Malware Analysis Report

2024-10-19 10:43

Sample ID 241007-3pbe4ssdqg
Target 1e793474bff4e7b93b8fd009278845c3_JaffaCakes118
SHA256 db361bca86d4798443ecc226f9c6366ea0bbf50125fb0b80d3d5463ba5ab75a8
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

db361bca86d4798443ecc226f9c6366ea0bbf50125fb0b80d3d5463ba5ab75a8

Threat Level: Known bad

The file 1e793474bff4e7b93b8fd009278845c3_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2197) files with added filename extension

Renames multiple (2194) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 23:40

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 23:40

Reported

2024-10-08 13:03

Platform

win7-20240903-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2197) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_neutral_c763887719bed95d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_neutral_aafcd45e4e890862\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\manifeststore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_neutral_46f893a4f998bb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.HTM C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SplashScreen.bmp C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR13F.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f441c5a87805ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnnr004.inf_31bf3856ad364e35_6.1.7600.16385_none_ba2d2131f8a32d84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.extensions.design.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f930f3a41661ab9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_13c9e3bbc69e7aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.io.log.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_a76941a47fa5cc21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_it-it_32b620916ed40bc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..lter-html.resources_31bf3856ad364e35_7.0.7600.16385_fr-fr_c0553474bf644dbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_846207f778a0759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_6.1.7600.16385_none_5086c179243449fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_64655b7c61c841cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6ac405abbe708be7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f0410dd91cbda188\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_11.2.9600.16428_none_d5560cb5e3412933\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_servicemodelreg.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_1ad047db1897cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-aclui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ce52f37bdc6a3877\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..vault-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3b31b98d615d4a24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnhp003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3122f08f9905bfb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef61c688d787996b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-storprop_31bf3856ad364e35_6.1.7600.16385_none_8247a61e4a9abc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.1.7600.16385_none_73837d07d5ce032a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_153e0af5604d3470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_649f28cc62d12253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f5efe7e190e2986d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\74de34cd518bf49352c8346149ddfbc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a06db0f4d325aec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\Gadget_Flyout_Thumbnail_Shadow.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e2aa25af3a1c276d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96bb9cb48b01aa66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..-resolver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8704d3de2e0856cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..inter-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1c8bb73b9c33e7b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.oracleclient.resources_b77a5c561934e089_6.1.7600.16385_es-es_333946739b4ddb76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\000C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehkorime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d2786df068703a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_3c1b29463bcb5626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-timeout.resources_31bf3856ad364e35_6.1.7600.16385_it-it_abda32d58a3cfb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dc4ad095005ac4eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..standardportmonitor_31bf3856ad364e35_6.1.7600.16385_none_a39cec6c3a968733\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_de-de_9450c441b822af1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-getuname.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec6f8c0df80bc28f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..splay-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_995c1c5e1f52f3d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_13fb90a2252bc889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.entity.design.resources_b77a5c561934e089_6.1.7600.16385_de-de_ed76d7e79a64c1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_815af4f63a8d8f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e26064b745439e74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7156455be918602f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wcf-infocard_api_dll_31bf3856ad364e35_6.1.7600.16385_none_ffdbec6fc9513d29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cb34cf1fe62201ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_23b7b32e73eca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d5fff42ae7dc1bc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a13e6020ba7d0817\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-n..etcapture.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6b4d56662a24221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a56cb41c8b19254a\erofflps.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4fd61d64bea7fc2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\inf\UGatherer\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_6.1.7600.16385_none_a30e530ebc7f9b22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe,0" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YWOFEWMRQAYZQVA" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe"

Network

N/A

Files

memory/2316-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ae7de2b41041af2ffedc29f60e6e1c1
SHA1 63969a651dc2d2aec18aaff8c86acbbc3fb86b6b
SHA256 534c8054977ffcd823939e2c00ae7f72a5b153fb564bb089ce4b20cf3af49d14
SHA512 f3f47d138ce2ff2e0b6533f613a078beb1295459c20270ea8f31f8c4efb4ac063ee6a09852ccb4a03d450aa5c7aa89780cccad480f46521be70eceaa5b5cbcf8

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 59c648fe2cbfedd1140dedc3118ce680
SHA1 b86c936102a9a2440961406ced685948841c3b35
SHA256 fe59774e4ce28fc9bbd765319f2bcc577377b8812c28580a2556ea33cca13a8d
SHA512 3e7fdbdde4cc89c18cc4ada839ba6f3c406cb8d6b284c43e3bb7add24709b4b4ccafdea709eeeb181ae754904879d5dd6b458733a1f0fcf5081befc8af5f8379

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 3b7521dc7c164f808a325f085e6954b0
SHA1 df77d92d78bfb545ee2d16f6729e2dfe20688248
SHA256 cf6161e0433cdea651f1c645dd723dca97c3cf37d88704c28768a6b907c09c6a
SHA512 8cf0d9552488057bb20f8daf57785786b500d9bca5b776818612bf94f6556b10c71c166f2c49a1381b7e74290b42222c9123c48d8776fa0c9407b994cce50f89

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 e694ec4ef2a92e71922a9e44a45ecdee
SHA1 fafe837a33038fe04507b557e651ff970990e84e
SHA256 7da48ed1f167b4aab1788fccd96290fea9a7e71bea8451ded18f58f15df470c4
SHA512 cb299cb3b776928d4747f6c87433ad0b345fc3ba0dbca0ad390586bcffe7ba89e46acc375fa5c078d03cc82bf55d9b68af138f3a9d147dfed18a36e455245cc6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 03e4b10b06b64688af4a576f59e7c26f
SHA1 eeaacb36d93a7adadab2642efe6cdbc5ad7cd148
SHA256 f7087a4928032f2f66b51d8ca64b165e45639b9daf93bb5ccf1399fed279bf62
SHA512 277550661cc05b3072f65e7f0bd461eae6df73ada6493682d0cf7255a75bc49f264a94be53547c3dab214e5e26ea851e24fa86e5f806f7be4b432f62ab3e6165

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 07fe4b13f3db8b947dcbf606801a8ad4
SHA1 507e9aaae02fff60a215e29e415cf6becd9f63c5
SHA256 5cc9cecb99fc0834906aaaadf06bd4ea1540bba7a1ddd5ac219b17eb1b2a28b8
SHA512 90cba53bfc1c68d0f56fa874a7e4fc4df3d53e7fe7350627a44e23c802180a32644e1c31739d5dd55643cd8abf7d0231f7b289a15c95f08b0c6d407181663bd8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 93fada582c9c1e0c88f600a28cb1980b
SHA1 eefd4134a1f7b009adb805dc7efacbe8f365e2dc
SHA256 5cda816783afa2dd5836bd3bff7bbf4d612c78d89a9bf8ad7f8c3f1a769551be
SHA512 cb20146452cccf16c0e8d3a36288936932746dd54b6abe741bbb6bc85cfc1d0dc0716224f5bbcf0b5f36a15688894aa29913a0a5f22a43d2ffd0e009eb3eba0c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 e1c6b2bfde0d11b6400bc2feff6e7917
SHA1 3e3461d46606fe786b2447cb5742b8f9665bda43
SHA256 8a3f02dd8b826f77cc80107d2d08c172bb25e89365887d5767ed9040ec50ae64
SHA512 4dfbfc7460c4833c1f6630da5da2f77ec43d91eb7debc1f6bb2e73f5296e3af3092fafffdc594dd84dec6069737c222199a18a6f718cb4475c06e7bf3d6646d7

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 fe80e2b52ca8ed1a341e424df44a4c47
SHA1 c5418fe7548f5dc6b1e0a3b2a072f1c993ca5382
SHA256 8b73cb59b4ed2e494f0471114e3c789e47bc3b9e3d7ece68c6aa4165918f2c66
SHA512 7e91f1e0373a34504a54e7435a813a3956913438e224c667c873a062468ffa5c0f9d76f63bf38d0d3bacfe30f678537507b6f605352374034add9c1ed3e206d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 19c734077538186c9715812c19d982d5
SHA1 484d8b18c43aad3a0d6bef3e06e8ac52d2f78806
SHA256 e8a93d3dee0545a65b711e2caf1f54ac65ad69f52d7917738e9238fab6459dfe
SHA512 6dd927032e95c2293d0052644ba35326f57d837e8af570c4befd07c89b0ab8807bba6752c2090c5359fee84beefa50393b7bdf92112d86388f7183df39abf6bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 96b568d06377f5f60bff03a6ef07d07e
SHA1 6427be4ace43d314f6ba3219d647a430e724273d
SHA256 e7e134a81b06a2e76928604a54bd8e90d4139e0d3dc8fb9a5e8dc01db3890f03
SHA512 5503166dbb278785c47012365ee5d0c2415d7e14e08d6f1f2879eab0e5907d56e7076a30e436afbae502039f2eeebaab94679c8323b17f3591ddc320b3385420

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 7fb5c03e75b0cda14ef2524b2fd9b48f
SHA1 d702ae6d7d605c3a1be76d1f5cb1994802fcbea2
SHA256 e9b431794c84af4f100666daca215df734073741970c633946c3cd62a7eeb12d
SHA512 5b297e28d448ac77583ac38ea733ea8a2d30a3cabfa3a42226906ead6fe724f92e3b6f690d6947b6e0ae50d886ad2f92fd1a56c0c6913a1d3ce2a6081feea687

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 153ff090a59af858d8a1391765d69036
SHA1 dd48a859a8db1b24ac79399b81eb79add3e3c6de
SHA256 71c3b3040f0993e5b4b8645169df522d17e8312a2eb457618b6a741372bbe33e
SHA512 9709167c8cd86d28f107d92912dc627ee3a75b56f8731b3327e8e066b27a021c2164898a1f3a10b2dff7792de2ce0a7b70232fcaa84ef1c73171a93f1f18d9b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 39877bc8011e7785667b25dc0c0b5c6c
SHA1 dbecb859eeab925fe7fd6a8f43735314b5700284
SHA256 cb02fc9a62f0253bd7c92d76460af0f5c1e54246aba6a169f3525e45bcc08df8
SHA512 26fbb57000d506e28fe4d8d34f3cb97046ffa0891ccf11fbcf1edad7a52a78ef53ae2bf51847b60199301bddbb0bd13ecfa89d311b88f5a1b1e90de767c1f385

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b958eccf8a3552ee960a8ce0c4b2b821
SHA1 52573733dc378e16b386fd28ec39987e91664c0f
SHA256 cf39c9b244a1d52a875ad50d9f2cbf76f49177b6e4a88f1f8113f74521469569
SHA512 427b002e3853a39e5329e555cd8f19ec44d996b077b0d6e5cfd331bede6fdb6a61654f0e49402b385c3cce4eb2c2d69e670054fe7e27e9a5f5ae1856ce8e85c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 8f46d55f0ece8c31604e4d5123d8c733
SHA1 ed7e25ca133f158a5a64e01e10cdb3f7d7d6c64d
SHA256 8581e7d635566a152c701179ed5e7027861f75f0816120baa4ab8ab1f9c671eb
SHA512 98b948d6982c9744f4c8af8c0eff341630c4f793f7ec840cff6878c3f3f5a2c2f24cf67734c10036d3a0053bac74a0f89e0b21b5395794d1569f921d03793efc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 206c6369ed5c9d999eadc2e8e9267359
SHA1 5619a9f4cc707bcf83d79925d8a7add239746efd
SHA256 36bb728e2bebe58d76c275542e714503de62d32165970d0e60f1af758efef042
SHA512 47696a4752d932ae9947c5787058f3824774cda46b4c16794834688d37f73ceeded406758a411176a6233a3bb9ad4c547372d58c543fcfb3f7b62a2fdd5636f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 6df9dd9dc993171285cc90ec16ca034c
SHA1 8ec50be12c83e7b7289ffd8276f6d58ad9dd7040
SHA256 d822de9e7a306a53ffabe38cdc507eec7900856c587f99ada1ea979934b1a5e0
SHA512 97681a86f2ca69ced2ef7a2802d68562e7d2bd5be805518587f6dab53f1b47e68b887cffd2dccb79fdb21ccc470b456d349e35773e7c3c550dfef8ec6b07e4b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 9fdec9ad4f4d652ce5f7b54e9847a33c
SHA1 bbbd9a5c8d46392b65769eaf022d6eec2cc69d1e
SHA256 35d9f47b20a1a1d03b21c8540f7c3ed6b98dac9d15071f4ff893ae0968cefa59
SHA512 79f92c7cd0039964e98e7402f168e099b751f6641242d2c52b7960d839ca22eae5da25f1bec60575ffa728c244ac64ecf8426ec69d78049481137dbc39dc7fce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 1a463be032a45eed8881c086c041e21e
SHA1 7ab9b06fe7070ff3801b010dbe46ce331ba1f5e3
SHA256 e407bef03d1be3a84899bffea1c8ccb16e54b12e2a5f705780bc885260787c88
SHA512 54f7ea3f798a81f9cffd29f6e357ccb719e6fd3e47c0da4055a8d649fb4a1391641eadb94003c0c7915fae3d8e80ddd09151140f8e0916301f123955bb685749

