ebc4e716713731af2b87c73505a19e2e095870cfd21da26f79bedf99
SHA512 819c2140fe629c7da12c72a2583cb559e13b5a0f34df612c60e7cc7ce4298fd20f1c0ef69d91f6f59cbaed6e93a7dddc51e4e44c7786b18ce450e11ff7d9f1ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 f2d0f28f95a991ef8a902443593b0881
SHA1 3425108e34ddc7419e79b9d5d588aeda2ccb714b
SHA256 da6a18564120d60480ba35f0fd1b4d0cb6b352895f9faf9393ba101f478e90fa
SHA512 fe8b8ec61c94917b313200d1bb6aa33bc3ea3b34efb7052438b380d97b3fb3890db7aa54198db37bb19c6ccf3041f6bb0dfd16a4cec6e195363c890683207299

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 230aec35e06252dfb90254fd5d51bfe7
SHA1 b37d010df5d8c45bc1d21225aec8ac22cf18e0b8
SHA256 14becff1023086c06d6dececcc8421a6ba8085fb16b23474d1f5efb3739dacc5
SHA512 b35cc9117931efb6b8ab03133b53a34b15304b84e5d61b7346d4869a34c604d0d434da0801f17ca32d9fd3f3ff2315ce9947f8bd70690b371fe48f9377badbd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 32548aef1be4c1f87ccfd2baf174d5c5
SHA1 360f838fd15e5d93d1183e3d3b639976dd35f165
SHA256 25085e945c7815b6b68206189509b25e32ee1dc9ce6ee57bdb4c4836ec8e9ee1
SHA512 d36345305d64eebffee2675703d03eef040ce6d75f950f208fd45bcfdb7cc1129c4fe93836f5f796a2394d3df943846ae9b51fffdaf1386ffb55b1ebba9216d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 7d34c51694d1795737ac98032868b32a
SHA1 65e693b8cbd6fd70e1424edb8787cebdb41870da
SHA256 16071e979fbe8f3ac0e0e81230eabe3f9f9d70fac5c9263acf5613e04f9f4ff9
SHA512 4d801cbec8408b365b26ea32d7640a60d34003c3b2e9229db210f35e6f9798eeff75248fce800c48ce38f861080e548518074fcbfdb78c520450c2026bc0b2bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 cd5f7f0469c52e6cfa8752d27aaf8f1d
SHA1 7f1e67741a8c8c54153200c635d7bc3c73245c57
SHA256 beef235afca4a3b47b3c26bea3152403e8b86e6fb4e087c2637f606c7003c1b9
SHA512 509784c1ab9495ea77106f39f8bca02bea1b18771a14868ac0eec034736f744d9b014c57e16f8b05c69e4f0e95359b742d3d29db453f85c5fa131b96dd36bd82

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 776edce054ab9d8e52c9fd4048b6ef17
SHA1 2d39dccffe6a116275f71b199cfb55cd65f67e99
SHA256 8da9447d8b73330b78b8acf0bf05f192b6f8d2edc94af395e29a02821eafd8f8
SHA512 edcf00d094662576dfe40e3c4ce585fd46b46238222b0d4523d411ce500e5fa5fbade86255021e61f83b74b73e3bbcfbaa370eaabb0124af58819cd3dc96e06c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 1d6561a6aa676acc3e67c3ec5cedeb5d
SHA1 9289c9630ff54b97eedafe56900efd02569fb491
SHA256 d0d8182361653bceea0f00341aa792964964509a91e34ad9a7abe598981689c4
SHA512 8821d2372a86cc5952e9191d28b33e9703ce9b87d93d408dcba4e67804d3faac7c3882b3a9af80545bf6acbe665ebd1e2e1d00d0c8767b47d01f05f7829db17d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 c302ff0b702f2642736f957b2124f9f1
SHA1 4a2ea7f41ec0bffa18a852d7ac347e0e0306917e
SHA256 a39992a90304810d99a260310a3324be08f4f50eccd043620742e0ff7cb5012e
SHA512 efe1af417b73bb68efdb3b75eaac6d8a5136371f4212da7c984d4741e05fb1035bdf36af578bd5486b994b6f796ded87fcec7c8447d717f66c119b6aab8a2d48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 bc29c10af042fd9ebb309503316a93c2
SHA1 843868c935aa8e22881e731757a2a5c347a7b571
SHA256 b723abeec08837ea0fabcccc38a47fedbfd5f085b30fe2091f9911682577bbbe
SHA512 5d61ac7cd9d9ffa21879a0d5c8ff08243b4ec872a4e95264f3f7fb7ac2eadbf641cf0cbb78194d204a9d0065b713232bd1a1d12ee7cbf1a1099bb922e80e17a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 89ca0a6c88483604d2dce9965881e87a
SHA1 a3b6b6183e6f20df7801e9773e4e67321ace01e5
SHA256 6efd465f73661aed802ad82a9ee7053bea89d82bf56de7a534a06590d0531861
SHA512 7dbc6b737eb26e60e0e5333d4a9103a225b9db413dafe63f65c637ea60588ee6c25a459c30078bc185fa9f97d77580ef9daa78e212aece7f167465cdd0ed1a1a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 cf2a619f141a7656a1e4b04985cb20a4
SHA1 acd8a8b61295e21fbac28256e7917258548fa05a
SHA256 2a3f66c1e8f12a52ac4d3e12a2da9c3b57c6fb491b70ccfb4a2957e22c79cf91
SHA512 0a2fe6b5827edff7e582a71dd2e962b9ad1507fe848815ed76f30e1c12dbd37f7694b1be8fb98786086be09be3db392b934bae389eecfa33dad2299742dc4135

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 d3113d974a80622055c3ea45457f4a9d
SHA1 bedac1e3a625653b4cb28742f8c1d535ccc13bcd
SHA256 0c64537ef73dc581827f10bb9bbfb146c78269d0340337e4b03ae9a8273765ef
SHA512 35fd1850383a1f9c12aaba0309a6ee25794e264aa5a17e928d84c0e6459f1d20f1cdc7aa91a49c14c2c2067648dac4f24584411e7dd5c94eaf983bb5a3ca050d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 5113040f4eb7725cf6ede2c56b5c48dd
SHA1 947aa81e9641f53575495da40daa9117ae9d12a5
SHA256 e41dd656601723c4fbe46207b52ef9ee56c10d2a67201855551c6ee51f5f92ce
SHA512 2a0991a7ae6e86279ba26006f0cf663128356b1aafac9567e4b87692113b2aed4fc4bb47070557d58b6afc93ef04cb1db12e87b3b2a78b939ec4c6605c8fee36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 58ef5f5ac34d7e7698e03f49a0d5136e
SHA1 f8539832bd2322f2998e2f2a8a0c75674bbb58cf
SHA256 d9feb734cc8da4074234335505568682364b5030566d3594535a3ac8f1759b20
SHA512 d37f61a1313b2a6cb9226e94e92ebc5d52b958e4a6560ad116ebde7f2c21aa4f0d85e22f0514680cc96a9555f99c2e2067bc285eb590de563be0f559fd4b50d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 8e9780e5504c5d79a9d7a1b5b87d5b49
SHA1 b2dd0d64abae1eb78eee9899db8253c73a7bf04a
SHA256 c7d6556e0048bd47b233884f8a48492ca9b76d84df04a10c9687a6d3e5f39b26
SHA512 ca69e1b98015d86be0f2748a78fb5afe351259c3519ed59de10949bfddb687257289580a25724421bf538eb14f58c02c56da2932f0ff157f7c6b3daaf3048467

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 0590934189469c4680cfa855fe3c6fb9
SHA1 606c39c9f8105235b667d13c569594a1d847d8cf
SHA256 71db1c6a88145d2b691dd9d4511338ff1b0beb399689f6c438251a90bf4688c7
SHA512 45676c774568b58ccdf3aa3a9ab82d757c8acbfa28c25adac1425b2080187101ef309f6c4601cbd026e315b0c45fca0f16d5fa34948efcb91d84b3b0d375cb2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 0786400d096700fff231739477201820
SHA1 45bcad852f25ce709e229d32e2b81f1287267be1
SHA256 735ed4f97a7227373ae5669b54777ee41bf43b546216d7ff9104030279aa1d5c
SHA512 b649fb5242cf0fb493bc7ba95d94cf66d9169d0bc36a659598eb5128505e521291c4219acf01f7c53e64645b6c95c4eb58d739645191a953cf0d49afedde8ab8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 e10dd03d0a5d1ee6f74c91b4c144fbd0
SHA1 521b82e21908a7d5520a99510c2138facd39a886
SHA256 533f343b21d2e242eb6b99533feb42ec2945728f488afb856cfae89aeb8aa6d6
SHA512 94645991b514f6a0202342a4b6869cc97b7f6ceb22527fb4a5a6c6ea4c366c3a26ee1742980cb42076dc3c8855d3b4faa46e40a950eaff983824582cfd9547d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a34b0476549a32f1f3278875380dd203
SHA1 b01033b7cf561fab385a969c09f6e61e34d13230
SHA256 574e4a69e3029d429919039329d1a2e3d42eb48769cb40ce6d7f54bdb5121789
SHA512 0d2631d795536c731da57103a84b7dfcb634d1a7e4797085013e7d7198de3abab707178d452e8bcd525cb1df432aa1375248837fd4a9ca4c2560ce92af6b0159

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 1d2dbfe75dd043b05fe71e9907321736
SHA1 7efe00c0513c17572b17437feaf27b79483f56aa
SHA256 184f74fdcbcbc05b0f5cb9f31cad03015520b1e916c85007a6b768a4f95698a3
SHA512 70f996622fcff031de03e299fb865fd1ed3fdd347ac007a2cce0e187f0ece6677aeb1c49b6f87e330f7343acfd7a8d643e153d198bd52fedd6f460df5f198533

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c27427188e74d48378fe85808c2a29a6
SHA1 fab671f28ea6d5783361c7f48370296eb7d93e2e
SHA256 7de1382358bccc1038cdbbe1866e3b0fa6c2fbe167bbd735adb450e0904486e9
SHA512 e11daeeef3c6f9d301c03c30612e03ca053ab2c1132f7e8bf1196d3a31681d4e04c11f8d1baa00acb6a2b0c3c23fd66678f33b6c959c09ac1fbb2b33e923b64d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 1f28334b0c1cdb4430850f7152d9b384
SHA1 3335b51e9789d2cf365c26718589d7cd81662cb7
SHA256 c8537d5de5c9970a0ea9158528378d45f84395b34c6f49eeabc9ef6ac31b26cc
SHA512 f94d68da5e5c52b127df7cbd2cda17e13abd0d9ffefeb7e66874cc1b4a6d95aa3a5741f862e285abef7824d7124a8a9728d3b23c4a92c720841a3306a26d537a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 52e4e350cc028f3900995b4962fe1c37
SHA1 63be067273648076f4c31146500eae6d7eeeec7d
SHA256 b436d82d76518dc938d669cc1fede5a6e88c833cc10739986596064228304bab
SHA512 c96db682ea52a12a9296a388781456bf42f92be77a3c6f7265e1f8fdee229f11197dab29dee91acfe7c0db6c93fadc4ce85cc54ef8b61078b8162f9f044c1e51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 353d2a6a2d6ba9f149e6fd6e58623a62
SHA1 d0f2b4454ea47bb2e8ce5169863c2d3634b3a5b6
SHA256 c72bec33151b2340b9de926ffeb7bc2ce4f448c5fe36c41cc690e34bfd05f8a3
SHA512 af8b4ea13053b4463396aceb8887ec8d699870a83227b4f2af1098d6294b586a3d1ef0eefc605087a652c1743931479331b2ad261cdaf73e8379ccd7ccd4ed39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 cbfa803a703bb968a974603b30a694ab
SHA1 24b7bd42bd8ebb012fcbac3d2f89a7c7f4b16d00
SHA256 4d71d106f62430804a17c469fa231491001f09153597e64dc384b08395e1d6d6
SHA512 0f4d454abfc4f900cc697ffb46dfca6abd13d43f493abc84fbb1244b7c4ba34572f86d0b878721d9f0eff1a507b1d6cde89da50d5056113235ba39ec8385683f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2340fea24c07ada44e3a6f184e73530f
SHA1 9fa5278c4acba4335fab33191201f1a8314af825
SHA256 2c2d629c2ba0fdbedfabb6fd1ba2813bc9bad74db633c8277830355d73f4cbde
SHA512 085039adefaf69dd0489f87c5c61624ffe7625c746d47dc091340e9ec9690c0a0d43f43919d95554e900c254d828b59602303f33157684a863039d81b6ad227a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 05f5839c514decd5eb604144761a019b
SHA1 5849b16a4dd9be5ff38d49ad0dc325139927739d
SHA256 95a7820098fae287f9488303656ce272967cd02e0da55c5c8705f335a49b3346
SHA512 fbe27824c61020af60cc488a6b632132b9cfcf8ac157e01cd8ba78126f8b8740c6b4c5319a8ed2a89174a8738d95799535935162d916adcbba94da2a31d118ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 18dcb42f9cdd271798935be57e415d76
SHA1 42e9e4f0ae167d47dda63462bd919c7d2e1ec8b4
SHA256 d229075f9ff7a001a9529155d901930ef25ad2920b83ae8349342064f4ffa001
SHA512 85217bcef45e119a39edf0604d0cb38bb72c51a53acb5c0ae7d60b50f32cb5b11d0c6ba8ff36e719c14780bdec77861f77b9602a3a05ad7e049a682dc268459d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 5699c939d339c04c09690856f6fb6416
SHA1 2831f338a0484cd5ab1ee2973d7988043e47ba00
SHA256 e12651d7d74dafedca37fe016e5faa4f1a2002d813f9874fe45ad1ca44e9cd4c
SHA512 626b3a2816883e49391639f9b1bc12cf0d55af34cf04479f93de53fc38faec871e86ecb300b499e27e30d781b4a587cb02c88366051436f4601d5a83dd91fdec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 6806b8282037abd8fb1c929ed52861bf
SHA1 fa1ee1dad7cbc6608a972ec76443e85b385198ec
SHA256 4470ac1c6bb7eef895bd3c2245aa85073dbd993c9f2e36704a5f712a32c5bfd3
SHA512 60f1194d9283871bfc2254ce1700b9eeeb866383a078bb72264b2aad46b21d418dac257cc3649377808ca26fcd0fa15a21e86ad83903cea9817fae78005d7422

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 43c0bfad17a023b34ecddb1764d61203
SHA1 f46a995f9d056e2ec9dab8bee88fae03f17914a7
SHA256 956c0060e17292061dc4394bfeaee529634561c92c8e28ef573ce45c2d49d401
SHA512 1cd88e2254c024955ccb69b9366c9bf768b9ddc1be8040c0a2595eab2ced0fa6b2fdb22e37f9d0c6d17c391e31070dddd34e9d1deb4f38d9f5de02e867073cf8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 93823df036bfc5bbe48416349a6ba9c5
SHA1 4a330fd927cce942d75920b896cf7ad0d88e77fe
SHA256 e579917beb0c6d3e9926383b67e9d2118ad0b9b09170e2d985c343e0416141b3
SHA512 66bc2c49583e61b05c747aa9523ce1ef8ca58c13039244364894bc3366d099408ae6630f9223c019b33714205a982493fbef6ee464fa7ce11ac4931833a79146

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 715f15d7af83b47c9a08d54ef014b022
SHA1 03a768b0444f18ef3b5aab678059a582abf46b70
SHA256 e4c6b986856a96c5ffbf3e714476f09528ee42c652bb305f515346d5d8baa0a9
SHA512 be48d11df2661b0d36d29cd89ffa05e06d3c47056cdcddcdfde2c944334f170853c3637262d0aae1ad1e185866f5d00b37def870548c56c12e1143873ee41226

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 f5e20f3d56a52c5d71464798b0d3bf9f
SHA1 17ae0cabf0b8f9405ef4f830d0b888f1c3a8920c
SHA256 29066bd06e4033042f9c3a8b4bd5c35208ed64ff75e157e00dfe095c98b92b40
SHA512 cef75dac4f6f2aea721f1c16f12aae5137f89079f8c5d6422ddc9e0dd866d51460e728d86d08f6bdd556e10b256256127aa66cb11740baf8a3e753bf630f40c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 1856a2ae7ad2d53b002a55609aa29e25
SHA1 b1af784a78b7023b7f84edaaee6592c5eef672ba
SHA256 d7f9013c2cddd4a8ae72efba000552b3406ee09cf4c9f05747b93d43174d0577
SHA512 be4c252b5ff33525ca9d43988409d61dc7fbbf16980b416545241377d8500168273022837236e7782e9968a6a6202376cfcc9df2866bf2b77de2baf033c192bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 350114fde5485bfc3bd0f0927b01538e
SHA1 a9c9db8576944b565e65eb18468a2ffe16b75bf4
SHA256 a073328fd511bd5727b870a0b85c1c92f913bdc52b7923d4bb05297eb413cc51
SHA512 fe1bf8cc20c94801767029ff94f1d7879a55c343b3f555cdccefb05cf4e623a358702c5e1f055d767b1efda4c673a10c6b2cb26f921c30fa7a49db2d6ccd5501

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 e08b5f27449dd1059db320c567254770
SHA1 6fcac2715c923f43f63c8e41ccc5d1604eb497f9
SHA256 25c9a947f57bdb8e19700555d7b79283c457c6e96d5e9b6548e79a0079472c24
SHA512 807e1656c4c190aaf8ef00bd33c4ffbd25c8d8bd497895e829977a3aae66ae8056d3dacabb1cb8a70e1789da1c185957d84fd8d23e6383f832be6bf9d693aee2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 4a7043adf00608828ee09749d44a59b1
SHA1 4533abbb190142af71be95896c211dbb4aeeef03
SHA256 e6b1ed2cea94abafb8a309d0289bb4600ed5a69f65d85504341fa88642a58174
SHA512 f8280f34542bacdfc9cf833006c91e6d6699f8ab0b5824af31c8de204b94ba7dccc43156da9151458dd17512c10a22ac7cac4fa9956f30fa553634b79c5b92a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 4545de52146fb3cbb97ba38ef3739077
SHA1 c672fb0be797df9b50ee73f2562eb48fb7697adb
SHA256 7135f986a4aab87af5f15cafacfa55ae5eadcfecfecd0c6f200ee19083e1c06a
SHA512 52d81af4c80191d5c8fc11f84e43d927057324f298f14abe6bb9f0cb6d6ea7057444305b126d869fadd68df61afdd6de7e3019b0d3eb8407f1a663a2b03f67b9

memory/2360-6765-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2360-6766-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 c43828e433d7542838f555ab57a986b4
SHA1 2ba1236aafe06e0b51d8300d3252b0623d7db281
SHA256 f6009f1f088f4e7c36412ffcb9d4a58e21fac1048e3bc2cb20edb4ee4168d2ce
SHA512 02fecdc0d8b31dd416c0d78bac331a6bf4dd8b0fa8fccb39db9a19a4fa0cc1000e598c5c61ed14ff5cda34fd4c1d4bb778038bed4a4b27dc234f98c7c26730fc

C:\Windows\Installer\MSI36A.tmp

MD5 d1f5ce6b23351677e54a245f46a9f8d2
SHA1 0d5c6749401248284767f16df92b726e727718ca
SHA256 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc
SHA512 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

\Windows\Installer\MSI417.tmp

MD5 4a843a97ae51c310b573a02ffd2a0e8e
SHA1 063fa914ccb07249123c0d5f4595935487635b20
SHA256 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086
SHA512 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2

C:\Windows\Installer\MSI755.tmp

MD5 85221b3bcba8dbe4b4a46581aa49f760
SHA1 746645c92594bfc739f77812d67cfd85f4b92474
SHA256 f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f
SHA512 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

C:\Windows\Installer\MSI850.tmp

MD5 33908aa43ac0aaabc06a58d51b1c2cca
SHA1 0a0d1ce3435abe2eed635481bac69e1999031291
SHA256 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783
SHA512 d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46

C:\Windows\Installer\MSID61.tmp

MD5 ff58cd07bf4913ef899efd2dfb112553
SHA1 f14c1681de808543071602f17a6299f8b4ba2ae8
SHA256 1afafe9157ff5670bbec8ce622f45d1ce51b3ee77b7348d3a237e232f06c5391
SHA512 23e27444b6cdc17fe56f3a80d6325c2be61ae84213bc7cdaad7bb96daa7e8d2d3defc1b96c3cee4a3f32dc464b0e05720bcf1c0e99626bf83de1b6d5aac000a3

C:\Windows\Installer\MSI1552.tmp

MD5 2af7ac092d41bae372787c21a4c81242
SHA1 29f4a6fcc0545682aecda7ed27c0c9580851c3d1
SHA256 174278900dbad135e87318e07c8fbf16b819320bb68ac5d8e9e97f745f9360a6
SHA512 f1390fcd9e08eb30b407e160395a6c6b890a2ce8afafe5c25109af6dd220994efe1b3dc1317db9ec109340e822569661665bbe345f51e7bfba65abaebcaea793

C:\Windows\Installer\MSI1600.tmp

MD5 954c7720c5e88fa690fd1d38dec47347
SHA1 2f5b87593066dac3f5a58272358b1e8e27a9dfe8
SHA256 532343ebbf4572f69673a0adc5d5737fee88aa73c1acb3b15554338c3033cc0f
SHA512 0425dc825eb9389309e73bd545a5904ff9aca9b29605ac70294859bf38abc0f1366fd119d84458f766b81cf7c9fc212d64a2c8faa1d3a84993902d6196f5d51f

C:\Config.Msi\f770320.rbs

MD5 8e26b21f36fa0ce2bb2762d5806abc85
SHA1 ec1c710122fdd0673b0b5fcd05c3ddcea2c9f3a0
SHA256 316fb8cd44ca4d9b7275cdc6e042794fdd588b4c9b5a7733ddd0c24b058842db
SHA512 c74eae453495546ac7b50a50aa5d822d3d38553b49fc7f2ad85d65ac143d5b1ead56807cd7928d2a3b4028b44fc7243b374f86ca3e55fe191079970e13730835

C:\Config.Msi\f770321.rbs

MD5 ce662f116dec454cdac8587c731d6589
SHA1 8eddb89ec1037abc45e5fed2455ee841d022fc4b
SHA256 df399450813076b175cee3d6c6e73f4d8fe15cc451584b2ac1e64226b364d8c4
SHA512 61128f9f14e6e22ea6ba12d0d4146e783541a03081af6ea4374571bc0309d7868acdd580856cc0ffa7779b946d3ab2fe755139e763f346d6bb76f48b6e0c2614

\Program Files\Microsoft Office\Office14\VISSHE.DLL

MD5 2f4759c23abcd639ac3ca7f8fa9480ac
SHA1 9a3fece585fa01b7b941e124ead0c39c8ce9bc7c
SHA256 6d66fa59407862e0fddfcb36472fe810eb308653321ca0e374ac870f9aa8cec6
SHA512 6ab14d6a8d3e9a751d68133e734cc804de2b50a7ef223d484d0f727cdfbd00d48f6e0666c3b86a0daf9ca42c0b726f6c2a088e5bb32c993748abfea7b5904ec6

memory/2360-11151-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll

MD5 75e0dac1abe0a58716fc0f97a35dac30
SHA1 2b0ecd1206d1a691fb78ecc12f8ac9a12389b440
SHA256 9682b90cbdd69c118aae6aeaa6a4dd4df937a474655012053ffdd9b4de1f5439
SHA512 074c35b17406438f53c516244ac9db54bf53213d7aa6bedef31de1b0b327c330c0c52c9ce3e3ffd514058c4630201cdffa1cd3b140fa0dcd2e12e923a68c8276

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll

MD5 013191b181e29070bf1938e9ee4bffe1
SHA1 f9d0055d4c58f4417060ed38363eaa643f4256e4
SHA256 252a1c796e9575d0f1328c4f35a42462e957338043db9ed91d92b189b203b20d
SHA512 0d067334111f5048099e7acbf00f568a9bdd1dca8426d8225fc5d32d8b103a2adcaacf82382e5aa50881b1726f035483944957daa14e16ae854fdba5ae89d77d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 51202394ec04e2141c7cb699fa24efeb
SHA1 ad8191d25a9bd89e6ea060ec99a4660ac0091479
SHA256 9b2e36a23743afc0a85113daa5df2894c2a0b06cbad634877b47ac44dbdd153a
SHA512 ca72f86a8de472f170144a5d52e55d43137f32e347a943df2446d20e73ac0ab7e0d753d9a498f0ff9168609c214e0ee66b0e5bccecd6bc694a40b608f9815161

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 199af51d820d5296b1fd2659318615e2
SHA1 9c412c1ff2fd88b26496438f284a820130b5affb
SHA256 0c57060c398e38f009b4d5b3ac7217b97159f68773d6609bb35eb121a98f302c
SHA512 54210c09d02dcbed4531f679e1b8d5434a726f0f971ce69d7d503b8522ef27b5648b75f47a4c09d3d62e419156f3513c3199ad9b562c179346873c95a26f65cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 20c8e48a9252b20dabbaae6f3f7fe964
SHA1 a6581121fa114ef0588c355a52c5067cb74a3716
SHA256 6186f7dfef7ee48fe0301ce0353fee05ceed7b850cc3f94126a98e69935c5ade
SHA512 5520ffdc12a8031a2dc36de1c51fa379e725ed67067d219e762da17fd85ea99cde9d37bd783b6772556717cce905191931eae49cfb68bcee0161be6ca9a51c5b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 935296bb2785ec1ef58a3c11cddefbc0
SHA1 ff27dbeb966e13a71a2b095e721c06820ec801ac
SHA256 d12c4d1da11c67b07e710dfc55464c1f1124885658024b96595f944ff195744a
SHA512 796158e180a11d458522400a9b458e6362b6d80a15279e3aa35c4e0075fc227b099ed6d2e0acbd43fcb12324f056ba978a0391358000537bbd313d65a213dea7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 4fd6c33bf786e90af8c39a41c2ead050
SHA1 45e3a496075b02c44cc98c01f8fc16cd57bf1078
SHA256 5f3caf10556e0104353cce87d87ed05d196347da98e719b066b91dc1f8f3a61d
SHA512 d833a0fe72da0134c1b539ab43010578ef7539f9347f369dc600ded04a7bec9bd19d0f668c5490ad0f21e5e819a0d7a338b3ad2cf37b413505a6a075a83fd2d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3bb3e74879efe4d9708bf46c94edfd35
SHA1 d4c4993b64951e43312d4cdac4c5c312a0fa186e
SHA256 1c259f56059d7fb9a3925a9614c9fd571ce1cf547373c21ea46bd18a53a268dd
SHA512 738a4fdd901e8277fdadce85f02f2a68d3ab097a90a461be25e8cfaeb3123a5c9a4fb5b1951e7d5d0a2bda9472f97a29c40baf878ad3b75cc6b0835e7383058c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bc7c7e53bfae48a660394298cc875a8e
SHA1 1f4dd4df23bab796701da467b366e7c808a34334
SHA256 0fa258fa026e8be8f4dcebc8f22157127ccf698a6b2d955aa93d987b057b7b77
SHA512 1e86dbb9b03ea9db0af476b9032d17facd369f557d578e7f2dbf11e00cd3e6b4af670945adaa72f6e65e2eaac1030b403dda998ffbc3a69eb3ca04e2072b9421

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7436d3608e39cd3d28b067f46b859c6e
SHA1 4214e7a2a7e3199d119099fb4a2840d7c134824e
SHA256 6693b0d6b5831ece3825fdc82e7cfea45cab038db6a974e7ed76a3460a2ef8d9
SHA512 469c32d9bbaff66e88a816fd4b9539ac5fb171e4907d77d24047de002b44b71de2cb367bf2566778964c8acc3f399e617b8cdfb2eb7a4bc37962736d4d58dc99

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 68e0d1d6d9415b47a56c5c3a6d4073ad
SHA1 c0b72182f24755f15bdec56f807cef6af8c95089
SHA256 1c5d866c2331d056e7a07469e17a9f9d797682081c2a6dbc049344081e2d2403
SHA512 4aa51d0c0e3057e0d69d76b2164d8cdff07961b0e1740d74ec291bf65d4b0473a201505494c531241fae1fe45e9de7f54da033702a522ae4c14879e9aecda088

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 b0405c101292987cab93a79d356e9095
SHA1 99fb0ca1f5692aaf770a00f4ad8614edf4831441
SHA256 a6cc92603530da40b321c5e6d9f0f339a699c19d550d0775ac8a56d7b1ccc0fd
SHA512 f0f642888d908bb40a199b2f5e0b8104a9d54aecca95502644174b91725cb8f32b81ac937ba776ec91132f0fef6af2bd0e05fd9b7b7dbab43bbaf65d4808e52d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5a6f634741f69a91b244338cc36ee6c8
SHA1 3516da99e88c6d9985a2a7f1d32a8676e7c866c6
SHA256 605a53c709d4bc4e011481492da730b378536f59e73c00d39be7676f51bf24a3
SHA512 eb52796009b796fa2bdb9b42eca81a806a7bf4f19699e343340bd1002fc850ddad989854b7d5fd38280c7f7182f3855b5df0475903de835b3a4f1b605b42375e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 bc5cf9c43378099d0f044a70c42a69ed
SHA1 8aaafa38af5605ad728a19fb1107026677b5abc0
SHA256 d4ea95d73287487a3a125e242f78dff93c1bab95f7f7a4f89db921a76a5eac10
SHA512 b334bcd7e5e3c4f334fd48a2f968b4da0724c0d0037075c940dc4ef4db1bd58ec58b3b0cf0c2010038dbe9f00d66c266ed8c7bd355f63d694aeca0405f169086

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 0a8316794d05ffd1947b5bfd953663e3
SHA1 320e9f674d3578204d73dbf1f4a065d6a560f28e
SHA256 f01afb5b0de2001b8569f01c0da71ac16fc6d364fa3daeca28ab481a1784403c
SHA512 7ca62b4b725f8c0e0c319f20f5e64c25413c1bb136a815a04568def2d90452fa7e7736e32e44db2d0469ffb32e61ee838f5b5cf5303e6641dda2ff336d12652d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 99038dbbfd53ddd09788e38bbdb5ccc1
SHA1 683d98242860ede5b798fe26ce3b65b31a2ed2d3
SHA256 a8c0b16698365a9a7583d222cb8e1f850d89ea8155340375e464b656f3c20cf6
SHA512 5146fed94d560b8a901953b2ba345f017d81c4a5d165574884714adc63e18147fe390e4084bebe774308bd316ff7f27b68c6fce767b0fe1242f54f6a4f2912d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AspNetMMCExt.dll

MD5 766d8ded6f4b0d238f12894827b7347c
SHA1 a37e800beb7a4c4a44f5cfd7907756b724818533
SHA256 86de7a79e2417b0846cad7b83edd4ec37c1e6674e5f11b0f299640081f4f52d0
SHA512 7c8694a3e41ecfcfe99afce96bcebb4a32e55a3aecf691d97f6516a40f53106cfcbd30e928c68fb05e647efd5a8b2771e5dc87101b9645f44e6a74dfa4d93bcf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll

MD5 f0f49cfc0f4ad68ba0664c70c17ce405
SHA1 a88f39cca24892063830229fd82ca095002f476c
SHA256 f6b2b4a4e1e35b7e515ada2151d79487cb6f896253a4908080d7447fbbd3ecfb
SHA512 8a4831703f58a13088be187220319aa38646e006a7647284fc835035ef3353f2c7c12f2fef131bdbcb435db0d1643d260d693cdb42f4417a6732c5a9f507dc44

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll

MD5 44675a54c2ae11577ebf8ee39580d64c
SHA1 b25b9322fdff2b4df1d53ad9fd2372ac0125bb40
SHA256 b7ac4ee7f4e78ca57ec94f7314f710692cd7a6cd15685088e4f6cb825cf3b891
SHA512 7a8813dfcc74cd49f3ff224e3481b7dce20e0ff46e3ba0d94c7aec9ed86230b2d3879843eeb47859d5bc98f2eb13513563dce1e886d6dfc20a8ace79a6590ff3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll

MD5 ea0228aa93e3b236223b2066f9043d21
SHA1 403906ee7e58c9328338b20d6bc8b06d879bd218
SHA256 b2dc48cccfec1a061b3030be0bca27ca3cbd6c524bab73eda180950d265d60e0
SHA512 71d715184ac79d0988725403b2672ab7bb42f1d078dd4f04cc0f17d2d12b0847b140fdcb2fe3034bdb2c59c26821af66c756c8de813a8f134f18fa7f3474e1c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll

MD5 497152ef4f59b0a3d4ea3cb7e9382c16
SHA1 059e61344abdded3cc1c6e702e450058a5ba1810
SHA256 c2a1e48549c21c0a0bb87bbc903be7deaaa0f7b30e4299fc09e9f8f92d1a5cec
SHA512 32f5568f08f403f4a90ff1fdc333f4819520178e7a79caf8ac1d112be84e6a07f080c42eade446a9728bdb521a007a3320686edfa4a58831d44410ea3c5aad69

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll

MD5 8f2501215b415738881ed1e854a53c66
SHA1 d78d48f260186908c94f04b864481a63313593f8
SHA256 84dbadae985d07c1994b313a872b2c2a96475ed3704b35a07c9d56a738dba1a6
SHA512 a46d63c66f27821dc625af86fbfaf725e8e434ceb5e36f78a25f036262fbfc3a33f11d4d754114048e18ba68355b670b13175e01e5b454e1fbd5ad85c19a3062

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll

MD5 5bcd7c1fd41b78c4e84f2eeb29a5f026
SHA1 34f2ec55d35f4a04d2b88143084c520e9f4ee9f6
SHA256 c1acb918432a78aa4c221655b0ae7d282f280b5b398d9ca1be4b0cc5f179d8fe
SHA512 d69e8e3da8d4995b919334c2c4b8884fd286879e2c9f2d454279bd8efef3914169e2c100e64b79b830fd2fca666ba9ed9bd2cedf7786ea0e82f69770c26fd415