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7c8dc1462650a48ba239a28e5b1bd3c4
SHA1 37a369bd60a5d088aadd314edc67aa434873ed83
SHA256 ac9ff3f0a975af33038b5f8405810fc9f312a99f58fd046bd21fdb675fd040b5
SHA512 4b689e3c4da65b1624b2009490ae4d0fedef4fc2cb063213f12400401e71b2cbd95dd66d3903ce880a4c0c9811ee595d420d64df021598445b38a80ebdb6eebc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 0128b386534577e28991936f521c899c
SHA1 bad3145f0b23ac55d988af32fdb341c0e10e69fe
SHA256 71ac555e4682f9e584ec2a3f308d4deed38d2367d9b265b4e7c7c8e83ef58175
SHA512 5d40db28000080ca413655e454775627acd5f837f695f0ee14f85cac5bb63152e8555575223e9aa863dbe5ab1a269e7a60f99f160ed0601123244270a3b86b1f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 514a790b1496843317414ae2b9cb0dc0
SHA1 fe5f5a2fe862a155702449f0bb03ae7f9c525106
SHA256 9715a0cdbc43d44b8aebc49f2b9cbbaa52a15912ecd811101672d3e4ace22360
SHA512 939bbe211dd553c9bd394376caedb2d0e6eb7b9023c2721a61a3dbd54a4890de79ea2f8070b417d296cc00ca02b3638a05026152b15219fbdb766e2a74d1208e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 5abd45bdd7468a77a9effece23a3a845
SHA1 2c7dad25505d1962cfea344eef4af161df0c5530
SHA256 ffb24fb5b9201556548cd7b68f93f0831c138490cfbbe85fb27480dde08c12f7
SHA512 78e77e60322efbd2af16246ded5702d12bcb62837a7da3d27d373760bf807d4509fa1c5af14823127f1e01cf5d5e3b28374208df51fbe5c7f6d1402770fb2e22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 0ad6cb7c4d5512661d365ef8e0a253f0
SHA1 f854348d84e3b77a57e08fba5b00972725b8e3ff
SHA256 6583cf5e998b718f7b65ce3b2b0fc93e4ba7ea6e88188904ae2dc399d8707d4e
SHA512 2226ff0d3a9c1510223d19f8b737ac1439713add20a7ccdcf418d09582910f87770dc24f01c56b6b0b13e3e621bcc828d8b292af3eb02785c081c94c0b1d4f2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 7af2c719e69d24360ab72d43e531a2c9
SHA1 c072de90960dfb6bad19e7ab8c3e440d3dd5e84c
SHA256 8062240de74f2386987d06979ca5cdd8515d32ad5e8d23c82d568c19e8ba4aa9
SHA512 e165868acf83a383ad907be1212e6c2bb63b9b5343bd17ddae99b66a2df7b9c8da420c137f7e2ea0dfa83951e3a7b162d50ccf1b3f4847d35d30210d83c1f578

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9487f25b7aa577deddf2d9aa51207af8
SHA1 919f56c3df734161b1bc2b9c30bccf77d5b969af
SHA256 c66647aac0e3723a91f052811af8836f2bd770c4e98cd0cec04fb88d1b0d425c
SHA512 0dc9f53cb0f3db2573f326d93050ec229c86c38d805cc79a401204625d8b9000b2ac69a5268984a084e5c216d210a252a393e428b8eb2f3cd93848ebca5962bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 9b8b1cc5701b3ba861b647ae5bf3544f
SHA1 398b66104e5fff63a92d2002a29b49617e925278
SHA256 cb435d2d8a5791082a9577ba663ae22070ad2b0759c3a3bd78b2fc66bd6244c9
SHA512 88dbf94edf4d5112735b38db1a326a28bee80759e19a2f5afe01578c0fef5abcd183ecd8acb5e0b430019f8717055da15b009c7a985bd646d2765a6f0e83af5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 54878da0cc80e1387c2a6ab6817a6536
SHA1 8e21d9e976513e4e60605dabbb17294f0b37388c
SHA256 c55baaff0f130570942499a24fe79f05a807eb76fda7efed4162e2e551b264cb
SHA512 23cb0f56e618c4636f75a3b52b1c77db3e0c933368cf2610ea264ebef5f91cd158591368edd86a83814632fe51bb6cf4278d77ce59552419010248e5306755b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 893b9e0b945728637f4c287855b990d7
SHA1 5022a7f191f7bd3f6cf5000f0b0c6b9168cbe634
SHA256 39870017c611ee7f03cb7ddd472932e7407f8bf069086277a238a9879f9ca0a9
SHA512 7a4012eea033ff316db346feb782cd0de51cf5d1b26e53c142194fb152cc54cd3eefafbf26d9ee7d6d3cb47902234a3a15539e268d1c2068b8c3851f9cb6e081

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1fcd5f949f2897a9818bd9ad68020b4e
SHA1 e161efbe217b902c2ed0fd2e92f8240116b9fe81
SHA256 3ec34a7b78c68cd1582fa0d179fb3e32df9a55aab046ff7fd5e5bef65beb2b59
SHA512 1a2e444dc712101a8a5a6500db9ede7e27847e389316c67651d02552a463c3092edf5dcc5f58dc65e83f35cc0c11367ef5e196fcfe44782f453f31c843ecc98c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8c50d2a5942f6cf697506692ca6fcb68
SHA1 7e0fcccce3b12f77358330ad26f9c91f4694324d
SHA256 5c085aa6cb7b31c61fa84f5312a18a3699cbb35a25deaf88dc6b145382e7c26a
SHA512 efd40c0834bfc51847422c7c45ab208674fc57c9cbf8eed8337c6dd430eb238ee8e4b71d1f39557e8caa043de26715c02129293c2f26584f372b2031f36cf11e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 892cf2a62e7af91a6a9520686bc556be
SHA1 521a3cf3ede1f09bf492a7c314a05e4d82d6d40e
SHA256 e02b812389e4f5c07561b307fc95ef75a59eb422869d8b5b2b52bac6398098dc
SHA512 2ff552ae9a284b16901f1e7866fe81760b55d84cb324a6593416578a81f57520e4e71fd58c1e09c236468766633b735313a9ba333dfc512786fefa31449fd71f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 8796e40b7ffff63ae822b1f07796a1bf
SHA1 c8e80d08548057de16435a88a19fa77de7845165
SHA256 2cfa12e16764d8ee5cb2bc5f2ef37ac1c363ad015da1918814d758e4470825fe
SHA512 0f56647dcdf70378f70093f907da78a074de33c3e1a8db64c6019cee69c79cec2535b3c7efc154284e59113e01aa078f8b79495241516908a1b787a76b19b6d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 2b65a8d77778bcee432fc74953c131d9
SHA1 ccc295e38f2e7d999683120d3e5598fcf766eed7
SHA256 150652bb097e380096fbe9dc4dfb76cda080860ee3c33140e5f1dab609426a75
SHA512 78fd8e975f9edb6b401390d218796a8bf49be6c49365673665cbb591e9ef2c868a3cbcd6551876a78df4ff5573676733dd672bfdac7c240ba29bc0ff14193b08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 2b92c5342f8e4540ebd4fd87f7c9df52
SHA1 db2c792206883270465beecb735537aca2a90f3d
SHA256 bfbc9d7d40af0fb88b86b1c457c7bc8b5ade17e3dbcf95c5e63cd70d4cf54ace
SHA512 643a0febb71c18294a8c32ebe1c94da2b012f503417d05531f651f4530c2c509d5ed7a09029a012fb0617a44111a0263860ecdadb35a73e6ec596d92624713e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 bb0e134a26696361ce5d1df225d10e82
SHA1 84bfee36ea656b1a8447f4c174250e5addbb9f5d
SHA256 59758e161548ed7a0c57d7880f092c1c1cad48013d87558579e888bdb0ba94dd
SHA512 7705ffa56729788cc5c102502656e37c1ee8c73c8048a8cf8d5576125c704e3bfc6d0f1f7be7e1a4b93554ece9359661dccf617dae01e9cd578f0329f00f28c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 8583b1873ce500e67ccf1daa3d4a69c5
SHA1 755c91927bbfa9fdc55d3fb48972a0c1fb0c88c6
SHA256 332dcfa60bdc48de91c34c8faa9439e7ae0a85b1fecf1a347f26d36485229105
SHA512 99fd231a8ebb8d18d14326efbd362e878e881bafee531425cb274169e7c7839b445d34ee4457bcd967ac8f6b407c1db32a1a966f68cccf002b3ee2fc7acd50d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 a43c317e1971e9a8680179d768132520
SHA1 2eaebc635181b8135590ffc78f341b55048e3ec6
SHA256 c21ce3ffea5d6eab3b7184a2871037dba7a27a99e3c5f4c4906a86204067df14
SHA512 92010b631f20ca6c62334b38e3c44597e54224a3015251866623790153a02a7b7b7922f2d2a96d332c45e0b1f5ec3dbc19f2192282ebf52802aab14a9cd83636

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 bc4ffbaeb9749997eaa74d594736629b
SHA1 16eb7ccbbf7afa15005e16521bab4058cf843ed2
SHA256 d3c77dbe61354da83206995e0b774142e2e374cc402f957287c56d745c887ec7
SHA512 823e55edd9827ce78c187a58e6a833a2242d251af97babbd71ed6eaa18177e7cdd5df426e9c0d74f2f6432e2e7d0ebe7474cd0f45e625d74045dc967813f3b6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 8792eff5d36bb18cd2ea950601bf1d21
SHA1 5169bac91b285e1fc2b2c0645e70f6612d8c76b3
SHA256 a793caf4422d59d6e71694552fa5f8ae54239041b7c17d00f5d873b9735f1362
SHA512 e0e0149ccd696aa425198441d0976d75d8ba57cc37be1a0aa4a96b913dc0653e5d66d8c39953fce111726a19ead58bd65e79477eb7f48478168793bc96761e12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 9f5ca28e4147b280c35ceddc3e0b8861
SHA1 1f2408cc9e414557a358c0dfcb748c9dd07751ee
SHA256 817a1d69d7e5e02586f1ae899e73b7ececd382914576199e1254d81b935ef95b
SHA512 f4f755aaee22c6ed478dd27312dd5044956197cbf1323b2ee5438cecd430e2b42e8e434d9812eb8a11eeec5144bd1e719c3cc43525334e92f3b5c71d1c43aa0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 d444185202e68b8e183a059b3ec08e45
SHA1 41b5670d8b6c8b998b2bc02c4d7c9091e3fec03a
SHA256 3abeb3bd6bb263b7bc1f383121a548c6f06c55dc6d0316e23377961b1d195ea4
SHA512 d23243dba4a4cb8f8af7f1d7efec5db0d1bc19d418bcedf5bcdb5386d93fa8e17def0d27db48cd4a5d8a7407490a98ca4f80350059f2c70c02b2a74d190906ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 666c74f33960751922fafb53d5c3cd8f
SHA1 3bc95c645a82b78748b472f21005bc91b9b70faa
SHA256 3a8d905a3c79d5453aa259332f915a89c111ad5f0ce5b767a7e3b8d97493d004
SHA512 016abc8ba4fa97dc6014464a323996b98c7f5fddfbda3ae490aa9f843e1ea82660e6802aca63049c7700f765b28b33f94791a874066157a4a977516c6c97d960

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 65edd435a7b949c93e11d48fc810174b
SHA1 36a101eb2ba06d84a0817058cc0573162b65f0b1
SHA256 dbdb47a4ea306fc64dfe2d473fb3fc26ac374460e0ad0579ec5650cefb23c3cb
SHA512 1937e110d7d478df38eb6e2a4fe60e64f3c7763184e8c495b13f398980a572973b185b7f067090bbb990b136714806e73d7397ec4355ae9a94291d41f739f50c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 9d76a03b277a8a77c41843cdb9f59b53
SHA1 e9121234c6ee1ecefcf8168c3a15f8234f8f8ce1
SHA256 1967f8951fd127590dd29df5caadd07ff76d7997687e8bb0970943cc1e603382
SHA512 d711787addf10c53fc5ea22a3c387b596c844a5cafe2893a982e62f37b57946abba6711c54133a758af8712df684a11a199bd2adf8996ea99c7e27e0b899db64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 0e7929b7fbd03e155949e51fa8bde8ab
SHA1 ff7b2a2933387f7a59b1552e3e1c992eec8d7b7c
SHA256 8e2f9b30dff655c35caadeb7b851259bbb54e1543d837136532496c4d079ce8a
SHA512 5ffb05bff0bc2c8325eabb905ed8dc6602c44fe47791ff6ac00655158ce8c4e7e4f89250d7612e378623d22753dc178ec435ba84eaf12790c55b6d292586651c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 f74be8adc2300afc147a91da3f88af1d
SHA1 befb1fb1dfebf455cace0acc5986dd1468d9371d
SHA256 0d8d3c25db74b5d6e452c8b3d4fcbe4aa6254daae58a1dcb2351e543d0ae2412
SHA512 fcc6a67eb98d7a3274e0b6ed7bf7b5b7c4759c8c9d841954b6718854f3106cb21b869c0fd2ebfb1a8fd724259d96a621f6fd1c0778a8859269b2b7ebdf9bcf76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6f5830a3c09ead79e6647a03ba21ddb8
SHA1 a09c8f260357a2fe9f51a399ec76c00ac2e9c5b1
SHA256 cefd8dfdbdd5df66d253113da87c4fbb5eb0379e9e97f85e50187571d839ff5d
SHA512 ae0224c46d1969788a3574c719e46601bdb1e207022591d155161a049a3cb29f280f02e144723c5cd09cd195ff140010a31ca4944c6a29fc1666a5bb7b79a0ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 8812866948db1d1b2e462be84d185a79
SHA1 255943a56882f8e305796ab209b2fe6d075f1072
SHA256 4553f302508ff16c375cfacdaf88c11f1937cc0aac658f95c67ec0c8e5158e38
SHA512 ff4a6e4dcf8fc42253d9326347361c8232b67a64eb62ad9c44cbadfb57abf4a1162df6148bea69cf3491c0199ccc0c9768742975745941ac716ea1b890a8a2a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 dcf8129e85710572ef2b354ac468f2f8
SHA1 297530be196c3d9685f839f207dcc637161caaa8
SHA256 e9065443fcc8c974c5e5ad30f46267c169885bee59ba9a22bd3593039d6c68ab
SHA512 0bb3964876dcc627d059e46dd393d8b6e5969a28748d5413ab8ddd7344097d85c9ddd4b2c2373ef9c4b5f3f9f956147317e4a928cd6fe25a53417c421b95cf30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 94981993fd087c0e6f7861194068793d
SHA1 025ca735855002911cb083c494f386f01b5064df
SHA256 e109aaaa1e239a8bb29496b036aa77ed4388bd0f024d48c253db53c1a3d6a44b
SHA512 26f9b61581f6116d68b26977eb4a69062b77082344a5b03d6e56cf89faa8658c464066eaf7dfb0a1b655c8e2b7baa43f3db3b20d1ea2cd1fb2e0507fc743096a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 04aab197a9636f3770dfdf9e299b5e67
SHA1 58388af7b7b0489588ebaf026caf20f247fd93ae
SHA256 440862a23190560c6fb2fc7c8216f9b54ec2cc5bee26c35091aa0281fb3f843c
SHA512 76d0eb9c61d23b528125aad3cf495b2f71ee686aa0ac81b2a370caab9088d87bb7431ba5a7c08ee0c5d6561905cd7759d2e8245b61612cd62ae23dbdc0ae627f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 b090ce5de67c23c98f2bef58ffc64cea
SHA1 b93dc3dcb1bf6f2e685bf535cf707b7d0045470f
SHA256 7ace63dc2e2adff9d10af0f47fdde99ffee157941f63ee366d9c1b00ea06841d
SHA512 1d36cf51fee14a69daccde18b1b0b2031dc69ad00460797126d8f1527f7e85e08134b02c372afbac84eff7426134e3450e7b19c5642f4e2a09abaf9bc8c1bb2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 abc91859623a2c10e3ede94a50f9262a
SHA1 cb26c5b6da671b93c2336948f5b250b56809d848
SHA256 b5ac81383bb9c014d4b4030a9232e1b33fb7e51a6ed1cce6885d05e7668e255c
SHA512 1b50a635fde07565942f91facdeb6dec7e73928d127be8c992a99b2026061d068db567b06c57ecfe024edd59e63753798ae09c98505c0501326d2977f4db7f06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 0370fda81fdf9150e3a40937737225e2
SHA1 830fd721b5cffbba3cbcdb40d66ca8e507fad251
SHA256 ae1e5ecbedd341b099586a599d4a353e632713f70ee173275f45c7847c050abf
SHA512 03c78ae24b1880504f599455630a89f76167582ca0aefc4305f24f52f0851b4876db67f0dcf8aca7a5b1b172ee5085aa158fcf9c7e6106a99d2404a078fc6985

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 ae7de0a715beae6d366e61ada8ba40a6
SHA1 12e744ea3b1cb6a6c491053e9c6887d45b7611e4
SHA256 103663af9f96da9e3e5f8cc9aedf008bd016bd9949e4c9efdfa49b747b993b8d
SHA512 a658cba16212766d228dbdf1cf5f9ba79621f594adc411cb33cd7f66395dc16c57d4aea5a0a6ea49812e1b9caf874b179b362735da5368381d8610f90e3542aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 7f6d4a04a3bdd889c3212f15f33f7398
SHA1 396508392bfae9f8c7a8e6304faa1d291ab3c155
SHA256 fa2c07a04210589acb523d78b4e206288e4c32e13d4104d8b724e5270189c5f9
SHA512 fe767dda4b88a1fe0c8df7f547c66fc4a51918c6435a871e955f4458155d338c24d6d7b02e29db251717d319ac130e4420225681a72bdf6c41ff78a7b85c8727

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 68588ec9212406aabbcfb38a33306f59
SHA1 490dcf3e25405d3162fad141434496c136e55322
SHA256 38f10954d81dc62d6abb82fe0a15e767a4270a873380d0bbc16cdc81eccac2b7
SHA512 f9efb4328786e9d905151c5c6fb2749162d3a7ec87592a305b18a070505a5b9813ebb35bd00bb53837bba4d10f0d5f9cf7d2a879e0910cf7b587ed872ca6ec93

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 35b868c4277e87b4db924c9a826f5f7e
SHA1 8109cb7a455ba9b4a1941f9f6a3b48f5d8a56a1b
SHA256 1287ab58524e3567f778d1405722356014a8273beb96b856962d719032e7e6c9
SHA512 895a3a24c6ca624645c79c49497bc49c65773fc361392eaf40eb7da2862598716c1e715087f4090f0cc40d8977bdfcb3174c0247d4e257bff3e268c5b67fcd58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 a87b93dfd2fc242f101901ba68fe31ee
SHA1 ac06d77ad1999fb31873f38f8dbad465938d43ae
SHA256 41344919ad75cabb614765e35a48df766a5849a30c0478e5f12aa52557dd4814
SHA512 482215397ec21711eb7038b5df1b7e23a8b7e3bd4e442ccf886a0bf96f3c9f3e80bebac2e4ef8db9cf67f90102a5268d3010f9c49ca609902ebb855effdfec7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ee6f644d4a9649fa58ea4509b54fe812
SHA1 a2025058862be8b77a963b439314357dc09a1d45
SHA256 da014dfb8f77355ef0d57e47537a66cc818df935671f8337f5334da10c44a2d1
SHA512 8f354c1c094381afee26c72b060975b2c6d575f276f45064bedcf2d2f674e99d3eaf62e65f3df162743da82d5c940bdb5e810022df95db1338d6128148480250

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 9851bbe5e4d552d0040fae336c57121e
SHA1 08562b1c90fb7fda8bd6d86ef3dbd9105436bf7d
SHA256 76b6bd0160137ee0fc0366de83a5577d769c485204a4bf54663448f8feb892d1
SHA512 6a7c96bce81933c01bc836396127297e88bcfc2d1e2e4137d798df05c33599bc3641a67edc9498bd83c6a5affac19767e17e518fff1abe2d6fae06b0f0f9498b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 be39544bace0ffb32d77dff7a47104fd
SHA1 2a0186fa829169c2ee8f99eb5bfd261a7c98369a
SHA256 58177d383e30896beeab48de441b0e4246fd627fb1d100e0489b9afc6afd1225
SHA512 c672ad66c36a0cbed44d628b0e5624df6b1aa08461d0e42f5cc9cb2657a6ed2c820ccadd99f98a4fd23f180a9eaa5e4e5dc6bd5f05177f73d89387b59ca323ab

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 b7e40b1989767f8130d5f1627d887acd
SHA1 13e195d4b57270bbfede8d6303b9d3de7fbf436e
SHA256 60a2bc0a29fade337ac1d6c36d6b8648254a65905f32757cde371bd6ad5f084b
SHA512 f032aeaf243aabba4dc0f11116a46cab18ae6536406f4b5aaa53182631f868bb65eb1bece520c3c533c637ddd6419c331062e5f1132a5384982ae4c7f04e0e51

memory/2316-7415-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8f47dddde8ebe2da9c7d2a7bce902f76
SHA1 eea8bd3b60dc722ff9adf0d1bd7307c96ebf4765
SHA256 a18f72305f585d2a23629cff3550eaf27821d7183042cc173c8603b7dde4924a
SHA512 3da62aa71ed2d66113dd22eba2d040abba72cba034362b64e0a655dec34733300ea247df1840274f0ec12a0b8277c90a39b7f9793d11b384c88dd8a1881bb1a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6d31a8aabef010f073cc9e9b7205a648
SHA1 3575a61af9ddbecddb33e6b45db56153ffd7cec6
SHA256 8c78075d43bfef4cbc3b48ff2ab07530dc3d9d02f3808bd2e0873d2cd42f7aa8
SHA512 0a9a946018ecee2d6e899dcc154d3d1954ce03bd67ec2578be11d9611360a3dd974105c499c6c4943050920a59879a3d7e84b3ca9201048b477d0b750f645315

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8deea690b28e4c7380cd7b6ff8f44595
SHA1 d0f8c8e6189a652431cdbddb8aec5c824f7f9417
SHA256 d105c5a1363cf7073ce0c340e1fcd85393f8ca15b7c8b705fedf314520bd622a
SHA512 604898b0a5f2923e6a6fbf49108b9189df6e4626bc56c4b216da42d8a5a28993f7bb386a018b8e9e764ab6f2655874d10f240a17fcb7b51e1f57c2769d993492

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 196ffada3fae6d3d3e8ae3ca71676a66
SHA1 89397c36bf2750a2438a67ee6148e8b9f89823b2
SHA256 74f6c7b11ac296eecc0c73b1c9cfe787c29e84416ac0f6cfed444f124f932733
SHA512 fae9c41dfe8dc0af6490b918932e0831ce94c2f685d9101a8daea5bcb9cc9a32a79f8800d179d1927abd143b88e49400cfe7c4d472dcd1ac30243bcbc8083d0b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 723f70bf30a6544bf046d95e91a9a962
SHA1 09d57f7ebada847101e9f795eb21866d75a38ba9
SHA256 1430768b15b61ce265716b546ac38cbb959b3f810a24834a8c13fedb6281e4da
SHA512 d476119bce6d116b8f5e7b14b39a1d7a19cfa54f864d1c6c6e2647d9d788c66df7671228cea5b22192db66b822e306c33cf4f9c1a769c5e6ce83828ed258a256

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a8ca9ca034a0c93eab5548f5578f5079
SHA1 ef292514e2cc4b25d39a764fe7ed76ddd1b31188
SHA256 b4ac2ca5922d53606f37859c983adc22e5eaa2d65c0d1e6bdbb3a27e296a3b94
SHA512 62e0a994dfd22950c03c1d42ce2a71e9d5637ff4bb481a24b21566ded26f8de228db2058484e2a14175f844a5e7ea809278ad98b2252ec1bdcf35994d4aecf97

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 aff307211cf1007149a63918dade65fd
SHA1 c8775783cdbfcb92f87a3dc704308c7286c90f1d
SHA256 76be7d93dd7801409f100b1eeb3228bbd8430d0a8b27a588d50b3612f3957758
SHA512 bb7abfb92cce32ba3e030238ac333a23216b9775a84a85f2c13c4fa22a8ceeafee3e2002ff077979c7338c7290a444b6d37c8eb40fc823b2419d2c8c9c45d9ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a604126017f5177d1812238c345aa4c8
SHA1 ae423efeed643d83cc3f2cabdb9a19cc8c7267d0
SHA256 b1cbb2c5be743ec57f2dff0d52457703bd971ce7d8bc7952b4e5c0fed3af64d7
SHA512 1fcef4da041f543dac17aaa532d7e567349164b45ee5776d4001b04e243fcad9da3f35ff6c567bf235171e9291fb402d6ac502d1a66181510ce08a198bca9292