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll

MD5 95220ee04dd7f5d0f779109cf33d7eb1
SHA1 2c16eb5e7e3a5ff2048a28fd95d71dbb596f49e4
SHA256 2e9e829632fe6ac3d48fcda49d11026225c93e0f385d70932d293eba192765b9
SHA512 6a6a3d7467a95efbc207c5b972107fe8a2dc3d21888876b3c83ef94fcf2f0659b6e8d45f32c613040ee6abbf811f4556c573e9ce609ddc2bdcf780bb13b55d87

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll

MD5 a5a097bfdbfa0c6c7c3d2cd8316b9d71
SHA1 9eae4b86cf2b271f6f2ab6bc5afee16824801e33
SHA256 4698db07d23189e2669b8b29d58b96cd326e56cba5b9c51ffc58efef99b4309b
SHA512 a4dd894db9b3a439d12f8e473b4fd2c0961bd9a0f047822018e40c9a53f1fb5d1183bd50b9ebe2db773846e037ef120d9ade943f7be368047aa283e9056aa160

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll

MD5 65b3386559d8bf0ca2b932722feaa9e7
SHA1 678ded535fe7352061cecbeab6272fe1d9a6629b
SHA256 8739f6a1290a23e014e6e4f4dc497ca1bbe546c8cdb25e52faa13c1447d86957
SHA512 05f7176603ff12f01ba5d6c7a9987b744439c609ea7abd1f0bacef800895fb8d6f8c6bd9c33e056f3a598640e2a616ee2f6058d1c7c766293c390e65332fbc76

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll

MD5 446cf9eb73e2716c1b60748c4803515f
SHA1 6ad6bb0b4c17d73b1d6067b2d8d5c7b40f4972c8
SHA256 9ac76227154c2494bcaeaa8728619f4dec56a6ffd08c42f632bb1e4b33c662bd
SHA512 a337649a43f0a6d8f7e7b5b92d113c6ffcf8842f827e9f0b079888dc264759fb2fd337225fce84ee0fdcb70b71abdef48e56b89ca0efb17dab3df4fe807d4710

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll

MD5 82e6ba471863fc194b498208b3597b83
SHA1 406be9bab2469d8d09204feb891d318a68bd7c10
SHA256 5f0c36770a21d8e9b12bd0d74d5aa061ae3eae30a9a85af87f9287d6dfd6b6e9
SHA512 f4c64b506b8321120ccb0d1953776510d19120511564fa4e77a01e5d487d0112127bca5ef41c7a1a544d0ae1dfdd645cad570cd5a8c616490460a6874df980da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll

MD5 d5668495339e3251b7445dca363f3e7f
SHA1 d95e89553f374e1f0549b6998810252a812eb872
SHA256 4b665744bf8fe8b811544bd9e507a1aee5be35b8ce3e6e45d98549638eff8ac9
SHA512 d02371a3d3565e7179732691cd3c78fc3acbd7f5df446221c92459c573ac21d800355041167f68f32833da7e2974d527b1f8910b7be8741973f06dc24f028c3e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll

MD5 b20142b46eddbc29c37c544975a808df
SHA1 af843317a50bb2c8e39f47276325123e8e8a3620
SHA256 c3a32da86f053d622c8da0c71cd50e16279249347087e8121294b1ada6a52862
SHA512 a9c93a6d6902e808fe3763b871442d5046792a662c0dce906490dc924a0fb82eac88ac95ecb7aca736dfeb4c0ab1988cc02a1bcebc250e3a7767260926da51a3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll

MD5 aa284a834e6a91a3f26e12c9348015f4
SHA1 59c6ac77748dc3b6743b6c4694ecfe74d6230d22
SHA256 309b490427bd351f4561273c9b4ed8cd3aeba02b4ccb656f54294617141786e1
SHA512 3f0a2a0e96ecf72a3dd23c8d9d368e6b0fc88e9ed208deb9318406c58344f8a82cc0fb22c01875eb1b82d68262b82c54821d24355b4127c2f378fb931523622a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll

MD5 74f55449c60305fb801dca4258b5f98d
SHA1 88dc4adfe4b2a9caca21173fb9069fed2384f8d8
SHA256 adacecf029301006bf85da75b055d6e8b7196858dd0836839145cae67aad241e
SHA512 0aeec0d35b4b323acc7ec40d05757ec327384b529944a59172319386b5facf5c2574f89cc23e8c2d137eae92ac7f483ef0524a12922a66b45f8c0e4c7ee9dc64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Win32.Primitives.dll

MD5 5c9f7be41550416d8d83eed96468ddce
SHA1 6f40f740945250db5e9a262f840f29c78813009f
SHA256 5ecebff9b98aeaeb527a662ca0456f57e08b5192c0385d6b1d0794cb53b8399b
SHA512 bbd098c8393ed3433ddf0263d14fe4d7e850563008dd3e7cbe5c6564627447826d7c39d41bcfe2324156ca3af692844463f15aa2089e14f3dbe08ea02dff35a0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 c894cdd6671aae499b2bd08ad325a077
SHA1 fe4e9e7a7a2c80e6f457f3b550a5aff7f0ccf1a5
SHA256 84fc7c931d835727c07074d00932cfe864173a3789dd5743409b6c4b7b7e885c
SHA512 3ab14f5a5f164fa2a730a6f11d098acbf9a55965dcd5b1713cafa76cd742e445905c5114dc426af55ec83442d8fd915d82c77f58be785c119abd88a0e8429d53

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll

MD5 98a3ce5f8497a3e9157e3091e2feb1ad
SHA1 c0121385970ade30c6c8123bcfabbb0e3dd67788
SHA256 1789b7e3f462331aaea4d1b07e29bd3062b8005e2eda20077bf6120488990f9d
SHA512 555dad99165950b639be0cc6354735df6c1c7e8258adfeaf582cfc284a9fc1c94fc2a32af261b77d772ac6c5dfbc90319bc01149d176f088b7c8bce7308506bb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.Dll

MD5 865d10e8d07bda4f3ef5bd62c65f62ca
SHA1 61dc487519e10297e377883eca554d62c74b76f9
SHA256 48239260641ccc07136128c3318ea35c29a22a1ec0c0c2ec000d94eb19137713
SHA512 3c03f8dcc7112eabf75f1510716ddc392c20d37860c81c14309d34ec484e6ee178216560e1a51549ed5b8f92ab45f7e60e5c28d58c1cf73b82805d0c9f032fcb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll

MD5 46bcbab87eaf476c72137038283330f7
SHA1 f20dc324982dbabd3ba4dbfe4463589f607af5c9
SHA256 5da44cf6772cd224b22932e472d79c0b35be536ddfc4eb67ed558874807e4906
SHA512 d748c0820abcd4a13cb69068ac71ab41678cba314b8b2c8eb392246aa9e343c1bb1a784675b1ce403ffcbcf58737b41187ead1d82779d53d5ceab72424cde5b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netstandard.dll

MD5 914e9b70b1527fb662c8ac7b497e8874
SHA1 2fcae354d0fac80ca511b237978745fcf1fa6c23
SHA256 125c5d441a2bdbbc04c1e57dc50aa64c596067290c54c9ac84d4daf4cb0b24e8
SHA512 463be7d557414ab60f907f115301123cd76c78c296d8deac8e79a1dfbd5931c1e19b861aff3d412197824fe23e8d0de4876eed1b80699cbfa1788163200aed46

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll

MD5 c29de8460e5cc80ef46ad41bf09cd6b5
SHA1 ad3340784ebe84ce4b2c3b02d2cb972bb50433d0
SHA256 16344b2b1323c272141850bb4ecf765c3ea77677d3c139a6b2715b607f478f22
SHA512 f4795bc032bff8fd8718880bdba3c8a94a0dd0c899c662be9b5c8f193d3d5906c3a04701bb1390b5015a4fe022c753dbb3a840f0dcd483465f5fa6720ef664d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sysglobl.dll

MD5 baad0b933c7233776f48c058106a23fd
SHA1 c3d65be930a7750a72bc8f2c1a482c4ca3eb33c5
SHA256 4c44cfa82d77425899a0ccb74f7e3d4ac08e45111d7ada07650a385125d8d47b
SHA512 675953978fcdb6c5d7cc287ea09c93743193529138bc4a7ca2d8894dcf98775d6fd68a28e6dfbc0f0698c418f7d83aa3e1260d3d957b92a2cfb42a4f6b64fa9f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll

MD5 02741de7dcc4af347a78a4ea38c0979e
SHA1 ee5314ce4baede76700ca326fc55cb0655eec403
SHA256 12d35b19d8015114590a6e0d369192e0e6430d96fea5b4157abd34d9958d4692
SHA512 93c80fb70955c3819657615d0c8322e942c8426ef17b10f22c415d1f3f8bd7fed37b00ed368f4563b262ed63538c59e711ca42ab0bfec2e27826bc375bc52bd5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll

MD5 364f19ada095c6f2bbb27b06f8cdc278
SHA1 30a3ac772e6f010fee59be46e05dc1110bc78810
SHA256 3cec63fe6f0d2f9e45fa64d0384c2c7e42f4b27698fea66754a19321b8eb50f0
SHA512 8703e6b1ba7c31f01bbec91a3b9c0e6c42be06da69c406c24dbc9b75b9cb4fe1f73a6fec43e756ebf158e100ab89128637b06d1ddabea7b2be4dadeb15023c8b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll

MD5 5c26374224b671fc01c86284c90b0370
SHA1 12733bf6c1ddfe6d22d56519ccafed300013a310
SHA256 d823f2b50f958e78d4dbae92ad504c4eb2c480ec0ce18133d75bc9e860dd3189
SHA512 c3ad4383ff057a6a9eeae0caf1c45ab8dcfcbc497bd12246703085cf74eb5d488507bb66f0f8df918681c32e3e5be87e72ea0ac3f1242df10f14adcac2e01857

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll

MD5 9638ddf771026b6b61f9221035ffc965
SHA1 676aa64cf05c1a47b7ed1e26b361123e0b569c38
SHA256 df061f484cf5bc6404fd2f195bc7c0433d0ad6e17de206608ced169369551abf
SHA512 bba014b83a923319dc2b0babc1e361770b8e3c0c906666b40484dcd63b3350ed5419119c9a7f5e7f7ed0409dd8d6017984c7e6ff8a8b91372afac9fc9c29bc8e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll

MD5 adf9c705ecbec1e96c008bb1192b4792
SHA1 450910bbdba80000df5285b28431312409378004
SHA256 bc6eda1b9b782a40e73da8eb68ab55287d41db2e744d5cbfeefbe20348dd3466
SHA512 89f736d3a68e54a65449f2b0699e9a532ac010385e1b9a67358fa0805c20d2cbb7eb9b6ff8275c24c57cd32e610314b598a773b88426eec185e76e6e600c1fdd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll

MD5 99cd57695d68a07bbc08eef576f2696b
SHA1 ab8d00624f6aa0be8de9204ae28f5bf18592d710
SHA256 ad864f7f35225489b8bc0d42a90737ef2c9930f4edd1a5c2f7cf2d1fbdd0758a
SHA512 b3b56370a8c5f49d7e3af960687a42569ab0f75691fb38fc5284e1114bae3fc9e4339b9fc1a7fc9deca1d1b8267ca2883e3b071af87efa9b89181680c23fe1ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AppContext.dll

MD5 a127e9417d2858b4d7c33cea315f50f8
SHA1 e82d3283271775e72da1fb81853fa1a53b0c9e86
SHA256 3bd0d7fdb095a086783150acbdb08effc5e23344603fc50e715dbc694483f0fb
SHA512 f98a3cbbdfe45ffce8dee55c13bebf1143708d1f6cf3599b590d2be7da96b99226ec2e82000a24265ea00b06d1d901eb1226c6ad4488e4313b9cc00d82be1ce6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Concurrent.dll

MD5 699946ac283974fe2b8001a4bc0f5fb9
SHA1 09475e16ff13eaefaf7c296bb21b8d5fef0298f1
SHA256 ad6e96ee06f30cc3bcbed3b2b59a1961dc421af50a7f5c7146f3705f3b7765dd
SHA512 2fa749c7e255b4ab2618efce521e3470c9a0f8cc7512dae28799952dbf0e5c6b56a1db509345e531c0f2cd691717aac7c4cec3a6761c10eef7de9833a34db98f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.dll

MD5 92ac9c325bf900e1ba268c3e56b98b54
SHA1 f14b46f97d325452c51b39511e09cd2753ec8fc9
SHA256 a2f690f96cc9f59c4c37c2c237e3d111aa2a33cc0517bb75d6de639a2023e35f
SHA512 20b1c6dc6a1c9e59c8d1fb1cd92dea29d8587da8eba64e87400ea4a47a3ebec13f204e2c2719a1eca84d2f5841b7d1d1f5ee5b62f34d993297c905b40f74f400

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.NonGeneric.dll

MD5 f65a97f78dd14ddb05b6e6931392e7f2
SHA1 39ba3eb379e389e052754e8badfad52dca81fa6c
SHA256 d1d562da7ecf1f901f14352fd153616b6c4e5b0388bfab120a71ade0ba628b71
SHA512 e7b5fc388357fbae47e7f9c429b974801ab9cefc79b89445b8fbeb734eb2a27b762b2163f89e7257b4055d650f76233c910de962d7a33f72b54f33610682665f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Specialized.dll

MD5 ab60be4ebb521fda66730bf7f1b570ff
SHA1 624135f7db1f5f567d17c415d6390403d204c45e
SHA256 9b5696f61cda4827231253181ae11cfa2c2ff9cf6d12edca4a4892cf5307094e
SHA512 a808e2f179e13c206ecc36bdc04d9df28d83332a3c5ba64939607a34e16b6bc20e635123b0b875e29c9659bec20d35fd8657ea1b56580d8764f08fe4ae44630a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Annotations.dll

MD5 629a963868e9879df6e9de7b717a173b
SHA1 9ff4bdb2dad22a48afb76678c89af4b28749f954
SHA256 d2d45c0327b36681b8367d929e757685700f4b493413eeacc14d1babd5c37908
SHA512 4730331e8449dc108ac7dfc3c34bcc804f5ab172bb291c9ccfaa3edd8f3547c998210cca2251ebd6eddb00f168133214c8fa3fe2a9c19436e0755648dd59d572

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll

MD5 ac6e628a6beabea87834d6106e3b9d46
SHA1 403fc47341afadef9295c98ca6394a6a2b556948
SHA256 be62111c2e9e70a3f015c4e766f817ffe8037323b1da30c6254c57f823de3e6b
SHA512 42906a1a752af9b6e44b4d73091088e61febffd6265f990672c245a8fdcd3868b5e4780fd69ccf239bebe94eea13938a3e3bf6349fee8c68a8c0480b282a7367

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.DataAnnotations.dll

MD5 8502048e76709dca1b35e5b080055b36
SHA1 865ced031698efe0abfda1e656a3f7135b9a520c
SHA256 08bbcf5c45154b1d7192c3f7895a614de3e4a89dd97ce211312d6b39f5075ad6
SHA512 e405329bb611c21eb77f760c87fdfdad313ae28992207161f69f8946c9c690e4172828945d8cd7b806f6f57d196c07f6382246434f2f11d6118cbdac553acaff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.dll

MD5 3d27f7afa1993218a2851e9193e5dc75
SHA1 736c992f0b9da3f08b1f844872be761622053a86
SHA256 74c395cd267a0f6988f5017d160c6a7ce4b636d7496d34944f7b74d4a3cf4646
SHA512 f903720f191fae0e7bc9627c7625a0894ead3fcfa78f6a32378b5a5ab6a17e6ebbce35aa0c91cef1490326c85a03422404fe28d8c945a0d0254430ac528cbbd1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.EventBasedAsync.dll

MD5 c3f6e1f604841db1a20ac624595df861
SHA1 b8bdec58f37b32cecb7fcae300d9010bd030f537
SHA256 f0ef380abccbddfab321a38e99341bfcc2c7219f64fd5a3c05a83da28ae8319f
SHA512 e10feaf9fa17e9fac724d3286af10e6e4cb729f77b258cb84992a1de2c58f9d766322a4f617a68c93501872fd69880ebd14204eac7ae79e19d5b1473a65077c5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Primitives.dll

MD5 ac628e08b4bd15730c7b34e7e1b00413
SHA1 dd92f7dad70022baed6d21bc52281ca4065a8dbb
SHA256 954ea2c6e6a404c4bd1484941b8b75ecc88b0fbdee904ae07f426a3aefbb3212
SHA512 bb97ba647e9a19cb9a68935b7f96514938bb624b859f8df6cc5409341e0fc4d7e2c46b653347bba5c9e88213242524323b24ed96817556d95b73785cd838658a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.TypeConverter.dll

MD5 78aa2dc03fb0305e04d8fa45efddb6ef
SHA1 273eb8fb959673aad5b4f6ab2e688e5c07f40a02
SHA256 d462fef33f544d997c7f20a3266c18a1bec3432c73838eb4cb17a83a54cd69cd
SHA512 34ec4571b82a98f80ef50533d9cb21a266fcd672aa5ce28f780e69c34b0502505e6a3268bd905a80281828bad499188e782a011db28b729f7fe0b04644bb1be4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll

MD5 7a3e6ff4c1c5682f0e5d0ff1c83c76ed
SHA1 819e21b234e03de3185bad878c765e9028777144
SHA256 8a3a22396d135d8809eb942d7cf153526d8a9ea04fe1caf4e09881d3f228e86a
SHA512 b89a50454655c4a1b3b6877de16efe247a3b15742968b2dda34456f033f10f9319c83cef4d207ccec989619b4aff68166ef68d81079f1dfb8435fe8478d6ebf0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll

MD5 6baa52a096a28fa7d2bcb46dfdc91a98
SHA1 ab6a5c4d09627dfdb30b4907bd074c8c9aa8de65
SHA256 3c92d1330cd79aef3ff3a0bf83b3cebd3c7dcba1797ccad7a41406637d468ea7
SHA512 4af4295c69c1bdbdd8e3b54ac190c64b29dc1f604e29a3b786c83e788eed7ce74e719302dacdb3c35631a369919ae05bd6a28b5c6269a9f8ac3fc6feb6fd3c8d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Console.dll

MD5 2a368938d531e84fc4a6e334a2a90813
SHA1 cd5a423fbdc24943635a4258b589e7cf00ae3464
SHA256 c6303efe013f2b3d83d941e0b3281fc967279c790f4c84286b29f7b8682001c8
SHA512 554885323c3fb88d0ee0400d047b4f2c6ac4255cf2ff0bd7bb3f1b7a49884a3e1e7235162e8c8096f3a637fddcfa8c1cdbb27dc104f1c4d99cfe30d5047fd1ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll

MD5 1af1d9b81812313748d7c94177709c4f
SHA1 39325a0aa5df43fc61e7a9a44ba4b091833638b9
SHA256 f6883540bd01ae64e399685fef2671ea3a6f21be283c54efc430d7f748da6427
SHA512 a64495249aa5bdbf4733c52b9e859227032b56be6fe2846562479ac57170c46d0971640e78a123b8df15c13e197426540caf91a6a6683e39e431ea8de9438b5e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Common.dll

MD5 def64cd673f0893f734636407c724584
SHA1 a8e3eb80a3130556e540230c4880a3314a68a3e1
SHA256 930c14e9dc7705183a1240c3b0c6371c7e265cfc506777dcec29447e9eb3a43b
SHA512 0c3cdcc84c525ed0e9082822c30f925827ef2784b538ac66d8d8d5fce87ba7dd0fed5d15da86fff33ebdb2c1edb03937bdf135a67cc8fda967c6f9210c728586

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll

MD5 e10f14c50d80026b14d37104fcd4e5ea
SHA1 86b1b90c12340e6375cabeb6e991b4d311e4174d
SHA256 a89d15ab43dccdb36750f20e1e7419a7df8153a74abcb2244f3c049c0116e1e1
SHA512 392b47484a8ebaaace16aa0382f6a786eb1a98b9c017eb50acbb5033eab863297d1e51483102f6d24cdb29521d9eac2551d8e8ca3b16ddd6d0d4f0e7f75591ca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.Design.dll

MD5 ec5a3ff70a65ba2cd03f27bf6bf9c4bc
SHA1 3fcf121006f7fa6f1c808686a9abbbb04d0ffe75
SHA256 63722070925a77571c8a9ffdb38d9a6367312255f93ae0dd0a73ee9a1099f179
SHA512 c23edcaad4aa0f842d2f253944fa0b2e6b1612309e88c708fe07624b14208697a8e32bc7fa20340ea8cac3890cb1c491fd9db809afd8a1e5be694175c921bd34

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll

MD5 01c06e4d4ccbd120709414cc0f9d86f1
SHA1 37e68f682b68d1992d9063b3906095a2bb060825
SHA256 8552e6fad46e18df643824b2a00fb6834122ed96fc32fa1e64ea7db7cf1e085e
SHA512 bfaba521a40e64f3aad83c1d9d9c061031d10d64079de79bfa27d53b39b044a794f39e19f23fa37c2f6d9ac3dfc30da9b0d19e2bd88bc0b0a04a26ecffe9231f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll

MD5 5218a1c2a2f47dadaf965ac9a8766e89
SHA1 8451077e166cc41196face12ea88d304d12a3003
SHA256 c50213c26cd74ed2aece48103de9c87323eca4e000fd8508013ea43426c969c7
SHA512 72551b68a7e5d38b814864fe66d3703c09cfe7bc39fd5385fab541778253219bdc02cba4e58aae4bb69b2adf08dc26b8ea9d03300a05787404484fef6c84488c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll

MD5 7b627bdf0fddcb8c546422dff2f9a581
SHA1 e3c04f27a87bb0dba71ba71c8ff9dd11f179bf7a
SHA256 f2f88f474f87f0b7ce6bf6f94ee256403f918f89b982d728690384e38d07161d
SHA512 977e8dbf18a3be1271b991a13ad229c5c87cb8e7f73e1892be7294bf32e506d81e10d975a4eae872ec0a210338a2c246e92b3990f5eda42391589f32aa0ed0c3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll

MD5 85393ed417393c4cd2fdd4c9470f4598
SHA1 2eb133531a2711edff8b9cefbdeba1af8cc7f443
SHA256 b56ef546d8f901f737b50ef04dd13f6daf8cf9801e0f4f236919d560ba323483
SHA512 4421a03ac620320f9d5be041e614feeaa257a20c88d0c36795283fc278e93d1c03d9f77ea64af2cd500812b04cdcd0199c96debc00158333b792652312a4ca29

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll

MD5 21d458436448719ec95f46b0d2cb4516
SHA1 72ccf3eebfb88948a1bb22f2b3fdae4a8328e840
SHA256 ad1a8cf20dfc542f20e74aa267f6f75766082a031a5b02a98d972665a5f7fe7b
SHA512 ad473b2506454d044cb110a6853d64ededb946a6605605293aaa98cdd0c2406697f38e48cb0eef3ce5493d340e823af86fc2489756206d608a74e5d3c07022ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll

MD5 3a9278a289c316d721cbe21c595606c5
SHA1 24646f24878f4ee70f408cef2f034b742570925a
SHA256 7182883371c85936910567e0acec8ac10b70ea3293f8949e1c396a887a8c8b8f
SHA512 1e8ac74609ce1ae9f5c1ec282f2418194c690961d9b6ca446f81d93475a23f0c5b583b1e6273f8d55a119e60eb4a0e045b209aec57fbe29567d4157c530f1d2e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll

MD5 3c0a4fc3475a86a8712e96434f2da965
SHA1 c7d5d71abe03bd149e0cd6b9dd33e7e3051f4019
SHA256 3bedf4085d2936ca7745b795dafd78294cd6fe725b7f21069a433e534488e00e
SHA512 5315727269b161da5c15bf56fdb4a5fdf46d11b799c4be59196a8a2da12b37845d394eabefbf44a1a02ccd5be5e29428e0f72a4cf0c310c5e9b42364c92d6bb2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll

MD5 fb6ca31b6fc1dad140c2742814718fa3
SHA1 4547a78ef2e3a5c819c153cd900db3136538f1fa
SHA256 951b6b5bf06d093a41b1989dd4166f2846bda106dea1e3480eb44464b485cc87
SHA512 47507fca54aabbefffbf65b655723c8cea15d7a3c8ac20ea28cb8053520db12ce162c09ac14321c95decab718d29078752f1864edbd04aa5a2de793861f32321

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll

MD5 f93c6a724a9bd79daf3884caeca48737
SHA1 2bf76e016a68d92bffe11dd219fa1c5af28f1044
SHA256 b395c3acbf9ba13fd77f3fbc7663f2d7bb6113b52e88664e8cb50ac37a933439
SHA512 197bdc63269a2c2a47c54adf20a5e781078c844b860ebc41c4f07a5517ecc0adbd13687e4aaa8748dffbd2b5c0b69e28f30d0ee37c00cf28825c0ca46378ca06

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.StackTrace.dll

MD5 2a5ee23fb5e1fe2b0f27dfc77e408985
SHA1 7931037967ffc88cf23873ffd424b580bb0b10e0
SHA256 452cf1422900fc3bd38acfd80bba4b194f0b1c8d31b716c77ed02bc6be49a8bb
SHA512 9bf1a92dcfafacd4f81871ad5710d8e07bdda696e265a6a0b30731568727f2ac279f3ad505191e984e4b0ca2a6d94945a6367364974f56d4dd3556fdd2ef03b0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll

MD5 48090502a1674c8ab701d9dc1a01ebb4
SHA1 b3f5f28d89fafcdf9ee6424f25aa8e1789e878d0
SHA256 1fbdda9ecd147dc7dd4c9d9d3984cccf207079b76b0474c8d124e1bed6945437
SHA512 4bccb4f6c315f88a9664dfb41d686bd57247ab282e4a7c5d2e3648aaa2218a753d7b65fdc24c795e6473ddd2b34b7d9a15ec219047c136c761a56ca0188a01ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll

MD5 1148e23254c724f5e51475c5550bf4db
SHA1 5518089722afc99a9369eded9665a8209455b9d7
SHA256 4a6b975d54b206ac65c2dd79b26546032c3717403ce03daa576c61c988011719
SHA512 856fd94997b98d38441815297f8bda1a20c3af2c132e1d5d4f1e936f723c03eeedd1b10a0e05979f634af201a830c1e4b34c52d309b39e0bb591b3c382619881

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.dll

MD5 cf96a8619d9e311eb50e129e762753bf
SHA1 90cc4b656ffc091f8161a1bd20e8345ac3711826
SHA256 d7986aaa7d940043b457932a93f32dfd31b8f512f2b0f3cae491d23b3603c21d
SHA512 4281b54a30618d40d47be021d6dd2eac36ae374787961daf643e2277cda4d3b3296f526343a17cc9a5397928021339b36063365f985fdc01bc716af1afc5433a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.Calendars.dll

MD5 70097bebb0f624f480b3447fc385efab
SHA1 7af4c18e8488332968d14c48cdb6c11ea2f691ee
SHA256 cfeaaaadf6e555f0871f12b10cd51cc1dc7332bc952d050e25f2517639aaa2ad
SHA512 dd0d7161d4841a55d28822f72489186910c9b9a1e947d6b8f84a0c4820b17c2a7c120af4ced1282abd461e614c2007247b8136b45f731d67e370d8cdb8f9437a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll

MD5 d0da258c75785ed9449baf5eaa34cd9e
SHA1 77c7eb34dbac7d5bb697226020bb0227bb1b2be0
SHA256 d5d1eeeb25a6728a456df90f50aee63c56b06609513109d24cd42921d1a194dd
SHA512 cbdc916d412f7a0908fded9f050acc02905d8ef69811d7c7a60cfb7dc7a6c9523fb4075e730a619aad58f98286ed433b42ff6451a86fec7f63d748b373a74959

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.dll

MD5 1d9f8111b3acf205903473aa70e51364
SHA1 ea8b5e2409b6a42b821302cfe69801cd1e97bef5
SHA256 532b9d1609f31144e517cb8b1c525b02f2b46e6f1a34028ac38f6e62efaf2711
SHA512 a923ee58261ebfdc2021fdbd52d26576f2aeb12dd338e52631381e5fa6a59f6e30fd6d73080e42d3ca3349fc5e1077b7ac3d949de0d8ca73fc9caf9a155e0003

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll

MD5 622390459a7b16f5209029fd39c85b7d
SHA1 6041c01d92afb2812e91743a80129710e981b521
SHA256 8f30db5aca0f40099a358997b4e7022d6ae6127c56acea8780880419a347e300
SHA512 28ab7f09de56b92a6f00aaae6e4dfd168adedcf4a49f042d6d31062f54f6f6da663d85ba8e1d3a1bfe28f73d6e17456e74e5062682275a3e9ee63c0c0b177899

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Expressions.dll

MD5 234ba7caddb72652c24813778b901445
SHA1 c350e4f3a33b953f7a405d3f803c5213ecde94f5
SHA256 a4c762e795845af5977f2f888d78c27fc3fe8f27e54e9c30ab7676ad485db194
SHA512 57661c58fa8d88b93c8d01b654f93b70e1652a97eb62c8edbd11c487c629926cdba0fb6934b6666569e367dd15f689dd0b707ee4d9f27829482b17d0bb6d87a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NetworkInformation.dll

MD5 e4bd59169e3337d7faf96c191e14d366
SHA1 4bb06ff8b8ddfbc6449f4e1b6f3a2734b82c1215
SHA256 d4e0118789f81f356056ce051f09897096edd7ae4ac0e39856fedfaeb8672a89
SHA512 949f363e03142525b28f7016b60e2d6729af493c8a4f48119ed39178bce9df60644aaeb9d4cdaeab8f8d7f000d21f0504f9df61382877f7fce820cdb7f4bacb6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.WebSockets.dll

MD5 65ba876a983699d079cfd0a002e6d207
SHA1 4157d3fef26ab71db74151a45d337b7b14c9eb03
SHA256 bdd0e4c21ffccf6a444f623c20e02e249b43ef1cea529ba7f1cc7e2b4ed2415c
SHA512 42aa06105634542dec2e56dca407ef17bca8cc9034ae62816d7a5e60bfbc1ce6e29f01737c5a7bb8f20ee3dd227dd612b4e5d0f7fd5c1ca73e39926d56dc919e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.Lightweight.dll

MD5 8acf88999d7b5620fcb976233275d424
SHA1 8c4fe334a42099e1b77f731adbb97ec18f661ea6
SHA256 17e4930c106d0ea62df523163853cee0fc84dd38d2e1b1f54cce03c685d7cd94
SHA512 8bcb461a8d825f7b210fea82ed5b423b59430f66be71a0e21e3ba94bda9dee037152b5fd2b0b9dba5e8b9596699b7afb736425837262ae8f7d5833ec9ccecf98

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll

MD5 7628960bd1ce2d69ac574c532563d946
SHA1 d6e1ba94d654fdb45de102ee38124d322cf58ee7
SHA256 eda7812046e8d22ead1b6f09dc70584a8b60384aa9e06ff473ce80ad0be96434
SHA512 f577aab4af49f14343c77b0d1fd75937227844fede1a805b6c70cfc600dba844fa536e9f431e547438432fca9bc7113270bd8b7ce921f737628a600765e57a06

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.dll

MD5 744daa153d9a8bf60ed0ca1858416efa
SHA1 c0af73e3e0fab12d5bd42be074b03693b28d2e1b
SHA256 6b878efbd9a453e1d0bd017f9d874d7c9566c69ce81354ec0ca0d22fdc128790
SHA512 b9b163fae462c50c6b948a5a8bfcda948ca439bf45a2ec6954086c204c4bf6356bffec03c04fed437edb96bd90e80c0acb94ba69102edce8df1a840723e09273

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Csp.dll

MD5 ac140bf354edb99362c88afcb0af201f
SHA1 cade424a04a4a7c73d2707cffaf2178ace40e1ee
SHA256 5026930de9823f8b5107198e892349c7e7a4cbd1d6267f179d618a180e27424d
SHA512 f26c78f5514318716ea2aa88ea7a4ac86d8e816cc5559b3e4eca3fd53fdb8ad2edcc2a36a8271397394d854a5a0999d616033d6cb4cff908624ed94d20a53a09

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activities.dll

MD5 1222e22202e6ecfe289a694908d43530
SHA1 5f0e6a383923067346629ca3913e1ba8563ce504
SHA256 8c00b87c0c827126d1f550ef32871b00f39facf95a2ba450dd3d99bff08c7b8c
SHA512 4bdb63c0ad17dc1f4f095f459d9e41ef59f9e4ac1f6b21d78034fafac0a13581e2a7353f3d80a287ce11332a182b126b35506811f3621611eba54981b0f1ac9e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll

MD5 d2128aa53a410cb67066a2b121505105
SHA1 afcde05ed545f7594510ec699b95da5879753cd1
SHA256 8f6a641da5daf4a45d98923d59573b74e9df6dee0955555455bdb8d0ac1f40e8
SHA512 4d25eead6f6a721dbb0cb2e34cacbde953714bd058e541423b7ea44d7c156267e7bced5a714dc4719062525ec5b5225bf4e2c9758cde3f5a62e32357a7bca294

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.dll

MD5 a4ed6ee7b2b33f5d744ff2317fa753a4
SHA1 ef71aba73897469e5bea1f978a19a08e33d6e413
SHA256 65206632fe2adf794590a99f915e1f402748e90b9b26607da6b65444884d40ff
SHA512 ef1b1680cd482dfce5e84205ca51db4238858004f7fc29087ba60577672d7dd40c726a2a0ee7c1462df588b705acd569bd9486e9f360e514e0b5c4e888a35b62

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll

MD5 ef75dc7211e905d108e75ac19fbd911f
SHA1 144aeb5adc6ffac01cd3c250e25e885d205fe6d6
SHA256 f10c2d13044585fa0f8c128116f20f033f5963f878dfc280d3cb4ed983e2fa60
SHA512 7a8ec2ba37e64eb4708cd3fecf68b8e3a858918b6134434fabdf98ec0456d6dfb8735e08b9b3aa3eb72261321877e42e1faac526640698b29763217986d956d3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll