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 56a5fab3d46a78289a87a0e484a6a712
SHA1 d6a91a5774d2c4089c3f65606f3ef7264f34c20e
SHA256 cb2bb12f8fd8c6c82be9373830d4eee759eaecedd4e2401dbf08e8c0d09f46d6
SHA512 685dfaeb89308a356277702c417425717ebc85e0f8e541057c3a6e8cfe8197242231b3c18ffa36af0ce7e0a2349f0f0541ed740c8c86a7a9a144b12ff77c8bbd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 833e62d200fa60046d8b087d9ec61664
SHA1 ff99714c353e7912921b106e6b0d9e00fb5fd6a3
SHA256 31b8a06e49ed1c8ac50092d888001f8382d3cf2056ba132d9804a6d5574911c7
SHA512 83f7a83563b992c8ec1a5709e636ba7c3aa1216ef0dc052ea0c6cc803d2a14880546a0ae7c0871a4df373d8a9a1531f33f2c7c0d136b42062380d77da87db53e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 3e97b748c76b67d0310118739fb545c4
SHA1 6295ecd8fcd4d42c09bb12f6ae4f4abf13ec94af
SHA256 90e501cf684840951c32ff5e67cee3e09bf534ecb4ed4f2082b520792dad9013
SHA512 1f0b4496a8d4474c0691259e4fc25062468047f226c14f2f7c72d1b9c2bae76caa2c33bd8d46905e4a1fd798229983ee81b2ab61378652a6012e9ca2eec72aa5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1ecaf3aca971f7cd386283ebdf5157d5
SHA1 d5c8588dfa5bce64a7b51c3b8a3c0c9e54a6264a
SHA256 c5c3b20105e8b61031bf34ec84c12ac0f5f33f036898d1aa5de923ed0289c9d2
SHA512 1c7c34fd10316b872db5119f989605624ed89a56c0b36c2ea18de4d508892f92e58de330b5ebc33e9a5aafe6d49f3159c6a332452ad7f50da93d102036a84142

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 394eb72f51bfa0e039ad0759cba709dd
SHA1 004964064c8ca579db5268e17d4d02bed2915be4
SHA256 56e43458b11a23b9735be1d99bc5c08cc1eccd0bf74f7fdd7f1c325703bc3a27
SHA512 98245a7acf73836b78dd7fdeb744ba9d1141150058464da558a76c4d44a823f454a4663473561619176385f53773aaf734850dbebaf94e40e566f4694a91d9ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8abf5a81bf17492edf503f2120b2cc2f
SHA1 a97e130b14c3d5dbf5344977b046327ade6595f8
SHA256 4834642df66d5f75e9d9cee331c571febd3b5c579411b36cab9fc8fadc97e1a4
SHA512 282fd5af0b60504380b971faf5422084446df747e6df90544ecb35c048cb0fe7df4a2ce2fb412f147cc2e6df4db0d76af7fc3ce7b8da396500750f58cb16ed34

memory/2316-9050-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2316-9051-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2316-9052-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 23:40

Reported

2024-10-08 13:03

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2194) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cdrom.inf_amd64_f08f2fe1cde58aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-125.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_myGames.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-1x.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_87e6dca9129bc4b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wslhost_31bf3856ad364e35_10.0.19041.117_none_9be21f0ef860b570\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-tasks.resources_31bf3856ad364e35_10.0.19041.1_es-es_24764865b981c233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_regasm.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_f2ea992c585f60c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-networking-..component.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_98f88aafa5d20e90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-uevwow_31bf3856ad364e35_10.0.19041.1288_none_c652bcaf4ff156c6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\SystemSettings\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ket-win32.resources_31bf3856ad364e35_10.0.19041.1_de-de_d94eeac525eed496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.build.utilities.v4.0.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_9309c56c5bb534fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_winusb.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e43ab534d23d84d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_10.0.19041.1_en-us_0969be0692002ae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_6e688577a32f8855\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..el-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_b11b8622dad8c992\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-label.resources_31bf3856ad364e35_10.0.19041.1_de-de_f3c7f2fb54abac37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeeula-main.html C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vp9fs_31bf3856ad364e35_10.0.19041.1202_none_7331c53ec95f186d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mdmregistration2_31bf3856ad364e35_10.0.19041.1266_none_9686c16e93221088\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..vicediscovery-dnssd_31bf3856ad364e35_10.0.19041.746_none_0c5f36e68a5527e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..tion-mgmt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c26f2b2c4036a894\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rdvgwddmdx11.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_389b184d6d600b2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.appv.appvclientcomconsumer_31bf3856ad364e35_10.0.19041.746_none_4a2dc3cbc7724178\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidcfu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1b37a826190aa269\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.19041.1_none_b966db02f9ad5206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_kvpexchange.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9339df0b4cdb44d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..alservices-allroles_31bf3856ad364e35_10.0.19041.1_none_19997cf2c3254796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-httpproxyhelper_31bf3856ad364e35_10.0.19041.1_none_c2b8a8d826eca989\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup.resources_31bf3856ad364e35_10.0.19041.1_en-us_92d5e8b2f2f67484\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.dura..nstancing.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_a78ef2cff17c659e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-management-..e-workplacesettings_31bf3856ad364e35_10.0.19041.746_none_7e689cb64b925d91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_it-it_a1e0902bd2b3e74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ipmidrv.inf_31bf3856ad364e35_10.0.19041.1052_none_bef8a6b7672fbe73\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_es-es_7c1214edeff23f1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8700cf93b722d3f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_refreshServer.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..nt-extupdatesupport_31bf3856ad364e35_10.0.19041.1288_none_a2ab1a53a8015ca0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iconcodecservice_31bf3856ad364e35_10.0.19041.1_none_e77e5ba35dd28918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bb0d3822d84626d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_gpio2_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8303b67d40b34515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6d58070f4284e576\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_10.0.19041.1_none_e0dec3877978d84a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mbtr8897w81x64.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_349690eff7986a90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnrphelperclass_31bf3856ad364e35_10.0.19041.746_none_cec77743c8946ec9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..tion-relaytransport_31bf3856ad364e35_10.0.19041.746_none_1ad1c2967b0d8382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-lockscreendata_31bf3856ad364e35_10.0.19041.746_none_17d3b6c9a66ace77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.scale-400.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Alarm10.wav C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_de-de_0c20cfc1cc507fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_da-dk_c2b1ad4ca766b8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.546_none_b72b37b884665d49\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.153_none_e95531bdadf3df5c\DMR_120.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.19041.1_es-es_3942792961e8dc22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..i-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebb5321ce49cd954\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rtworkq_31bf3856ad364e35_10.0.19041.1288_none_6d0ac611129c912e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b1caf9dd45639661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\MouseSystemToastIcon.png C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdpsvc_31bf3856ad364e35_10.0.19041.84_none_165910285339e585\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe,0" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YWOFEWMRQAYZQVA" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

memory/4904-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ae7de2b41041af2ffedc29f60e6e1c1
SHA1 63969a651dc2d2aec18aaff8c86acbbc3fb86b6b
SHA256 534c8054977ffcd823939e2c00ae7f72a5b153fb564bb089ce4b20cf3af49d14
SHA512 f3f47d138ce2ff2e0b6533f613a078beb1295459c20270ea8f31f8c4efb4ac063ee6a09852ccb4a03d450aa5c7aa89780cccad480f46521be70eceaa5b5cbcf8

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 59c648fe2cbfedd1140dedc3118ce680
SHA1 b86c936102a9a2440961406ced685948841c3b35
SHA256 fe59774e4ce28fc9bbd765319f2bcc577377b8812c28580a2556ea33cca13a8d
SHA512 3e7fdbdde4cc89c18cc4ada839ba6f3c406cb8d6b284c43e3bb7add24709b4b4ccafdea709eeeb181ae754904879d5dd6b458733a1f0fcf5081befc8af5f8379

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 5cbc976f3c776bd07782eab900061eb5
SHA1 558c178fdcca40268a43d4df29461b8924c736e2
SHA256 900e433d436e201735cffd9a2e4816a1aec00fd55a91c8ab0102dd70ae46ac2a
SHA512 c719827fb9583bb49a463aecd204b3078d3be2a5e4886b1ff50b1d68ea50e6011cb29df705f3c7014a54a0938524164a36f214abb6833a7653cf2318f5631f41

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 4d63af1d9341b8f7027ee9dfa0d2825c
SHA1 c13de8f1d32c714670536fbae422d362e5cbfa9a
SHA256 a70882db5350e5662832eca0130937f2ba4e95e1a56c638dab605e6ff16cc30b
SHA512 c1d159cdccab1658c0ec099b2e459118ef820a7f31bb51f67b95779699f8086712e9708ecc38825b6d8f0f3f93e91dc54fd10b21ffbdda7f930918880200d112

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 2540332888ba31fb7c128d1855f55e6c
SHA1 ae7046a7fb90bac3621bcb5a4d88364f94dc414e
SHA256 119f37b90b35f07ed9f635b92b16f1e9e3545c1af3fc29c8000db61dc756a414
SHA512 cfa45da61a09f75d1d86f745e4b4f20ce4f312144e53f902add729bafd0c042014694782934034a699260092515f607ea88e9aa8637ea7b9a64ecf5fc13e43ce

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 f4829ab6dbb6f01cc078cdb63553e0ca
SHA1 7c2dcc04874a5970319534076ea35780c8d6732a
SHA256 4a682428e3dace505fc5136f46792fb3f630626b9818045e237398509ea45ba2
SHA512 c54335a9b76d13ef53a693475ad4187860420082d0fbf530aa0561d9a7ed041a12edda449b7ee029ef101cd3c27a10edeaa4f3a758ede2615bff467fc414e75c

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 165dd7b9bf2605cb6a6033675528bcaa
SHA1 58d9d9bba83e6facc6a14ce18270683c2b4e2099
SHA256 bc78773dd94f45eae3521f28e90f2b5e4048049bf364532389d478f5eea90701
SHA512 d9c8e9786d2012088264c324cbbf36c566005a6ffc285584e494f778468b669b6a941e7f31e86575503bec86675ff618bb5aaa6a918e95dbc5a16f17d1536df5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 1e669a07ed5127c8da405d8d08148241
SHA1 460cd5f4a2d995515da7539d3f25ed494fada0bb
SHA256 59a4720976bea23acced146b38450912636494226cc8eafa3cba05c44a507a7d
SHA512 4c359cc6242818dd06dbf27f55c1b230ec2c058b2ca2829e581fba72c0561a954c9e5c43805c16ccec98cbc5b1957818bd79d1fb4569f0d49861b9da0a741fce

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ad4eb5d79ab61c4f6900db9d459dec81
SHA1 30ddab2cd62a65699ba98a6b8de484123606a766
SHA256 e399ccf8465d4336a18dd6c55da2fa6c87003c9aa96b18833a37f7a4ab24edaf
SHA512 4d5412ab48900f9662e1fcd4a662d867b5445c96979f38d7dd99b9b25aecfc3fb3e7cdb68da2db935f927210acf7d3ef48a6577d7edfc2ccbb02fdba2ca1bde9

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 69b73d77bf6ba82299346dc929bd8543
SHA1 9db5772943425bd4ed0c45c784ba1a79bc2f2e3f
SHA256 cde6b008bf00966fd996b4403e64077604bade86c80d2c2de6496798fb532688
SHA512 e59d3e03fafd35e533d22ae2bccea9c40cb442a7fe1b8c1212004de8daca2254b68f79d45f03b24aca3d4edd0c697949fcbd5c08068aaedfa2f9aea160d59199

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 7900261d9d32e40f91d00dcba4d755f7
SHA1 ee54378cabb785c3ccd3f45f849de5aa1d23ee14
SHA256 2f7390e32f007a650b402334e93b3f0f6b22a02fd7be02a1dd052cea30826dbe
SHA512 4cc77fdd891020d7e2834ba74cf02fd8bfe33391aac22ae59c55817b50592b538c09247e61d8a9ea37a4d8429c0a31ce048d32ccef096917f45609d98d47a2e0

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 20d823f9321b5093e5a04d30f85fe37b
SHA1 8d560cf504cd5b6e421f0944cce3e66113dedf48
SHA256 ea1d00a35ac45df18f03706ed68b48d826d36c0b26a84457c3b0e13ce4ca2c7a
SHA512 aa894ff5ae2fc25a794939459dd68584068cd2ed3a5481d2425b1d88c89759d6ce967ce9e6e8ed7803fe955a21910bfcab5f5822f9a3521e6b1bfd492800b4b1

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 62bdbc2ef0378e4efe8f7b74a7d58926
SHA1 79b5b1cde2f68c25b329203719155ddf09226af7
SHA256 22945da0ec283253423bf4aa35b110d003e5f2419310ce9a9671e66ae87ad067
SHA512 83c065785244290dc1f454cc84a0608b6c21192ea5de847d45601f6726c6bd0400bc4a14fa9cd7f4f35f6e676303b734ca373f4bfe0cda83a3104c3e71a0c68d

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a26edd86b6f83c6354caf44cf14f33ae
SHA1 34e7863498ff0fabda55dc7f5c5cb67f7d245451
SHA256 d6f47ea40f53c2a338e6c92b64c1c611bc79dcd97766bcaa4f54e718817abbaa
SHA512 b5e5b77554aa4d1a43f32381d68afc73bf0a4130a1c301442f0c8173270ce661ba1ee8e5003e5eb7aaabb3a7968db3471f0e81b82b743ec6c7d397bf01156bd2

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 988b4c25b093548981a4448340506646
SHA1 41da2976f8d579e0c3899f3e10a4fb6ee5049a37
SHA256 6f20d520ec0a428beed148eaff990dc28446927cbaf162cac582d120a0cfbbfd
SHA512 e09a0237b96d82d363fccec0c429b72f5c04e7a6e2b9a04235479c25332eadf12173af22c95eed1242e00faeffab5c181ae7a1e3e42836f90e7c339a808baa2a

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 62924c72a197e5e80c988592893e132a
SHA1 0158b148f2a0f7722cb2fe1a56e7c42b0bd1ab66
SHA256 b6868952ac5b269d6b1f04ab8eb7b4ed35771e0f2f446239e4df78b38b99ecae
SHA512 1681dee5c3b9175161e73ba14e91a326e11f4b63cc8708c01a51f87c293c42e50bc008af8ecf69ac468b299459c8d69992d8c366be6062d3d800c0736bf8873f

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 826bb17c5cade945cc34945778654888
SHA1 9e805eeb0502528075ce85887b764c0d292d8033
SHA256 0d11f8dfb1a4fc3e60ca936cc2429e257975a8ced035ee3465645ce5960d9fbc
SHA512 62776eff138cc5507ebd3bd0d1741c8b543cc844c716913d187c16f61de8327846ba69b518d2242a035051efc3e557412895a1cd133aca09eff3f497ff133546

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 bf1eef087179cf52b917733adad79c50
SHA1 24f4b6d790bea1f6ed57826fe2798f12f443be49
SHA256 cf23a3b05d037fede3fe9a14488d2c3dababc86e1ca869ed1b1ab1740dc2bf31
SHA512 5b3e796dbe63d1249f351507e8142a4c2c0c35d1b41fe9faab97df7459f3920913137cfa906318693e7e87e563d42a92ef409afbe8546ccd52f9b5020efaae69

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 3abf47e88c63441a49eb05c10db75c69
SHA1 a5309b63361f61aa478a6370d7a9a862443a11f3
SHA256 cb367705d8c142c33ffb2ddd23f70b7df329047ec21f4f03bb4329c48af12dbb
SHA512 33f65640a42d578e80d83dce7ab5c9e3fbe3307557973f994d3a8b1ceee9540fd61ed54ee7a41f2690b43f7987329ceb835a512aaecd413a02393f3bb0894d04

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4edf2b87f8f7754b69b8cf7ee8d92f02
SHA1 1a35f46316cbf5dfd8b3a44ed003b784b93af621
SHA256 39943863af1f4c42dde6c56ab5c39393df45b66705c9c8e458ab0bfa16f52feb
SHA512 43681233a0ea8131e40b2d4c99c0b3312afa23561dbaee971bc85989665e5194266f633f22887d4b4895f40cbfa23f0a405b92cccb86daac271aba846d7bf47e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 c513a7f282457583db11b0efd0519d92
SHA1 3863796e033a1781ec713bf21c40060bdf3c85b4
SHA256 d7b447a843710ffd3ce1cdc89575212a1df223317fe12c4ca228da1dde2f6eaf
SHA512 2aa8160e1d8385d9ab17e4863d3e3251f26cdd854a77342dbb5fc5b09847735613b47f3118ee843efd36ea25ce93cc097167c3ce12b79a630ab9449cb1e3c0a3

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 e185fc2934d643a26cc4c2ad8a37f5eb
SHA1 77bb55f0538180c0dbdf79b518426b27ff02ac8d
SHA256 e1273e070aa00857e22be7ea0e3fa1bf1232130c7aa6306ed890a1f9eb3387b5
SHA512 07c5695f085394a3ca98e46805d94661f53d7370f84c19489e6b0de2b155fc7e94b32b8da55cbb3cc6c63effd76d478e563436c50820a571350195f01345253f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 feb07bdfa2ae14ab387b5e0be4765763
SHA1 ddca8f4bca993dbaca7d8b614612da13ca36cbae
SHA256 1ee6276b0b65de5fff408dd359d19d38d6a5c78ecaa851a7d74827c18b206f51
SHA512 ca06d5b657dac27898b04d15e6ec6576d6ab0b7ca821bc688a3a2514c1465b91913855e83e94fb4cc2e23b95977c9b75e9cf131d302aca2e6a3eb4ce9d650b7a

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 ea17d6cb0deecf39745478a133950aec
SHA1 409ecbb34629f4d89afe0f6770b79b70adad3030
SHA256 bf0bc81f74af33509f3047eeea567b983f94e3b64c0b5200e4b0894aac774749
SHA512 d293f58429edf7752ae5665f844c3bc0fb000f82a531db3c4c9fc2a77bf03a69d311d331d38eb5f304cd8548e89f4677cff376510b430589ffbe57ece4dca0c0

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 ccbb01e3867d75fecddb80089907b083
SHA1 89d733572bccfc79fe14f17c15db020a78f62aa2
SHA256 a77ff122e27c3975b587bb988941e2078e0c0af852d112312d32e685c0e24053
SHA512 aff2a994d35c939f5872fcf76cc3c3718ac66b3ddc0913520585912f27af6e3f2d900e3fe1c96ade1267e10a72eace914abfc1e8a40bb475bf7f8243809bb349

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 79e3c7d351f03aac12cfb2dc977d60a0
SHA1 774bf639372f746dad2abf2732c81d79f85d7587
SHA256 2f5264a90066b66903eb477ac6ce4027e96c2603183571241e60076cc88c44bc
SHA512 1fcf43916a62ba3df74590c72f09fabba1d20081d63d6abddc55fb9ccad5a1034f871fd0275e89b920f924b43e4b95703423eb1f4735cf5020da4a7722d78810

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 cee331d6be0e7df0bba253c013d1a1a7
SHA1 509fa6a8f0a50711a27c6df71b359a122d947571
SHA256 18f5b4ff443cd0738eca24c447ff0867278ed9919984e716fe7b1d5ad6d8dd07
SHA512 17c08d33d84d461d31db167f36585487d9ebb58380007fbfcf9c9d072ffca22459f9aeed50fe9c88068a885fb704454db28253bfccde0d40f7c49eb43ecb3af3

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 538c65e1499145038f0960c6bba8eaa6
SHA1 27f3bf68d6c88b3b0a70cfabd4651af9396f55c2
SHA256 8945d18f173b0c89b58a7113bd9547dfd4860203599943a6e735f8e35b705f1d
SHA512 7ba40f31551406744949f3831484f599ea84cf863bb6a68ca4a8fe894111941bad3b116d7f005c92b3ea7380a4373ef12dffb030fb76b9ca30551ce08e4a11f5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c7bb90ca2096640bcb806c78341b978a
SHA1 e9a44749eeea99c6d61d40120c5cc12ae625be00
SHA256 fb00e364561f9a756f609f0522f9739bddd1dd1eeb24b613a439ede06deec3e8
SHA512 38dc624bb9cef54231e76f10a99cc15538fcbd2453766c43fd108998b416dbe47a7458fa8f82f29cc36494854435e901a6f4f1142f5deab8e9767468fcd8b466

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 940c330162490789beb579fc7e933daf
SHA1 6b6d56331725edc4c2d736b18c557095ee64c192
SHA256 b1b77e7bcdb7892b0fcff6d2f1114de696c178a1fda7cdc0a17e6c0b623ad8f3
SHA512 c33b75a9129d3307a938116c1ad391323e988dd9b355f8af05b3a484aae95896f397fe48d33ef5d711bafa19a07dfe156ad02a1f56715792fb4f42f0a44a1f44

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 f814fdc3d32f86fe4891020da27d0f67
SHA1 5c03eb27f1c18872a002d0c13eeb08f709a88f53
SHA256 ef4c34e13a28c4ac17af99d70e6d196a091352f731350dfa673a60464d6ba215
SHA512 26e5d5e1a489c9ff611a43036a82b9131748dcdbf0124c86fed5bdef5fa975349192c589bf3422fe441a371ca8635db4ac6fce1eca937d63ed82b2069ccf76e9

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 7d2e45579199edacf5fb5f6015132744
SHA1 08ee6393b4ab3ba85b9a8b6372fb22127bc9489e
SHA256 abd7ee7c2a97d94435a906ce84246694fac1da20b085f5700c12081f88075d46
SHA512 35c2d7b6e10b3e35b22b3c777df81f32c1d66315538654a03f03c16706daeaf8f3261c4e2d01dc2774fef8db652f4ca1b4f25c47d7d82f33ee5bac6b10264d93

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 09e10a5b86e810e53e43cfd23e51f266
SHA1 c78c46fe9c62d8364efac1adef1fdf4852b8364d
SHA256 9c555d2cdece445cb81e8428b92923226fe4355ee06a52f9725b507c55d7b07a
SHA512 6490b6cbf00ab7aa69bb65aa048f726093e0b60c54c6cae6fc3d8b0a8cd0e8c018b50d535404435c5eb0ced9695aae315881d80fcf01066f2b7370efcaa498c0

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 190d4cb623396b53089a8091789f0263
SHA1 8726fbd84febf7e7572cafc3748b3555aa70de99
SHA256 cd6e1c37ef1a10d743321c633d93647752db056f3b2f9b09ce66ef8e5253e1ca
SHA512 a254f744119efc912245362dd4db02deb4e5248c650b6d63f6097d90fb464734ee2f00f5dda157df794d359152a5283545c3f7273b89952236ec3c8b0dfe9e51

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 a2ffb5210f7965b7e0c3197720f50a1b
SHA1 1fdd6202dd9e0d0b93edf0aad9402b66f9904291
SHA256 8e644033ead668bd5e273e05c4438d75fbb0c9da5041500047a4bc75104d183d
SHA512 0e3b130a4736ad8110b79c897790aed6b167cc1c741d2253dbd3859a69d61b05ce9342091f3de29174fa1cf18bd6323eadc2c0f0b0812a41077ab4e8375f83d2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 35db3c676553c7ba0be1b3f9eb459147
SHA1 bdd509a732a8f5dc0ad2b1f2f23a70b37b3c3603
SHA256 f88ba45dccdfa976c225193d101d65f5e2f0bae0b8d6f3ab7c386d83d4d807d2
SHA512 1869992879b2457da41daed5d54b5b9a6eb98f323ed57c73d33071c1bb438fe347e05a7fee0ed76436d174545b7f4774f2ed4716e920c3945066fe3fbe08318b

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 96de38ede98a3bfa66aaae04d8154775
SHA1 0c08d4a64b7bb208bb4ceb8efe5696f34726075b
SHA256 1796d791fa3899d5a788cd8bde10a100bf80f5afa4599a1f881be9f433bfe84e
SHA512 ef3ca3ef600fabd79c684cad5744adecee169959cceae187cb2a3b91403b8c7be8a6e245eb0fb2aa946d26a577bcc36820cb884f79c5d9333cfc4b46e439b15f

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 2aa9e1b42f4dd48e06aefb0c215e4841
SHA1 f4d5f832c33dd873b2dffbc3db6d707615b9d765
SHA256 ca485e2618c9e0a680c220e44d96b432d0e0c7a6f9d474df0f77f2b0c35bbd0d
SHA512 8f7cfc4b5322106c103094a3766a59e971b401b46bf6cdc400c1161e1b9f724337139d90f87c22f30e42b1b217a4f56265f89e509da686df1a6c05bbf5cfff96

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 118fa388ba5733ddd3b68c8f53373e62
SHA1 fa1e41f64beb2bde22bbba6e0092cf12afcfbe5d
SHA256 7e02af8d7f29ba87e0ddf1acd3b10e6ea31e283c0c4345d063fc276e0c05e8c5
SHA512 5f9c5a97d51d2acebbccbc79dfbf598c62bd9a8291066a99ecd06a279f7f77ff85b305430c017bbbc134eb103d5e887040509fef7d60c351c22c5d66878951c6

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 4bb28c5263439ab3352303303dbb6b64
SHA1 cd83a3f2d6af8cae1a4c7494079fe9fa2c9035a2
SHA256 02bb599cbe4f169c049df5524d402086a80733645b28d16951d726bf30e6d4f0
SHA512 4e0b6bcf9c4b7e46fd230d6be9fc48f55c617c3b76e928c997c595fd92959c034e84a0a5096130a096eb0b0b93bf63d48430c77e26bb445a3b35ba42d7fff66f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 c85e902074eea8cd895bb44e16990d6b
SHA1 f8261e9f427aca0ce8a6822270d4e51d050d6282
SHA256 ee4c889f045da2e4ae7d82175e76558d191b9bf193a494fe93c87315b25fba90
SHA512 46c7c4d971458e7f1520cbc05e62530dc1ee75131e40f8ca698c51e13b3650737d702414888eb3aff09b4067e21c451c3e74e925353be848cc1e43dca07fa504