MD5 cebd68c0ef40529c94d5827dd0b145cf
SHA1 bfacb1cc76c1786b9b0733575014f42848f914fd
SHA256 fef3beb7713c958c4ca846fad53ecdc0af01cead5181977bee3185087abf0165
SHA512 96295fc1561f259a7dab167b5a44bae79c49d4d30983ef965e3392cf5718e87500881226c8ca36dc60b2c394525a733b82e5632e1bc723dcc6edbccbeb8fc593

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Routing.dll

MD5 325630c1a298866e8af7c591f3cde3ba
SHA1 64d8d431a2c0876176d631f8c304cb9b12cccaa7
SHA256 2568b2a4bfeb4b5d5f11b595320b583ea1e64218cdcf19f67df9c8a722a367ff
SHA512 860a23a582eb34d0e2bbb7295e609968ede87586b34c631632ace62125022276ad903f22dd202d08226631b9c0500edafae95d1a81447cb40d8f0535c793c849

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll

MD5 487dbaaec71ae28f56d54c4caa156d46
SHA1 c70b929f7d81abd5800bcff0030e2364dcf55471
SHA256 0effe37f447e4f4b6a184819d820c94c917b898464558420035107f4d300ceab
SHA512 42883acf3f67dc3cf5a8b378def9813cd3ffed54aa4bbc184cd364176268d87c61bf1e840f1435aa7a93e90584101998f0f702cc73a4c4a04a31bb79af430926

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll

MD5 9b1c58af617ed4c9ac7b4bf236c97791
SHA1 5b39bf3561bb81031f005faccee1250a6bbcc64a
SHA256 21d0aaefbd63afaab12eaf064190639936efcced4ca153094538ee7d2cedf968
SHA512 3ce23b646aa139061da9c840df2f94b43b88a31941a81eeaab03c6d40183ba933eabaa6f37ae78e7fbb367f55aee7f31e9cf7a6296a2070ab451678286c590af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XPath.XDocument.dll

MD5 31f2ad44991da8f7ae244f175bbe02e4
SHA1 ef9955126fc06a5c5da47303bd4a431b886866ca
SHA256 4fa0a6bc8c9358580bfb9736650c82adac070e10661a416625fff548698f210c
SHA512 8a735c00505a934bb88bfa82231658a8dd23231c6bef7ac35e9164fe469b68bc7321da0229e43351db02e926159acf4a218146b4481083c12b6c66521c144f0f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XPath.dll

MD5 da31ce82373fa7c8992139536b3c554e
SHA1 c508a6b5c125f0eca2355130933e275310345c8f
SHA256 a6a102de1c065094473c662eab925fa32950cfcbe79c895be86f2adbaef32f68
SHA512 3df68bf00d72d4373608a212d2317cfdadeca135171fa6d2f7e13ea3bf61fc31f6fa67c93d6fa62d3ed5a081eb988d0451fae8ab6da7c609ba205d78133776ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsLexicons0009.dll

MD5 845a7127811d2ed68f2e08197ef184e7
SHA1 b28c51692fc3b752a44421f557f78a9fa4d44242
SHA256 d451f8bfd5872fac5a830870ec63984bbbdb3b12c41426a3d3698b94e2e42b27
SHA512 39fe324286c2e627e7787c45befd02234aefc913d75ad586dd4b16a51b9256e6a3fd0c7a40d0284356bb690a9a743b8de947a2af2ef67f444f2688dfcea363c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Aero.dll

MD5 c98a522816b7bbab60ae06975bdb4fe2
SHA1 eff26e53d2ac366fb5b0ebe3ae0cd66f1c9b2b16
SHA256 85a71d2fc938874c1503e8919477e37f0398c0b49e7493169a8f08a0b58fd9aa
SHA512 84a50bc83ab4cac641539bc3e58a77a05a0792224265566e927d06525b73cc6d9724ee7740032a02472b26757d2334b64a6ecfc2bd91c4692be2a5751a79f8ef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Speech.dll

MD5 27c5c4a171fc94acc8a6532476866d09
SHA1 4cc0251788d2babadbd8ec0849d0842c715adca9
SHA256 f16b653992a104fa450e633c57b4d750951928ec5ff243417221353a08075c7f
SHA512 ec8addc5809dd2b13af206c144694aef331673be90c1e54203b0fb8ed4b3eeb0045bdfa1e6c53ae1a5011ac2726054dea04ce11bdabf67869a9b7eec4272dea7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsFormsIntegration.dll

MD5 e850fafbdf8c7c7d5b495b852469a94a
SHA1 69c6a085aeec7dbba2208a248855799133a370cc
SHA256 3ae2df66cfd055d5eb865c5d457d53ed9868d62e7ee2422fbefbcbb751434456
SHA512 8798317d05de0fa0067378682c052527819a38502f74193ac388a01c35f8f539545dbec1676090c2a7d373554649a2632c086d6b8d473be15b89f3f71a13d4e2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XsdBuildTask.dll

MD5 5ce8031d7cb89a3dd96ea1759f7826c5
SHA1 4941444be2bc272921551c44b6ae857a8e1c4fef
SHA256 e18d0d9e8fd600daf13c63cb14d8b075e0da9850aae5a6b781218daf76683d95
SHA512 7dfea787960e411fa5bc43735e16c3c581f27e7e8f29762534eb53297741f1fb2490ae02df45fe8a1c610f9902921c4a4e71d47447009d9cfa0d693bebab1e70

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll

MD5 61eff7b4b45ac1e5c76b28c445b3b708
SHA1 d779b545d5153a4e5127fd84c47763de2161c726
SHA256 583b15d11f1fa253fc16d54e903dfa996a38e47c85a72a60ad39ad5f6635eb06
SHA512 aa2eea83f451c4850d6894df229208e158ffee53342d3139f57d928e271d0ce7952780725df23f2819ebac9f99dcd426cfa231832c87450b347ebc162df9b5d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll

MD5 ed0dba9173b5ff5c87afe8e77e7a017a
SHA1 567e1a3f0715e7dc2d78365828756ddd82996cd5
SHA256 97f0f0f7b944f18c6a35ba6082e4f26c1e5c440fb6a8710bd446771aef111047
SHA512 49bcff0d85ddcd320baf2bb7b8d79d3ebffe4d30e2112f04e20105c86fd8177dcf6e143b098adbcd350c947043b821d9506325a65447477c8445145f6ff824cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll

MD5 5d3c957cedc3f28f6e1841de3dac9fff
SHA1 fa96cfa32210ac659185cf6d5d05f3c99f35b8a5
SHA256 ecbfadabf6555764668400825d39e57ef30d6b1bcf37b211e1f6156557127443
SHA512 af4f9b8387e514b847ec888aa4da01dd3eedfa0a76349d1ed229f1b315f864f088e4f6a58efdeaf7f86288c07c2a968486ef6fea36e86eb8f3344dfdc1f706f7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll

MD5 b53b5d984bf6a52c1ab65a5642ac028f
SHA1 7d3fefb1a418d6af2324396f0353ac7eb270ebe1
SHA256 ac99657c070f29c14591ae2b8afeed24e0d0236e806e0df8706c46fa16d1ebfb
SHA512 bed45e18d60e68f95fb181fd95083ce87e45775c8ffdc3d72b513e256df6b433b75770f59ea1fe7854bcfb672abf9578f3aa6a3d2534530fd8d1a622ff4e39f7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll

MD5 a3daad092956c49176be1cb322e97596
SHA1 664c0fcedc419f0f3991da65d791fa773db39134
SHA256 e1b22ef417a0b64a2df6fcfa9e72b9542a24f851f60f7c369f6fd5bdef5526c6
SHA512 f297ae6b24db9a748c828ee75b04447e0bf98f4c51eee40ff3eaf4b7a1805767c97643087206cfd08d8f57f5d4c16f8c30887a5dee82c01d51fe6881715df3b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll

MD5 d1b5ff851a093ff0cb60bbc0e15b9e9d
SHA1 ddd885830c728c3a1c9c6e878fda9e8c95c35e43
SHA256 db0e9f088c577dd8377f43267dad0fa4e4fb982291386d406f8e6f39d601a3e4
SHA512 ad2c2ac2fe7e71d6cf2ed93f2ac511c1d2f5a64c292110fb83597e48eb68d999418c37dbcc0a62c67a61b6172a5c9e881994e98feed8d1bc4069829d4ba5e018

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Presentation.dll

MD5 1020b7b625da6c9c2781418bee15879a
SHA1 3b865a7ed0917eefea5b8e07ed37b1b867406f95
SHA256 296471875bab75cb49447d2121ad8a4d92efa6d6c93ed12203e7a4b46661748f
SHA512 7196323e7c6850c78e16532f1baf9f8c4cdf126a7817d4ca30d307c6635258c8908dc112b1fe5667456c5a547c52e1f561424c0ffbae7b22c770badd681ace71

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll

MD5 5fd63d1082a7db586e13d160aee50a96
SHA1 ab8c3803ab87643b9d0b05a836955bd668de7858
SHA256 76213bc45051966a176e5e8a2680fc2c06b45ee30abc8da60f9682416a1999dc
SHA512 26426fc5753cf8278fd456219c9bdbccd6e93ae0f1bdb484541b6d316bf732ca769d1389169098ba6ccc68456cd6160a990e331e6972ac4a826dffe3f8d814e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll

MD5 70d64968c8d97140dd85706df90bac7f
SHA1 b16725ed5a1bcf7e094ece8a914dc5fd8efc6b72
SHA256 f54370677f6b30d52ba0595248d001e63a6fbe32010df4744073703b9f03fe68
SHA512 46581a24a8aade12cc55a33ae68bb6f3059f53e1a013dc637973d9b23491b46678b2675db83d79251c8a45a238674e1955c293ad0725b5073185c0f9a55c2ecf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll

MD5 aec83d1a1233df8f102825be94ac5e33
SHA1 08b5da3d07eed5c16e69c0b3f2163504bf805712
SHA256 192ac9046038328615500fb1c1eadb34ad348597ee25d16e42963b3569d19816
SHA512 9ff2b9f7cfb8b6d20a2717cbf4d793572d2a2b4068824c54acd7479c079ec551bdd9dda86503b8fe9201cf8e4c5c028eb618ae79732c9496f0cd63db25dbfe8f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationUI.dll

MD5 0c00f3eb892e4c319c46832a9b50b307
SHA1 a42aa662a1d437b5a971ac957f7d4aee3b1f5a4a
SHA256 92542cd8332cee06e98bc2f42921f53d2e47ec88f8d59597e6e7488645123081
SHA512 ad6bda279fed6783388e013c02de9cbc15efbc9664a8e328b2a560463a650d1e0f21322c9320f34610c50b8bf01633a028d548f0bf8934a21082fa4b10576907

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Royale.dll

MD5 925626b75fe1eb145c745aa0eb5ced09
SHA1 da7fd4d380b317402a9f02f1f569d693a8f84545
SHA256 2b68cc18dd5a7fd16c56496e4da76905f4e765be6d0d3aea467905a67f1581a2
SHA512 9a016a413cec85cd281283860fb370ac7b84a9fe4cfddb6431168fb753d68ef2a7b1613c7de6cddd6939e776f85a334cdf479bede942ef888b172fb409e779ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Luna.dll

MD5 49428f38bec8ab76de0042973f0b33bf
SHA1 a2035de3e8875a5a1249fee1916cb2efeeb8908c
SHA256 4ebf84069403f802207e4a822bb0f386c806a66d0494ae4d06fdf3adcb567ab5
SHA512 3c231165b6fcf8a8e32c3b1a015add1d48ee117140c117f86e37a98fcbec4d5eed5999d7276f4f4e2736ff517e9760e833e3de9dbf0513fdb214793857e72baa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll

MD5 22b03a6d6b4fbdc0cdef19690610e3c1
SHA1 d5a30e6486280764ae8849dee999322a4f70b5ad
SHA256 f37f80ca4d71928df6a190c5610a37644dc41be8508b88e0d067a14a2045d081
SHA512 e160f85839f059589f127ce8986df67e19a26d1563007f0ffac4e89a9c94002807476a93ede3e3ebed03b54c00b0a3c71d20c66c458f67f60842165c18b2a1e5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Classic.dll

MD5 df91ae39618a5ca2a1997cdab74e3b17
SHA1 0733d83ab88d25bffc836c9b5ac3c3b6929a0396
SHA256 6a4add74e829654f7733e696d93947930cfcf36f856504227cd9d3bac4834d1b
SHA512 8b1bd82faf93b437ff1c3f7a6289ff0f2a00c65721f689a87c174156dcbeed0bbf6d16c85af91be59e399251b2f121c2239c58fda23cfa1ff16bb7c8b460f0e5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.AeroLite.dll

MD5 23fee481931f80e7a3da51bf5e55b041
SHA1 10af4e7637993eca7128e523524af0c836a9360b
SHA256 de7f70c06acbd9cadf8987994c89533825106566173bda8d321fa565569ce484
SHA512 c86c9a394e6a8667da9e18d92b7252cabe3482e6b82abe7f2deeb84107cb507353d333bc1bd2e2d802742dd965c7a88207c36c90f0fab5b0d10fe09b51e83850

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll

MD5 368c2d8a7f1036d62cbbbcac7cb5dfbc
SHA1 7e262e6693ad1bcafad24c38981c0677964f4c9e
SHA256 91c3c9b7d898e71bd82ff4bf4e5c6f33aa49aef53ac266b6e5e9752dcf283800
SHA512 013e77891248fcea16bdb0bce588ff294c9d74701a1d34338382d19d564058469b001c7ec2c23841f20f767ab380dd9bf4a640cccfce6ff3870f9675ad02783c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXml.dll

MD5 224b73b03b966d9f9294f1f58631cb59
SHA1 c3488a1349bdab30d4471c329be7bdfd0ab84c99
SHA256 07fb64447f063f921663b6bb3e69a2fcdd088c5fa8ed93cbf4820041966dd006
SHA512 2618f7688d1692e111ab157c01e4bfd34f9ba9e9385ebe4ec3bfb11b8ad624ceab6777f7361295bef92ef20caddb808690c8f659f38df25d0a06daedc32edacd

memory/2360-15050-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll

MD5 69b647bb47f1384e1bd43b32022b4784
SHA1 98f69aeeca4189c55704d4e2c8973f19087eec29
SHA256 ad7db0873ac41b1fb9407db897b2295ac67991f0843d19fdcadc4f21c3758739
SHA512 ade7c7b2443c957eff3a53646a7fe3f80dc819132933d8e909998c5ebd4c7dc9251b1a3a6741ef0d8794a76f61dcf299c0e43ea2be47bc63eb163916972bb1e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemData.dll

MD5 f7294604e4bda98d7b2c56a667927b0d
SHA1 c69e65f5f519b0bfe8dbebbeca3cb93bf3f4bd34
SHA256 2402988f99953030b238b051f114710ed4124f3efdd8671168a17d5b65927e59
SHA512 eec35721f8da2aceddce2952905842be9d8ff7e05949d509ee59e67fe31af842356cb1410923d6a2f4791301d5ddbbc164f0c7d1c4be4c35f3768f7c479cd602

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemCore.dll

MD5 8e765998ee039c31b2ab23b8da35cfcf
SHA1 547a7448c3872c8e7eac6a7e36892055f66fbaff
SHA256 631b77fa796c8657bacaa875e15a2b258b2137b713ac6ec47abf72324bd21996
SHA512 2e790937c1abce60f7e2401621ae35e4fcf3a630bf51404c66714a7a6048fd4ea2a6647c78708507d7fbc65af890cbffce4020caa17033cd3e0a475c82a761d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationBuildTasks.dll

MD5 2f9dab25a90b9fac9f78ec7b78cba5ae
SHA1 9be0472a725941b02691b3fe40ddb21f1b0d1308
SHA256 5f273ddcf3070e8a84d4c0d38d9eb8f8c24749e132c1fea53d87226c92e558ac
SHA512 b3225e3eafa024b59698d5b49c248a9a082c79286b30712ff692b996fbb1a6399d5730d1217cb3f5034ddc7b17ebf9c168ac0619e59d10aba3d4d934e6640d49

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll

MD5 31eba83343185a8b979be5766d791058
SHA1 95d6729bce4d4d46b7477164695e6d4cf6955724
SHA256 e486d8dbf447f650b6836a354c5ab27e847ea5ab4b23f0b8967fb335caf47d3b
SHA512 36dfcc393455d4be390e74e6f086898bb96593d8810e8d6d33ef549283c9512c4671d392bba057ebf8ed6b426f520ccf47b3e5a6ad0ad90b35ed53d6c6ed0693

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlDocument.dll

MD5 42dfca7d95662afc3fb589f9c9ce0230
SHA1 6e8b4ec86505e6ddb239ac0e996df640efe9823a
SHA256 03a0492a4e8853fb8251400991f62d8ce167421964835bef88821e69b9d4eb71
SHA512 110463df4db0c116de6e234018974da3dd980a058d182568f68eb184e2b01cf93ea4037914abc775a80bf160e0fbba42b84266e8f7bb243df5e2d424fc312174

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XDocument.dll

MD5 cada9b7530ee1f69956e5c5c9c1914ce
SHA1 94602e79b7d0178ccde0a68a57092a4859992907
SHA256 8540f084bb913e92c8d4b942b20a97ed7cc89290ca97e3c18a32dbd83bf4b456
SHA512 d5c05ad38c9048063dcda9e10e1bfed80edab720d96a8f6f17d0517056c2872afe4476cd41657d8d94f3100310e6f383d75fe203682ad38b4638b87b62d48c4a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll

MD5 99d97980733b4d8fc93ed31079c4147f
SHA1 6c71a59aea2aec4415e9e83994642bbc80a75ea0
SHA256 d0a492625d4def94d720bb95373405731423cb4b5cbe6483fd8688d51d8cba04
SHA512 1a62456710522240e4a4647d6dd6ff9b039766ea897a47fa8d268e5a1b860e8d757c645250bc6844cf0da4ee4b6aa708c05034e1907b7583c495a127572e5527

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.ReaderWriter.dll

MD5 3f8624c9772625e5c844465f32e83ba0
SHA1 23d8718c62bdbf12350a4ca984da1b650623d2c1
SHA256 79ed4d6eb587f4c354ef968c2b28eecbbfdc1eb11a908e5e0dd46c1ee2ea887d
SHA512 9ccae69106b5e7907cb3670b7318c055a1e94db8f29c02451a465e8cb985bccc86a2a2661ed4ac05e7c033649ec66a5f537ac0e9d862f83053ad53e08e011a9f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll

MD5 8c95951c727c97aa7eef6a6c839b44c5
SHA1 cab00ce3e92741785b8220db6eede217252fa91c
SHA256 62115f96cb7a18fc1f7ee5a1927ed5566f91b48dd9cf9a623d957f9818f7a25b
SHA512 28b6e937329f2d118f6a042e717d844909dfa81ad6cf4d4c07ab2e98702dfe959df0bfc411ba559a037e47b61ccaa1e8f69a423b44c9c9b58a6064d5f8c91382

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll

MD5 990d96d86aaf8dd79b727205a518080e
SHA1 0fa4308f2588443b8ff4a03795e64f3b83d7a154
SHA256 c80e6c58abe92cdfa701c82eae1868e88827f0de9320064e0e7433703b193152
SHA512 191f783576bf2e4765f43f9cb2d19e5f6da85aade40b9aabca7c8c291cbd91aeba4c4ec98c87dab2f16b8de47667f497ba25e35bc55191ea09acfce9467a89e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll

MD5 04eb80883956609f44129147b20593fc
SHA1 8fb580b822a60f68f980ee47e820842d22d0eff6
SHA256 3540d986b846a3c5f69bbcc3b536b42a8849aa789dae9feddc49746c04d990b2
SHA512 5893c06663dade4db954f5b2f868b0444cbc23551be43044d531d477e86959d229433b8f0166c17105872f190c9d69dacb42c79647c4358baf690ae19327b1bc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll

MD5 b43f7869ba1997fc277054b653e806b3
SHA1 90317858d1d216f6c1216b5ea03ef37ad6702da2
SHA256 4d92b85d671b14f36155865b9d1740b5eb69ce04a1d6fef376c6e70566549341
SHA512 0ef472852ca1a4064d290819d5c65067233a55bb93158dfc376c0193f9ca6a041e23d085cc1601d202702d4dfe83373d451812e948cdbcd64e3cb50ed04a4f14

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll

MD5 a8fd95e6abb9968fd7a3b91964a073b8
SHA1 563eaeda120fe0bc3d28548f794d950f3a3a8bc4
SHA256 a3e21c46a1483d2662b50adf50dafcf9a0c3dcf785395174e4180bee897f7e45
SHA512 edf9c802883943c9e496a30611460982d40e1d74441e9a1c8558dd9d8c98ec55fbe68cf7a9c6ed215fa245cf423c8a39b9735fcd55cb22464ac24d2e91ef1def

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll

MD5 1c8a7dea71261cb5591300cc0f4d124b
SHA1 488487ec2d2248da848a516a8959491af85fa369
SHA256 26ceb1eca96105137cfe4889007d01d743d358c872d310a792dfe7c2cf195e0f
SHA512 5cbb84ca6e1fbd30fdd52264d6896c79711696ecba1c07f40a6208b0f6daf8eab739d57b5aa3aac5f0dc88406da5dd89316f6d5cbb5f39d9099dc2b25d8fcb1c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll

MD5 738d10f4f549fe15c89ef459c1f47f18
SHA1 d68d9aa3579effe7de1d85ef94e7e79b9ab1ccda
SHA256 67f03203a8979a898efedd589a09c9d80fb91d98007778dab520f53ccbf3bc7b
SHA512 c0b2df37cad18e7b834b0819136bf4378edcbbfed47070346d41abda07922eefd0fa0459e6f77871ae01e152490205397f6c58747126f0123735d84906dc533b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll

MD5 70c121ed2590266127f1039e200af081
SHA1 a255dcd6b0545a424b3f353076cbf6d9cf9f02cf
SHA256 9d9b59494fdd3d02fced21e74c052dc18cf6ced4fdce10edef1122a626fb3306
SHA512 faaea8485940e9c129abc61a3659221b565dc135f12585b636c1ceb6cc0b91523e07ab325e9eb3baa063ec785d2b8ebc76a95525ee077c63de2d7515283a7e8f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll

MD5 a260c5db59ef6fd757ae4324734c6cc1
SHA1 426b9fdb04cfa147bb4b46461e32a24f8214d0af
SHA256 812e35222fa97fc91550dc2f93adaf6963bafa03b753476a414f3aeb91a33529
SHA512 efc3cfb10c4676fc5c99173f30ffe2b961086f873dc452d44497dc433227712c95e9babfc2b3fa3a84261cdfbde1fd5ed158e3085be09b621be1fe5c8c724a7b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.dll

MD5 1d30967db499125b58b01a6d706ce8e0
SHA1 001760dab08c47ba46e800efe446bf65e74017e2
SHA256 5b26f89ba5ef07c84eba040eacbe643560d691df2add8d0cc015c92b83804bdf
SHA512 dc80d63f2cefb454e187c6a4f3bd5dcb042321941a11c5ea59ade89d50c33a0673977a720649d55bca43c433545d79a1cb0ddebecbd6df4f9eb8eed538471ea0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll

MD5 81fc7704ed82ba6153014490859fc170
SHA1 65b3ef6d0e4f3d1c95ea076d858ae40fd26c3a25
SHA256 e64c1df2d0cefebe7c1d95ac9b8104e64fd3a65ff7bbe8936e6ea208feb5e5b3
SHA512 e3239c9f145241f8fbe16828a25f6688993e225faf1d4b015a2fd7a16c7ff67d0243c3b775fed2b8026536985220389ae7f9702e81978170202e889419263c68

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.RegularExpressions.dll

MD5 0a2d32a91565d68301f2cdea54598c64
SHA1 09fedf1f572bfbae0339c071ff42e87ab183a64d
SHA256 2502e4ad7e64467f3c621c8256a7b6d85ff31c9dc1323af4fa5faa977d418ab3
SHA512 c360d2fb2b1c29b8317133a8bb8269d1c1c5926a08fde11c2bf95c3edc33ab1bcb4bf5e8ccb123d4b49e1f57bb9aa72bf5f94915acc6a2658bc4062c59cc5074

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll

MD5 6798c50099e28da618cde617f440b0e4
SHA1 8f18689395a7f1ce85aed0397841c82dc878a1df
SHA256 4bbae608491de88c9fc8ff1526bd9242f4a77eb12da325fc32fbebd20afce6df
SHA512 b8501b52621ea53646dd861559d5aacdaaabb2a54cf06853b9d45b0d7177458db53b9c6849a23f689b86d5653e827cee2b7e897b0af5548204f5c86dc066e3ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll

MD5 f73192664fd77803ceab46c9bb52edef
SHA1 5d85d059edf63d075fc7ac336dbe85bd87155adb
SHA256 4d44aff3e881db94105402b7aa48e9a57d912883e58352b5d599c9560d1e9894
SHA512 d90e6154a68b8337d81e046e7fe70b4411f5db1255dd0d597358f5409d50f4116285496c12982da43b4a93cc19acfeaf66dee687d0f6ef8ae8e104cfa9830bdb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.Design.dll

MD5 9279bf247afa809b60173bfd312b6a5d
SHA1 9731aa8b768c5140c0ca533492a6521f842c1dbf
SHA256 b8ec199fe52dfcf20e93d6e4dab97225b3fd213e28a8126e901dae0fc173fd5b
SHA512 8f212ab00426268b21faf89ed0db95b487f83e4545ba4953380697dd474d1d9562988c4d6bf0456becf980d687959a2fde213595d643ce34272169bb53cd1ce0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll

MD5 8f71e3f452722fe96df9802dc5c46bd0
SHA1 8b0ca23568250bd8b64336cd62702ec5803afb9a
SHA256 69c582aa03be0286c12d44d86a598d9120ba868ca7c6c99e4c93ebd5f875d13c
SHA512 768cdbc859b741e50d84dee8297122ea2bfa1ef06d00ce7c6cec8595841a862876f547d3258281e5f447636d08fbb14178336ea408c94413d79775183bde6ef7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll

MD5 e2f98cfe8a40a273caa442f28162c2a2
SHA1 846cd79f6dc4aa934e096ef051915a695ea457ec
SHA256 ddb129229d7d12b53dacb5e77d6d93ae09ff000b8746f4e5d99e43ddf974e2ec
SHA512 153021ac0836384c4d636a37c7c7ec0dc8234bfacc1d06385664fc7a5413f83e6d196508e414b5939f8b5bc89ab37a6cf056df58ed0439f772a65865a9a1eb9b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll

MD5 3a7e408178d774e3d451e340edc3c99a
SHA1 aa99a4518b89981a8103111d7a8387fa3c809532
SHA256 488e327e504147defaf1f0ddeea3d8c2760ed3bb7db8a1686ac174f1f58dcbf0
SHA512 b25b73c38c1ead27270ba2a047661fe9775687f64758f66b3b8e86e4d8bada256c93943cbbcd54ddc3c037b8d31f5efdd916f5a224d83eded85be05f3f0dd0ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll

MD5 8d3e025bb8670d4dc9b44863018e1532
SHA1 5f64c981cf8c536b6ec48643fcafecdc6d6f1191
SHA256 4826fe2f1c506f3c55da235afdb817db93fa641c7687499a62a0762e37e8891d
SHA512 e3b2c098e0b181b7eaa7339e5681ed746b5f8a6c72ce1bd53c603cc7b6429f19f550264a8380ded815658b9c99d5725e552368aedde32028ed1d0a75025195f0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.Design.dll

MD5 92fc417834f25473c0699d20f28f7f90
SHA1 e96e9db06e3c8ac838dac61eef7fc138f8908f3d
SHA256 a387c53400ca75f653808967b14cb6a16ea895eec92a31781801c2ceabb21b9f
SHA512 904291607793256febe998d7aa13290b2fbd1e2e5053617d5c988caa6e1a52f2201892c02d3f4ae21d478388ccfce14f86371b93f6c6509b7b36522a517bce20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Abstractions.dll

MD5 ae76d0bdcf324fae841780e7ba76a146
SHA1 7158432ab3913a45bd8c12c54775d6c6fc5761d3
SHA256 4ce1ce560f278cbf168ae83a7b27f3d356b06c2ac2f24365cf2b88231ef2a425
SHA512 8ab168bc7bf78ba26055e30f1b3e36e00c3d0e6401523e3504dca35c0fc09293ec01d71d194eef0b0543fbddaaca67dd1f2e10ad35308a604f84bba7e9f37147

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ValueTuple.dll

MD5 4b0c81295fc1d99d93275148a872c408
SHA1 554869bc0a6d0738b143cf2fae935fd252dc86ff
SHA256 ecd1a7dd644ee3976c2f505d4d7bbe69e6056c2f7bca67e84fed2ef6e671c685
SHA512 d76ba3870d8050739b45b65cd050d74839762c3b25b9f0ae0135e92a6fc3369a6825e62ff658a33e5816d2baff583d0ef6553ae842184c1b40fd51b0c723099c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Timer.dll

MD5 ea09016efa90517b00c2770857c3e062
SHA1 f5e5532787e322bb6ed23ec59b22546aa9bb64b9
SHA256 9f1934e73d841de37ddb448e2b93dbc77057f3a0ab1aad74a6546e248aa02f08
SHA512 51c99a21e04813869272ec361f3d99c5d7f1e3c1f8e387bafba0df5f51641b22bd70b265586c6529132d404feda2014f211ed49eaba8e4b03c7df56e337b82aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.ThreadPool.dll

MD5 d14722fc4fe6e839ea750598a7ee5f83
SHA1 181b2df58a424e9e2e3a0f288c4825364a42ac74
SHA256 b7ebb6b226d2b8df047694232c2dfce956815a83652ce695d1c75eeef80379d8
SHA512 2c035228d8170302b133e91cd528b28ca482329ea12fac1e160fef3b2f8da47f3ebe5099736464ba854fd7280f7abc5a507d47bb6e1183eee040695fb03820ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Thread.dll

MD5 aa6ccee2b857e599a261f46b0d6a7f14
SHA1 a965b054366ddc5b105cdba4c445350c7dcf8cd4
SHA256 fc8f3a6613bc2925a609dbf6c4eb2ec9735697d8658dd1f3b1fa391a0a0cd5b6
SHA512 47d5d914e97833c93bed93f61819f80c504b15a17545b3c7283069413090bf824c5feb8a7e40b3a5f0b1d60e59b9292a022e32d4888c7721d5ea70c9301fa964

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.Parallel.dll

MD5 baf9008389ffe218b08cb3997934ce08
SHA1 8acb903735dd85f43f937a8bed461121c18e35e9
SHA256 0267e8fe6714e598aa9da2d8390ca5344d39d4b49b2f97e2181fd9bc26943fe0
SHA512 cad45eb73b07879db973cbf0adddf7ef3db01aef5dda21644a5a464f96d8d5d491ed60f1b86c6bd2e404a9ebcba982904676ca4410f4bbb94a73089491a40962

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.dll

MD5 444c9757e5eba389b7cea18307b50f8c
SHA1 2cf9dd29dae2467fbb2d4ee3d5ee9df1c384728f
SHA256 678bab8843db02f25d6e689cbd20215cc8137a19fcf5b3e68e26e5410a5509d0
SHA512 3d2a9c9d275e4e72f3773f8a500b939d7a49ed56bb160a6f6eb0eceeb8489e965aa8d9bf533b8f7c784738d2ecf865ff408f12efa36d549d3677195846efc812

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Overlapped.dll

MD5 c0c0101dabcdbe440b5e6544cd7c66a0
SHA1 53451b56c96b83bff3bfcbdf839b96f12a195435
SHA256 10b3530c46ca5a1644342e78f52cc295e8f913af0847b05645be67886ca4363d
SHA512 e292f253028ef9b37a9fbb38836dba894174d4e043c6f1e414b32751b306ff987d14ef73c4f1fea190d485bac8a879bf85051e43a98e7ebee42559636c7eed35

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.RegularExpressions.dll

MD5 feb6897207237290fcaf0d25cc7592da
SHA1 389500aff3fe476f297ec91d84b0adbb422dd1e2
SHA256 5524b12d6104143754b35ff8f202358fd8c9f1f4e1fb6167573b84a081e525fe
SHA512 fe06621af714b14e6a28de9c2aa6282ef45da9bc806d38a4dd366f69629a37d675fd74b8a69a88d390da4b9e87f154a3d712ac3d28d26285e6dc3a484e6417b8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.Extensions.dll

MD5 b60688464a391ef55044083483b6727d
SHA1 688881f85c0f008073758412f69ba5171ace1476
SHA256 f3050e43bf84ab9209c3b250e6adf5c014ebb1e55e2758f1be4978e9f3cad005
SHA512 b02fdf5982196b56b8e0df2076ae1638f966795a1edc584a77879a40542d0638ca0f305c17ada02fccccbab1aa9c9b036ece5f81fb89c7bb1d7a3b25bdbe7a79

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.dll

MD5 362168b54c7113a16b4a1e40e9e9add8
SHA1 2c47d984adabf4496f7da3215a49a4520db5adf9
SHA256 d6080579dd23c00b6170d218d9d642ba6bbff7b50068a7b0818f114dcd08e679
SHA512 d4df9759309dcb44977c5bf4a6c0ac7b637dbdf6ff355e4c769ffc9cd4ceb403735c48cf61bf42497c328d41d172fd6736339cc2647339bd92c38fb61ba6d374

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll

MD5 676a78ae8a32deb7c6badc4eac988d4e
SHA1 b06bfc71f877819a436061b6ff01d9633c5e7f3f
SHA256 b0aa97e8f38cf52784884c84283d87b1af681a193b96ba00419b67e86b4ec6a2
SHA512 0dd3518aec2a5d0b467363a5e6e732227fc654346c5200120c00a8f3f1bf63b613cea96afd7ccd6ab82b615198641f29529d29186d9a4f65438c5aaa059e5b01

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll

MD5 11f40c5ff1500939a9bdcec4edf136b7
SHA1 8f158a4f6d8cd58dca6c60067cdae2eef6c8bdec
SHA256 dbc9746642f6da00b81b375bc0e307888fbf17b722a852093038ee27eaafd6b3
SHA512 86917b7ba45a69b1ad544780b1a43e3a72b21451aa4aa9ad9650279ff1c8cff76aeae1bd1bbc599754fc3f171a7fdebe6e21658891b55e7d976493d77de312ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll

MD5 93bc88b9d13dbc3afccd5e5aa2dc87e1
SHA1 1d7d8da22c841f592d9999ac3bdb2b44d0e70f81
SHA256 475b28d65e93ad36d76c6e239a0dc179740386efb9d88dad711f98384454ac52
SHA512 19ae5190e9a110b9719fc84f9e4308c6424227f4fd5e7005c4aafed4348025b94e6e673c25d75017b3f323f8b686b6a7b17a07fb39cfdb524ac4e8574ee5ed74

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll

MD5 04b65e08174f0791e37bf857247f29f1
SHA1 661cdc6600603a07cd4db0af9f2dba646ae1c977
SHA256 c4391b9d3c0d90a2738db52c2c5bce5ea787cd3ad320bd65913ea74d2a333927
SHA512 7a5e38ebe2c2a43ecf84aed1fc2a2b273fa9523d3e04c76e86115f714d2b199961a7b739e694a1908d6ac4a2d8cc6be3bc7b2ec998460e93561bea78ec24c734

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Security.dll

MD5 146399abecbf4a24cc31288bece1ecdf
SHA1 01bf57ffd2a858ce0b77ab18a312770699951f55
SHA256 98e274ff91734b8371ca519d09901cca39adfb91406bd73c937e6cd97c61ae50
SHA512 754e65531335a1c0a15db1902ce1010b753c006f895286408219b818ce8a075f3a6e8adf1ab5aca3b78243728f609084e7f6e706039b423d8402780db7216cb4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll

MD5 686d62760792697b9280949a1a42417e
SHA1 5b66221579c9b89c20c06fc35c90f242bf3a2fe3
SHA256 be51ee05f4cef7c2371ddfe1ca155f0579f3a7b189cf0a1bff5619901839c0b7
SHA512 d303f2f88ee4fb0114ee7b04eabcb4ff49c97849b27af4b06edb920d7c787c41c58fb0bda9e3f63ec62f6a688beac0903ff198f4b982bd78561eb2f465bcfa1b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Primitives.dll

MD5 649c866ebbbdfbb1dc288e61ac01c479
SHA1 32bce6a9a2fcf45db03256f574e049a6e20b94dc
SHA256 afd303eb26b074f2f141f2cb441b3549ec3ff5eb42ad031b96352f2751698350
SHA512 32e1e73d2d52e2e29273c7aae097146d615a3d7a5a7a680b5ebc62944a96966150061f19d6361fb48dc6cd031f08ffd96b6de4db916093e116a09c3de644464f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Internals.dll

MD5 99b7f02c79251f90feb8a9219797f51d
SHA1 31f035dacee6edfafdeba87e4b31a45b9ace21f4
SHA256 20b08c326df206dfe774e46777babf0d78cd498102e9bb5ab0e2edd679141f2d
SHA512 69b184cd803e774f2e1bd7775082634a33bd664524397fa2c132cef7e85d861536507f7ea10fd8dc114a981a50f4f5fb19ce5a76a76027683ff2c7c5a07a65ae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Http.dll

MD5 0af8dfa6e652f4028e0845d45e67e41f
SHA1 e83bcea4b82a23ca9645749fed6178f4423c5e96
SHA256 542a58d16583662338868eb16c9e98a7395b1b27f8f8903a2a33a56acad0af24
SHA512 6b11ce0862210e30afa9a80088e727644cdb85c7459c5abf3cb0331602b945279b1b26ce1c809da2603de52a389ec5e3aafb121aad947b1abf34d7827a4dc857

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Duplex.dll

MD5 8fe0fb24b60d22fa89269b61202db874
SHA1 cae8bf9e5646467f82000c70d98c8bf7dec5b1ea
SHA256 45c270d9441ec61641502f26cc83adceecfe63fdd151f279e60fc2668f640fd0
SHA512 5712c7dcd8154106607cf84f38daabe3ee79097363c1ab8660dfd8d778bf899cf664dcfd75317a55ce782d01e8ceabafa7e8090199cea82dfb0a0dbcb87a5bf8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll

MD5 1f3bc9573204fc66ed72cf849483c23e
SHA1 7b8aeba052f802ae83228281cef7e17a50665eec
SHA256 1c30be5db1d8a494f51620c87f2fdf75b3a7cb578b9b61ac7f62d013501699e5
SHA512 648f6822e83a44c2610745282169d5409aff9926968dd8685e7b9a148b7488e88f1f689bbf4fc75ddaa37eb649ddf850a7ccf6d7d9d8741ef49c4df3be309893

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll

MD5 f6b3caefd462a614f9bee72c4b6fc12c
SHA1 1daff8be9c1d58f300df5dfaf8a0d42300d38b12
SHA256 58a4394ed3fdab4c907d0404287056f10bcf37a35ed4683bb016c91248a513dd
SHA512 2d411c953ecac1c029e0e175ca842fdf7913f9a4ef4be62751b574b76b1a62876396d8b2b460ae3a8a2a7aca6f9e96f420d762e33a9ed4d8ef225c54350fec2e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll

MD5 c1a7fa2feedd785be3073006eca75f38
SHA1 c67a2030d9ed8c98f02badb394c2afeb9e52a872
SHA256 3e3891a51f71aeb3e0f88f7dea1bfbcfef1aded5a42f2c13283d597be8f1db0f
SHA512 dadd5f3722de773a999caff346fa0b56d1f68239f93444a4b5c285e84b226a46283608346a80786ae808b6296b04c862381561fb4aa8be4b2454c4625deb06ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll

MD5 641d6ae2aec5f498615b34c50349411e
SHA1 1db0e8c4012b03026aa7037097b2ae9c739934c6
SHA256 d076d0cdc6c9b04048350f6433ba3dbe78c9267b7d5480760bce27ebf3b58734
SHA512 b8119729ab5cfdc27a4af82cab6985bcbccda5db5ab458e0c8be8dfe6e0a2593e714066b5aeeb7a55cf7c675e0cee8a8f7cfc74d73003c600f433a7bfce7bb35

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.SecureString.dll

MD5 951a0e05af9a33b66267b8729c974d94
SHA1 5c11b6118a4a91cd56fa513cbf42114b1ea7cf0f
SHA256 cf2943778df4f2c5ed1942bf1bf4d34b22da6797ded433c4aeabd6c5ca6c1161
SHA512 ffebc1610acdab8252b8730602cc5ea40694aa27df2317fe8975dbd0937f8679bf46adc436bf1617e98c18eca2198158540cfcfd5b80bc13cee40d222cfea9af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Principal.dll

MD5 043779671dda62e3e2fb8291de8f4d77
SHA1 d3ad55c637f5d89d7599950ef5fc44f57f78c2a2
SHA256 491862f2ad5664ec1b3f6a2f3163e79317dab2df8bbce99f5e30e5ad68a81bbc
SHA512 3dd2ff681127ac94d9b9322341d2d8610537e94a27b786fd68e705a9d56aadb840c7929940f0060c290538e1786b0f44741d6de0344ae9c18391c44aa48d09dd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll

MD5 86a21062ccdf9559d4795f6dd50b4cce
SHA1 6cf3583dfa839e3305cfadf77d72b1723d00e170
SHA256 fdc7860d40de6affbda9885ba9a531b6325c56a14b99a3345374bdbd0b2418ef
SHA512 4b764e68a0c4b0edc66ff0512464d3e7723cd3f85981c7da2b9035be13727504b3ce5c4c6529c6dbb63cfe89940d9523f1fdb1216855509fe0e1b9a8703c1ad7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.X509Certificates.dll

MD5 5a8d9728391d33cd3cb3110d5c8e7639
SHA1 1d158113e2e64837907bc4b28e181324080fcf36
SHA256 7dc0092614a45fb21b6fbdbbfadaab33443650545b90820cfcf8ba948ef295c5
SHA512 9b42f3c84a19c5056b46aafe78751214a60270308f8d8c6c6f9d39e2d05d8e358a054f32ad466a7b1bbffe6a633984b1b96e8bb2166de412d0ec803109bb1fca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Primitives.dll

MD5 126e948f2e73e6cb83b3bb82a3c2a633
SHA1 0fdc185e7caf93f7e39644b453c05e97675ba486
SHA256 3db25d47057eb909de6de129616d7249815d4f5c3920f384e97fe631870b1b55
SHA512 f816ef5f1b7a4c9a948f0c2885fe860be3c7506fc5ccdd88b79efbf010fffed842a25887fcca438d2f8dfb55812210216568fe00a219bd09550bbe8dc330f814

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Encoding.dll

MD5 6a1a2a9545cf386e5e55ecc60b012395
SHA1 796ac79da6df1d1d9a5a7f8293f5cab8827f84cf
SHA256 7c00f9dfe15b2b0e983d6115c8626bb1a2c4e15027b818b0770ce168a1356a2e
SHA512 dd3e51071599e80d360d2dd18002ab49ed6af696ad6c8436e594b4bc1161b8a0204699919e1839b691fc13f09a6c45c57b91d2f0349d053d6f14c94a9913b3ea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Algorithms.dll

MD5 f03c08ff11be954136171a551aa3240a
SHA1 80df438709d51fae2eec840c501ce49fee372b44
SHA256 036f7380a4344ea9c0d49bcc53fba0cb5124c0f3f4c02c3d65199fd2aa4928da
SHA512 5de25c22d02dd5e30099a50b68945c45b0342059d5ab39277aee595bd167fa863636940e152ab1d91955d425ff8dbfa89f41dc829b7bd45269bb345acdd06440

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Claims.dll

MD5 2ff8be9c3ba2eac54b50a321fc15ac48
SHA1 ad7966375c93503805b2a0e227c6a844d6ed6bac
SHA256 101a17131634c7d3dc88306cc052e16dfc2cd14f08b870a159e5a338dcc69d08
SHA512 da07abbbf5577a06f15b8153d70024d9b4c2332a36a76778a1cab3efcf552270d34c5f76f68946ce06deacac9b3a3bb3487173f588965d8cca937482d4105895

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll

MD5 329dbd985f2c7016ba45fd3f86b493a6
SHA1 2dea8f783c44d41ac21660f6da4b6ae23347ab90
SHA256 22bc740819e6ce8aa6a50175637680c20c4dd3fcc063e901fcda336be00f91a3
SHA512 94814fd157bf7c11b797db91bcd4cad45219eb833d8b87fcf0c46f92fd26eca45be5bd70871eda81ca4ba9a12051840c2f89fd15e2d481af724be236408a2558

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll

MD5 2d57b3241d491af244a8882c3a678461
SHA1 c6cf5a02dd9794d4bf4513e1e63d081bfe304283
SHA256 83523e83146826591a2c35cfdf08d01106c48efca9e8772e9aec9dfca9a2a6ee
SHA512 dcfd775fe74baaf46b30e55e0aee67c3fe373392627f7fa80e3e7e5db6035a4898a386a3cbb0d043c69dcb8efe9ffdd17b7d8a0a72faae083135752f53ab2063

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll

MD5 34a32e3542fcad1312e6af3bd416b345
SHA1 4521136cd26bacf262a3dd016933a44cba432889
SHA256 a053957d549f3aec269dc3ec2d07a4cf4262c0be7c4ca9a2d8890ba251a4a947
SHA512 d614cb0a58524852dbfed04460d18cbd67451039f4e5ef3ce1084f56649b02b1660bcc8971bf75c564f0494066dc188a711f0951c15b81670c7224d332bd8ba3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll

MD5 ead55734ef36641cbece39142331c303
SHA1 bd27118d05786a482d62cae9468251a393db0941
SHA256 1aaf97641061e5c427eca471cef3395f439c63e996a681b7fbb5b36c3a4e9b72
SHA512 ac1a43346bb2b9c9fe4ac7d75e162d188fad785ab62f2b3dfe50b12ca043cbd3aabcfbe01036ca2b70c06ff6295334aaa740e15e9ef5df8f0cab17ad26a1e7a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll

MD5 e50bb98ea1f54cc305e7f15c60de98bd
SHA1 4220b3c2989b8b2964ea9f2c2129d09ebc799740
SHA256 4373e9fb7d4d8c9fa19186e01198ac9206c06b834c621584793d7ba476974d39
SHA512 5c86d51df2c36730a4d101783faa70dacaa150e9a914bc2d43585256153de6e24c7a58331c11a6ab526d0c4bdaa55945b494981a13f177e68f9cf8f31d419270

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll

MD5 4014dc0b4a58d55f4c139c628444311e
SHA1 3d8c8d6883972501925bae59b20e44d9552901ef
SHA256 2d93ce26730731ba61920d8201d9341c5be4734df266197d7d8920053e12c864
SHA512 6e00344f96ab007d6f0bba50b7b95d62a848a03e6953b32c2153908ddc865e9cc283097b56486c4df18f11039744c49c38c490228fc4fa20aec94c0da68d158c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Numerics.dll

MD5 6d7852ea286ed0bdec3fe15c86e6e80a
SHA1 00c19a6ee74b7570bbbe9bcf0c2bdc42dfc52b80
SHA256 512cfc7066a8e4d2fdad8ea1a18ca758a9f630ca12ba440d584cc315a29a498f
SHA512 a47ccc1dae802e9da4522556dadadd19a05cd382ad40e688fa6758efa9185ab16018b4b09d9684a77af4cd5d34ca4fa039e4b26febb3e2b4d5edb94f95c5c89b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll

MD5 49d1ab1cec601dce222e9c5f2e4f3446
SHA1 968f940bbfb4928ed56c7a3e2dff58e6c4704715
SHA256 256efe195a532cb140a73f315fd5ccffba96a7cbacafdde91f4b3d613bab432c
SHA512 a987d67d10c65028e1135842ca8aebae41000b2423e0995856e47cd6d08e9db3c4987ffdc393ca9c7662182ad5f5f61c00cc380a018c60ba0d72189f01d26ceb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.RuntimeInformation.dll

MD5 8382796e756a9010171f32b1c9f5405a
SHA1 7353af324d1491258a2bd5681b959d70d55b98c7
SHA256 51653ed971a368e483d78b5c414c8557b7c14a3d6482bd975f578ed6755b62ad
SHA512 73740c84a0dc23f4fda2e753c2d1e447ffee59fbb018788b34299f3aab52b88fd82e1b18987ffe77e0d0a6971181a3b935df354d58484d7d20b9c1c6503a2366

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.dll

MD5 97ee172f1f4dbea7ab038fe5b4a4b216
SHA1 6bf9efd1130faa87433cc3b176b3457d4d754238
SHA256 6aa00159ebb667f005ec10e5d977bba3c40797bfa736e7618e1d6dc8b15f49cc
SHA512 1833fc8f6900c0f011c9747eced8532c708c384351a6a205017923a74a4e1ae9a26b6bda6d77769bdc4f48755f7cea1551bb790afcf74913cbdca69e355084bf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Handles.dll

MD5 31917af053b266c1d555374698fe2cf6
SHA1 2d14ba66428dedea123e670aa3abc20a04779efb
SHA256 65de78e2deba1f160f880387d452450c619d45c3a8bdc7a52cc3da537bcf591b
SHA512 cb3909f9d4767af3e8154f377af9664027a7afd8b2aaf39a63b4d0ddc20b0d33e29db64ea613a6324d5d69fbb900f50548ce22807591316480c7f914243dc642

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Extensions.dll

MD5 64060bd02d3b74159d775f4c4ae1e194
SHA1 f543aa47c911188e2be3516605bc358c498a4476
SHA256 e89a816c5058d3e565242aaa2b2c8d42dfa41f1e5dee3ced8faea5ea2ff79418
SHA512 24a2c7bb56fbc1e3bc897b112c44a42789a4de56f2ba1800eb5ee9856cd55d7fe48f65165539d54d0fff2ecd1f1b27f188d406af32aa2abe20e1f3a4b7e4fa7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.dll

MD5 a89309e267c598d6ad3c5b1f95a4b3ed
SHA1 2fdc7c1eaf2eafbdd3fdf8e82a51d7a8ee5a31a7
SHA256 d4c2a9665cfea87a94931020fd849434e5d72398fc60520e1eebf881efa4de29
SHA512 dd20fce8d15250341810e6f801157c153db9996cb4e48ce67a9ce5f96b4b4cfac17c9f3a7198b41e35778e86f4bb863afc8d5a8c26a20707772b9f393862e232

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.CompilerServices.VisualC.dll

MD5 c0e052cf5d5eed17982ec3fa05f81bac
SHA1 3c19476526975200a4898aa1e3ab9ad86687b3a1
SHA256 b2a808f7402e418dd77be1dc036827759cede4f62a9b4a848de0bd2df1f977c5
SHA512 c13d1b70fc8946beb3a453401082bcb1378e2b5c2e163d1d7b91c2013e2a4449a03132947f21e793ceab317a3f1263a5826282df6eae4a758f0e872f7b3991d9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll

MD5 f7b2e2ca06dd894622d1ed2e5c159260
SHA1 d5ccaa94291172a23370162efe6de18a65fa9295
SHA256 a3781b58e584c4b162685909b20b203fc175fdad3f5adb4b5c5479092dfd5e39
SHA512 a595364686d4c6419c5db0f308b9d70878b295c93b0864cc5476ac442b057431dc44a7ecc51c93e7e3be91c78f3b35788632d6c2e7eba2065aa35ca28ee06192

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.Writer.dll

MD5 2a31bf63f39c5b3dd6a9ad52e515d2f2
SHA1 dec8415a926085e215e41b41bb04e907afad0480
SHA256 0dccdb7d70536217ea2fbea894040cb7a541d8477eb015df21b3f31a9a5b441b
SHA512 b1b9827a0b8e1eedb08ab9a8b2af2ab79ff655ff282308ea774391c28cf4347a60fbf8362154be67c07ca6b1a51b73e467c2bba253891afc6595c067cc475e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.ResourceManager.dll

MD5 8898e754bdbdb1b67ad47d2643e8a08e
SHA1 addbb87ca443da3a2af22f645ad01e0c74a6bfc8
SHA256 6961883aa65636c08f1c533584618fd1bbff1abebbff4dda8a9488e9fcd58a68
SHA512 b0b76cabb7808b4030ebc798c9c984eb5676cb5b9c78b5771bc5ee00e8bdf528c4657970072f8f178578ecab8c62e7c2cb2e5e2eec71c7fb9a21a29653f4aea9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.Reader.dll

MD5 afe835d96ef3e55b7dd5bf607c0b4897
SHA1 2d640664ce7bff68ca0c11b1fbca5c3b90879af7
SHA256 a5cdb69d7eba10c62badb777421c632feba469e2354674fadfb6a75cfa233641
SHA512 5be0ef14de74a146edc0de3aa8c28af2b22286a6af898e5e98821dadd22a410f6b3b7aab9e1cb7885f7267c3d6033de8695fc6899afa9c7b147cd225c44de0b1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Primitives.dll

MD5 45f939a2798a3967426e2c2e7921c03e
SHA1 12c930470ffaab5e0640ce99bcb866267d84562c
SHA256 34b84a885d6c94bea95875a265e9baed514da69e6250c5b3547181add53bc0ff
SHA512 f7d9a37a4eb1deba4d97a87b88aee2e6d4819b1acc8a4718b088097e5b34b7907a848a1e32c9b37aa78940a739eb7515eb6c75b8a8b5e48a4d010ba2e11e1ee2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Extensions.dll

MD5 c42d1203f8dca650d960efa59de0b114
SHA1 7d200af7630eedd8ee60f7a547f4f24c2a72d4b5
SHA256 593e9e3f4032ad4a60165c1b3a1d32d83608839b5a9a11de034e8e08dcfe08a3
SHA512 f50d40b087a206e71f8a9b74f68082bc537bdacdb74c636bbaf4ab397e75532081fdff433c360b8bb93b429caba731dd4353b1fe8cd6f2273281e69fa03d50a0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.ILGeneration.dll

MD5 483ee006fe79006ae9d3f36772ae207c
SHA1 752c92ac5632e7ee0afebcd7253346bd09b89c81
SHA256 adc57d521294561df00d3917fd7b82f516727c24880bde030d132cc5591cc56e
SHA512 d099cfc36438f78c2b0c237dc57dc42d1974b11c4c519a8bfcf07098f959405395e404463df456d46c4703d82da30501bcca93354968f5c98819c14b8d1439cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.dll

MD5 63ff8bf4209027c69a294c8a9d312bb6
SHA1 baf5ffdb13f12db6a1e8ffe41eeab5e7936afa82
SHA256 c05c02fa4e5be3b9ec8ed4fe48994c50f17de732efe5bbcfa9e3477f4569efd7
SHA512 a6d6cfeb939ce84763ba28e65cdcebf4b5ca30f9eb3b6fa027897a06834a368bcec157b7420f4843dcc23b17f435e3b2d391cf030e23738f38646ecd2e9b7b42

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.dll

MD5 f47a717a1325652b64dcbd67d2ea3b5c
SHA1 b510e0aa5c364ea7fd950ce67c00fc8a0eee31b9
SHA256 f75135b11d9826de70d743ddac21cbde5587e581d6ad0d69dbc54091c580f9db
SHA512 77eb01e088ada1787de6399e74094c6de468d6486c1c7bf92b36ceec85c233261563ef0fc6ccdc2ee34f8828857ee6126151a8f9f0269c81de1c4d02881ac12d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.context.dll

MD5 67efa04daaec10149ea2b1cbdc0ce2c9
SHA1 43070df460d51d8b3b05a41ff660ee42174d4648
SHA256 b8bf0ac64dc9e30fefb8d75f3af18f7485bbf9de7dbbfcff184bc2a63a2db78b
SHA512 8d6185b481db91e0eeeb1eae437760a7372222defb7754d0174ed713b11ac322c3b6e76b0496474f2fd890e1cc745c3386182147bd905214080e941edd7be6ae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ObjectModel.dll

MD5 f82529ceda9cb5fb8212e1f02c86ab54
SHA1 a76c40adb1b60673c4cda597e2c4c40c432f4754
SHA256 c107fe77dcca07fb6c7db817c9ad6902a1ef4daf9970959c52ff6953c674ad70
SHA512 2cfa5622121b20da2c06ad4e90d677dcf20cc86162778aa131e9153f828152f8995e3e0a24afd3fdd839fe2f1f8a023646ae32c846f7fd1139b3a999cca010fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.Vectors.dll

MD5 70162d38d1af21a1a22d9a66b839c3f1
SHA1 16e494538c684598b709f6c40c79bf91913ddbb4
SHA256 eba63de3d68761f021c722c239a041c802d84c67ef17c79e0f418553a543c1d5
SHA512 eeb820e8551773dd186e500bc05e18ee2df617c866bb67703122425849af2ee7ca4b551482150b1d61e69d0a3843ac1a1ff634d8bf52e9f7f8b22851f433ff6f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll

MD5 2422a2cd88109036901d385d7611fcf1
SHA1 1df09791646b12f6dd1f831227f01db082316559
SHA256 a380ee74a9a7c56900410ad0c51f00aeb897923e89fe7109aa171e7dfb4f41dc
SHA512 434ef5caf828da795d75212c9a4f53685002f49c2f958569ed77806763629a119c84e81e6f06910c75f3a70759b7ff857ff13a0e6f1bf16bf431df7e555af439

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.WebSockets.Client.dll

MD5 9187266e9946f49e4a0976cf65bbfb3e
SHA1 b2363e3330cba3bea72b8f962a0d5a86b922196a
SHA256 420ac305eed4d486872eeba716d99ee74265fce5964755b336fcbec8c201c41f
SHA512 0af3ffdac75b682e8b07ae557c71bbd6922e8696fc8498beaa9f663df38a0c960424a95501ed3c22f93d2361b79d781dc5e066ede048536f87ee237e52af4242

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.WebHeaderCollection.dll

MD5 4633f7b7cf1c45a51d709bdbd05e77d6
SHA1 20bd06f5c3edb4414cf060086dbdca408095eb6f
SHA256 409d32b31d74c72090ca9768d5f945511b48b982fa3751f9a153e9878f9b209c
SHA512 5855ef9ea768ed2f6d8bae3dd703e24f138eda068e8c024fadf0d0c71857dcf4088f1505ad5f39e9ca70e777f0a150378aa01415b991a48af5ecfcdc33d0a5e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Sockets.dll

MD5 1f6abd5739a6eec27cc3a6fc9eb2ca4a
SHA1 3c3fe15ec92ca5ec938bbf5c86c8eb14e4114c11
SHA256 2236b7ba5e6c3907c8812663d245c8111a3f97b984a4d1f7b5b2ee5a2df34425
SHA512 2c482e298506a712eb7ee058515885bf47834b786ea6babf95530225d5bbebc04a4838b0352a940261f8e06a6895d9f9113fa647087027bc54ff647b0796d489

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Security.dll

MD5 8211b7c8a985a4de97f79c7b157679a1
SHA1 88bc2421bc04c3e4a6c3513810a109c7103df319
SHA256 ee5b391b11208bc299ba577e281f1089d92271b1e4d42b82d9aa421f5ab69f4c
SHA512 df52f87383b79f278a49abc106d5bea7bcd55f1f7b3e9aaa9edaab57393cc26cd135bf1f414df26e03c5a311fd1276d35da96a1338f39fcc3085e951368cf729

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Requests.dll

MD5 6e65f69e9e3d3d254e9a671b4cc7079c
SHA1 e22d39276c09a5f6f24c931397e6515c0a1691b4
SHA256 401d202f30d2e131a4f86841ab599e34aceb6b7fb4d23b36e56baa4412a7e458
SHA512 2a0b9b9bf18ecc24192328ccfc654d4626e4ea50344a17ebc64394c9ff0198732c0d9f355f5825514accf387ce482e0a82fe3453863d429bad2863e61e0ddab1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Primitives.dll

MD5 19ea1e6aeebd7c20fb8812ee4cf353f4
SHA1 a832ddb4ea08e6f91aa12b1e105deef323cdf0fa
SHA256 fd0b09dd4d5a3468d596776d12328cedb7fcbdef9dba1473bea94a576cc6d739
SHA512 0050e8ac578082b36da287ad6e4dbc1fbe629d4f49cb9121546aa7f9ba06fad2d347ca2624c0b2ebb4fbb3bc5b15e3235ce9741ea561085b2b894d8803fa1769

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Ping.dll

MD5 f198360e51983511b8719c1a171bfbf7
SHA1 e0d4a26986accad981f03f13a5caf584530ad39a
SHA256 d910f75046efdd0760c887ad346f1a220f047f177d1c71666abb24fece89bab9
SHA512 a61c3593390df97225f21709bee8c7474d9078eb779687e8064933aa9e5de72049646e4fc001954c9fb5817e5ce535145bcbc57b528780c4f875e65c9f77b16b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NameResolution.dll

MD5 0c955ba91d67d8ded288266aeb189deb
SHA1 9bb9b067bb79162105f08d3339a022797baf92cc
SHA256 af07d6dd7251e5e67c1e9305d97f93ac5165afb1f58477599c8407abf0cfdebe
SHA512 c2c1cfa71cd692ee67181428b05d7cbb199046fedcd6e33481e73c208f49df91bac87ab67f1c4a1a8cecb3ccec2bdba7e2a2fbb771cc2706d0f2caf202f10012

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.WebRequest.dll

MD5 422f60fd8b7e62db88c05ada4fa10a97
SHA1 18fce06213f946c79cf0575bc73aa40bc651e4d3
SHA256 56aa77421cb107f1ed3dcea65463247ad3a59d1fcd452593f309f3555e1352c6
SHA512 d53a7603ec466539bf2dfbfed2178075ba9d8178780c8e36522cfcfc930f800ffd87d73ae92bfcebd2a76990e7545b3d0f92f6d50e763235fad863bb2c666785

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.Rtc.dll

MD5 cea7d5a40887a37663aedf4086842428
SHA1 48b1cb4cfbdcbd98a908b0351b35668be2c34279
SHA256 a1f066f5258d868b39fbb368af60ec927c90c84f76f219dba0e17843e9287841
SHA512 ed74f747f561182b93e379de6d2f6eece0ba6c177ed3845f3f3c7a8e8f85fdff14b31bf5cadbb5f1a2b977c75ead5358ed6b044b10805d9b8661c30de41095ab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.dll

MD5 6b8e0e3be561458c61b7b26bfdb2c3dc
SHA1 b89b4ac6f21cdf294f5ca99c4b5c45683c3a30df
SHA256 a0bef4bd9206db089a8f2209a256336c176b5e54e9601e9fc0015c7f85776b89
SHA512 e53df22703dc3ea5a7d03878595bf128d18800397cc18c2b6bb533c23217dee3e8ce1b9a7d0c278fd3fe8ca0ac922770d2d4f0aa90c4bd71064bce8a1aed2761

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll

MD5 0eda8f81a64c5dc4726181cab527f2da
SHA1 518c1c069916e9b9924eff0edc6bc6c27a099530
SHA256 cb46adc59ecf7274f3ca42940ec2a563396bae3fe84b287179566b7f28e8cb35
SHA512 a7b94353686538f20738a0ec06cc66609175f22e528752b8755272b34a54d9f7b44c8057a0df89e5297e293a24049e9ad3c9979aad02643632f6e51dacc1864a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Messaging.dll

MD5 c2e81df27033dd21134da25c4cf218a0
SHA1 0270cee3f03f409ee7765a0695dcdcdb33b53490
SHA256 f60dd3153cb74a0f476d5fbabe2069d1425c1c0a071fecd03b8fca30b382f1e6
SHA512 ab80d07bd10b3bda74e73c9a0ae95c41fe46a49e4c4759b0d16e32008a2eea0d40ad79c4bcef34ede986f2a5bdbb9ba22f01f0f1599bd28493457bcb87924dd2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll

MD5 17382ecd6415a98ed5af05c6d350b2af
SHA1 a8dd9a6395bf003a64d978dbf391f5ddcd026d6f
SHA256 20486aaaa25e2c02d94aaf5fa06379962e8d4b74a033c7e3e1cb2fbe96a883c1
SHA512 05619e4735807f39f9dd0dd02de53f8463517914f4902867dedf9930e7ddafccd55fdb9edb338925245c6be4300370285a09d18a039f93ab58da73645f1e2ded

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.dll

MD5 df7561dfc1911b4a73ba9fe853774622
SHA1 e9d4efc6bfe0fd33f7138b1de252382c4f5534d4
SHA256 f394e5df62d23aa9f63f3132059d7cedb44e4ec8a88a51d96aff612431fe176a
SHA512 d9262ff7069699658fbd4d522daf4ef94f130bc5ab4c026b98acfaa7913ce6a3fa26ac5bb4caa2bbe25d132fc7dbe6ad3897fd10ee7641601b36062276095633

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll

MD5 0dfafc83c5ce45196401494fad4bdb21
SHA1 1843f80521cfa77f3b814ad307a44611d4f08845
SHA256 775b1c430b0ba946aa1e52708adae37886518d3fd0d10af550220b74fcfdc8f0
SHA512 45dff9533843b133f82ca356586b591f39dafa8df2758c266c3f4e96f1e3f19e7b52678133a00166ba9024371b868a53795bf3ed731149630e3f1ccdf3029789

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Parallel.dll

MD5 1136a507379ce8b42447f74e175bd11e
SHA1 73c091e171a5bf859df0f5b5767f7134a89b9a3e
SHA256 a924d661912422efd7ea12a46d3141c527e3ff9861e35b39edc6aba947b80ba6
SHA512 1890bcff5c29bd834499e543097e9e3cac6041e4ac6bdb3cef085c3ec8583d12c7a685a345747ac862abe6bb6f7b45094c1b8ba1b058543ae23b030eab71d1e3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.dll

MD5 50e5786d3d88a975a3715150cabf24ff
SHA1 b6997a3ef2cd6e817ab41a97577e4c90351af3e0
SHA256 0bfee32784833d8afbcfe61ac33af83abd10bcaffa297d7a457c2d1e9c2e331e
SHA512 5a0f156af10e2146c678afb8d49bde66bb364d44665a67a7f01fef7ff4e4ba701f1c5a3ed86b098d18848778fe9e6cab2ff5113a5500c5e2ea86c3fcacb6fe81

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.UnmanagedMemoryStream.dll

MD5 4daaa94d108e2f1e25742352f3aea2a1
SHA1 4e07db0620fa9dbbc1fe014fd29e3b7c28592afe
SHA256 218d8479054b23bc10ea909e85343081262725cb8d794cb78cf0224175cf4167
SHA512 e82a4e3cbfaa7287d73f1045771d97a603dddedd9f7d5c738496d944c17456f1ecd301d0579aafcdd07bc4984054db4f1f925f860b65b1e7ba0381636a9245f0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Pipes.dll

MD5 b346109da91b84368a889ae8830e61ab
SHA1 301fcccd41ea4a9afddd3370c67919901f881e7e
SHA256 f9264edf9aa028105b473d2f85bad993508f3340aee26c8090fab890f89bb266
SHA512 7b9489dd9b27e8fbed2524653cc104812fafdaebd68f06263fdb8093c43c731ed9a038dc62d5f3c6227147a378dc68069b4c2b75fbf72751487e7078120b9bec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.MemoryMappedFiles.dll

MD5 a48de95c5cb28d235d5a4882400a9788
SHA1 7fcc931b3b5177f691680979d805c92aa85c53c8
SHA256 f64a91f1cba61a4bf5c2e1d0237060e7afedc9cdf76ef0ee166653a4f0d00bcc
SHA512 934b75e591538476602f4b4075051daf2c8abd3486cd557d6e872c6ceb7bf77e3343d74d5ce98d940795c3db6137f4508ff1d51bc930aef3077d17b2360e10ae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.IsolatedStorage.dll

MD5 40f25e6b03da4411a1235fdc2a7631ec
SHA1 0e4529ea3290559e47f3d0b6e9b01a3ab170d643
SHA256 926deb3ea448bea550ad7dfb541eb755873bb1e077e6bd9f203f5390fec02196
SHA512 225427ce978dc33014de4ea04979e6734dc70ab2283563456ef10d00c03140614de412bb7b922156a0906bb36b9e15f99d4cf0c3ecaa274e7ea0926631be5968