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f7143d067b26538ac2ffca45aa2043b8
SHA1 4dc5d026ddef15cc55f265cfd0420f09d74ab3fd
SHA256 230221a7941e45253b9cdebe53f52ad83096785beb6d8624b55d0340533efae8
SHA512 8f9022154a9139f01fee2caaa969f4a08970f8cf361f9198fd3aae02c8bebed03cbd0fe204df92b91c2f65cf444ec38d3ae179816e20a172a8ee87b343410fc0

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 48bcc93672d7c2de8eaa5b094b20a14d
SHA1 d9611b0667017165af5ec90a33a610676fa34cf0
SHA256 c6b1b7ca15593d5114e8fc89b5b1bb2b5b471adc8f101285c793a768fcf44409
SHA512 094166a76ae259bcc2ca50d455b291246eb866abfa7ed99462a55df69b7b1aa38c4ab63d4702514850f6689062c9e451b1cb72461bb52acdfd7b7289433fd24e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e0f5ee53120ee8acc255b477169b9b94
SHA1 c47679ad78f539153c78c1451b302a24ad737d87
SHA256 2af128a3bd43acb8b1211ae743f79359f19874d7365c00309d0b9ee51f4c24a7
SHA512 8f7d1769a3e4601806ad93acdb7f010f3fcdc1767a49cc0d0ad421f7693835a1c70c3f8f563b8113bfe3fc25c356d7447371ae56baf46da09c4a5b5cc8676a65

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 c70cc924c44c2bf78c00d5caf30bd261
SHA1 0bab77c7fee6dfa795b722c5c442173c3f169819
SHA256 6dd07c0f3f09c3565b1a22cd9987e5549cedf958b523d9dd337785f94c783396
SHA512 19fb1ccbd5471e0e405fec0994b8f012d15b92c180b3344cbe562c22367c4422f08310cf59ee4e4a10c9ca1326d60085d94815d77811bce71e5bd698af1ab1a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 c2d5dad36478bdefe406ff1d71ad8cf4
SHA1 14288eb4244148adceb883efbbe26ed552eaa434
SHA256 f8cdd3a5a07900c4b2db939064e2d1e308ade5f7ee7812c56b7bdd9625e4a5e9
SHA512 d361136173f8560bed473cc10116f32336471211d10ec316a7c06e160129eea957d982841750570fc8466b762a3744e58c6ba7812a1170add343ef2ff524b670

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2bffe5f5492fc1237a13c34ebe2d3ac2
SHA1 33f4a25b6034b5c53cf6bbdccad649fe2c8755f1
SHA256 04e711d7feeb0795af83702fa04017f6783b8d1f1b61ec97a97262eb8daab97c
SHA512 8e0e972a57460c607770718e65cb047dd56425206de84832f8678f1184742fadcb6ceeaeeede2e2843cb44c84651b4e7333eb905409148d5822e602d3b0a8c83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 6dae070bf3c12038328ec0d0b4ef8f66
SHA1 74cc8cab7b16a72eb445120d7235eba2348d5d22
SHA256 090f5df55c65f92d062f614f36843a27c31d47e19660f1534cc891469d1ce1d0
SHA512 4f4ba2a2b434bd4910d94a84e6abc976ea6b6fa6d1b2d21beadf50f763ebdb5775c8926187ffa0ed2125db7fd6f249a160df5d35525129b055172ea1cb9d9406

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 feacff524b06ff82156a4e92e2eb75b1
SHA1 f0f3cc59f3fec65c9f89923e067133a4ffdaa37d
SHA256 acd1ba0db2689e7a212565dcd45add9ee9d26b70a2b18ea5f0d38810a8c22be3
SHA512 94b3089e4a722039ec88d7d225feaa7ecb533388da5b7a67205b543451ba5e40613924f44d15d6ebcd510cd4787113ab0ed0c25dbe36967249b3f9bd43c8aa18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1104e936a5a24231e93b26907d80d6d8
SHA1 9bce67a3b4c26fe3f1083f1dfcf9196c0267c807
SHA256 5a3b007f8b03df36beeebcb4ac51a72b28075c2e2979af961b057955e4dcfe9a
SHA512 27a36a15bebaa2608d71d3d850a4967075409b295fc4f1d90638da30398d00f62c4694aa6ef85fdf6de395f7fceea68cbe46a35d1859f1d4f547c4dfa047b541

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 34cb580fb83c0e2f60d2cc7449032304
SHA1 57b9414df6785664446a4ceef2d4be4816fcfd39
SHA256 1167bfb18fee5ad4836b980b5b83ec4983b4599058b10d8790af74039f1be280
SHA512 f5c558dbec90f20362f777bfed3b824aacf9c0e90d9e0ffda93ddda951bb2d4808c74c50e99617e9961328403b9ae08b95437f34f1cd106ba82a9418c263adf8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 d27da213a7572a5eded6cd73c994e057
SHA1 2d3794e24eff9752bd9a52eac557c1d0dcf0e1bb
SHA256 220fde1dd6ed6c4fa7db3aaadde2bf57c8727d82d7c9601596a6789c30c21f0f
SHA512 f4089aa3039bc6185e8d7ddc2a17fd62b68d0b890e7a96a15d5e804a7c9586682a0123ca83fed49c82a34eae8c1671537a160faaf59366bd2a599dbdda75155a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 7cc0f43df2f2923392b4ae3a903953be
SHA1 12b1e2c8b7e7a12a335e40146338e32500f4d8e5
SHA256 32c3b7801d806304bf4f8b4737eba0180a9dc80319a8e326dc4ba9ba0ca0e01b
SHA512 9a9b2269de954ff978d448ab9a3b4173960cf9f879a85f966afd82a785c628ef307d2e4dc201b6fa91db0dfa6942f70ce433de313d27eb87af272d35a4aaf36b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 37fb38e51fa42592bce53882d98e0675
SHA1 dcb515d4877a90d2a625a35adb124ea008924543
SHA256 e034615a8f204358a8f3d044939eba5d5cc4b9bb3bff4f1df02eacfc161aa79a
SHA512 7fc8135f097179628669edfee80e4b7ec357070181d3af1b7344491068db72a17c6ce12a5e13ea36b447cd55a2f31c50c148a587250e6e6d57cc8e6cd1ff6e8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 de42307aa3874f03112f5573b66ee5ee
SHA1 10e6924add7dac6eb81a01c1c37f701b8858f13d
SHA256 d0e84743ab00fe88aaf6f8c6259a84f6d58cbca59bf15251c77420ab01e1ddaa
SHA512 8c11891550e8ecba1329d638db2ffbd89c0991cac4dd141f907ade6f8daf4c828042c267efbff033ae9933ac5d3eb0ff06b428d2ff178686a6191c38280ab889

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b813124fa1cb25f035b38da015d956aa
SHA1 ba339972a6a1a4d48569fc5ff7417e547f7271db
SHA256 0d5c5fc62a9110be0e8725bcd7f0a0d39070d1cb550dc667b2c43ed95416a4de
SHA512 b6fb349b938d7c5fd68d38c98fc5bc19b0dccfd53610e5e4f5921f52444d367a80b69a8274494d09813be4d3085df9aaa4d5852d101e5a2c60ce7c462da5d05b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 8384cdc5c9602149da13287cd5c032ba
SHA1 35b341cb54906f4dea379ca63726b90c6c85d081
SHA256 1f648fcc3b93f88989c22c3a6e667e552a56d347b941d446be4382e1a5401220
SHA512 f42834d4ff952f257ba5835c88bc4f3a339c5526347a8eb352323363c7be16b0cb91214d69df93b35a196469fd768a72f42348ca073502e50b14d5e5313c8968

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 193b15f3c35940224486ae925c5f5b77
SHA1 e2b73b2d2908544cfb1c70d73f5472d43fe812b4
SHA256 c22183e718cc8ea8d16f407c1d56786c6c57425afd956bb5c249104e925f230b
SHA512 d00b141cb10117c3a9bde0691124b5806b21147469e06953350a13e9ae529660acf097d02f7aa0e357b164cbe31c9dc478e212366aac745f71e672f6ea2f9f56

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 000ec1d06bfafe4c652b41f09815323b
SHA1 f41ac468477e9601dfc98aeeffabe88285a4712e
SHA256 18d439edc9b0b7350fdbe4e8fbceb41a15c7dc84a72b327e0f8454a73d2e982f
SHA512 8a3ba719fe74a408c9afed9997c9b0a49278953264a3c63456741c153131ce5434e1d5ed69daee9c01f34edea667b5749da0bf528829d4d85095482b81feefa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 545c76749b9981fb4261cf0545572cbf
SHA1 c2ba8d42cbade936075f39f98718826e4fb61dd2
SHA256 ace6ec0c18d50c8620156600f2aab0b17955c9ee00ebe5559dbd55893c39afc1
SHA512 ca5a77fbc9703a7d307841569f7e350742566b868f19bb5e600168957d6669db8b1815b5126585aaa0401a1ff5caf84be7a89e2b0730245511cf9eace940be21

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 75e9cd19cd44fd8c2eef985530788842
SHA1 8f83fed063615406c49678ed05d1cafdfde0d86c
SHA256 22da22ae6645768782a00ed708f0377850c97a80da04d6683b24b77e02eaa5e3
SHA512 2c1f87ebf4a560d44bfe8cd2c3dcb7d72729be53266365c30af4646e97a4d779905ff9240c5673bbee9182658bdf6c243c2801f7bc79922530b0161cbd02cb6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 62404ee15ca2c1c7f5a07fd5dd3220fd
SHA1 91530e03d1e92b38181bef6b5b094833e80fb508
SHA256 3a7bc617bbc03c7a7fbd631ffe0cd04e22caddc2f19d8495762ddd14a5862b80
SHA512 26d024c4393b5d774328c61efd48895b3216dfc8a259db881f8de645a4225c94ed01f7508670e34b841aa1c0c2f40aac6fda1cd58f912f98165aa40fa2c24009

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8a5829ca9a4ea65445f2e7abbc08b177
SHA1 3a6d052cd446daf29fd9b3f73751c395f1a69715
SHA256 1b55965d027134bd87070a174405451eb287c0f7ef5866bf9c87d4fa8a1b038b
SHA512 532a501362ecfe94e47181a85cbd7983cdf099c6ec3c338a2341a0ae11a55b85107dcc3eb32a92d5ddd84bfb9bd62b126ebda74925f1b4b67be1f34f1ce471b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 43d129871dc5e33ca16aa8b4e699123a
SHA1 fd03944f405070ba54045c8a5d0c266983d5c324
SHA256 07ed0ea3d0fdb0bbab625c1bebac8c9e9c647fbfc6144eb7b41f2ece61b32dd8
SHA512 089ed371345a61fe2486b3cc9ac4243aacad713b31323a5a5131eacf73c68960749d71395099dd616b782c37355b56c5ef9b4da11b4225e4f908e73d34260ba4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 abd4e6e569318863a4c4ca50b53005a7
SHA1 88702f4452d5ead992a6570e7dd828ed3cd36a4c
SHA256 9d77762a44ada96054ae726c91cc72f487f5d4b287b134ac38acba85caf839ea
SHA512 d4212010f98d1d8f77c4760add79d960dcddf8f555f9977733b0fbeaf3b7310c4b07fe69c5e8afe6a0a2aceb5c9f827e73394c52084235634a5503f3ffeab8a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 3b51aa3ec60f40e4dc2c39422b28f4c9
SHA1 341374683f83df827ad915aa1dcc0e62ac32df78
SHA256 8becbed7764fe66247a1d0b7bb261985a54d5596a4ccef8ce2ecdad3121a3af4
SHA512 b3fecc75bf319de6aecaa603f7d6f52439e62df3329ebee0d6624878bcaf7db5b0ffbf07308ba8d2d71720cc911ef9dda3a5e17954fd23a9613f7cf103753c8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a4e3df6efe78deb0d852e461983ed8ac
SHA1 47048c31b3fb71c14eb651976796fb0ed8d05a11
SHA256 c3039f702cdd871d0da2929bcf1fdbf4c2a1ed3bc525817e02d1f937d715da28
SHA512 1a5b2729855e01cb5b410fffc61842fc3597063dad337b5801ff6c593726701bea45f385ed190e9ec5b77d83d8db1b27ac5da9d9e70086ab56ca495e538d766e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 c32678efd62da201c668c7fc2bed45d8
SHA1 88d85970b784afbb6ee6abb564538543817e2292
SHA256 d1ba6eb94bc8bbf83b27df0f4282b113bc6bda276fb8b283cd99e0643e5b6d5d
SHA512 ac9f75cefa790d14c53e154d154e8e8cfbe2073b5004965072c6bf16cc641c464823233ce8a57ae0c68a7031e911ec1d7b212ed4096bbee83d4b30d035147f51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 41a14675d19c1af4827ba484b963acff
SHA1 083132fb8fb774c0e6efc25f1cfd7037c013f226
SHA256 19fd94ce43f10b21d397e877512ef1d4545351fd7a847f38ae01d69c8d23e639
SHA512 f0f45c58ccd8e94975b0fca6db9bd97a9da31c990e36af5fe9ca07694ba2f79121dd81060710f7fc70eb82eae92d327bfdc8b89d914cd52c7a49ad4eb97567ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 2fcf647be2299b0277d60ab5e81bf1fd
SHA1 b1df5cf877493f2532607789dae4af9b950a5e7e
SHA256 34ee5c1f07d60335a3301890da381baa8adca00b931e07fb43150aa35b872e9f
SHA512 78db061cff88a02fe904d7eef309745a208d776eac5c393ee0dcccf75079e5c8434292f3ee40754aace9b57839221842e1d99f3d56c4f5aac83de3af896d537c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e0b416f90b4b0284cb5e570d0f40f312
SHA1 0a06bb19f8730a31ff933a59720e113fd7393104
SHA256 8020cd7520c37357d3d21a59e5cda2a3ad1bb32931c56ff7b4ddef2aa91ef849
SHA512 23218e7ea476804d1f0f0b4366aac505484aa2a8be4aa1cbbd95a65891ef6ba7c907a23400202d333b88f79c5f7fb7b1f832562e967001357241c4877e959b3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 8b53585c1526026403c12ab54b25c7d9
SHA1 8598bfa28b4c10aafb94bd3944b787a723abfea9
SHA256 7240016aac05f345044fba5830a8c84837e90b39c39f105e0159de66eac8c1d8
SHA512 5bee421157358ae5dfa7e5794135c5d9a1abe823f69c209e9344afb7551921e5567e0649d22f4ba610583c5b04149963a53488314591036a5929c4e137c8da13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 800dfd3d58005061bb59a148c6e4f55d
SHA1 630a892bc98cb038ad8fb277b3ae962761002af3
SHA256 4353bf849f6e427fffb4cd74f4fba4254f71e805f0cc6db41d24801502f0a034
SHA512 02dbaed91e03c24b5d2d452adc23326ee723b76865fb17236d2787fff0013843861ea045b2b92492fb90110bb4f4b9bd7458d16730a4b917eee2c08272a30d3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 096de800e1b14ca4b9c279b706f4d1b0
SHA1 acce52ede8c8927c954503bcacdf738a465ac05a
SHA256 b0c4b483fc88417fbd0fb25b1596e47cd447ecabeb85b6c40ae4bc281d93a42c
SHA512 e8775f7685a19e7d60c84ff3bf939b476bf7a1e3f54da426d717b9db94eb672475292d2bc38732487936edf5fc125f0ddb0c5b58dc40cf1b2f65d5bc7a459a79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 ad3e76345fdf22d4200ada0cace27bb0
SHA1 8cb9007e4e6a824841ee6bf7bf646796b0324506
SHA256 5a8d953c830bc0bacc6c50e5cce07d261505b36c1c96d642c083a69825b073c4
SHA512 b05a8644547618d79fa426a16680df3cead48cb57d04040940ffb7407ebbf82084c812d24adb23d9e9759eee774dd0ccde165b180b238a8d40503d246fcf0173

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 3c4b9812cfedeeb2b3db890caa8de5a0
SHA1 24f14f4537ebffeeadf22d01f4bdf78ad6ead05d
SHA256 c45f1fcabb78b6e93dc4347f50e93815e373f7586ea90d5ba85b390d0c552ab2
SHA512 b808e86c3bc383767ac3378b4c3735403e6664ae1c70443dfc8be8ff412d8f4277f972eed922f3051ad6c83054211e3ff9b27ddf00cdeaaecb4446cf85af1908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9ce8083522cf54847e3dc00e054e250c
SHA1 ed6ed042eef6a7e9e1988035287e2d5bcf6a556d
SHA256 6c1f76dc23183c56fecb12bba2ea655878b56706d643cf7c78308b16737ccad0
SHA512 1acf2c42d286acda63d51ac1905395081bdfdafc515f293cf42dfc3be01cb7233182ccb2978358f335c087e4a8bb623cb8351b9b71ac1a24faa2fee26316c616

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 6bbf24086c7c6efd92e186a49da505a3
SHA1 786ef3e396bad743b0de316f1a78cf7c0226f5bc
SHA256 5985370c1bb7c2b99e79218f01890b7a5fef583df502e7cd0b851b0a98f941d4
SHA512 b7193a0c25242c7e7672f389792dace03787b301e1dbd06d303c887d9ce501e5ccb7e842fb5b941439454b092f70cfcee429c340fbf99f70185926d65d0f7df8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 6913612bdbbe4fc1535ee557392c0bf1
SHA1 c9004c2fe1a25e74afbe4301775f75def5c09199
SHA256 f1fadbae542c67502889581e35a8a1b9d676d31f4dde21c5ebe0f974b5116f96
SHA512 1ef64c2b18da9bebfba82504aabe6a80280ce4edc015fae2ef427fff4b8ecba10e98b41715123942f974aa839093f8d3f91f7a27b022e34e588c9a05b75bf9dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 28dff84d8c4aa269572236eb87a14f43
SHA1 5887c4ae131c6eec9f40bffb6b341d2c3a6846d5
SHA256 4cfa0287b89073a686a8faee31786ae46511d9cafbbe7e8caf8c2a3d8a7f6ff7
SHA512 5c79579c1903deb0c3fa9eba8304af576a6884df1f56155532ef65d6e650ce20fa8379acc4d4277bb7298fae24bd2db0344fba98cb5f9d3fd015f57f256f26dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 ecbf478d2c69147b070d386fe07b185a
SHA1 afc77983ef0a8020901e854279c667f0e816f3fa
SHA256 be91a510b9205a3113612940b3eb799e3be0e210baae235847f74a0a73f9bd66
SHA512 69d3abb81af2b84637e0753d80f29a6147251f63577b582d898e63ad6dd61908365da13442637e6995ac3ff4ef48ffc0b80f34989ad3d9798c80907fe9835cc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 51d41abac88716738fa66e2e48cf8414
SHA1 185f83183b1b14b18363d6f7b5f5fdf11d86c7a5
SHA256 b253e554aaf6318ec2ec56694ecdbde701b83d83d2aa83b892b0e53298b2a7eb
SHA512 ebac40ac1156b3ae9be153592dfb0cfabca5c9790887abd77b65e1a1fd72e2aaabfd9aa605d743a9a3f08f74823bb986eb4a3841965c887588fad7ad5adf698c

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8246d9badbf957d4dbf66cd34e769772
SHA1 120af3d311c3ff08d52bc7fbe6f309a44119d93c
SHA256 b13e3954117dc0c4d5bf816acafbb193782c8c98a5a3d2828fb652aa5f2e3abd
SHA512 ce5bd312db6a75f86138bcb81d04ab1f70a8dce9213c3836425652a94cdb7232739f2731b255f39b30636019da90c84d81cbd21e2161112c29017f0bcb9ca91e

memory/4904-5561-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4904-5602-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

MD5 ee4ee35b455b5b5f2a7c4b62cd70e6a9
SHA1 47dabe9824fd60d4c0cdfa17ac5275f039b24ed9
SHA256 1f7bcdc9faa19b22dd18980890a98d391d4a912adccea5cec5eb585981a0b491
SHA512 1f434c5a0d73e32f2fd603698714f2361ebddb7821eb888ebbc3a6ec7a3df476bc8cb5c477c38db3c7e961ea54033a16b2edec6e981597ea6ed25296b1444a28

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 b9f97132624ae09dc33a5f49d6c4eb8d
SHA1 4a6eaff212e747cb4d838524d8aecb913be76d8f
SHA256 fe63876258fe216ffd180c2b389e27777bb916f2e5fadf52ac6fce83c02d56ab
SHA512 1e737cf869a66473c0683c47eea88f0275e39c2e9033d3e79f009db0a20d4616a7c046a53685dc5e156f06816324d1b6d1c27e49454729bb9533a130004db3f2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 5e9f0e9950cd86e0ef32828990952c7c
SHA1 219c107e6053db9bbc1335c2b8a5f104d7826936
SHA256 4f8c7c94e6b87ad5c3ae2def04dcd1d36df64a84b994da24493207df00ea2610
SHA512 5b154f6a439424098779cf95fbeca6ccb98b106ec983da69a2dc7195347a4f24049adc0f78ab0d7dabc6cd876df11cb3b642299eea45879a51e834761fd6eefb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 a5c08897fd741c52821e7137135bd586
SHA1 3115c263d395e58e78a9d192326547e30e15fca1
SHA256 854e49fd19edac298e9025dd3f4ea001836b3f28020315450891d34ea81a7cb7
SHA512 aee171e65f0362b39b8db597da64a67cc681608a8d415188577f043b81eea95a676c73ea4fad539fa44015dbeac962a21be12a2e636bccc1e79e2a979be0d6c0

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 79c6e8ffaf35094d44f6b5d15c5daefe
SHA1 55da80d9212323de3e5d96f0d73fefc18def076e
SHA256 432345a111d6807ca96a455996b6098ae46be97ae50d5302cb320d42a79fc288
SHA512 3849b13845f4a50c86284c5dcc5ea45e5dbba3253fee9c077bce702b85d1cc5c89d0e7a313d2b5c4619d9e7df2108fd44f745b14470a73320588aacb54f1a097

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8f47dddde8ebe2da9c7d2a7bce902f76
SHA1 eea8bd3b60dc722ff9adf0d1bd7307c96ebf4765
SHA256 a18f72305f585d2a23629cff3550eaf27821d7183042cc173c8603b7dde4924a
SHA512 3da62aa71ed2d66113dd22eba2d040abba72cba034362b64e0a655dec34733300ea247df1840274f0ec12a0b8277c90a39b7f9793d11b384c88dd8a1881bb1a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6d31a8aabef010f073cc9e9b7205a648
SHA1 3575a61af9ddbecddb33e6b45db56153ffd7cec6
SHA256 8c78075d43bfef4cbc3b48ff2ab07530dc3d9d02f3808bd2e0873d2cd42f7aa8
SHA512 0a9a946018ecee2d6e899dcc154d3d1954ce03bd67ec2578be11d9611360a3dd974105c499c6c4943050920a59879a3d7e84b3ca9201048b477d0b750f645315

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8deea690b28e4c7380cd7b6ff8f44595
SHA1 d0f8c8e6189a652431cdbddb8aec5c824f7f9417
SHA256 d105c5a1363cf7073ce0c340e1fcd85393f8ca15b7c8b705fedf314520bd622a
SHA512 604898b0a5f2923e6a6fbf49108b9189df6e4626bc56c4b216da42d8a5a28993f7bb386a018b8e9e764ab6f2655874d10f240a17fcb7b51e1f57c2769d993492

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 196ffada3fae6d3d3e8ae3ca71676a66
SHA1 89397c36bf2750a2438a67ee6148e8b9f89823b2
SHA256 74f6c7b11ac296eecc0c73b1c9cfe787c29e84416ac0f6cfed444f124f932733
SHA512 fae9c41dfe8dc0af6490b918932e0831ce94c2f685d9101a8daea5bcb9cc9a32a79f8800d179d1927abd143b88e49400cfe7c4d472dcd1ac30243bcbc8083d0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 723f70bf30a6544bf046d95e91a9a962
SHA1 09d57f7ebada847101e9f795eb21866d75a38ba9
SHA256 1430768b15b61ce265716b546ac38cbb959b3f810a24834a8c13fedb6281e4da
SHA512 d476119bce6d116b8f5e7b14b39a1d7a19cfa54f864d1c6c6e2647d9d788c66df7671228cea5b22192db66b822e306c33cf4f9c1a769c5e6ce83828ed258a256

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a8ca9ca034a0c93eab5548f5578f5079
SHA1 ef292514e2cc4b25d39a764fe7ed76ddd1b31188
SHA256 b4ac2ca5922d53606f37859c983adc22e5eaa2d65c0d1e6bdbb3a27e296a3b94
SHA512 62e0a994dfd22950c03c1d42ce2a71e9d5637ff4bb481a24b21566ded26f8de228db2058484e2a14175f844a5e7ea809278ad98b2252ec1bdcf35994d4aecf97

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 aff307211cf1007149a63918dade65fd
SHA1 c8775783cdbfcb92f87a3dc704308c7286c90f1d
SHA256 76be7d93dd7801409f100b1eeb3228bbd8430d0a8b27a588d50b3612f3957758
SHA512 bb7abfb92cce32ba3e030238ac333a23216b9775a84a85f2c13c4fa22a8ceeafee3e2002ff077979c7338c7290a444b6d37c8eb40fc823b2419d2c8c9c45d9ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a604126017f5177d1812238c345aa4c8
SHA1 ae423efeed643d83cc3f2cabdb9a19cc8c7267d0
SHA256 b1cbb2c5be743ec57f2dff0d52457703bd971ce7d8bc7952b4e5c0fed3af64d7
SHA512 1fcef4da041f543dac17aaa532d7e567349164b45ee5776d4001b04e243fcad9da3f35ff6c567bf235171e9291fb402d6ac502d1a66181510ce08a198bca9292