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.Watcher.dll

MD5 d65f0c6d5f16a4b5a3adbc65e5fcaf01
SHA1 8c124db8fb20274a583557b773d3b87af080e706
SHA256 73bd1b69163587e52581a7f9cb635f29ebf322cfbbbef1b4a3e5303395eab7e9
SHA512 f8973791c65c2f8eff33cb2dafe6804e8c3610cc83ab469fc02a203642d8a4d5398b6678c709592ffd456b33a8d3402de8ec7653b72ce9fbb009d5baebf2b95f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.Primitives.dll

MD5 4e6b75922d519d538fec053372c09472
SHA1 3a3f6bc9ff20af6559b80c0d5250c6592e1608f2
SHA256 f1f5e0150e310361471e95531edfa239d759dbefc8d845c8b05fb15f7a7abd69
SHA512 26446ec4bc78034f2475727c2ac1cd42a660234f647b5abc29f5d336177a05ac785257d4f54895284abfdb61781c51dd2e1b2abe8498d49a73b13cea801eaac9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.DriveInfo.dll

MD5 5778c2a0cdb96930fa89e6a5427b25ed
SHA1 502edfa7c2a4fbbb1b8daaabbadfc955a1253381
SHA256 5600b5b069d3d5b9339c6d5fb664dd0ba829ac48dc2f9822f418b19af7487eb6
SHA512 47d72fae459894557c684d4cfeff40e699a01d3261b049c0ebf35e7977a98f470990a455a02925df294a8e2fe29340f7524d7581928a3ab6b819a13943c840dd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.dll

MD5 4bbb097db2414bf29c97436d1d461785
SHA1 c7ffa0969da64984845dd0c3010465ef414b59b7
SHA256 b9eddae98615abb9b8f5e5f4f665867070d5c3890386ac84494b505ea6c52203
SHA512 f92b4f684897057620a1c4cbd385fc77e267b02304009e72597376991c7aa2f6a4c180eebf438677bfa83bbdd4f709d6b2b0bb6fc16862b27fbe808445c2da3d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.ZipFile.dll

MD5 584a575be14729a1ab012cff26258783
SHA1 837a60fb4298c10a0dc03176cb01c2a4ccc7a083
SHA256 c344c80d2a9bdccac8340de5bb29dda721ade3fecf6637dd06649955be75b077
SHA512 edfc78f869a282550361ff5795051eb9c651ec0370ba3b7338c7d1d4c590e5a056375b6026460aa101ae1291258765a28096342eb1d1b28d49c0331787eb8f3c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.FileSystem.dll

MD5 725590e5bb82d555c32df3c3cffa6831
SHA1 8d09f3c3146e8c5694a8015035ea4bfc51fac2d6
SHA256 e56d5ad011cf5778cdfc0e74fbf78e6e7396c720bfd76d15cd5c225cb243e2bf
SHA512 3a433691cde6ec5927e7804e9fb52f6a46ce9a49033f050d5cdf711a7fad85edc43c7360fbc9d0632e73d830c07c51f4690ae64b0ca1e37ef548b5859801402e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.dll

MD5 71ba31f537b9a8c7ffa886519e1ace7c
SHA1 b0ab7dd42e6bcd46b82deb75a092042e08e20c4d
SHA256 0391b010cb595eb9ca95c567a6350976d4062571666742c76ae4b08739d34431
SHA512 b459bf9c5c53444ea47a70cfeccce7fd8a5393c11e799b783147ac0f65a5467360d6a94ad89c76a05b1446e10b93ccde86be71b7147912f846f12f5cf0108738

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll

MD5 e16b83cb714168c2311b9653526e6de2
SHA1 34b184182cee0fb0f3ad7cedf87708ec8d02a0d8
SHA256 6ee646215c6d234ef8626ec853b5d7c5b0e2114ed31513ec105374920988bf1a
SHA512 837f250a35eb0bc5e483d56b9c056af9d8847a8498b2ea1b8be1cee0a7b5da773cadeec63668cc10d40081612fa2dd7ba5434b44f1439ed18cc34acec14bf696

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll

MD5 c95103938efa3ffb6e090f5bc8006d92
SHA1 f85590b00d0f60e04ffad81ad2cb18fdd60061f9
SHA256 6089c6fa9aabba89bb7675a6ea68f99ad8b83c25a854097cde8d6ac3a6c469e5
SHA512 28c62999a06442b45cdd49859dbc62404af1700bc780c10b3ee14c8ebb847f211929f45dc1b8e9b5f9b20d9189e7b38a5393a4a74663bf1f2d1839d2d38a8e8d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.Extensions.dll

MD5 8a20b236b6b2490542a31d2c9afc7bfb
SHA1 e1f3f782bb74dfa6e766526c161f2dfffbe7aa99
SHA256 af2919d243170db167fd17e7d471e7b25e016c9f93f0633a08b39f970f207588
SHA512 31f3d68752e98641d86de088368654ccbd74e47f946d3fca52693f25cec7496f23a84fe559a30dcdfd0fccf68e7f528f9603d3b384245907af1a5134d17e69e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.dll

MD5 3ab3b3d99152394c8b4d92cc768f32d7
SHA1 068f747d11fe40781eb1658a274a0ff659070917
SHA256 5909418960aa073162fd33c1be46ae3bee762f1d4522ef8917d8c264e7d33b62
SHA512 c9edf740cbb1203177885e9c2ee3526730d6c8d0b3fc246445dac700e8285e46cd64e0512129f161fa0031f865753d4a2dae0495c5b711e872fb4b8284f7a593

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.Runtime.dll

MD5 b980f53e9005132e9b98928aa49f9bf4
SHA1 19510a7101526c159f36ef2f66e5d0ce2bb697e5
SHA256 3fae463b41fb4972792628c2def31d6c012b4cce71d25a4840d04edbea2d08d0
SHA512 33846bd194be06ea1071c30114b9f7dbefa25b5b4d02eba8471895d47197ec6cc612e87537a5af994a8e44780614acbb36788d883ffc7aeaf0515e9e7225e7b4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Primitives.dll

MD5 b22d67c5dcbc0b442b0bc7cb3aa7615c
SHA1 c5e3b9e9c3b202ddba1b3b861a22b6f6ebdd61d6
SHA256 e64cfba3d016030d7d290284e8dee15e4d1c1e8fb07e42b6f30a93cd7a5b39da
SHA512 fd1883ae48cedd46af6443eb7d01d4ec07d55468a2b790d5b08f81de13ef24aa8f80063ba5e574d4b7792b85b597bd0fc2a09a4874256527fccd0d1a2fe7d7db

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll

MD5 c266e67fbc3782677c0226057b074b16
SHA1 ab4f5e9abe8034d9ab522717de625c3ba7aed8e3
SHA256 895f3731b320352fb2c50777fc38c291661b964b08c00926e2fad5dcffc9ea3f
SHA512 a142e0f7e0526ce28739f606e693b791a7aed957f0f5bf64cf57a0612a8cac4d0b78773be7a7867a9742edda71e57586990d850f302ce9a1a961991ca72acbe9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll

MD5 3ba314d55cd52217878723352d7d24c9
SHA1 49c72cad3fa2e1b6e1a55f804afa62299eefc0b7
SHA256 6a8f31a3ff43d6351d20364183242ba9db190f0e63e9f864b6aa1de588582b45
SHA512 da4edef5894655ce7394588902cb3b87460eff0b47477dbe1c1edee29971deadb1ce0a6f6e014810a6dfc6a9a4440de4577868ddc14bb3891efb028ca14715cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll

MD5 1e2c0d8650530651dc4218813d21bb81
SHA1 2a059873b5238d7d7dc6fd7da07da2c1f993bbed
SHA256 87a69fe6b036b30206a0aae93137e05c565f4c3eadc41699951647c823630901
SHA512 2e234291441dadcd0597c60b4947e3cd581775743f3db029d275338c7739ad9b55ce693f280fc667d39f498b83bbc929b8fc7ea10920de0517d9b5543097f7b5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll

MD5 f93826c1d01d98bd39ea9fc4bfa27e6d
SHA1 e92fb60bedce49b31d72788f266c34b282f26f6a
SHA256 6115fbdc185d7ceb56b0adc0a028516ddafede6dadde06d14e8c551bcd15f7e9
SHA512 078e2c1c15313bb6b0df18400979f3397a0c14c932ed86cc0e7efff3c73fd9fc6e0d23a5ac5163f4687022729aeda94746c0cd1988dd8f1e7e043b216e2030bb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll

MD5 4b20fdf84d8ce625e5123b6790b11248
SHA1 5d1c704c1c14fd4621fdc746a75c248337e3269f
SHA256 bd666afb24a53132e998b4b4d1aba9e64d99b755cdd6546e0a14d55172140c34
SHA512 56f569a2c008c7968abfeaab5effbeaebf5fbc84814988fed860ee556f995b1cae290df16985d91327d7acacdf2f7884d361a8c816ea09fa61e2da973c1fe338

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.TraceSource.dll

MD5 60563f7519de54e2d43a66ce05636dac
SHA1 c48a4702df06f9b480ab1e543ea42bf97ccabaa2
SHA256 202a6741db82472431aae65be45928006371dc4e3659950080fc8a624bf7e11b
SHA512 6c5923640297df743b5af50a78b02ab5076d08fb91cd7f800f4f7d9d77605979c275facebce2a5028d338796a8c56e6457d7bce5682f26663d575aaa9c9aa6d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll

MD5 bcd1d53fb9017834f9db2240fb8f81d7
SHA1 f64c41a082e3d54616c06c08a1a413eb271ae6c9
SHA256 19a7b5284f885da9bcbe962879763af890950a11101db6e4df6ca3e4494c6a05
SHA512 853b8213cab3011078a9353309d2a2f2fd33cd5d4044d46492f8cd3fa81bc12bd5c87b11a255a3a3c6da2c5d382797fcb208af098119250d262a5ee05c07b289

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.TextWriterTraceListener.dll

MD5 208164c8018599a8198d5fd14f487959
SHA1 b0c9b27c78858a7cc608d298d9ecd2bce6dae46e
SHA256 55d992c9b858f8ad8cadd030dc4484809a90a896c9a98d3b756bb3701f52ef3d
SHA512 c2887a8d9ab36dcb1af779102823479de7a2f88158844755e78651b6fbd192a29d22ec07c1b7c4182df81c14cc30b820e2b456afa9329b2b35a77f4c16aeb9aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Process.dll

MD5 72bdb8b72ed224c93dec4d52e05d5c4e
SHA1 9fceb24d5bb8e3aa4cc0ddeb0f824c69c0dd1fde
SHA256 7dd4cf27d59201437465aed5a51a2abcc42f4c10b035604d94bfec1fca1eef15
SHA512 ce897f12581671e5ef199b3a5ce5d98f0ca81ac2fc1e8e96c9065146d03d6109d91db6a7f0198604edb70d822d82b01108b5d35e57c10c3aa3a9562a4a9e1835

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.FileVersionInfo.dll

MD5 b52fff4b7399ff88b55bd8f031f18d3e
SHA1 1dbd2042f4dc414f0c7aa0eb01faa13e509dbe22
SHA256 b976c4748e2eb81b62df3fcd339ad6d91d75fa534408886a10631c5376f7925d
SHA512 5626422acb2afbdaf5575cb7d60ad0e05257004fdcb61cc9b43e267bb477b67a08ed3017c88c4b6a8594f912f2c3f6ceb0a7641360cb7426b1c4a23b53b5b36a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll

MD5 69078af7a223fbd5c9d934bc11c5f8f3
SHA1 fa8e7f6d5a234539227709de23d55691d1509e5a
SHA256 e02eb9c4a27f66a5a9beb71bac4c2997372182ae1ee92a703def8de4710c0743
SHA512 99c712ecf7195891dda3e816ce0c48b1e2fea5d8fd12c93f9b835be449f7369538d189e78bc6775a3432dd72c2314e547ef3026b7e70d482e6948f07dd41a5b2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll

MD5 3c263439ae56c51b2653933181a85800
SHA1 d8ff635b615d48a68b290eef8a4fcd176c97dadb
SHA256 fbcd32a09374f443b0c046b6f672a5f9ec30447ace532d66cb1623f5c421458a
SHA512 7553ae6f82bd4afe2bc0d9bd259a085ea5b4352f595b020850a036a292bc398fe65d495613e5456d6f3161f49378f90674aeb881ae8128ab8511d579deb27aaa

C:\Windows\SysWOW64\msvcr110_clr0400.dll

MD5 15226a64ce5ce8240caba518895e0cd6
SHA1 48b6925431f10a60f8a47bf786f889d799fd239d
SHA256 312304e593bd290c37e640524ad0c0fd8dc4e555171caf13a11c7f613ca03b24
SHA512 d4a97968e219b5384abd1f5a999447c14009789b1eb2e260fc081d6622733a85372eb442e665587ed1346b0eb6b3e79e19b98dfb21acca8dafeea1d8f566ad7a

memory/2360-15699-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2360-15746-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2360-15747-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2360-15748-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 05:02

Reported

2024-12-11 05:05

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (6334) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wintrust.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q7YTNmTmY37Q8Dx.exe" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\cryptnet.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\CIWmi.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rdvvmtransport.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mstext40.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dmdskres2.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\eventvwr.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ir32_32original.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\LocationFrameworkInternalPS.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ProximityRtapiPal.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\where.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\AppointmentApis.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mfcm100.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msvbvm60.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\security.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wininet.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\CameraCaptureUI.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\directml.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\KBDNEPR.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\srdelayed.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\BTAGService.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\netbtugc.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\SHARED\res\padrs404.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mtxlegih.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ncryptprov.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\tcpipcfg.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\usbperf.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SndVolSSO.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\aspnet_counters.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dxtmsft.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\AppVEntSubsystems32.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\cmstp.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallShield\setupdir\0019\_setup.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msutb.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wiascanprofiles.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MbaeApi.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MrmIndexer.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp120.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DevicePairingProxy.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\expand.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\kbdnec.DLL C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\L2SecHC.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wlancfg.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\BluetoothApis.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\deviceaccess.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rtmpltfm.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.IO.IsolatedStorage.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-250.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\diff_match_patch_uwp.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Principal.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-100.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr.gif C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_10.0.19041.1_it-it_c0df5de936ef87a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_3107742db9250aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..structure.resources_31bf3856ad364e35_10.0.19041.1_es-es_466bc3216540fcaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-keyenum_31bf3856ad364e35_10.0.19041.1_none_a5a9b2ae0002c1cf\ngckeyenum.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_10.0.19041.1_none_96c68207fd6c49bf\systemcpl.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_10.0.19041.964_none_507f3b8f5adc2210\r\fphc.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-tssessionux-library_31bf3856ad364e35_10.0.19041.746_none_58a2a6ef1d633015\r\TSSessionUX.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_15dfcdf06d7da221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_smdiagnostics.resources_b77a5c561934e089_4.0.15805.0_de-de_a330a3264f4c0775\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_10.0.19041.610_none_a8f1165b4dada058\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_92d74798c6364795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_166a8860af98aafa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-pnpibs_31bf3856ad364e35_10.0.19041.1_none_f7eb89e70b4eadb3\pnpibs.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_10.0.19041.1_none_00838c0981f40351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shgina_31bf3856ad364e35_10.0.19041.1_none_7e6840bfbf41c537\shgina.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.confi..eprovider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5173ac7820486d18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1266_none_1b79ad13f653c2a7\r\mf.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_83daa211cc9c2110\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ialpss2i_gpio2_glk.inf_31bf3856ad364e35_10.0.19041.1_none_4a51ab7b26cb16f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..d-library.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0d9c4dbbe93083d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..k-handler.resources_31bf3856ad364e35_10.0.19041.1_en-us_135d52afc6e0a585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_it-it_c30b087da56eaa7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\899128513\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mcrecvsrc_31bf3856ad364e35_10.0.19041.153_none_364979831d1abc97\MCRecvSrc.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_10.0.19041.844_none_f5f48bc2c8c3f7a0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dafipp_31bf3856ad364e35_10.0.19041.746_none_3d96cf2152a38197\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.264_none_f136bcd869745605\MapRouter.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rdbss.resources_31bf3856ad364e35_10.0.19041.1_de-de_31f7421117e87f45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\PLA\Rules\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\482193516\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmgatew.inf_31bf3856ad364e35_10.0.19041.1_none_4582711d7da6a74d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6c9d4f1185db7613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\diagnostic.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-hlink_31bf3856ad364e35_10.0.19041.1237_none_d6d991394db08f86\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfplat_31bf3856ad364e35_10.0.19041.264_none_dee0e3e1e6b76b53\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_windows-storage-applicationdata-winrt_31bf3856ad364e35_10.0.19041.264_none_cca72cf469c614a7\Windows.Storage.ApplicationData.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-f12-f12appframe2_31bf3856ad364e35_11.0.19041.746_none_c28b19177861072f\r\F12AppFrame2.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-homegroup-controlpanel_31bf3856ad364e35_10.0.19041.746_none_9e82b4275481e1ba\r\hgcpl.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-u..ccess-userdatautils_31bf3856ad364e35_10.0.19041.1081_none_5e285fea8a8cdff9\r\UserDataPlatformHelperUtil.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.tpm.commands.resources_31bf3856ad364e35_10.0.19041.1_en-us_299032c05fdcdfc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..reservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_8ce4bef8b2993f44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf36865100575d06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_10.0.19041.1_none_84e58cd924a91c8f\wiaacmgr.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ndisimplatform.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f140919fcfe36666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-3daudio-hrtfapo_31bf3856ad364e35_10.0.19041.1266_none_0be7f52f39230848\SpatializerApo.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_0af5511b58bf6105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_10.0.19041.1_en-us_a6fb67288a4ec02a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.19041.746_none_2b8b5a41940eac9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\Web\Wallpaper\Windows\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ll-broker.resources_31bf3856ad364e35_10.0.19041.1_it-it_6a22cf337d63b2f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-k..l-pnp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_5c828c9c54a5422a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..-activesyncprovider_31bf3856ad364e35_10.0.19041.1_none_755c1ad296243d14\ActiveSyncProvider.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-w..-system-diagnostics_31bf3856ad364e35_10.0.19041.264_none_06630f309956d73e\f\Windows.System.Diagnostics.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1_none_2fd8a12a70432370\winhttpcom.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_683c1551624ffae7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_3b03b28c788655c6\PrintDialog.exe C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-devices-wifidirect_31bf3856ad364e35_10.0.19041.746_none_7f74465c5404002e\r\Windows.Devices.WiFiDirect.dll C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q7YTNmTmY37Q8Dx.exe,0" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\shell\open\command C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\shell\open C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vzlom C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vzlom\ = "ERZEPWUZDMPECCB" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\shell C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ERZEPWUZDMPECCB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q7YTNmTmY37Q8Dx.exe" C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dffc0f2532e126df17e0c34e17a7b35a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4720-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0cd041f14b14f9e61c211e3cd124cf58
SHA1 dd30ac530b7e998a562acf27b8278822ea6579ef
SHA256 69c9ab35204defd8ecb90bb9280d3ae4df7565e89539e5c7bd2364cbf8880f11
SHA512 687aa7f3e6036fc5bc2973698eb7a840fc6d58e6c5b87a733b9c26bb78061344ae74a89832bd39d58dca7f8eb1892c7bc7fe94320a70cb723fba52b273dbe8cf

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll

MD5 bdd0627554b6263c84cb9297b185a8f6
SHA1 3ac19fd209a5e0ba979e5a46198208c6b16743d9
SHA256 4c34afee7b1f75e5b4d73d71d04e54fba0931dfddf8a17c6c3e4f99726aa53be
SHA512 c13838c33aabe3404e8c3d9bebb1ce27dcc2dd04262395bc1e6f8d4dd42f9dca91c5fc9aca35649bb8852989c0c8e3e698f190618b09f22efd6d5159eaaf477a

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll

MD5 c91d4b49a540e2484f0cb633e1d19685
SHA1 f21d5fe3d5ebfdede28000bb038d58487bf33f83
SHA256 e67a5c0ebbad6dc7bf24d971625c4b3763805cffbf0af65ca2c61197ce0d6b8f
SHA512 17ea5959b997e36ca05d62a0d1842cdfcd64b21a0d19f905fd55bfa943b76ed88c7431b7e18495f51a8d4c1cafa128eb24ef71a54db4fd38a63d1b121f8eaa25

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll

MD5 2dcdc9f21f8b04dd61cff1c07fd11676
SHA1 d3ea958c6da38c05b51f2ef691ea8026415af4b0
SHA256 07e2e3045612017676629231046d29e74ee96d9a4a27bde7c3df1adb0d1d1d41
SHA512 184ad0a337b7d1574b748172dfde27927b296f6e8fcc53f058228c342cb91c0bef02b4b0554c165cd43c076c06109cc958e4505eab549a17a9ae300c9f86b116

C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll

MD5 166af2150a3e9a0e387aa3763e73ed9c
SHA1 ffdeb377107d6ef0acdfd5c6192f0cd7c255411c
SHA256 7f9e075fa50b824db9a22f560394d9e8d7fb888ae94ddebac9618ec601d9f8fe
SHA512 85bb2b65a61a4c3a0160349bc4127ae25a9d7b2c53918095ce4fab9392710b62ccf43c77bc4dda5a6704f76e29873d4f5389a4b81a3056477889771a5cf7000f

C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll

MD5 67ae49ca9f32a70050b6cd0993ddd82b
SHA1 26f419c27750a40f29195684e0db6d85c6e2fa94
SHA256 ebbc7894772725ba476e5b02563cb32990a6364cd3d5d7c139a99383300efd61
SHA512 5f0e1c59020e21fd4381d8857a8fe21682088bd523442477d120bcfd0a56f2667f162e04b6be3a983997ee2ac416e7d8c928703440e2c8ad50841ab99d520692

C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll

MD5 10fa11a56f406465536a4e089ec1c8b4
SHA1 26b6a3c8039f307c62a3bdf73fdf695d54a703a0
SHA256 f4c77a43365c716c55890797c54cdc77cddbaa2c5bae2cc1c131aad4c564ba57
SHA512 29bad0182687d4abd97d2c6fb36cce87f49f7a5dfa8f44e115525d9739576b53992d2af45d97e84467629bcf66b4b095dadb6d9b0dc1e9a5d2e973b48b74b9d2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 d9a31439da128966aa82ea0607539ec3
SHA1 9efd7e4b84c05c44515b8d8fcb193f799354a87c
SHA256 e5595fae5426376a88c97250fd0792a8ed5c96c0678579b2a008c4984a3512ba
SHA512 b01d513ea5af119b809da4670da608e41ce130c7b7f3b06b59bcd7602e7cddae181def75beb133bb0aac4df93863aac29d0444fdc23836caaf2a1b04b66c6ecb

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll

MD5 fdaa58a6adcf7c75107a2a88fbf0a62a
SHA1 88efd169ab084041d0c9cd8b38569519d01279c4
SHA256 17802012f161314438774043e7d1a75f1b3833c12f2837f1f75d49b0667d427b
SHA512 5e56ed0bd532cd5ff7559e7c214213917ed8f78de016c8efe2e85b9dd839357bcf2f32332d3b28800bd175ae271e59dac6a092d9ce0ec8527d47b6deff128b6a

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll

MD5 16614e2142fc120dd228863899022991
SHA1 3aff834abf4484b326bdeb63830964783d68fe38
SHA256 58e2ebed9c3bbf1c2c9b448612ecdfe7cf98e13ea7b756d41f36ea3ab6939491
SHA512 c448aac67ac7a3d73d76dd9361db7ea1d094ca4f5e9aebcea563618bd03fcd4df164a049b4b2c3d58ee9f5c363f15622d7166dbd9884bd4bdcf915a4e12a63a9

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll

MD5 6f2e399c6a6ea54200ed4e629b4ecdcd
SHA1 8c5efe33a8238717fb6526ef0bdc71c191645ad9
SHA256 f91880f3de9915184de9a6f01051c5d1a5e460454ff264f60d8f087bcbf4dd9f
SHA512 474667de625d182249209bb27abc17d768fbf887da2bfae43b1a9f98fc87506d961739533d7b7fccd822badc2b1344197e1f02c2aaa16bc676cd380c0a9cf5b9

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll

MD5 0401ce2fbc08d104b87dc758c30f23b5
SHA1 1a4fc4f50091840375fdf9e96637c9b7fa45286e
SHA256 fb2393894af321f9f62d769685d082626ef742093e462c46bba3713debcde29f
SHA512 5abc397699200f5d59963b0561fc107b1fa6258b26e69ecd22486a21fcfe92cc7c26d83f5fc3ccee8bd149861848ebcee3528f5965f95a7611c916bd2642e15c

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 1f565239d7aadd93952560d504f35a5d
SHA1 c8b2706f186d8faeaae7ab9b2de97f740947715d
SHA256 cb361b9440def21a112089d4e4370a1bf18b2c9cd5a5c4486c326d81a500f6b0
SHA512 3e48a56072830478ee62ca9fb003a1ec36c379f91449de08e4a204270aaf3385411eac56031c2a2f8d07881552c143458e25ddc088fcd1c8c41b2e571114abbc

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll

MD5 0882ed2f80571f0e90241ad931e85e67
SHA1 9baf27a0d7c8dc6be22c34fcda1c1835f5df726d
SHA256 a0a95889c5138be96ae6c0f09760c76c8291c3961fdb64d5070ec26cfdb514c0
SHA512 c18073bf6ba0191935980f82603eb233d77ee5fea897457f1a6d7fa6c89095d53db384e80c059218a19d2f56c2a0f8ff4747076766fb885438ff168eaa6be520

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll

MD5 68a9d860939a41b01354e12cb48d679f
SHA1 e059669b3227b391b7afb69eb2b32831619f42c9
SHA256 82b6374c7d365ab5a0d871b5a5095ac040bfb9e86006621961678d19c110e943
SHA512 58f59a362237fed48a9071605471783c9b9da4dce22e8d786ec7b2990db1f66d740e034f593b384cdfb93eb29cfad6f76f260599a91c12927417d673c23a3aec

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll

MD5 2ec5e6d61dd8f12ed66da1c4618708f7
SHA1 5451a351ced4e000175ef1c6629feb46d79eb543
SHA256 c4118550eb0c71ac119642e86518d3b756e70794f807a47ea4d81225c0bd322e
SHA512 5482e3f745ceac3d32be05fc53bb69344ca53eea07b0732c922884911a77fe302826e58d02694197b786062c146ff43a2fef5a339192e3a6a51ca3d892287f06

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll

MD5 f4699373fdd7d04616837d99d9bd1b86
SHA1 1c7274d935d9c4e3b85715ca05cd869ee3058e1a
SHA256 fcd90c2020bdcf61903dccabd68403c1db4851049276e005302ac64ec0259d5a
SHA512 5baaf30faca09f480fc602b7f9600398c7a87136ce8df0b3c8a0498e3131da58d11cd3d33e8f37d2e1227a16fdc8f186ec6a9e5591d4c173bd04c4b9238b70c6

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll

MD5 fb1c1a6bd8a8e189e2630c0342ce550f
SHA1 3e22b4f1a8d25b8510cfd58a24b8b888bfa8f3ec
SHA256 67b5ea537e44b3de84563cc21383007c07b3a2c2b47d71e2908f773a25ef1a07
SHA512 744d678a0568741dd891f6579dfe3a9df3821695ed59ecf4f0ab360def94475371da3d138d2d1ef458ab4e14319e480062fa88ccb2cda34a4e72483ede097cd5

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll

MD5 a370ca9584bae5805db8019748c0decd
SHA1 fbb02706dad8e2fc8760ee9027fe8dc68cfe031a
SHA256 32b7e77308f10d848072af08c7b38e3c0c626679ac9f3e4d63a1721c2b88457b
SHA512 01096eab88dcbfb6142be1d2886258da17e3c2f71feb3d65b00943d3f5e0057825b489a53579b9025397805f9c5305f7e2dd3439f1daf7c893346aea029f3102

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 29ca400c9997c7046e837196f9950db8
SHA1 3680de542c07878c6fe753f04b96ffdc3b503df6
SHA256 7d484259c2016dcc1382a0be1fc2c614367fd52a029c24fad12751a3547a62b3
SHA512 7a00f50791022d4471be6413296f288e68f9d6f327fdde64e91d16bfc418d4e0dec7b6c5d88816597ef7947b1e9b72dbba9539bef82edb434adc20999a2dba65

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll

MD5 310c7c77d08f513906eb6edf0ffc7cb2
SHA1 1c2ab2463d933b4224128683be131f2cc599b905
SHA256 a185f469e8472be5b015b38607bcd447687ed162c691341c3c2d79dd9dda4201
SHA512 43ee3b97069156986019149f48b35c510a51ea04c102c4b9e1641a64ca8f2978643b9853b78e8521bc65467c1453b7084fd02c0bbd32e3273aae576039e6b117

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 322623b634095f9b5d27ea47f895e6fe
SHA1 f184042a7ed34e02489d36a21172e1db16f6615d
SHA256 f3dace2caa16a9e8b93261727a03cab66dabd9757cbdb407b130dfb8e7139c51
SHA512 44c942fa1085f6418889e87018a825e75a593e4a195592595aff6faa26dd689a0e1376ec232aa45391efb246a8dd272a6f854940f4146e7af410d74d997d3199

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 9bf4180d694e2a4c3884adf2b849bc22
SHA1 07f57a3366ee0913b941556fdedbe2fbe3afc959
SHA256 413345351bf3cc2b0332d54a9cd7a5f75fb5d7327289d72532c221b1354635da
SHA512 d32059cae7c3d1acb5d2bb1807be6f28ed288aee3de9d0852d09cb95f128fa8113758a584aee85a22903ccf0d2d6f31fd9326dff6ff1e2a22e2c2c61980020f7

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 b5d77bff3acf530a7bfb1f547b0bb53c
SHA1 c18be7072b217063b4ce3a78f7ac055fb7f2131c
SHA256 086e7876116c28f82881345411100346b52ba3a4a6536d8beee7bfcfa1dfebde
SHA512 4d3b2070848bcbd418c6787f56b1bdee6800759aa24a9239e66ab73e562c76ce429925a94c42a3ac5c4fdb9bae3cafb2ac67f255ed9a0e269cd66db46491af6e

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll

MD5 0c540211aa264eb6466627659c2d54d3
SHA1 b6dcb031de40793b5dcf01e466648df0dfc6c2c7
SHA256 2fefea4d135f901fad8ed6bc12cf011aca7fb165097c89f1506cd76434a8eef3
SHA512 1b9fb3a773aa373c3b71e12fba122abacee13060681556705d133195b2b56371597d344cdfd202e27285a1f82a882090ebe76af96f965800dfb571f96648c8ed

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9abde560d1dea7a5d36b07f1e0b09602
SHA1 e7ad12c92ddfd28b581975362d260d8544caf9eb
SHA256 032b82a2ce476d649650596e1b80ee7a9709c16eedcdf1c4a44aa81cf387aab8
SHA512 f0c19f4795d8dcfc4e98d58fc79830862b22a3f64294e0ce0fd2bef81cc83877692b3ad6cc7df02842adc67d67ca3c6e40c49199fc8986b4dcee866ec9880fc8

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll

MD5 4252f38ac4c4d3d4893782898d58dd09
SHA1 5fd2ba694aa848cb6d915e86bd5d2d79f20a38f3
SHA256 92ca022a80bd4f4ba40348a5f047753572cf315b71be936b73619b4902048874
SHA512 007824417401276f2a23b9af632d625c1daad7021eb4a93b11708bef318e937839d0af0a97fc2f95718be73ad3313e5fb0faae5fefa7e683f5734a858b20b52f

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 e98ed47f59819dea068797c500c4887b
SHA1 7f208ce3fe94416b21e7e5dfbc63c6f2ac5dfabd
SHA256 0d5a1c6d159581acac77890c0b21ad944262d7d52ef5156a2c8c11c799774d34
SHA512 a92468ca434bf5034de578ee48ef7b915fee1203546f9eb20b977dd970946fa8f0c297ed1454776772b51d164c80d78860321e6683bc591172f557d118cb1dea

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll

MD5 4078fc7f889086f3f71a36e61307bda3
SHA1 23495861e0f434b9347086300a7062da887d3c20
SHA256 6a2a559ef99571fa901c06e57325edd2e3e824a60efa12c9f946a1da7ab7bbe8
SHA512 3ce10e8811f7f2b5251a03c6d83fe662e8cd65d264735f19769fdefa36a31d00bc87837b4ea9b641a88464402c1cf069302636937f30d69a03079f762e7ce405

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll

MD5 6fea9684a6f14b438184b657a5d5f13e
SHA1 79c67e06e1e11c8ef61d676c0e36c0961bb2b52f
SHA256 bcd1444d1677ba0456f809f61f4a25c7e62c031c50c56d742f5556dce4781490
SHA512 0c7d806fd386b748d1f6d38842c87bda882485c79c09c85d86a4be078cbf27fe2d558e2cd5fa9606aca567e82f0089dee2e649d981f3b36e2eaf2b90b6c21cf2

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 03933fc5f39eb10cc78fcd85ebf8cc55
SHA1 e96b7e6ce75cca4e225319cfe00ee9e5dabc5bbf
SHA256 a5eafa456367dc4d29b3818a0d93b82c5f64809960e2c5dcb5415c26f6d29faf
SHA512 07f02881d0f5a89c1cb7b7afe60d8ced841c8b1e096f4d0dfed9f27818d540aaed9dc1ff5a2aa6ecccd505d0eafa49438dc9ed1f1d157e4964f4c808da063571

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 df9f7263b46bd010f0c306b9965d4207
SHA1 b51e81476a452d566a2878dd6c137a4e4f467a5f
SHA256 3d33322cef86b639809ba55a779293eb841a11e2dba6bf2a99bd229ee5c7416a
SHA512 1b24f117c56252938d0bda1e8f29c404ebb35b535c09d7468dec3cb639edc05fca88c7ac358ba56fc45f95001c1cfa2cb1e2536dd577131992fac85ac87da5e7

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 2c43f2eb23b4676f354fc96679cfe5ac
SHA1 eeb635200656b600a675e716af07e9a095a5647b
SHA256 4f57a4bf35951abf84296e23be2d72d592e29a2f2d7b9629a16a69ac105fc31d
SHA512 2aeb915aadc5a3131b3852488e5d90c4fe4d75728278849553150579e5bb3df6307969bfff7dfa836887a3bff4f87856d375e19aa445993da40c212882f2b0ac

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 34728c0d6f7c30f970faddef74a8c230
SHA1 5641a8a0f835a8b5cbef0c5dd63a5465915f4629
SHA256 9c4632c4889a4e4070906c629b43eb92f4f70a1f19d38505e4d6a8cf1d47202f
SHA512 5639c8ac766ea8b6cda5af87c41158f1ad9d643a9922b9d3db34a2a1778da7296e3856eaaf0e55e657f06763b207e1be521f66a944391ad5a7975a02b75e4585

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 793ca4624afdb7172db83c8923dbbb20
SHA1 a3294a9d907e7ebbb8969a76b2fd9a0c1ebdcc0e
SHA256 9600add46fea508220d3d2c3230fab044d46524af5e708d615fa19be07283972
SHA512 3e0c404ff5cd4ad422c78890fc4179bf30b49cb4566b452538e537967b730dd2dacbd91e8f16b41e60f26e4fa73ea554d03064cca7b86f47c49e88475a384ea9

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 bd9fb4eb287cb3b32e493eb6eeedec9f
SHA1 e6c5a539570b4375f7a78ce0f3b45fd9e12489cb
SHA256 dddd0b7b745d684820ae9df2460995cae8cff79dfdd049e652c0c4deb3cf376b
SHA512 7c1e3489e6ee15eb499e1925a991e4ee3620ec77d24bc8129f8ae83e2eb318e547fbf84d984a982e8cde8dc6ff07e764d77942aba1e02bbd06c95509bcf9b4ed

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll

MD5 99f80c6c5916948e8f48b48bd77cd6b0
SHA1 82175c59bd1856627469ab898207dcae6920d455
SHA256 86cef55c7107a209927f86b251e637cb3378a0c400b01a2e8e4edb3bb01b8eb6
SHA512 2f1aa13d6364f81797f41317b449a2eadcd8806b5e58973b407e4340c0d9ee1024b3b980c8f7224ac80b8b7dbf53506baa41b37e6a2dfd506a2005b02524224f

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll

MD5 26563132c6e722c15e1085cd3f51160a
SHA1 cb5820330f1ff95c3231e3c3569980128ba31eb0
SHA256 59471dcc23050e2b5078ef4895f04cae2b1fe172bd60bb164846a65dd5ff4686
SHA512 5729b0404e0583c09d68cae0f5c93ddb9f3a27dcc262e390ccd24bdceaf96c8e7c6d52ed0dd3985e03b49c6f11e2ad917c0ddd210041ea375624d28208799e46

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 319d52e281b852ab89ff788222f9d493
SHA1 be53625ace7028d71337d509f74fefc50af3b4f8
SHA256 1607ba44f7b0440cb5b332b484cfaa00cea67e8d3e9510299e4efb3e4f3addc3
SHA512 32dcedc4bdc76474834ca789035fdb678f2cdc01276fb0b04efd30e3dd82e4d59510ad55fc065d64b965e79c5055c678112d060fe425186efd44ee5e426d6de0

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll

MD5 d0ff0fcd6f1e953784470bc0aeb55f41
SHA1 4727a2eed2890033d1012d81fdbae60e9bc26202
SHA256 2e042dc9b176f66ab9ed762276be6835aa4b0a59b912c492821c12bc4f10367f
SHA512 3c6a15e329f2a9a025db2fe7ea29841821750b9fb4d5796df6463dd15e6caae9d4ad48ec7b59e3e5163133101b6ef67fde8256e90e1f2ed0c026c5dc88a427f2

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll

MD5 59523e9859b485e3d08094aea3cd1650
SHA1 9194c570c2fa8180fb04decdc4962af4f724ecf5
SHA256 ec17050c14c3f26bd4aa7b3658a9ff8e409817497f2a83a2039c35d722f14863
SHA512 f56d144d89dc86939c153a47fa840b857f2fb650ce7672f5457c5e1b22adc239b1e7295d19b6164b87f9ac113b0166729750de6b2260bd66b9e8b60e45f6b81c

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 a79c9e4ed6f733d104c5fdfdc645fbd8
SHA1 f4394c3f9fece965371fa252111fc6be8b056de1
SHA256 c679753174707eede342bca00f2293d6060995acfd4ef8b86516ba18eaaa57da
SHA512 622403ed453e35f4480aa3adbb9a18ac7639e6497848f296d9177b4a99fa2c4ed8443a355f93a2b576ce9d18bcec4d90589739870ef698cf44f9785cd40827c2

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll

MD5 664ff5f114744963ad94377342da50fa
SHA1 81110b7840389229d3297fa7c7f193726f193c48
SHA256 0e80e3da124070f47b286c76e70d8240d72be7a274d521e19c49b8d3cc40ad85
SHA512 06e7c44df369f99279443af934f6d8b9d6c3998bfd87f72c38b1aca1ff4875e2824d035cb271dae3ef2cda76419989f5115a5427cc405b6c4d227dd08e539201

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll

MD5 24b0aa5e6014f53ddf394fa28ee0434a
SHA1 ce8178a7daa6244728a3c3bd1525939b5516c156
SHA256 2be74079ba9cb118ca587b118f897c28c68489832c0503d619d8946c0f3469c8
SHA512 93c95f4949e860939f1dce7c8ebb23cb0131505616aad222c8f3d1adbe54de58c40810f0785f9dc517624a24d2bcdb070039059e77cdf597e6084a2042c839f6

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8cea3496743120c52d67ff3a52443e4b
SHA1 4ab3ea1a3e78bd787e60e2303801e2be05abb0dc
SHA256 f8be853ae8d39a6d174cb341754b914687fb6e015cc8d9e41f233c976ddff932
SHA512 8e999f6c1f9d5696f0aba17d8f28444a3f3433db55ed222e9f194268cfa9c6026d7f0f5d054548c60771f64f26a19b424dda5f8867b918b979d36a09ab3f3854

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 bf281ea2eaa410d2af6b37b6f2512f56
SHA1 18296379363d7918cb58cc6380f2dcf8334c880c
SHA256 f1af0c78792e30e347e681168398d790782ea9d90032144855ad536aef2b2821
SHA512 5ec070a22b02e4fb46eb98dfaa9bb7d41c93107c1feaa221a47dcd560c65480880a9c674beb4e1ae74af859193a786853e43441a8f460dd25ca167a546b975e9

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 99c74a78aaa887f6788e1f45226f7ac1
SHA1 3161ced42ff22d9d0039cbea5ecd632b09037e30
SHA256 f77c7c409bb672e5a6f3d472396149adf556e4ee236bafdaf2a1ad561da1385e
SHA512 af3bb0cd69d6684265081300545f21d4bf74f4a653794b9ad0fc641405a935f27c677fb837fb61b9b07c9f73cd46f6596d29fc607a3d3317d9367b4c9adb05bb

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 c0cc568245d61225a5d9cbf7c3673299
SHA1 4b69848ae77b31847ecad50870878d71d4e0778e
SHA256 c3c0ff93636a940714b9643528c1ee768ffba31d53bac187fe9e29f90e9b5c45
SHA512 7bf00c152985b396d6f950fe9c77715df285d3840677dc949b1e4e3a42fc21fe0dcfe1b4716f3ece27ce6121367d0d1c5b5ecc7469e822e1f24e4f46948259bb

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 a65771d596e2831f28fa6cba9e0bd460
SHA1 afe417a7584d86a4d01cb84e22d990fd4a9f7f9c
SHA256 c45ab0acbf0cbb03aeb19c91d505b3cd40bd955b1fa35bd7128f81ee8a65c91b
SHA512 a8c0f3249868e94f84f2bfe5a5307f16dcc5bde122b4afb691ab92bc46952d803abf8dba7228a6c5435bf7e61fcd4897f42afd7cc904f8ea277c01cc41353116

C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll

MD5 f4b289a980664b628d7e5b65402f5f12
SHA1 57e46a01c2732663b1e9de5529a1713d0de45479
SHA256 4760e5fa7c96a947ded30357429852543ca8766b751374183e8ba1fa18a96cde
SHA512 66e9fedfa6a660a75d3a908d4f4fb60c3c740d3c74aa9c2ef073cd405c910bd823ab7065e7b6eae29ccfc87b3920e7487fe699175a5135685173d68a8940ab7f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 c8e1fd940ba43c0f10c0dec7230e9a31
SHA1 35438459b8fe8a78e657235daf850c67736f18c5
SHA256 ce2a9832d6658aac9e2dd8c56395f02e376cf23edd0c4d3090e4c78bfe6ba11c
SHA512 34be7dd7bb2c462473cb2154e23a32c954a4a934c8cb09dc2587e63f49e7dabd8fa66129eef80961119568570a7fa1657192cdb1a53a084f37f7693b948c7a0b

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 d2d6df8a5388468f0fcebe4b301607fc
SHA1 39a33d071a31f3bf335190d3894bb52a98c9f23b
SHA256 6338f342ae72adef1a1c372f579e828597913fc6602248fe8148cec1d3253664
SHA512 4d084d56a4dcad734cd12c795c19e860db790b8ad7898945d9f08fd2b9cdd34deb9cc1764eb54290aefbcfcc6d6e703d96fbad5639eeece349d79464e74db4e7

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 8ac5bf27b9ef767203dc98967d72d9b6
SHA1 3e10b11d1b69ad4d1c823e154e14d52218eee421
SHA256 e0da03ff2a0ae5c930c854154659b1dcc2a18ad07fc56addfab2fe84d91c594f
SHA512 964a3f96155cd03edeff5049900e2825a59ea16bb8ad2e7b770cc67e50e249e09aaa2c9c73cd873e7d657ed3da5d9bca254341abb62e85f6ca7f37c15d187bef

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 b1cc3cf4207691826994e07f7b41e1f5
SHA1 01783e99744974333449a7fb157e2061cf75400f
SHA256 3664a58af8df277d7c4b88a3a5b4a53b56143273ad8839f3fe44effe412ebabd
SHA512 e602219dc0f8260528f931cd77f958c4bf33258592b84858433e4f489200fc7e560f902b6972e44c825c750e429e3ee376443881271b0dea18ac99c9a4428191

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8be95b22717f120b16098d4f013b5ba7
SHA1 302573cf372eafa4a6847520d9e4d108f3346796
SHA256 6d2ae2f8f869507ddf1b1c90c7d36c89e5ff161d2ce11902a12d3ed88f99d92b
SHA512 b06e7a44cc7831673f74edffce986201047db0283a5909c572c155edf95326ca9e4410b6e811a5dfd1d9a4e2320bb38eb3c8b630f1a1ae220cff0e54988a3cb3

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 fd3f363046b07fb2b2980f7534d66403
SHA1 b3cf1e538af720a8637d95117d851198f76648f8
SHA256 4fd6c3ab78a8cc11da8ed10b902115d1fd145434fc3764d1b18e4f413970f2ac
SHA512 8fd1da6882fefafd93401d5ce040af5d627fc99f53c715285b7f8d2a00352efa3681498ba95b894dfa4125cb7d92aad6b72b749499fa5006a1a591646fb78dff

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 21588ae28643cb3b706f986b56f5f9b2
SHA1 bc1b3ca4739353248f61099b93e6eb2b6d10374f
SHA256 8d17695d060289be9e66d3087459fe2e9c5d77bc021c46cc8e6fbf09837b4827
SHA512 50a384ca25d72384ddc814241f46e91d46c0a9d2f9c9995a396583ae3173afdcd2463360de265cb74302a2577a2d3ebc7384f336c0829a2496db9d3db771ac7e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 785b8724de8b9a6df783dcf9b6260903
SHA1 9c09f4ad8a92752383965ff06a6f173d6efcf798
SHA256 7543b46c5744cde51233b79e710da24ea0a9b9324286b572db4d4db21d748394
SHA512 c8d38c6ce36af71ab887f14e960cbcabc332d3a6994144f693efa03305f2cd824165cc1abdc73798cdb648d7176efdbcf45344adcbecd1627350d9a7e3e096fa

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 bdcf429561543d3606b7cedbc8e94d48
SHA1 baba93f2f06b3a506ba75e63201f25242341f4c1
SHA256 8a545b8c95f593d9434bf516f954046d7daed52c001bb96511189c3b3fd78c35
SHA512 b1075e4855e8d1293035ed4a655af263bbb475e59a09050af96cb1edc5644ff9f0b099c441e1382ccb4627f049ec936ffbbcd9c4b91b53bcce2fbe04baa5337e

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 42293ba0b59f94b4aa1421e2a9b18ed1
SHA1 8542a1e60002a5032c65c44050097fffd0412a08
SHA256 6cca25b4738e2da832309b3433f4d4e120d1733065e3cdac1f90a81aeb45ddec
SHA512 d5b7420a9d7b4feff4daaddf3f4d48dea2b2d9e86dc7048d928236df42238b9b70572edc6820666af137acb0da77e1482345ea194efc27779a40bfe754d71fbe

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 cd6aeda5606048fa2cfba0590deec389
SHA1 4250378888f0c061fee210aa701c845b3857b140
SHA256 34d1d88dddc1cc26dc123cb3576ba10ff29c24f936a774169c37a331a991dce7
SHA512 999111e82fb731c711a3e683bd2f9da0dbc2fbee9bbce51856942e5447928a49aea20fc0634ff237f8c9c3508c4ff2aa6d39cb3bfbe79580e4f823a45fe44c36

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 4bfbab54cbb420c48a905c8ec91e5e12
SHA1 10ffbd83e6623774e09e853929d86c6089cb7251
SHA256 f119920bae2c076a761c93f546c16d180dbd6ef269531e8658f31dc7657814c3
SHA512 2caed39bf6f2f327a0a0e0f3f444d85912a6baa72172979801f7f64266786b2269573c49f07712e900f50fc04c6213c2c0c13d53fcd6a52776b643477dbc4656

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 8e53d72ff81a44d897af40938c77d623
SHA1 5bb8430219c097d8d124e7691ed1e7e9abed9da5
SHA256 b3b8d02ea674d0f51a9f119a3d26ab078536549cc5fea3c3c0148991e4c1df99
SHA512 56ecd73dedfbd843f6cebf6470ec4b5fa623706fcfbefc982b0afe2ec01479289eb966d3b4b079b73b7bf48a39b57a05749b1899db71df4aba640ecbc62ef948

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 758bcae33bcead52ede2c84a536fda6f
SHA1 328efeb91242855781a10545f3729b5e58975a7c
SHA256 3124ff21054416d2b93ab7638532b4b0800239ffd331a7ff762c1ed6cc0eb3c6
SHA512 b62fa8767ce66bcce10b3a472c5003ea2cf67e0d0c876abd09b6ab209ea2eb560d630964d63ab5f2a359206eb3cc0cf7ecd19512a07828dc15e57a1233e159b6

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 50b800f0476fb16aafab1d6d62b07b1f
SHA1 9054573b83849c62c62194c0a337b2de3a8be7c0
SHA256 08c14a47df40d01ec9191353e992e80908ae2be3b9767010f304e9feb4a5bd2f
SHA512 011023ecf0419abef8bce647c236f3b34f1d3447bb57ff54b7617860cbd13ad9dd25011458a300a1c160ff5276a30d38a1df5d7a61f23af3561165fd680cb468

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 b07d679ca162fa2d7b49c50f4cc23991
SHA1 b0e16614e9b219bc879ea9e31cc32dbb9f95de37
SHA256 4535e91d8dfaa8d1f61582fa493d3579750e68df734e1743899763d6c13564fd
SHA512 d7aea76261bd14475101a6ca88e1ef670bba9023d1413d751e7efc25df2f3cc38cdc3c73d89fe1d7f096e9e8f0a31221c7a87dcd85c12da7fc51bb14115a9be8

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b168c7d93185860394d09a4888cc4a8d
SHA1 8ee33666d85512b9b1e0501822ac90b1fe21df8e
SHA256 5efa0a5afb4cd374b94c549aa232cbd40fff8df56853b29ac5fbfafb30bfe657
SHA512 690a49baa89e34d40ffd4923ea8a1e899c732cff827da4ea1923ae4e1a4fbfadd15d4bdf3b5cd20b4e169bc70b07cfe593257ac4a3a7827f32538e786ec8ccb6

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 51cc4b808327328abce45e780e7290b8
SHA1 53ded2e6273efa57d2d8a97d2df809e34b8b98bc
SHA256 5f72a109d09f7f63ad4e159a87736b8bc68360ba35e2962ed15af030e5d82960
SHA512 a0c839d1a7cb04bdb5e2e0fdef232a108b132d1dc20e858dff8875d7e4b0aa57a68618a81cd15228dbbef3aee6911ae9f0548ba26b6b3aaef5f6495e70af7a2c

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 00c779be2ba55d9f0390a62da89ef0a5
SHA1 fdabb0715ed79603aeef19133b64bad6daae9b4f
SHA256 fb3e60bd660012604d429933972764e49b259f5f1526aee794373daa3f3d9cda
SHA512 7c5ee69f8eaad74473a3ea265886f6c05f38130cef20992e0884dc8b2e91b9d17d19050b4896a2ecbac1516da652629dab9e736fe7141fd505cd16629360b019

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 d91dde9814460de2e4e679378e1f4a8a
SHA1 a962592f2181adfb39337ae493e56def669161bd
SHA256 5f068fdad4a54d24b18e40b4f5b675957ca425afb2cdf5ee7d94200f08aa3e6c
SHA512 eb190519e52ff721d3debec7bab25cf497b039b7a46289bb57543df00d1c244b7dc4f24b40b4ab4a7941f20121b8eaba68d3cb669e5bd07d65b095c0ff1d5007

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 3ff66a31f57064bbd2534fb4fe4a4f76
SHA1 bbc40738b7d2e92afdd1edab09ebba47c07baecc
SHA256 9832d9f0d0f2e8ac5a72f664f0ce5b9b5735b360c594fd64e54284ba8616bee8
SHA512 0b0d61c96496153a14313c9729f427f8f23c56a7819a2ec12e4355d5fdcbc5c5de9442886fa47bc7a61306d603128b91a0c6f00ab61d46ebe0ed6e852bea48fa

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 d5297c72289499a52926d7d90b050b93
SHA1 72f2cbeb4957b93308945153be1d6f0d292deecb
SHA256 2e2691c17211351b77160aa5176a10c6d0aa08283843559321b6bd95d642ab77
SHA512 2addc1f8071e3faa2f8f147842fb869bba76df67b8b7a43314ee4d41a677974b2f96aff3827c1f7458c938dbe458e78b8d278cb1e84bf47801e48cb203b7b58d

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 23dc986b064d0aee839964f1133fd838
SHA1 4cb4feb30d295f5b8c687fd8305970d8d1dd523a
SHA256 845ac776a28a2a1779cacaecac74ffecb10602f96e7a8d78e800777af666c98f
SHA512 6bdadbd7fc66bfeab27f680d20e41e8f436f500bdb228875aa3d14bb435732f3e91dbda814e5ae7d5c8182a41682beadc07eb26d18fa3de271e01fdd28fd4f4b

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 13cd168c4c901713f891ca288ce907cc
SHA1 6ef4711ab4db15ea659941225bf5350f139d9d81
SHA256 e8a1a4f8183ed5c4f7f8f7719f8cfbc360c8e434a45141df87d7c0567d441244
SHA512 8bfd61803eafc84fca1a642407820d53dc18958d35ecd60599b859b17f31de35d03782ac115763f6bb69e0e1794ff1dd3618741de931b1a4a459992db44ea569

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 873a09fe9253cc6e234876de97f4381d
SHA1 83f2c43eda7618e066c36ec37a5b2fac249da5f5
SHA256 f48020480b81e5f3327b84f3f0c5eac830831b496fa0eef1b12c929f02a2eddf
SHA512 eaa6b93aa8c4786fddf03659b7aa4a8dc503dd9e48659704699f07f6979564e56807b135522f8c2678bfcb09024183c6b900c6d4db2aa3d770a23af3a356651b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 7dd8789a3573d1412963b2ac3d2a2a08
SHA1 ddb32563b401105ad3fbcefe692d89b64d38d361
SHA256 db00db46d6316840061a80547ff41ea2d37248fddc55c23c50a69f22d7df8b92
SHA512 e41b851644411e6434d030ade208b159b25fa94cc1ecc30f328a9f39ef4ec3cb9f5739575cf25f838fa6cd7c861ba7f1ff429d576f191bb9e94ae4c11c6f4e0e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 d946d23b52b2d92ea8d6e981e7a84b58
SHA1 6a097febd1efb3d3be7ea27aa75708bc729722a7
SHA256 f473f4d92dd60353f518310c9b56c7123a31800921864a06c26bfc6fcff844b0
SHA512 ed11d7b3d567cbeacdb7de60617103c403d896a6b774970183bb3e67eb4a1a90171f7daa66a3b23f9b6167dca4e7ee5befec48c3c03478eaab7bc1001cb69551

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 378d0d5e19a5b0cba24835bd1b21e5ad
SHA1 80e41195213e83651b9d5bf96edb5a27afb0c7ce
SHA256 6a70acaf24a357ddddb53094e1fae453969e9735bfb2134cd14b396d4e23628a
SHA512 b24268985f3435b2eaa44eacb7a914722fc37914ee54c2c3d2cb72f63f43123020787f7518cc46d16ec234e2b5cfe5665ac008a3ff297b310e0299fdc2db1add

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 33c0a7effe554561709ca1355b8ae3d9
SHA1 f00a9c4bf04032106baa68d56db4d10ccedcc7f7
SHA256 bc778ac6fcaa56a7c3936732747a3a88c59ef942e73590436e5e0cf39a404955
SHA512 5d5e662f798f29f24b2db0764bc8220609e9fe5d7e1fd9e08c3eed946cd2e053a1a53a63f7ec9f275c62e1475ca4c294d422d8719dc2769f00474f05c4195495

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e9634ea309329aa3d1555b0fc248cb1b
SHA1 bbb4b19b8987a9c3232290385c0b62f4f304b864
SHA256 8ac61a0d96368f934fa1dc3d8f3dd5f5485933c422f8f4ba8850d6f74ac0df36
SHA512 f486963f3fff004d50c7761ba296bdcbaeae51be7c4e12316066c0a70dfa801a96bbc9a368bd8666c911f0f77962ac678926324b9f31cf77e1bf340eb4032690

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 24f874c2a3df31c27f3fe673d59098cc
SHA1 67a1a2d0ae122832eccfd5c413605f138a5d59fd
SHA256 f3eb7946fadb2fa93f7664af7986ca07e1747a8406dc1e923597c8d877fe587b
SHA512 377aaae30ed4147a716d52013400138f992db6ab32a31dcc7e93d4424594364116f8005d7a0d4b69b4db732e37b671c8b1dd20a6c9a1c9328363889a2a0600ef

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 9c2b7cb353d46aa07d4919f97294bf92
SHA1 5a3eb61e5e20b51dea9d6fabdd68d1bbdd7fc510
SHA256 f1ae499e2e5157dae652b3dadbbd3dfc58fe88988506a706fe6bc46df2203129
SHA512 2b524250251dc84a5e1cb6a2d626ee2360fdf4c8f83510033b02c3d65f93ac4cef9cb0c7318d31aa2c03280b07dcb14fe75513d2161261ed52cbea7c04f9b038

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 4a1e5b5d246f7e5d6f2e0f248f1216ec
SHA1 91d938840f676f30eea990ccf2bf88d28d25bccc
SHA256 c81036993c294a9fd355bb2756ff2c2c2ae030d10e07ed3c0ef516df2608ccfc
SHA512 2159e5305570716928dbe8ed10b3360e7a75c6d2ccd5422278b6e4cb2a4e56ec80f190fef3109b2a4f4d9612082931cf130649d490960460f43ac24df1846e7c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 33de0f99e3b4ba84d3455e6d9b7ecb1e
SHA1 bde6ec9d4872c22b61d3981189a1aa9758bbc5c4
SHA256 b138e57dcf40305a136ec166691ecc4b35fa5d50e01a290cb5200fd6e17d8079
SHA512 97b6711c1373ccee1b3416f7dea911d11cda8bed16d369dc19bec6df35272899a5bb79dfa30f84273372a3af1f6d5bd66040565f0e5b8876379eee8d8051f71b

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 5d88a62716a91c6dfda1fe6b244056eb
SHA1 e04c26d0dc365467986c391f8532f101392d907a
SHA256 1d0170adceb697f2d30e3f9cbf7eaed31a5f1a8f9f8e7b71ad577d180c6ebb57
SHA512 d1c5a83983edb372dc58a5409e2e88b8cbd4049e17f20f402adaf80ab2a7a396d01b13104da2464a314d386f10ab9c952f5ba8f8c8f5526905cbeca962850b1a

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 d5b02e62c0784d832f0c8ee5a064d482
SHA1 bf8baac23895e89b7b93c508d4d72d188de87caa
SHA256 f2112ba18b606480089f8b93be10b17d3b895bb3100bbffbf3bf552e28cd2adc
SHA512 b63acac021ee2b827adfb946fe3e267ae26dbe5102b825fe65ea10fcfc664f2400e116d80c84d6e9ab140244b3df800c73adfda07975d6e7e17d8d554408347a

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 3560a1e4b2b3690b3c8cc52b6669b29e
SHA1 7bcb825d278df430d3991a143f873a7bfd826935
SHA256 65c4a0281300d40ce83ad69e27bca5255b63529924b19da140c87b3165eb7032
SHA512 384d536982529c7b73151e80103f091562627a50da5c942b8c9a127d8b0b29552e18f8b60684861d617a2d9eff7633102e4c2f028e4f30a81b02841cd3aa87e9

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 844f4e21a7faeb2c79075a1a84d225a9
SHA1 a9828273212f083fc60b85d2bbdbdbfb8d94e5fb
SHA256 ee3de6ebfee1ced733ae777a6a0ecfca5e18b6f009329cb879e57563e073ce7a
SHA512 943f90bf60958a3f61e0cab6ef7bf9a5917c33fa19db4d24232b7b995616b0a49562c8d03b3e4261aec28e1597056994af8174ee41d342ee702d611042ca41a8

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 04472c07d18ea42dda2cf1ccd486392d
SHA1 2ec93d1a69c8741132527a7a13993055b25ef041
SHA256 383a865ed9dc54244124e5a72c9f80f86da6bb33b981793ed6c03eefdb1ae65d
SHA512 1a1efddb63dc1d7794e0a7db2f2fa3ca04a3311e4565b467acf9d93d8b831517aaa02d607034d6aa9210aea584508ed90de9da3916cc040fd835b1cd9cfc1bbf

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 907173eccf30211cf408973b72df16ba
SHA1 69197b1bee3406ffbdde9e87ce713b0baa88b929
SHA256 7d76b6135b1ce404c65fd01060ca1e804a8bdeb0d228aef7ef8151ccc36ee522
SHA512 759983e9e79641ee97d36e03bae88ba6abf1537e2dd9661bb2eaeb04a0db29295f5f8ea024b14ec33a4a8c40a2ab4231153f4633935c7b89621eab585b548d71

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 875c4b73fa5e288f497755b56d8f10cf
SHA1 f991d578c96e3f9e8cfbd97fc940063efa75a3c9
SHA256 19a6c1f9abb0a9d27e91f2bf5fb23851fb8a35c604f68678156a1c9d34bc0b5e
SHA512 fb6a0e59c746ae5c106d4236a6efd363b62c3d099a9bdda854ab41cc80ca3f540c2470a1be011c3c6891e30d18b15dc17508e68917a6daf84f3b7edad8edf138

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 7ed5df28a2eb26187e4392e45e803261
SHA1 12a084ada0dde2b3b8f3046500cea5f8dbe7ede6
SHA256 31d19e3ccd6c114c8960a0e4ca6145e4ecf6406651b9e1993320c267503a438d
SHA512 3593cca5105ccda3fd62f2ee654dd1774bd4c8ab7195cc7dc6530b16cfbb3a696b8f6ebd30d5ea35e890b51331a3d6e9d7912862903763b45cd51080022af53e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c24eaef3fceaca88c448f5e2d87e4b1d
SHA1 60df7f060233e7c01eaaef02cdb98675bc6ac900
SHA256 1ae46164c83b3d1a4074f727915fe7ab6f2cfcc79539f195bd6276506201d558
SHA512 0cbb03ea5f646184bc1a02d08f2125624c9eee1b7e4189bf5efba1ed320eb6f59457f67fd2dd19a1bbe60ec29cbfc84cc81f43f01c1c4cc7f7bdf9a76282cfdf

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll

MD5 f86585fc83938e7857a780a96a22198d
SHA1 cfe1a576f5186c19361cb9a766c8d5e4f0a05502
SHA256 28a5711bb6de281d128534e9b4862d2bdd5a6b2baa3d24f2b79b8d0924f3bee2
SHA512 4db844ab6279246fcb060adf333ecc7d9f8be656db054bc7110fd728862c3fc7ccc8ede235c06d6a7fc02cc66b0c9b2a33ac53992af844730bdd757b7e4b62e4

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll

MD5 2a490e0e37ad7454138b9f7691d6c17c
SHA1 e1937dfdaf32639b5308785abbdc343adb3193ba
SHA256 663f1a4681551a51cbb698f286cbe317b285f67b5a51e9bccfa1cfd92ca62add
SHA512 26d6a21efe466ba28a41b4b5c51ed25bbb8f06e1938e5f254ba51e3794b575b769226853dc2eee8ad2787b10017582e9e67a6a4f297b607a6699fef5503a5533

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll

MD5 385b4cc6bb860132c84d449c9aa725fb
SHA1 168ad4b205ba87e7fd8dd42077cfcd32a65a513b
SHA256 6eb5cc3ed79844afaaca4f602078fdcfa57062e1ac6c2704d938476159182fbc
SHA512 37270fc5d4ca2495bf673544cae2171c0d1242c4d9944a082ab52efcdafd8407e3af2942bba5a95c634467cfc026404bee9666598eab5a7bb2a0f2f908ded562

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll

MD5 1a05e72fea9ab28273b7c1afb119bbe1
SHA1 bd35007bdafe06e0ee1fc47365afac757222347d
SHA256 1be70272f51751172c02edd39c8a1cac6375639ab495caf6278e78b4ba8217f5
SHA512 66a22355211f79b1061ff843eacad3892c7bd07ce58456f508d3958b6fab917ba2ec4740d24af62373376de70fe093768cd3c8063acbc34fe5e4aabeb10b1455

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll

MD5 dcf69f8150196d5eea4d75976b12fa27
SHA1 09104c3d109ed3aac551b10fa0ee4dd722cbe7d8
SHA256 f18982a34953a6c492186abacfbd2d636d4c979030966833d51cda8d3cb1fdd9
SHA512 ac55ae9638cdef47dea236cd13ece4fa78d0c6e8b195e58f6f955ad37ebed0fcf84d65a24e4191eb1479d7e95f68e01335d596bf80c366aaa6955d1ed2e1bdd2

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll

MD5 8ad8553d0e50b051d7c281433f7a1fbd
SHA1 082f0d2ef2a126a3abfa3e3d40b875c98decdd96
SHA256 c9b6fc8e423cacc0e8c83a823c33d609e5f04052285a7f3567760d80c299ad84
SHA512 9e079f8ff28f8636ed1857a4fa1d78726df998d759781fd94d2a23aecd93bc6b149440aca72047fda2413d536c7175b8bfdb5f73465a176e4937dc39b7c7ac98

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll

MD5 ea40ffcdb05770b64fcecd387f463036
SHA1 18c190dc2e05a24a5d87c86324ca2ef6ac21a096
SHA256 5e5fb89a8e900d5de9644da4f0ce1a49a2215c6ce23ca58263a906046f015b22
SHA512 8bc6ba92a6b777ee432baad65a00d59b0729c8a891364455d22e0baac225a98402858d758118c26470ffb918fb736d8227417a600e8a284abda0fec14c034764

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll

MD5 02f40652fa7d4b1c0cff322099e9c8b4
SHA1 bca990c9303a2a9686fffda92bbc4f7c1d8860fd
SHA256 58572413a1e7791a8c32081fe85f199a512767258c2f5fc7600974e5e23e2e93
SHA512 9af6100ba9ab84c711a3e0d1521091f00cb42a3ede5773a640977bb585af65ad232eada4cb9c47fe888dd195300fcaaf4f4bf659d6c659ba08274cc27c7623f1

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll

MD5 448fec3705ac5824622785b60731a104
SHA1 bf7dac1e73ab305b76a418da699c2bef1c133991
SHA256 1f8be9319e79121167baaf66879cf74ca56b040f47b9f64c0746fd81e4c8cd32
SHA512 bf70a1b50f1ab873802b57a12f0421493f41195d2bc2dca8e764f2440f3a8eb1434736af56df93d257da5af25bc35f441944cb314bb4b5528b5ea152097b880b

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll

MD5 b00e6747ea7fdc141637549b0fcee682
SHA1 6ec0a30bdd9eeb003683974ef07f440f3272a735
SHA256 d01f069e2b03be602cf9925decda62a76745777ea550efa24947c100e5a8965a
SHA512 6f08afccbb04048f9b57eaa95ca66da09a44b2c59ab7726533f8acf6640428c3465a4d072bad9eacb8473ddc72b53b2e7337978502c3552e4dcbcdc766edba38

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll

MD5 be9142097279230a106c19ec9e9f0955
SHA1 cd8d5c9fe2d202f3bc37814c3c4458fc1da5f285
SHA256 176eb95105f6919fcccd5d440fb081bdcd47e1eb90184a12939d64dc40d0b10e
SHA512 670e0edfa2ecac6c2b49dc3deca89b6c52586ce426443510c6f3f2230ceb327ecb78ea567ad00a43460364a4a5087149975607d7579757b20c4288c83b8a527d

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll

MD5 bc26cb833ba8db8f5745b37c81b3a4c4
SHA1 105c899440a09a087a41ed94e6273dee8bd409e3
SHA256 8c7231d300bb1fb4e40f46b9a4eb895d90e3668b61d319a57bae237cf29c6d52
SHA512 d740456f70182fc95167863e8be569470ff40f8d230093cc731aad6cf6c468269689177ed59c5fec8c926ed070a1badf584c56a454125943d64be40d137f3e30

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 a22e4e903837cf62db0e211ff030a0c6
SHA1 af600298cb4107934aedf76fd19c56d22cd12d69
SHA256 5b097deac030a25613a3753997b55dba35e86f29284abc2674eb366b53a9313f
SHA512 e9002b4c3365e4f013752f6b47ac0fd4f660c9e13798b0786ee5f72b76f71bd72627ef24af7da50514e7295a78bc481ce94f006b812b210d99cd0aec5e70afa1

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll

MD5 be907adb5369b7016d0bdf8e5759de9c
SHA1 b82600223f671d0295b051ebdb2f8a01e1ea02a6
SHA256 e0ab4c58c25b687813b8b80fa52767b99ef411553046490c8d1e4007992c5b8b
SHA512 726704ccaa8c1129a1c86a5f8098cfc30d96b6ad60ebf477f110df37be887a7afe6f364d6ec2188b1a432ccfea0fe69fb367465da5e6fbd8108eb3442012390e

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll

MD5 7f894e9559efa6e1e7de2620eaaa8822
SHA1 344fa3f40c76be18450a29820830fc1c0efe254e
SHA256 ff0aa8ccb7a5fc48b84dadf748ac08459d1c8d6ee0d66f7ba344742b17ae99f7
SHA512 7cb08deb61ff30b49655b239a7d013664f844762570a24d32e467f2a2bf6a46dd4eec994681cf0cd207d404d002516caf8d548e590ac5c8e62379422c9a386b2

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll

MD5 32009914cc1100f2b2fc733d3204c818
SHA1 70abfc57cfb0c6bf5b19a8bab491a5de2ac8155b
SHA256 2f3ebc9c6ab31e3d30d52081dc9dc7e06437b55cd066c7869e8140a3ee04b0d9
SHA512 1e7e7acbe489481bd88ba14ac1c9a7aff0fc6622039a3a9c0b3909bbb65f54bee40ef8d1ae4052eab827fae3719c4b2221a1cbadf924823f233fc0e10c9c5b10

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll

MD5 ffe828b86dafb72c87daacd701f5315e
SHA1 6e7dd7d37c9881aa626f8edc721e82aab4206e66
SHA256 bf3d0e8d488586a607793eacd8f3239643a96ff4061dc3b2844d7e71822cbe62
SHA512 ec104fd8539293576e444ac26cb0a54038745822fd29c7b7b83d58e9dd7027d4724a98dbcf4d307cb34b20eba711b2eed161f72512998c1031490ccca70f13ed

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll

MD5 f3fb83f7ada9a6ae392e95aeeb2982dc
SHA1 e308f400b66086e3ae88505888c74ae4b2294fe7
SHA256 ef33f40782dae81e943f598a3516d0bc755ca01fe33f859650d93cc97cc21e3a
SHA512 399ac8caf37ffaad988603addac4d0c476b7cb5f6828386409bd73ca3497d0fb5fc171ab76aff40ead5fca336ebf38c635dac7ef3910be6ecc853554a4f69c12

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll

MD5 3f2dd3b342218a86e8ed7f12e4fed923
SHA1 acc90e05a74b84a5fb1731cfab668f756a2ed591
SHA256 706e57ce385f2fc62d5d4dea9a77770ac95d94259c39195c2fae6eb6ee458785
SHA512 3fea469759a30cb8c97526e9455f0998790a92232df7143b06a7e34788ea144e2e262feaa731066902041dddb6f79c1857da03e3fea12345af54bbccc1027917

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll

MD5 2a42dee56b541ef02ca6ff9df652812c
SHA1 59532e58c734b03e1d58b9c3b325166d43f38002
SHA256 b95e55fd9cb0cf1cdb945d8e6e466d4e456ec36f61fcdf95f91605cace55fb45
SHA512 7b6e693be5d8aebdd67eda358fdc20421dfab095eba4160358357b113240bbc496cb63cd825fb84fccac26722bab0d35111140339ab4babf497798afe141321f

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll

MD5 371d6c8d0b8f2b3409baa97a6e7b8edc
SHA1 9aa2d36e6d5e7e212dda729d8794bf532cde74f3
SHA256 140331a28b35aa3da27025e0e02405d99124f04cfbaa6fa11ed53bacf7668f51
SHA512 3d7c8e08296eeb6c825cc8bc25da9ac9f39a24d6e349145634e0430ea1b93c6754e1340a70253d89a89f644282c8e4aa6a8a33f4d433afb48e16fa9d591025b5

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 a29c6a94d00f439808e3cdc07e8b7cdd
SHA1 0fc6fe1494e6992d918fa6e193800bbe71a54ace
SHA256 90d5334d0e5066d33a1579d4a459ee84987bfca79da8bae6d164a3d3c2639eb9
SHA512 21b353467ea246628cae849eef5a96b2b5c6785283c9b41c15f860bedfa1558fd3c124288d24a4894cd788f4cbc93014661dcbac81eab9a288d4bb9010a44ec0

C:\Program Files\Microsoft Office\root\Office16\concrt140.dll

MD5 4ef5430ebb937efa952b48b8193da9e0
SHA1 ed0f88827b74920e3b7aded046eceedb4f4ae75f
SHA256 49572103f6949d2d106214500b22d199f5eaf21476f8bd09d29ebe21ba7fa9dd
SHA512 3afbc1966cd435085defcbcaff229cd4b13c474d5e114921db716517799de50be2142166f200345555cb509614549ddc18d58b94621460d412c1d8358d73c71e

C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll

MD5 47b950df4a99d9b0cd3799c4f92f92c9
SHA1 6624860d8dd98d7fcec005336edf37024a80609c
SHA256 aed27f4bcac7205d12238a1752758864f639adcdc61a8c18626ceffc5cbea7f3
SHA512 65b2a162ffbb803e5ab733e4e08cc320eabe45f33643b843ff6b539ae698fd6ac3236230db1244ad49fed15a1508188e80bb85cd70ff6dcefa58d8924dbf1eba

C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll

MD5 9ccecd0045d1f40f4fa7fec3ea5b09f7
SHA1 7aff947e86f7f9dba2f429be780e22f613abc502
SHA256 c905bd68500f53af2236759dfa46fce7496f392fc6413008e76a0e5ae9b9e5ea
SHA512 d0737f7e51bc77a18b9da3cf347f0c72eeadeff393c3c67c62a56082a9006cf71cce475e4d382fefc60235659f01409820919f286804a0fbe834255b858eab19

memory/4720-6279-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4720-6278-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll

MD5 2062619ad66bc77cb50835e0c4758e28
SHA1 261ffac5cfda51ba2b3cb4128cf9502ba00292ff
SHA256 1e993ab3be444334aac03463310fbdde8c7faabde31178fb4f4d965da9574cd7
SHA512 d080b971cde7b035c17d2684db44293d88bce291cf059afa6364ceb7011af3c22c3bcaf7cad15b10d0c0fbb332f3caafa33dee4c9a71aa4505558a5a7ad392e4

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll

MD5 1d64fff0c60b18aabbe212ccdc82be16
SHA1 6138aaf43db697409b6545cc829e1310f7e09be6
SHA256 2b1e2b607320be2327c4c4792cb34e4391a218ab7828619894afeed3291ed3c2
SHA512 3eac98aff06aa325c54cddf8ab91215e182d790392abe826727b7ac4505e804068ce4fa01b65ce3fc1f6922079f9e1f7c7693944c42e677c7b6421eeec7c96e4

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll

MD5 62f48b2331f314b66f205271b5720c01
SHA1 b89e369930308dd054f6e55820accbf21953e88f
SHA256 43ef2aba27246414b359419e5302e830edac54c43226276f902116676ce4b117
SHA512 5559ab2516116f540a46402928745d671e809080fd7aef15bb55004813018d81e70b8b4b970886933b23e405e5017150ba955fbe0dda0b3138ff51931832c7f0

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll

MD5 8dc165b0e874c842473e92b4f94d5feb
SHA1 c028a6f3fd4c2810f5c8350067679bb3aa329937
SHA256 7727c308137fb78b6f7c7b8505665650dbfa4b22ece4d28cf8c63723307da994
SHA512 9a6acee3e73ca035465ac43cf5b28e08eacbd336e8bd4e84d2817569a368501ddb937e1171862d056eb510f4124b1281a49f534ac8ce2f914e8b6dc5e8dcee26

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll

MD5 3d78fd376c96412a5829e3f677bdb4d6
SHA1 44b63cf03088bc4de9825ef7e1d97109a4dcf37b
SHA256 e76eb4529faffeb595672ebe388b035eda864438af8fada820c8f415595681a2
SHA512 577dcf95b49bbfab91567be41530e15cf973b26ab99dd8aff7eb41bd8fd455284b50018cfca89482d97588d7a9bb35661a186efdcc3e1ad9ad1f3451352bf082

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll

MD5 a615e9d0b9f1c77f1c713a9d25980559
SHA1 41a96db3d51019892217ac694b3d3f3665ea642b
SHA256 009aaa1f322fb10a8800c9dc10151041f9a69923b63a45c6d1fc9e105647e533
SHA512 797a406f9d626e7945ed8abcc1f7936cd2fca066d60099da82dfddfbd0d781e6e81ee707b7e816fc31d5164fd8f87db347ed3a4171aa1976b16ddf726e036911

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll

MD5 124e2839e35600c2e7b9ebc2fefdc03a
SHA1 acb50504d12c71c379e80a8cd23e4cb16a3f55c8
SHA256 cd237f02b47d04e9553602e998ccbd66abb7cca508dc05ab4e7439973b7a9b0d
SHA512 9dfde086cc992f6ec20a0c1fa69d12497bf2baa60f84dc2c2582a60e983d94fb6017d0dc381c5301e70b4017bb5c230b9e1b691631ffbe6b235488505db3a67b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll

MD5 12cea62b9181b1869891ecb699586019
SHA1 dc8fa9998fe9bba65744a40c24ed2f62b9dba9a5
SHA256 b0bcca8c29661bfa3d92e32f35cd865d2a70366ff342e81d380f9d8fdaf48b97
SHA512 d8d9e689a742bd344798d67612f4d366de60eac73597a92508e272374d96e637189e5b733a28dc4e5595719333d739df0a2d2355550910f1d033340387eed631

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll

MD5 7b77551a24cef4ed9ce0ffa68da2a9fc
SHA1 c495b46263182cc70d668d98773dcb202019d387
SHA256 a458684dc4e0f417d7ba24456a3d68e04e4402cc84c6a812dc4457135f16e44a
SHA512 66042273dbac51f5953be9b2f07b78ed7eb145e016304f0c3e85dbe19a5b6ba63e3be06d40deb42097ac1a375e293b062cff410acc7a0f07fe595224a41838c4

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll

MD5 2efffaa4e042c8456fb96d7fb6dffeba
SHA1 a4cfaaa26deedb4ae47a55f4061e8c64117323b1
SHA256 2eb1dc3f5fe5fba71b606a8b4ee8fcd96c2b74bcd62f6ec0a5860a1535f1cdf7
SHA512 c7c0ec2402c462cfc26fd6e181779ed0a7fac4be1706dc88d00e935ca298ca9eab184f572be114d6274bd92e892b4a1803839919784bd50e3dfb042a480d240a

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll

MD5 38aa020bc758a4b136332818f5092030
SHA1 b578b9efcafffeb2a32eb24ebb4ecf8ebfa41689
SHA256 eb5061d46a7e48834abc452e354a4e38b3893642bf6b7ca306d0c6a07fa5d67d
SHA512 0c2bcccefa7d3e52f02b210b910131ba05ab299b169188467f89665a63cea0856cd623fe97c5ad059a987feaac0c0650d08587b1b13132a1c8f8e4c455ec054f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll

MD5 dc5c8049a344bb3b53b2580b4a6a219b
SHA1 c7aa48449e37f21d51a4dd460995ab531fb57773
SHA256 51c0ea5053997999185a5903ed5d88e36c64a11cd02e22bf4a6664b2e322976f
SHA512 da710889e9203197da67fadcea3c0faa01b0973dab97a1e13302081e510397cdd52f932b3fb3e4b428515ca07d61ee1f01b6f52c3ae5c6b7ccf77771154175dc

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll

MD5 1a1c76f983184046ab006f36b9fd11c7
SHA1 830e510e104ecdec381bdfc3d3aa49fc85f976dd
SHA256 566bddc1b1b7443f06e2161676bb58fc1fbc2f98f92517ba787d20ff418d83ab
SHA512 f4a7904570ed717fcb2f755229377504d5816bfb42f145ebec328fe15b68544365ebcc1d3b41262d55230f50ed7fdbc80b21eb470dae0a1d4f3234528af58be5

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 8ab6a110f6d157420e588aa8cf092bb1
SHA1 41fac326c262d9ff4a8b69d121b908db7bb844ad
SHA256 0d9692b5fe44b8d90cdd3c30ff82a308a2dc22b91620ee4eab5f1aad9efc4f73
SHA512 bca55389031b256f5d961625fd1db9e6d115c0722b194f9d18b23cc1e4a2c069e3dbd5b8d8fadccfe73f39612aa518415127da058af3ec5ef1017d23a4c40231

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll

MD5 b7d468b26b59f2eec88c4c8d26e6c330
SHA1 aa0351b206c2d98b59f49f24b85160d7a3f0e3dd
SHA256 c0584cc2f63aa6666018e3a5bb1cc65e2e997a2cb65953aad4fdeed1a9eed55b
SHA512 59f58a6e4d7cb01d2902590f14aec378503e46fadda2cb5c19bdc6fa118070cc431037dca05c16efe9cbbb2646a91f07a00122b67ec30fb5ca60250cca37f59f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll

MD5 e7faa489a18e1d1e34e8428ca30b1b16
SHA1 2baedea727eda7ea021c879f06668db0194c5243
SHA256 b91a949f5057085207aac94159aa82b2efed74a84c4a22bbfef0206182e269d6
SHA512 b6c1f973e7a632988d4a401fe5ad9d4498af1717ffce05b206684e6daac90717dc0b9eff19f73f50cb03dbc7f47b3f0e84fd5fbe38aff8c15f4e42f6d9f45bc0

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll

MD5 f25fade057e8e2716424e8137b73f613
SHA1 e800a9327491a6d87b34d11b9861089d356143fc
SHA256 43e9ed575571f91f5c0d340b8037984e73bef63712472d18e4461f88629caec1
SHA512 0efcf2d18576fc94dca65a504ce57dac7bcf72697090c779f30c8ec8ed7404242ba862311601f96b866d5c3491b533cff8fc1d4b40c8e34d67e0e26ebebf1d85

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll

MD5 4ca0ebc455a1d63e4b8271fae7e1c05c
SHA1 8b3ec46fb5052b22d2137d2c4a9c80f17feca090
SHA256 308309e73bd57b369c7ec2237571780685e5a6d724f3e01673deb71cc356fccb
SHA512 f524e417d0a341b3fb7b7876a0b2b331533199f04fe0ca74ad238f43d388cb795c1126ce60e246740e13f35741bcfba520f7deee6a0adab472700118739532be

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll

MD5 74da2f1636e79ebbe2276c09936727af
SHA1 c7984910049b95332bb2d543be9fc198cf068ed4
SHA256 942937d3a7b9c07788c93ff1c5f2e3dce60531bcf619ceded6fc7be015f7a1ea
SHA512 7e8025301a641d20d196d96722d8bd90d11fb7e722e394461543de52daa262b0d1d6daaf68ca67c1e1c3a8ac06966e202bd1fe9c4dc09e4d72009b2e39bd19af

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll

MD5 7705eabf382b46da1590e68d68d5d779
SHA1 fd62c8c7ebbf205d0df56247d5589dae5236e13f
SHA256 754e3a7fc028b84f60a4a95d73df98cce6618b0c2d1f5d3d817849333563469e
SHA512 7e824b886326dd936018add57299db0c24a02f7c597a3650470fc3c5b2e1274fdf35d71ea4c92393cfa57b0dda697d56e95389be0e7e55582acf77b955df5699

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll

MD5 89798e7a3a8fd9a7fca5761ef046a071
SHA1 d5ae79041e3cd0002ef9237da08adab0ba0b221d
SHA256 a9a77c93cdb80e98baec38940dc5efbbc1dca98238a1e04d18b124c0bcfc577a
SHA512 77ca5d80f8447522f3141a1156ab298076391d7595bacf1fb2e19aee811b40b9aa66d92564c74518c49404669ef2766d4baa74ebd514ca04e50a4fb00c4023d7

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll

MD5 2b7a4c2ff0516603c2f0452438ef57a0
SHA1 9a7376c653080bf4ec82273fb318dbefb30b0824
SHA256 c576e5731c89ad27fe71d5a5944b3e8acefc297425eadf1504b063b64e90e43b
SHA512 82714afe1ccba510eef6b759ab81b3138d4c34d5e949a2fdfef0940f4595a22704ce84d4b04183c6b24bd3065145cfade4b48dd25fb8612fd8e310005b2562a7

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll

MD5 46226ac626dc36229c737bc31475f046
SHA1 345e5949d0d8dad37b1d55e282e32b1f5ffcb272
SHA256 025d788c496ea34ff2b7f7d19d9e96fd7b2ce5d40cae6465b58bf730e2859a3a
SHA512 b5e30bd2829fbc90e05038f4a21a0baa137eae8aa190a5f624517d16b495ddfd0353603d2088d7a17d4531bc2e87b9a6c868145c06c7b0bd3657d2b63b57e701

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll

MD5 92f92a6a30f0ba7962ebce2ac70ae899
SHA1 28091a218a61026690d6b709a728a23afe7b63b3
SHA256 181944f5bb8f95e5ada3c2f13a328a27e9b014d6ec464286703df5087ceff8d8
SHA512 b498f1d3c91dc721872b5d1b6075ce91b5da2be4ce909d103fed1eba165d9320f1b4424c3dfb15aa010330e4c4c6ae10ff388dc04d9310d07ec1b5742c8f73f6

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll

MD5 755db01d0b1f0d70625615ea7fb6c57e
SHA1 c3dd97c9045013223426a6c704ebe9d3c7714e22
SHA256 be4cd96c82918ed51bcdf5048a5f873d5d059e82e2bcd98022120cf1887c13f3
SHA512 f5abb05e9f3e818471a276f2288049d7287568386baa56ae5d88a91c7d096afff6d4b2272c4ddcccf230d7712055dec48fd8f38af6a6f53d967887fab501a9de

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 2b0da35d8dbb746daf36062140f6bfb4
SHA1 951778c8ad26cb9c908e83c5eb7d4fe8a53e7ec3
SHA256 596857ac50919b7b71590681bd5b26e9270a947a00523a069fd164347684ecd5
SHA512 8a701d85a07b08f3c7d6d9507092ff4a40c029f599924b728d39b1c34948382ada5388a8739603c2971e67ad3a57373a58d034448a9e2b8f9a853494fc6bd321

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll

MD5 bfc5bbf69edce02fe806622e84d495e7
SHA1 1bba32d883f1da70f887e4d25bbee267eac97fb5
SHA256 b0dea98882eb86a71812d0130aa93346519cbe0a59ee6633a774eb16f9c4a686
SHA512 3a7731c4bcbcf2e818b6df508fdf34eda98bb380362d33e923585ea215ee36afbd28861c0d2899097c655995096a1745b97668313efa0a24cd57974d910c6024

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll

MD5 4e28d014430e11ce764ba69acd3c4e53
SHA1 96c1fe4eea1bd7cba56d89a81f98a1dcfd9d5490
SHA256 4d687606fef2d2a621c14543520a0c687caf790bf49c307e16cad68958189911
SHA512 f151defe4224d6ecdf11ed61114c0d9a0b94fee0a80fde3c20ae3b468eaf1d9ad94d346c694dcdf024224cb29bd9a65a7dadf88f34b272bb0fd4d3300b7889b5

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll

MD5 4f2bc71c13eca72bd143433e24051871
SHA1 942adb7cdedac28c55a40779847ae5e817785646
SHA256 b83703ea058eb10909ee79fda06577c6ee90f9a6b29eba06f28e648e24851528
SHA512 95e950a7277255a1c0407d4c1ba41407fb84cb67ab794d6719e20c244ccb9247cacdec235f827cb3b897b584d765eb90e7c290aa658bcebba0cffc8357117526

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll

MD5 3b3557d07d806a18ef89271d632c5dbe
SHA1 8abe8f21bc82012a84e32f035333e2a90fa5f412
SHA256 3c475a18f861b60a0ee602c05c0846cd95012b9f543bb49d2ad8ea0c2a038a37
SHA512 569153e39f70c32032d90d0953ed6457bd82a200e005f280eab3bf04dafe2fda11227c2fca3cc7ab6933177c58192e766e6da70193139aa3ce125ede527cff03

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll

MD5 f20adfd3a3b80edbbd25ccd107dba62d
SHA1 a36bbae198649fcac2d36dc4f3c38e864d4ff379
SHA256 318fa9eeedd1002852e3bb4ec2fe371152d8faca8bfedb9e1f5b11c924ccae65
SHA512 669225051ce67e01ef082529f8682d765cb278a417bbc5abad2181891293783f6369de6bae6a741de2ff234f421b975a3b55e652821c424adc4170e55b08f3b0

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll

MD5 61eb39414b2e5343ace71dbc70ed7b92
SHA1 d9526b8ff5618f14e1aceead0d9601486cd67906
SHA256 7be6ffc6556d19db997fd7aa9a8acc33dd82e3575bb82912e73b079ee7c9109b
SHA512 33ecfa883dbd0213d98d6bf77db9551c31d81c3d785c9dbe137d1f5c3722c4a70bee08e0770cd4b3d28fc9970bda5ad39bce85d2c77ad4e9aa50eff153b60097

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll

MD5 e0b6cfb6193d3e1039bae1ab7efd1dd2
SHA1 a31869d47b0b5af39d3399a420a34bf2d4cf32a6
SHA256 afb726a6e749a79dfbc64791add0abd3b11b94a988683a14300e396025ad7f7b
SHA512 5529eae7fb055d48cd388366f32564c33b5f7191aec12bea547ef3ea0902072e3480f539fa67bb9b375614e11076fe901aa6fed0929edef60468203ac1a056ff

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll

MD5 ccc94197977eac0445aebc5b103ffa9b
SHA1 2a61da58b468bc52d3126c10f0888cb473493426
SHA256 c6497275f4111af6ec496fb9fb0b91963d268758769ea6bb9f5747e14e40be04
SHA512 1fded2f57d59625974496201f51c81c06ccb82674bb90fff1e74e1ce2572cdf7f061dad1b123269711d71562f3a6e30c522da3440f1db1876a7f52ce3c671ba9

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll

MD5 7ad9c800e9405d07e791d5a4361906a1
SHA1 18e827a6d4e38961afa7cde514519fddbdca4431
SHA256 ed230d645a57e74736896ac42819ba7eae9872bdee45518928eb628b8d29171b
SHA512 7363484a8a35d73ee2311785ba4df79b09693e0f2776dd591d9baf99bc7ca952507f49d661f84d0d5dadf99edaf105743237042cb9d8bdf94b8039070ece56c2

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 1ba1ddde839c64204680d03d468ba77f
SHA1 60fe2e08285a336f9fe40ba611985601a881a86c
SHA256 d3f9f10cfe668b57a725b57282d9c8198c444ab64e5eb333e16376b24ed8467c
SHA512 b43bc925b4843eb120ae66d5125406b9f1a23f8402168445dfc972ce86a3a5deeb5eb0e8e5b76864cb0dabf9cdb15bec864639714b5d73fddaf2668cd2ae6510

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 2a5aea1a9a7b6f94d9d7c42c03215cf4
SHA1 8561571930164b5b772202f0b9c7d9c4ad5842e2
SHA256 9698cab8e849d7388aad5fa623518c3a94acf44cfb218d2af84fcf8c0ceca811
SHA512 9ab83addba0b8b27a0873984217f2868ea30885cd3d48b488b3a08b4442d53e9fd7dd2c221886fe2140d953369eaab1893bcafd52b7038e14342ebb9bae8ab53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 1d36837ae395780351e16a215e08cce4
SHA1 2a0cb3c7b27f8a31dff0ef92322763e3767ba07d
SHA256 c9d05bd09c541d714a6aaabd6fe193fcebcdc644ef9ed375ede7d7ac14eac197
SHA512 04c22fcd6ed9994c96ced489b65a8c87df58bd2ab65b86264ff495b74ace64d9a1e653c47e459dbb60ed89f3a1e9ef6882c5bb0130cef8f80ff5bab60dfef901

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e7383c6febedfe5976fad696c4acb604
SHA1 7694d910b733e245a3b30847331939df2ace2c2e
SHA256 64494d7d9227d6c2a9e7c6495b4cb3fc965bba007565a8b016d12ef1dad7419e
SHA512 131bf9a0ce1c875889b34df226ed950698dfd0147ef2cb2b6c3b13b9e4a5799e82102ef492876b23e0708c8f46ba7f3e668b084129475f41d3619f62d598897d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 2da6001b809264a986fa13344fe3237f
SHA1 832d5b5e7d2f57f67f2bab52085901c1770ece81
SHA256 ada4ea13a1cb60db65432391d7f4509eb7921340ed29554738a60fffd69d7a1e
SHA512 ebf6e68c0ac7aacd93ebce354cff252bdbc4b2b64e6e1279f99abb9e1d8918bd24f14de3f30b8651fe4e1ad4f7144ca58f609ff852c0dc760732a2c81c2459e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ed8dec8e4074bc283911b6b335e72b9e
SHA1 c15899ee9e1783d0fb251b52958a3a0744c779da
SHA256 9b6be84cf27296751a258154095c2b2a7cf2736d174786887a4c47acbfa63db9
SHA512 77f289fd37eba4957598831ec68778c5d67a220b511ec104907ce5601a72397339ec0fae8a44abe3009a97d20e66008d2173c140aea3332a004a4626972bf8f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 5c2f56f614f0f8a6977d9e4dc528b413
SHA1 29b5f904a021c287ba040a6405c25a4cec6ab86a
SHA256 0228090eb95ddc06e6a06fb23e5dcd378d3adb7716d6969b765245a3977a6fe4
SHA512 f5068d371bedf40df4fd50f572c415684b03276750cf097d137a7f8f0df2e39e13d77e8d015279048b72c1b093a82c8cfa3a630e9771cf26d5743e673ce5c442

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 1006a78708d5f2b848b7dc467f3618fa
SHA1 651b0aeb13d9b4e1431e72f98008d24cda142ae0
SHA256 31e3ae74224b47709d82dcaf3e40e66dd34f2b1581800aa449b8929833194361
SHA512 414e64be83e229f15c8335e8e40e31a4f0e048eec317f570f3c9aaf8dc06123682b7417a7c77b120ffc4f0296018cf361e288e60fbd0788d3be4a9a6aceeaadf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 246386300a18fc1f5e2cd57f78d6cbc9
SHA1 916d5c2938bf934f3cfb9bf01c1970731ba5ffdc
SHA256 62e3645cca6c6eefa7da07aa2dd270f24ce0a4fcd5a6adf67f4e98c58a4248f4
SHA512 702e53b7885c87c60117b9a0ca17aa34dfa6832d4fe73e0f7bb4f7c98695389945ae492ced03069ecdc68db752369aa19d41f8dba224903edb258278eaefd3f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 e261d3c5f66e61d49fea621a46b87dd9
SHA1 f2de68443221b6840d1a1955fbc8fa9943662229
SHA256 c7243aa7803cedc72402eb991cd54d97d08fd4a80494ae22aae9b987a76c0893
SHA512 321ddb5b850b038f97fb44fef1c44fa967f240e7337aa03bc163d2e980d1948290eaf831d2dce7e3a0c937f24b2aee77f765804abdb0960608aa314a6f870836

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 10237d9d5729fb91b855e4ff10c781bf
SHA1 4f79f553787bb532c68fb6d98b6fedcec6f2df66
SHA256 e2da90f7fdc326f9f4093517368d30c07b55bb71edf6ed7cc355a8cd62132f89
SHA512 d6acde838107d58b2f6930c578683b672e2439e1682c55332ee398d34b0380367abd492b7231ebcf938772a04a6aa3a53d9269c242baa60158bd92a9d3d01c46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 88475e3d411859e2ac7b46b869471e7f
SHA1 5e844d526b0fee96d250967a8781844d16c38e71
SHA256 cf5d8758b898f16d71657b006328097807a6d5818e0d786d9ce3055c662a96f9
SHA512 dd73367808a8c41d0fcdf86096e9a0d89983408f28d6b6d406de210abd9ea54f0435b16bfe639ff8662b013317154c257ead5ae585613b42f70d7ffb8e85f318

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 3c69ced26283b6bd8828c96393d0eb6d
SHA1 0157fbdc72daf3689acbb32a0abb593c52fdf3ef
SHA256 6c81898e03bad8e6c6d8215588e875bdfcdb24af48f2ddf8221d04401eb15116
SHA512 c254dd7158aee931031fcc53aacd2d3c2ddaa35986decfebfb20bca4310d1471228ed5271362c7cafdaafc6bf29ced79789afd3618802f1ab98d28b237cfb767

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 91e7045bb5b57b3272ef70b84b530cf2
SHA1 501597beb5fcb79b65306d51969bb73e39c755b0
SHA256 627c6de0abb1ace0d08eb7083a21bf98f92c48f46c35a141dca02ba6c82b4352
SHA512 4ec7b1d5d71987f3896f6285106bd4bca590428c910d9846ee815d8e13ace9eeeddd0fdfe943eb2a6d60990dd4b44863e45d108dc2ca258e1fc3f35f6a1689a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 e9fca5e1c453a444f8f2a664e438eabf
SHA1 6d47a62f043078309514b18e4da0f774c7fa3295
SHA256 c6f0b99b9ee12f51003f9e05915ebb86e7b050b7a846f1c4bc8cf973203647de
SHA512 11e2e6354e47aa07fcf0f7c60437cad74a7f3a9835c5643a056741cc0f79db972925e7e5c5902da220c482b9f47e7757265dfbd440c811ef6849a11b21fa1e8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 963ba62f0c4dc8adf95dde18e6ec1a42
SHA1 80174ae2542f1c53e39f9043293d2c14ce87baef
SHA256 d166bef4c8409638288aa6f7a9c3d724d7c57f1922f36d9a77963185a878fed4
SHA512 45af904b2a5ed3617f86911cca2d2358382a9279571189ca64f9499f0da536f4348ec6a65c8466e3f704f3f2acf98837c6750b6f371a89cb4fcd7b008a6cbd79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 8d946bb5db6ab74c9bda9a541ea3d261
SHA1 0d302d8f8a1236da74ae850c3d4df52f395158ac
SHA256 03b35fc6b4b6557872c873def94c23a8fd2e7241f2cc36caa52a1a1fb77907e6
SHA512 4b1271755bf8e768e08b137380ff1623f482b86d4ef352ffac689e73310f900d52f392071c90b174fd6cf3aaebf2f23542fbf7631b019b8f9a85c574a1814550

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c7c096fbeaa25fbccd5f421d7add2d4a
SHA1 c2872f078f72a8bddf0ba59ac55fce91e51318ec
SHA256 9c0be9276ef2c5e93d21b975ff1af28db32183bf82edd3dcc43b6ea9c57a51b3
SHA512 a9ace77cd3cc252eb66c8a2e777555ee0dad9bebf9f9681d962bba668090d3daf9d0873502c03e9dcedff4ce0a253ff35aa8a22dd6207602ec6059272bd3cb84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 9591b2b3f483fff6cb0c307e2108d6a9
SHA1 647042dd395d644b8097468dde2e336353242267
SHA256 6e9ab14c38cc4504f6185f0e4d87512346e54a698135d70ed3977ed9442b996a
SHA512 29e6b26566a765c71483e03bb06c165f4c730755ed42e2f9315fb8eac2667357d96c85d02c9880b6eb045d87ac5742cab929efc34c45672a4e418c40f5f68e10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 319ebd3b15fdb8711c4170994279b11e
SHA1 90b097a1490a74bd2189cfd1f6ebf7793402969a
SHA256 9519d72cbef63084eaca8ad2349a86b41232853c7626c94a1438798a8cdda36a
SHA512 eae3681fe93bb1304d8480f62b238d5cfbc1d89d30e1bd29e989ec38283947b7fd057ef186d1f5374bdac8ef83f5343e13af204d516d777516741a5da9a38559

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 285d664d53d5668e042d58a0a70fb32f
SHA1 97ded61db8c1120874c4c8f2fdc175f5051ec77f
SHA256 c150588f76769b05f507c355ec420d5bd3c9af9d072eafee309486450428fb17
SHA512 d49250bd28557e839e73e3e79e00bbebf7f2f34ef91adc9f40f7eee4d5b57db679918be11a9a7adf3279d16266ce01293e9ad24b1d851b6388dac590f0241e52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 def0baf5b5017c308cc9e6c3b52d10bb
SHA1 13e2c2c7c8853f02413af463a5d9c01af4cb1ba3
SHA256 2d3b680af30a640bea356cf54f48ca4d3617a83290b6d99649df6e787afa203d
SHA512 e182ff828588a06070fef1cfbe583763db64824ec1b0684640d1a95d0dd4f0a68d19549fee026850b319b929e148a70b3b565b501a6f9c967b72113dd969d2ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 34f9afae3aec813a795b4d6bbb4386c6
SHA1 75a1947ddd8676759555ad3494cec8802c6838c6
SHA256 547cc2329f4a9c5991beb5bf1c0e6aed70e00fde4a6507511771f36e64bb4ac4
SHA512 5a66fd5a9b9a9d67273d03a1e6a563cd1a2b5876f296ed3e89e160f2db3f6aae7ed25bc2cded39c8a16ea284b79cce5712e4ec71996e36c930259549805adf3a

memory/4720-10758-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 2721bd7a51a90355feb75f6cbedaf81f
SHA1 1af2ca1bbf17041486d856613dc9e0a6f96d0f66
SHA256 759bd49822571eab8a76a795502a9ff17e9bfb7d446fb8236562aa2a5735879f
SHA512 38969c5e4b694954a7c936b344ba3ae75b00273bc0db42daa8dc83c1a4f1d6fd4587550db03bdb937ee753e8eccb0fcc183431b46f9f66cb8242ea62c1ce7d9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 40ddf41fd292282429539aaaeda6a3dc
SHA1 08d981db6ccfa62a558abd1eed44162111a83d7d
SHA256 8b1f431964cc1749415e0ab939afde90b29ba9981a1aa9e2e708b1d1e45039ce
SHA512 4743679a7eaa07843159f1eb39e8491c11c49754ceab2f3f894252f4fa82ca17ae1d157a6c350f0736570a4023e765741a709806d5562d602f812237f99c37db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 4dde9062af71f4c54e6c253d294c081e
SHA1 e9d121f644e149b7094eaf02fe9a855a2afd3541
SHA256 e81ee9a45eaec7ecf8b7e7fb6718791d29503cb50fbbc12105c63fa9fe63d593
SHA512 33c98774db6c114f7f7f13a75be380ff2d92b87649f586a7b74e5df076d488eca602b61326251fb5ff20b1679bc3682506e9de819d823d2f2240c9b7c36cce0d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 f23b0fddc15f5f94b3457a3e40c0c625
SHA1 d837558bf4c954c4747cef076930b36071734bdd
SHA256 db58feb646fbbb3f310ffef07f93e1a520eec8d1687e17ed5c4a44dbd230eb77
SHA512 f00da4dc4bb7950fa5b8e616389c350ba88d022f4888554c80e51fd7014e96ae97ae4c809e80cac49a8ac9bf77aa656f5e1dad765a4132034deb6eff0c6a0fa0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4bfb9fbd0c533ae6d5e625bcae9ae7ca
SHA1 1f1107cd30423efbb05e3ada0fd7e75ab14e3369
SHA256 8fb411c63473b48dd9dcc564fcd6d9ea213fb43da38cffb0e748e7749d758e09
SHA512 49a3a283727a2c94b48033c19e848b2a984834d30f2a3eeb7fe4677e8f19ac9829b23ebca80b9226017c4142816840876987c4feb54077d2d4d5611c31493b4a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 85df0fa2439f411b3e1fc2a66b102d01
SHA1 79510f80a3a175052c8cdfb1be467a01e338195f
SHA256 e2e5ba3777b4cd5b1420f148268cab76e3d8a0a3c826758793011dae7b79101c
SHA512 baf343da12855ba2a1ac627ae73f0937558d0cd59c31781467101fdbabec7e7308a36401baf67207c2027856c6733ba41c1f4926509d8bd7ea43ce82fcbcc054

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 b1b33f2554fd11090fe6b40d5ec967a1
SHA1 9e26ea03440a6bedee2da7feaab897c9892cfc59
SHA256 589ba4be4c9a5e32e430bb8296ea64d9ea501f6ae366aedbea6d8b3149ff322f
SHA512 aa46d7ba18606afa6f6fd95a3b409b32274eccc91630df927b52d3df4b7b33e1781348c3ba579000f3bbbca0e38fd5761a7352f7c12ea551b7d70ebda8c5b9cb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 893025a69cc6016f8e80e73ae4bc451b
SHA1 8b46ef5be00ba3eebf6f31f84f70ce96b9bf4a1c
SHA256 b252c9b91de6a30ae023ae027ed41283f989649ed3cbb12415cb13f70fae2361
SHA512 ed62499334adf0e5805b3b966795b005770b94d5fe7917ec824d01ab94cdae400d2175846771403993d863411842d8ab4e271297232f2560210c48d57f93af35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 bed80a1e1bb47b38ab95be415b1e45a0
SHA1 2ab84588a9e35ee94fd3d1fa05a9d8f46dba2ab1
SHA256 aade2a7f36b7c7d45dbb2e82b3448a74722c15b903da2cd651452eb1e11fa9c6
SHA512 8de8c8a12edb8e39b2d04ebd13b40e957a5428037cc3792f974158d990795bdc28517c618f902748710c312c899d0e00cbece7d4d3d0583e8090ee3db2e2918a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 68b187500a2a087121cab7962bec048b
SHA1 164d5a962356bb252d8d1f8625acf6d6499eebfc
SHA256 3100b63de865edb413ed7ae5accf9adb222642068e2a6a1ff9b7573f1bfc35e4
SHA512 2d23893acb1e1b14144cff76a017b5e0597139ea06c5452a468a9c61d0cb775bfe8a467d6f6142b06fbc9838d52d62732c641eed395008846d2b78663013620f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 e5d8d7e207142b0075e7a13ba4677398
SHA1 88c68df936e52c746a632bb17eca1794045bd3d3
SHA256 c39292709ffd26f511d1a5de1cd874ef3a14d37413d3e55784e147824fedad04
SHA512 82d7c5999f1bab2f691053d00acffec159e0c6749616ad58fe25254c4066cd56b0cda4b052df8a18635cb4e215a1c8a3bd5d31d48477795239511c2c08297686

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif.vzlom

MD5 5d9760126dd8dab0f042eba818396c25
SHA1 380c2b5ab02b3ee2e60e3da217cafdee6fe5db01
SHA256 f188a30d9d3e141561edc50b323e54321f41fc686779b390095b2a0d7bba4358
SHA512 6c222e72720edf684558562bb5f50a5bf37e9cd251c1b13d631628a39bf8df9861d227e026d274631a9b88c03f4b3b213c16af8b555480d438876f6a2a4be34e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d2fb8cb1ca94b0ccf8b7a980cccbe000
SHA1 601cefaf5da8c29f395a40e8d6320f56fcb1a354
SHA256 83de779f092a902e483ec26d7aefd7d9e41310f7b7e727836525bf55aa60c223
SHA512 738a470207327c86f5d86b832e2d7d47364f6daa2410d20508af21c428d1b8f1a498d9794164c33c47899ab11fa13216f566f5792acb999d4afabfd8848b2f7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 6779e910b3850ac3867a84db312f9bc1
SHA1 342c6586ae5a9d5018dd3849a090ae0e04a78cd6
SHA256 49c082745cbf95916e54f8ddb7f82eafa7d84715f41bd34aa96e11aa9e7300f7
SHA512 45177a9d413553898f4a3e67102fc0604083764cfaa3a9ebe48a2c8a3b7c38a1fd57763a4b120ffd9b0985dc88bda36f8db39d8aa4274fceabf64633382e3c15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 1345c3334c2fc68ab239117ac0746837
SHA1 0ccf9b5512aeb58d65ce4c52cd01875bca450161
SHA256 a4139bf972188593460c2e34aa5d6c7c0b35741ddeb243d3fc0c878e6b7360a9
SHA512 6b2f752aca31261ffe64b1a50c4812dbf3f718a610e095b631f7a45deb87acaab4025663fbf8d7cf2254fde7e26e39d5e15345ae2f2799ebe6d31f159da544cc

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 7cfa85a7d3857b5f7fc56db83731b341
SHA1 1eb7de9ac008cb3f57b61cea8bb2e071bc42c59d
SHA256 3d7a8beac018d849d0db0a9183aa147351c3479ab2a0146c28e7fd8064d23ae4
SHA512 6bc139d5253c65d0e712db82707d45892b12c073f2a72d95639a3ff6c6a442ddd9bc0ed290710741cc816a52825417897506a1763d74a4faa0078b18894666f1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 caaec204d8fe74114d484054d0b43776
SHA1 40c5ed6a3b1f413204124e0ea1b428d187c2b074
SHA256 e5ee17b83a5fc8917734b50ee5b6fa28928f4acaeae4955ef7ca51fb36c25b91
SHA512 bb1f5e33d394f0ef97c020fbe25961a2d80dca9f0b56ccd8c9065ba44b8088c158bb0ce3f2b446a02dd2f62510d7326dbdd0c230f2ba36aa6eb509beaeba74b6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 e25b61928176f287d2d3b453a2af43c2
SHA1 7b5b76fc1fe5b1fae57779673dbbb1b6f5132a11
SHA256 8873be39f0f0e6faad1356f1f96eeacfe1d31269cac2826c997dd3b40dedb4c2
SHA512 a8f4308f616f02ae4b9ab434af0738707f06f81c9cc3d3773b0ef8b080e0641a8dea9e028b5d35d64e0a4e9e8b0934c40d4beb5d0509e77e694556554aa8d0b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt.vzlom

MD5 f3482b29bcb0e27f7b7f68b95c31f2fd
SHA1 8b3a8b69814a73836ce911269798928b0c6a5e09
SHA256 d8454c702d10f57c24875279f678e0d6e3e1b77aee978ca61260a4981bad5851
SHA512 ecf61aac72e2b5db3fc4845737e70959f0fcb40bcc5b843d19b54eac865ca96059eda120d30cb9bdb23a32bd01047efc398f086374a972749dfa450fe9caf695

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 ec8ff725d95ef04460ffed54ffa1cfa0
SHA1 d151648384d84237542583b6b1c20a06f5b06a23
SHA256 2d51e826f89f6e66a6dc2a1eec4637b81e92e8420bda0cea830705ba89f0fcae
SHA512 1e8cf7269af648e8e549e76113a42d9862a1ddd6c5f726b39eb344439e7e5fb5b043f5968e645d0b1079ec806d9d89b16307c24d1384a8667e01e9f929f8c58a

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 1a1ed623fdfb339bea591a60962848f9
SHA1 b230a6f4ccb456970bac258426911cee4bd17edd
SHA256 9bd13ceb5b361761f7c56126321855dbc9339599588d6404f895e23695f28d20
SHA512 bb1fa1b5ac6f407c2d6551b07a3edc137b602ad9c51bd8d1220b339bfa5fb68770ad1378e28d4a4337a0d93a15ad3a9eae16de3770154622f1a947fde2732f5d

memory/4720-16950-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 51202394ec04e2141c7cb699fa24efeb
SHA1 ad8191d25a9bd89e6ea060ec99a4660ac0091479
SHA256 9b2e36a23743afc0a85113daa5df2894c2a0b06cbad634877b47ac44dbdd153a
SHA512 ca72f86a8de472f170144a5d52e55d43137f32e347a943df2446d20e73ac0ab7e0d753d9a498f0ff9168609c214e0ee66b0e5bccecd6bc694a40b608f9815161

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 199af51d820d5296b1fd2659318615e2
SHA1 9c412c1ff2fd88b26496438f284a820130b5affb
SHA256 0c57060c398e38f009b4d5b3ac7217b97159f68773d6609bb35eb121a98f302c
SHA512 54210c09d02dcbed4531f679e1b8d5434a726f0f971ce69d7d503b8522ef27b5648b75f47a4c09d3d62e419156f3513c3199ad9b562c179346873c95a26f65cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 935296bb2785ec1ef58a3c11cddefbc0
SHA1 ff27dbeb966e13a71a2b095e721c06820ec801ac
SHA256 d12c4d1da11c67b07e710dfc55464c1f1124885658024b96595f944ff195744a
SHA512 796158e180a11d458522400a9b458e6362b6d80a15279e3aa35c4e0075fc227b099ed6d2e0acbd43fcb12324f056ba978a0391358000537bbd313d65a213dea7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 20c8e48a9252b20dabbaae6f3f7fe964
SHA1 a6581121fa114ef0588c355a52c5067cb74a3716
SHA256 6186f7dfef7ee48fe0301ce0353fee05ceed7b850cc3f94126a98e69935c5ade
SHA512 5520ffdc12a8031a2dc36de1c51fa379e725ed67067d219e762da17fd85ea99cde9d37bd783b6772556717cce905191931eae49cfb68bcee0161be6ca9a51c5b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 4fd6c33bf786e90af8c39a41c2ead050
SHA1 45e3a496075b02c44cc98c01f8fc16cd57bf1078
SHA256 5f3caf10556e0104353cce87d87ed05d196347da98e719b066b91dc1f8f3a61d
SHA512 d833a0fe72da0134c1b539ab43010578ef7539f9347f369dc600ded04a7bec9bd19d0f668c5490ad0f21e5e819a0d7a338b3ad2cf37b413505a6a075a83fd2d6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3bb3e74879efe4d9708bf46c94edfd35
SHA1 d4c4993b64951e43312d4cdac4c5c312a0fa186e
SHA256 1c259f56059d7fb9a3925a9614c9fd571ce1cf547373c21ea46bd18a53a268dd
SHA512 738a4fdd901e8277fdadce85f02f2a68d3ab097a90a461be25e8cfaeb3123a5c9a4fb5b1951e7d5d0a2bda9472f97a29c40baf878ad3b75cc6b0835e7383058c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 435a7d0a8ffb995138b68ae1b83b0103
SHA1 6d58d94d2588688f35c0eb74c4f5ba7efc50c091
SHA256 eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232
SHA512 1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a4858bdfc6a8c2f77c7666b9cba76f0c
SHA1 3d6bc50e18d155c41261435546c028e9bfac5d9d
SHA256 524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de
SHA512 92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bc7c7e53bfae48a660394298cc875a8e
SHA1 1f4dd4df23bab796701da467b366e7c808a34334
SHA256 0fa258fa026e8be8f4dcebc8f22157127ccf698a6b2d955aa93d987b057b7b77
SHA512 1e86dbb9b03ea9db0af476b9032d17facd369f557d578e7f2dbf11e00cd3e6b4af670945adaa72f6e65e2eaac1030b403dda998ffbc3a69eb3ca04e2072b9421

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 0a8316794d05ffd1947b5bfd953663e3
SHA1 320e9f674d3578204d73dbf1f4a065d6a560f28e
SHA256 f01afb5b0de2001b8569f01c0da71ac16fc6d364fa3daeca28ab481a1784403c
SHA512 7ca62b4b725f8c0e0c319f20f5e64c25413c1bb136a815a04568def2d90452fa7e7736e32e44db2d0469ffb32e61ee838f5b5cf5303e6641dda2ff336d12652d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5a6f634741f69a91b244338cc36ee6c8
SHA1 3516da99e88c6d9985a2a7f1d32a8676e7c866c6
SHA256 605a53c709d4bc4e011481492da730b378536f59e73c00d39be7676f51bf24a3
SHA512 eb52796009b796fa2bdb9b42eca81a806a7bf4f19699e343340bd1002fc850ddad989854b7d5fd38280c7f7182f3855b5df0475903de835b3a4f1b605b42375e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 b0405c101292987cab93a79d356e9095
SHA1 99fb0ca1f5692aaf770a00f4ad8614edf4831441
SHA256 a6cc92603530da40b321c5e6d9f0f339a699c19d550d0775ac8a56d7b1ccc0fd
SHA512 f0f642888d908bb40a199b2f5e0b8104a9d54aecca95502644174b91725cb8f32b81ac937ba776ec91132f0fef6af2bd0e05fd9b7b7dbab43bbaf65d4808e52d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 bc5cf9c43378099d0f044a70c42a69ed
SHA1 8aaafa38af5605ad728a19fb1107026677b5abc0
SHA256 d4ea95d73287487a3a125e242f78dff93c1bab95f7f7a4f89db921a76a5eac10
SHA512 b334bcd7e5e3c4f334fd48a2f968b4da0724c0d0037075c940dc4ef4db1bd58ec58b3b0cf0c2010038dbe9f00d66c266ed8c7bd355f63d694aeca0405f169086

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 68e0d1d6d9415b47a56c5c3a6d4073ad
SHA1 c0b72182f24755f15bdec56f807cef6af8c95089
SHA256 1c5d866c2331d056e7a07469e17a9f9d797682081c2a6dbc049344081e2d2403
SHA512 4aa51d0c0e3057e0d69d76b2164d8cdff07961b0e1740d74ec291bf65d4b0473a201505494c531241fae1fe45e9de7f54da033702a522ae4c14879e9aecda088

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7436d3608e39cd3d28b067f46b859c6e
SHA1 4214e7a2a7e3199d119099fb4a2840d7c134824e
SHA256 6693b0d6b5831ece3825fdc82e7cfea45cab038db6a974e7ed76a3460a2ef8d9
SHA512 469c32d9bbaff66e88a816fd4b9539ac5fb171e4907d77d24047de002b44b71de2cb367bf2566778964c8acc3f399e617b8cdfb2eb7a4bc37962736d4d58dc99

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 99038dbbfd53ddd09788e38bbdb5ccc1
SHA1 683d98242860ede5b798fe26ce3b65b31a2ed2d3
SHA256 a8c0b16698365a9a7583d222cb8e1f850d89ea8155340375e464b656f3c20cf6
SHA512 5146fed94d560b8a901953b2ba345f017d81c4a5d165574884714adc63e18147fe390e4084bebe774308bd316ff7f27b68c6fce767b0fe1242f54f6a4f2912d6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 64bc8f5495d9047f88c2d4f57418e46c
SHA1 8f288bb546025e7624f02069d632d22621d81039
SHA256 4ac93b7ce442dde2dbb8b59364132c0262e9c0610ce292af83ab1a8fa05a2a95
SHA512 1687dcc5a9ed0a34efae786a0f69198bc3b464452d16eb3411471939c698642f7e0f021fb73313fb6b2bc663a93a2214a91657048d4dc80e8a38c0e5c66b1feb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 fae409d85db3db4ca51a9e1eec8063e2
SHA1 9309d962582594893d12f069273fc924d2aa54e6
SHA256 4762ea5fdf367f9a37a70b4feab69586931794ebfc53a56459c187478cf800a6
SHA512 c8a2a6fec0df9f731733afdc14a5de7ba356f0406ea6846aaea8afc5efc117db7bb76411834ea68a3aa5328ad10ed3c6d2bfe74074e592afc8313708201f854f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 e0d5fe2c946a4d372c3b4565903d8f0a
SHA1 ff8f26f7949c62f4569784bd6c55392b2f0d6d0c
SHA256 761774ad4e0c50ea6669b32e1433843143da5ffb365c274fbdd12e45280bd35c
SHA512 0d74e9f5a978312a34a15e181e41643f37efed515aa961a94785a6953067ebbeebb48ebad36fbfbd03ad0aeeb7b67101b1a8bb2a6694f8768c66ec1592f79b2f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 c297db0fd2f7d5579715c065079c392b
SHA1 82b07e01d28644e5cf2b4910e26c48320e7372a7
SHA256 ff6c647029ab6c2304e28d47866bb29f353bb14fd26cf783582bebf47037ceb5
SHA512 751be5758ea4c3c39b4b5b5b513732bb662caa41ba1e77d2ca645e3182b9f1596083e533c0172ef38c824b5357d6fc6606bd611b505d327aa68b3b30c9ef9b3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 d60f3902a952691c8c3b9897ca357235
SHA1 b98943ef7c640261d25f7e86cff6d0d64debf780
SHA256 28ca80ee9ac171527803df539a1d37ae198be4d9373f48b38e5fe8f4071a5ba4
SHA512 65f293abbe1e1e9630b32673cb0010748187a5071497b4648fd0c447ea20c132b63a8e6196614d2a4c8d3889a31fb2a0dbadf0d33a7131d4e795cc39fc1a1720

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 ed21760e7f7c87608c87de88ccdcb3ef
SHA1 e184c8d96e1ba040f850961939ca5cf7df11ec92
SHA256 193939a8035df26a0ef13ea1e829d7121db376698149e80348b8dc8477c1d698
SHA512 490d6b5f7abb88548da073c93aa206228c8e518bb4d120cac7f0c52c38b48343c9de5b33e97bb4c9f092df84b2ffa09c36eba64bfdd76328c5703cbe5d021a9f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b085504b84ae8869afa9228e80f67861
SHA1 11ac4686669958b683d441c779f8688761a78372
SHA256 60b1bf9fcdf56161c5765ab1cef7f406986fd9078c777461d66455c06452e954
SHA512 1a45aea759ce0a24b53093801368fc3a786a555c1256b63a7aafa14a8d9b1790e19155c0b4335956800dcabc4e2ff7a1b3017c8946be5cdff7c9cac1b3fad293

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 672450d20c6a5de3c8730fe4c2d8a134
SHA1 414a64bc2e349dd06090b65ea58140d4ce537953
SHA256 aea9a014f0acf7a332a47fe790ff2365422fe5810fb6829d1e4b3b084338a361
SHA512 2c07e2bdd93603d385e9691ee6295da0d89823f0c44f573d409c7b344acef70cdd2f6b89beb169e36153737d825267737b4842889686bb7e8afd86fa40453915

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 2aa98ea4e5a88f091e5bc7557af884f6
SHA1 2f4c537642131639fe9551cdfe5bf08e3674a495
SHA256 aa9ff9fb8087b79f249930be3148c567a774c13682bc3215a903e916ac5cdfa8
SHA512 b3ded779479adf63ddfed7448726bcfbd8aded0db7d875319a2f39851027a43f0aad8631e8901c8d398c64165c343f1250503286d3cd99ee6fe2ce77f28f5d49

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 486e1cdbeff5450a9b4ee0b094a0054e
SHA1 a2f8edf2283cec465046738a8ce50eb816116859
SHA256 e0068c5d51679f56a0b07c6245430b85d2afb3c79d7f39633c15f665737074a1
SHA512 8363b03de5ccaa9f22f56cb737a1e2a611ae5b2cf8182918deaf3f7889a8a0a6164dd74391048e9a0ced660696eeb00ef48587257e98b4342d81c208f3d80dbe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 73e6d7868cfea931255419e7918ac1d6
SHA1 7e49ca25bbae0d37febded02f14f1fcab54cd223
SHA256 bad57a9bf544be773800a2bc7f112961279bc08830a146c17038715ea0831bbc
SHA512 6b82adea78eb0f8ef129b5c6748d1489638398761fadeed673d4e60e94ee32071dcb4e1dd0b7d4f229fd7b7b2bcbb616d59a7332772404025cc0615c98193fa0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 970926c139cf1e2e9112ef776fbd9d4b
SHA1 cd95d3ce0894c2190c97b2c02694b41c246fc190
SHA256 bc831fd4c962158e2d89d6a4e5e57d864798baafc779fa7e3c0686719b2d686f
SHA512 1751c16d20e23f5ca43b38f76b171e92142ef0148f7e920e3dd5cb5740cb78d6be1ef4093b2c8e9f93d621a7980f5c1afa152a17b9960381ea7781bdc5873554

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5dbc50e57fdc39bbf0ea3f2de4f0abfc
SHA1 0dee3b48ecd5cc25882e7994e541fc80ee864f5d
SHA256 69498c5d13cffce64c4c14d2b8dd80e66ba63b36764e1a9f752e73d10554e85c
SHA512 53bffd5506af2d3dd23e7ecbc1ad513acb12786e6c1501a4cadb097141c9359effdae82e74ead45a615d5ce620d211084a91071fc981379d40778723e005b873

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 ff9b0f7a53aaca32b00d5674e06ef6c3
SHA1 03cdef10944c4da502e89ecffcaa0557f7239d2e
SHA256 f4211f30290335f8ce22adfecd66e12c58c59c2cb224ed544fb807a01a97499c
SHA512 fab4ba01c9613f62a1ccbaed13ab80fc0cabbd9c353e8718a274531ee895ad6993e0034898108ec9973b994b65b32c7828ec46bf395f7b46ff8b0ef43b09d7c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 44b2552f493fd508a079dc6f867d5446
SHA1 075d4fb558884a99268ca010efbde19d551217aa
SHA256 aa1f5d5937216661c5f1673e46d63dffb141ae86f8d68d4e60ace5a548f6cf0d
SHA512 f31ff3d18d8e1f197d55b846becde4aa2dc75b6869acd0dc7f5cac6ba2796e20d8d48f9ff7f9d713edcbc3d8c0aadcf2921a40c9ff44244d09991c8cacff96a4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 d07b9f15b5cab96ffe4582d5a6faabc6
SHA1 2f392e0f04772a65173d17b2bb8f15ad91ac0d45
SHA256 8b05a2ba8788f34dd33010fa63b1fb16bdd7f001dc6eea4f7435643b1397114b
SHA512 61faaddab3c8d4c14238bd5b0d0f873b237ea2e5d6a94337b98a9c9f4c1cd6929c980efe16a61f544b5b798ec87240cff5633ad2fb352fb9f64deaa44705ba45

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 f73a8a77569adb0308a71e0e1d7776c7
SHA1 b762cd6be6e3ab24b3e0ea7a957b785494fb0c4a
SHA256 198457c1e7f0b2da06bf92d5e31a7aa9f85675c32bcc1fc9673aaae91e94d235
SHA512 bf47f6e447d099481b7b78097e63ba135892eba56fa27ed85dc6b3a371f99f3ee31e31f4add9fefe9c6eb9d039d65e7d75e3d285422ecf80ec3a67456d7fc494

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 c1ffaade78bcc0137be8ca8d8adc7e8c
SHA1 2467be8d43f2c3d5b3048db2cc8027e98bbcb290
SHA256 23be71e0404352b982089b5e2345c88a070f107c2645370b3ddf578ba0b66640
SHA512 7690043e9ed3a6b9e2f6b5095f0f7a24f6c830b5b50c0c7f0476eeff11841a474b7148371b9f9ffea79d146845d213a7044722186915d34582dc5d021287cf40

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 2f5ab940858b7de448d3199ab408acc8
SHA1 f9670ef09eca07de6761cb2a40c79548f7bbc7b8
SHA256 c15fad0e1dfd7a40a4a60bf5fe53e8a86967570c9a5f31475e3e70459a75c548
SHA512 b1eb529701bf214a9102f90e6e119fdbead3f253ea010d11646318368f2b61ad6c61e277d32cd22a7a1aaf2576283252ae2dd957f9efa9a7a299ad66091192f9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b2fcca1246e757bc0c7dea0441afc0ee
SHA1 4b47919fa445130c8693d1d2161b1239ea1f0851
SHA256 e34343b0a135d7b90c93dd39da717593cc6d10271911beb12de6e90b36b1e181
SHA512 1cb8758349c40e2bf86e791eb713d7fdafea7ac9cd515737330511d68a20591dec25692b776196691961c5f7a1c61eb524ee96763a0ea0a72d297878dd35bff3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 728a6ce60830cc0983a6e4c18f8db23b
SHA1 6b4acceaa6ae21965514174a360ab83e5f0d197d
SHA256 c593ef0c5e622397b756760cc66616d9ad3592c75831e838d3af5f627c4c909f
SHA512 8c96d446c4d950ed612925a5e10c9910e72f85ec8caf224a059e2e3207042c083a19b0eb8527de50f3107933f57ee5bc22f45c2b04753eaa022f926669b0725f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 b6282f7ea0b4fe23a83f67590c77c385
SHA1 d898a8669b09512846b98cb3a14247a3911bec12
SHA256 d01b94f26a0b5c539369dbedb253b9ca9b7c138510f3e8f82c1aa687c3c6e3c1
SHA512 abcc6a1a2f86a45da06838cd9f08fe31a532c6d594b4cee326287f7be95b164cbdc0557386018043732e5d86634ddfa73663e85ffed4e13d04614f6e2bf19e78

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 0b98c3e6a1dc318bf14e99a9e19c690d
SHA1 8a4efe33dfd073bf31fa94e8ada66477db2434fa
SHA256 8620faed710f3e043919749013b1c7fbf6869249c8842d4437dad9ceb31df7ed
SHA512 d7cca93d67dcf8215ddc879c3165eab0ccc4cb8506b27349090eba0960229f75b8f9676054e2476535bc83f4203c161acba7f2c5d12ffc61589388ed1a6ecd31

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 a6d441bb439045128d7e7909873e6dd1
SHA1 e2b70d0e6dc42811aa53af4b00897c8710b0e4a3
SHA256 5787ff3fc06c14c38cdf08572bc04f0029e739d2b5dc5b39da9f3485bb833513
SHA512 e4617d2df980700b7e8a7b3b362c78df38a244bbf6585808b19acae1c28982e4802254fed037de7d508eae40c4b846286df6607fe4f8fb1f444c6f1d24a8da28

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 7ea85c548cb43125c7062f461b3467e9
SHA1 25264f62a1d1c39c87166e869be2338add3b74ea
SHA256 10b83f2b4c2c2b65bc1282c298f1eafe1f048bc87a878366974efa9c6d080b29
SHA512 cdf4cdb2434164bb0bc91c1af0fbdd0c677775f6b48df899cc3f80a4501e07c669d098c7664e173ba75aeea75e3684d421d001d2ae22475f1a09b3348efe6997

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 bb1ce59b9f13eccc9de220d9be34885e
SHA1 c143e825cab490d8cccefc0ffc5d65c0bcf4d0a4
SHA256 f0e5944f1e0f384493b3d38d52fd4d8fa2ce864db0d40fdb13804d226a7adeb4
SHA512 3126df610705e0329e6ac4fad0cfdbf388ef541140d0c3220133423d24058df48f34033eb4f4a6d026f9bb3bb85d1ec890a54f2860ddbbdbf3bea9355b3d7166

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 1b9dc2976795a94451f47cfe07c8ce0c
SHA1 f338ef95199de9a036843a6f870edbf6a59ee9ab
SHA256 8047d2e75d88f93a48e73ba05f5653a44ee063558bf56042274a8509bf60e4fc
SHA512 b2d4e825e400599e1bdbc1085c41890c30186178dd077300bbb4db9224cd4f4640aa04a8b201d0965327d7d27a60036148db57b0c29e69b2b569dde6b51fd585

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 2505d0a1b58a61562b03a6693bc11770
SHA1 8ab8528be89fac3b00f1eba1650cee7306a97090
SHA256 a030b80cb1081ff15c5a5be362df03ba97fb319f106aa00fbdda59299227356e
SHA512 ec6513c23e8b243b272ebea9b5ec6258752f3f79b9ed51ef983b15b2d98156482ce66262f236fa39498b7cc58ad4378664976697b0759e0e89f5299c6ab036c8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 92f29b4d39d0d7db62ca533c09fd34a3
SHA1 48e6d7d6ba0ac344ee2c99cda933b52b82e745e1
SHA256 a30e47bc6e1c7fecc98366c953bec1b71753e27f72523bf31c35ad2b43475e65
SHA512 00ccef4e288878f103857ef26aeaa08009e14d8279ad665ecf3bd1eba1e3bc7e3a8f540c148583811edb671d5effbd7176cba75e46f1b1a7b6efeac021c69b52

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 b69a035414808fe0b5e77c4d403238e5
SHA1 645140f8a3bb2e0094c2a27dbe0c3f1ce348c0b5
SHA256 f18bb8c0eb0f1c322e5aaabb098e327bffe4b96cce78cb4c532a841a8737fbca
SHA512 e5d0da1e75bd41f7461e21e9dd428e8b220b71d890f4d7b192f63a9ef8623067b131bdfd814a77005c5353f39af591271167ab61eedc16959d0fee994aee69cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 f55f9e37043fe85cb571466e19cf0951
SHA1 91d6f272959fccd2eeaaa9b82f9276c9c63a5c67
SHA256 35b0639c00b9a9f2eca9946028973e943e435a97548e943c705bcf4e057c7176
SHA512 4b14d6b55944a07510e79cbe241b279c0a166c590001e278d587a5a5626e7191f5be1cff91961f21e0f7edd390517d7ce6b1c603a2963dd1adc692943ad9bd4f

memory/4720-18962-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4720-19123-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 36ab32937d3adb6865605c933e0b1d73
SHA1 ad42bda4c6b3beca59d9d4c8c3dc48f80eef344b
SHA256 25a7cbafd736d2df1712840e4c682e52e2d7075cb41435b88d060154e12da125
SHA512 e2d57f1842e20388663ad5a820256d3af2c8beea4e9ef5d99c3e4b4b07d062839878021be8dbcf7f195abb14d6be112a0678948010691ecf9b53d19b4c48f107

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 5dd9348157395f55d37c40ea9790dc29
SHA1 c6ce637ca56aea0e6f94a6c4927f0c721821d03b
SHA256 f39652fdd49290747f4e81a72ced9ecfa0ee3e1233f7e2829b5fa8efcfc3fbcc
SHA512 cb94216822a1997d721ca621d955fc4a99ebd4dac8ac700242706a4b37bc6a58606880bac1f93f79bb2547b1bcbb596d2824a2a039129783245b1ec24f926c33

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 42db235d51aea953dfbdafebf43bc85d
SHA1 45809c1996cef276ed11e646f75fea776a5e6774
SHA256 2abee00c728e66fe0229a0710753bad0da7e2e188c361f9caf99cb59dbb4aa27
SHA512 eebe985e9ea42af34cf8c73e58a6ecc1fb8b26ab243adda3d8669b6823b0834f1232b2598f729ec74812b5fd1a47304011c226d51218376337828738c732c9a8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 419742bf52398914859a205b7791ad8a
SHA1 bea81ecf59b9a7b9fa3449e43d2b5524792d58f3
SHA256 2b0d34e74111d02ccec7bac8e49e9203f2d2bf39f8c23b0cd7aa9c61e517fae7
SHA512 2470d04b8ed7881f26f883113069df344c5cea5313a32582aea3a334d0c47eb83840ebf6d40fdd9b27472e878bcb4be21d0a02c6bb607205df6c7368d0ac3eaf

memory/4720-19504-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 138514efee3d5d8dd3b15993b6c7b13c
SHA1 f678798c4cccd943b3b0926d19a9de04cab25c65
SHA256 97b4d4887fbb63b75860f28772222df941800f3fb12779139c67165c0bc3b308
SHA512 29c549e3933488cc20504552274f2aa814de4e91f1748c676716db37c643573b51e4792e46a0d779b67eee2ce592135cfcb962788338a65d9d9f2e8ffcdfbc7a

memory/4720-19513-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4720-19532-0x0000000000400000-0x000000000040C000-memory.dmp