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 56a5fab3d46a78289a87a0e484a6a712
SHA1 d6a91a5774d2c4089c3f65606f3ef7264f34c20e
SHA256 cb2bb12f8fd8c6c82be9373830d4eee759eaecedd4e2401dbf08e8c0d09f46d6
SHA512 685dfaeb89308a356277702c417425717ebc85e0f8e541057c3a6e8cfe8197242231b3c18ffa36af0ce7e0a2349f0f0541ed740c8c86a7a9a144b12ff77c8bbd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 833e62d200fa60046d8b087d9ec61664
SHA1 ff99714c353e7912921b106e6b0d9e00fb5fd6a3
SHA256 31b8a06e49ed1c8ac50092d888001f8382d3cf2056ba132d9804a6d5574911c7
SHA512 83f7a83563b992c8ec1a5709e636ba7c3aa1216ef0dc052ea0c6cc803d2a14880546a0ae7c0871a4df373d8a9a1531f33f2c7c0d136b42062380d77da87db53e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 3e97b748c76b67d0310118739fb545c4
SHA1 6295ecd8fcd4d42c09bb12f6ae4f4abf13ec94af
SHA256 90e501cf684840951c32ff5e67cee3e09bf534ecb4ed4f2082b520792dad9013
SHA512 1f0b4496a8d4474c0691259e4fc25062468047f226c14f2f7c72d1b9c2bae76caa2c33bd8d46905e4a1fd798229983ee81b2ab61378652a6012e9ca2eec72aa5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1ecaf3aca971f7cd386283ebdf5157d5
SHA1 d5c8588dfa5bce64a7b51c3b8a3c0c9e54a6264a
SHA256 c5c3b20105e8b61031bf34ec84c12ac0f5f33f036898d1aa5de923ed0289c9d2
SHA512 1c7c34fd10316b872db5119f989605624ed89a56c0b36c2ea18de4d508892f92e58de330b5ebc33e9a5aafe6d49f3159c6a332452ad7f50da93d102036a84142

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 394eb72f51bfa0e039ad0759cba709dd
SHA1 004964064c8ca579db5268e17d4d02bed2915be4
SHA256 56e43458b11a23b9735be1d99bc5c08cc1eccd0bf74f7fdd7f1c325703bc3a27
SHA512 98245a7acf73836b78dd7fdeb744ba9d1141150058464da558a76c4d44a823f454a4663473561619176385f53773aaf734850dbebaf94e40e566f4694a91d9ec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8abf5a81bf17492edf503f2120b2cc2f
SHA1 a97e130b14c3d5dbf5344977b046327ade6595f8
SHA256 4834642df66d5f75e9d9cee331c571febd3b5c579411b36cab9fc8fadc97e1a4
SHA512 282fd5af0b60504380b971faf5422084446df747e6df90544ecb35c048cb0fe7df4a2ce2fb412f147cc2e6df4db0d76af7fc3ce7b8da396500750f58cb16ed34

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 b90fd6ceadd1fae30c3723663cb94304
SHA1 005e88fcdb0152f8716b0a76ca936a4488536c88
SHA256 4082672ba0d732eab4b22bcf040d09f19b950e83fcd350e88806f6a67b61bd48
SHA512 ddb6cd9a2919f95d8299cf4577f54900a5d58752423b65722228cfe5249d93bafce098a532e1381754725dec3efbfbbed2bb4b219b7c3a11c09b2beda2af6b8e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 f904f18372bab6103fb982b65eb0514c
SHA1 e175dbae5f64d6d819920313537720fa9db8cbb1
SHA256 3e41f88581069626545a023656c07ceb4727e9f090f8ea91beea835a42b55a83
SHA512 2808dc6405d1997e16b5e6c5871dae3b14de62ab02ffa7d83b2053c94b29a80009a009c0721ce930a88736a543c29550f31c650ba6cdadd7c419be61afccb120

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 6a3853855d48612cd63ed3314cd00338
SHA1 ee32021d6b4670ff75e48c681e20e7b76039f93b
SHA256 dd7e9ee0773864615d3b6dc7c72c92e32ce2e06ca6255dfbae710ef095e8ab0f
SHA512 b15915fe73a9932b8588ec3d1f948f15813d3ed00a72b90fef0a26ef0d97f8f8cd6a31469d857baf257b3f14bdfdf7064a6872c89e5db3d94a8afabf14f1595b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 f8d4adaeb75aca62f1027f8696a513ca
SHA1 162a6cb734e7ef6be1253e800392f6738ac3d622
SHA256 598ad4f31e4e7e10070ccbcdbd6325746469794db78b6d696d98ac9a5751cff2
SHA512 c43b0b11f68a7fcba7bfc2b2a1aa2dc72e6dab8ee99d28b055d4e655de7ebfe3e2e368cdaad15afe505fb59c1f7c386e09f5d9a2763af3e6ce99fd9c7c5ef2d2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 38e886aaba035c1e124c3a01ff56afb3
SHA1 21cd7070ba0287af9ebf50d5f0d81158dd7f28f4
SHA256 27b99f791a125009fdfe2b698bab8546021337b78e631c603f079e5ab9ef46d7
SHA512 240e05d85d088b5480b7b7b74bd4637621c7f57aaec376abdd718796d5fc7e7a6decf849743e6799532dbe4a6e060b7f6bafe4cd0e633b6259eef7e162c9aa0f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 5f8dbef4ba8a911e7ca380de4a1ff135
SHA1 e765174c5e7e51567b63c6dfaca5b05cf2947b8a
SHA256 5c3d96b189d74c020057a4ff567571afd7cbe8e3202608c321aa24665a47b6c7
SHA512 0d7cc40abe6ffc161ff099f62f2fdc52d825060d96df0bb33724e9ca4ca0a882582f784ff965470c6bbb2b5228256d4986e652b5396be4b8313e5378597abd4b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 cb683276d6dd8b75e90d44e359b2ba29
SHA1 39ec5fc1f24dc982a83b1fd8da861a6d25f5f7ff
SHA256 56d207f7391add567f5e7323bb16e27c5f7dac1effe074508ff41620e5ebb02e
SHA512 6b192a85fae9a7517ec96e4821c71fae787b82552ca9fa009cf1c6698dc4e50e1e1a49df2064c781acfe45afe9886e57b1d683065bd5c130456fdf5fabc6ec35

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 cd5e8633640a3cff0e62d30419a14609
SHA1 bcfc98979761f950dc084a1db7090e014d08e5ff
SHA256 1134c059cffc307a3fcf8997621f003a13d3709ce3c48c0dedc7024ffa6e9323
SHA512 dab8f95c8de7596d72dfff07438f028bc3f19dcf35a91d630eaff4a82c0ea424b5f25a7b627517c4d5abbfc4d053bc52ef5496d660ddd6f3f540291a8751b2a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 7b26d1ec6fb5e570795c3f42b6598a0e
SHA1 48322a83168eb7af7f4b80cc6a0d3ad7e4d09f7e
SHA256 e455c568f5238439e2cbb32859033b1aa2dfcb6d7fd5d0e84fe0a5071b1b878d
SHA512 639790da0ff55de9a657aacd2a047d6185f174b0897be4a91bd726581027589b89697627d9c825356d60078b849db27b91675134f8fc460009f6c6cfb9496953

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 8fb81c26454b770fc2e06f73a7f6f9fc
SHA1 1a1877f56b11abeb8ebe197491f2f38fed788643
SHA256 8fc06716c9a88b39e322c5c2f09208b7b98932846219e06d28df9f45b1cd008a
SHA512 a32eed60e55db0b066f38ec0207a5fe84e0d8cbfe83e801bb1a0f91eba1c9bd8732692ed5cdf2a1dbe27fe071f11bc13f5295053001bee9b398b56cfb04f0362

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 5579e05de5aa6feb7c245ee25b86f2ec
SHA1 334b64cc3b675b6463f0a2844b4648539fe8dede
SHA256 6c1d124b99cc32459c9dbc672724f2f6e71d8d11f977e77162e7af89c290f772
SHA512 f827d80869a326450c39ae7c538a5e27e76f0d1f8685ceba69598ba793399fe003f75bbdc3064dcd1df85e54e816e0a57202cb4b01a8803eb1c7559c5f3828e5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 4f0a6d572ddd71e799947892549d3d24
SHA1 683b718dd11549dcc7758d8c22141c5a6c18f68d
SHA256 9496c2e86f348bad40290e9e55d157b09bb7a7bf2b7aa8e70d067497fed5a3d9
SHA512 013f6afe51baf93b8cddc0f11116d0093a8711ab9929141fd0e6c5c002c96b7c171efce1de350d85a6d668ad05230da2e1499fc34566a3fe6e50106e01df29b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5689c149d9380787adf8cf130d85d4de
SHA1 2c45ac3e6b2cfa460e18b5226a448fc5f8b8b6e4
SHA256 bc7ad9f84fb504230c7ac250e10580b6f20b36fdbb4e1b7055fa18a49d394891
SHA512 b6cd5f16d3d3c53700dd832ebf6f1f26dd65009c3d86e0ee09c8f13808681df75af3080303e07b434018fda0d788d05210e50dca4f2c5c14114a9f07fae32229

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 f766be59c8b4c5d9237a35c921520d61
SHA1 0eb17a6b1cce553c865a90d3e15aa74bb0da23a9
SHA256 2f4f3d5093a1c6b7e33deeddb4b7d8e46dd85d1115865bad7d5f2f34f096ea1b
SHA512 16b74b504e86cf878e8eda701c5e6dfdaba637cdcf5da13e3c1aee77cc0a44da37bfca0c13992ad079a1330a053ce86acb96540445245c5b4315ae522fc848e9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 504710437d88a5a0b523c8b61b6aed41
SHA1 39ff32e9cb260bfb1e48465cd5bed84ee5985059
SHA256 e4f2b7f906ef078ca8d0ae1f3b1b3bdf64f81c828fc0c168ee0218f1297f2827
SHA512 c8c4bebe349ef522ed25fe989ac2d2261ac82e429d45ba86d98015da7b0b20229e8e4507daad424fae014f3beb36b42e79c3b526973793431566eef4f1d474a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 8017dd404269cd07d4760db8b09a40cf
SHA1 e044ce0e380ab17ccf5361e424ef989ca01f9597
SHA256 c77fc5ec8e87ee256d5a26f513929385c57f177f4ddec7e8c33dcb83d5cf60d2
SHA512 ede74f53728dab9cd636581fa9c534efffcecedb511abb2fac0d1c215b89a2fbb3de771c9a66134724460dedd705914757182fcc348598afbea6556f9c82311d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 5a62c8bb85fb290eca263d98420a303b
SHA1 02510bcd3729bec700e0770d2c6ac9c33c22e998
SHA256 a8357c21012c7f0748433fec06a81247988dbb29b1def9dabbd581cdb18efdda
SHA512 3f875844964a6fd9a8fbedda425efedd83c5809f49fc2cf76f3a5483f536d33e0fe30ed33674c97ee5377d55a320c09384f87d9b382b59b908bb219371bfaaaf

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 72ecc5dccd455aa582b119508089f2c1
SHA1 132d606479bbbc3af1dccbf4e9ae66aea34b481f
SHA256 12bc1caa5cc7dd32aae0a9a563fcd1f809aafc52a9349d426cd6ba415e9f0fd3
SHA512 fb3dbe3709dc36d7d1be79bf5a0ffae68d770f212373d877ae4ff5aa7ccb823fdf1625ea92e35cb316416e7d1118263b99a0756650aab157723b7e2e3d3f0f3c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 328ea6f1a6d41d156b79411c4aa39ee1
SHA1 15dd71695c68fcb2e6ec574f488982e40d6d951d
SHA256 cc9480df99b9e4df30a634bfed4749d7fd9edd881f29b563d57c8cd97731738c
SHA512 ac7dbf32fc428694910b74b7d56ee6a47458ff7a6e0f6338a77c9609ba2d1c57d628cd8ba76f85a858a4015c9a939140c05d9107cf0e1e325c4d5273147bacc6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 f931fdaf74416b4a27e07406ce2791b5
SHA1 815c2125641eafa68d22585fd723bf0869d5cb22
SHA256 7e33c2c9c17b5170eebc4eafc655ce3fc8dfb4c0e0786e50950e9827ce73a046
SHA512 b2b9194ed235889472678d43b08fffa299cb9d170a0c0f9425e479676d54bc154abbe464f5446756c9fb3d8a5769e7b7a64d0976917b75ce4924e07be3ca0e63

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 e9f84beab4345ad22d0e00bf794dd7f5
SHA1 3c8342be3a65b772fac68a22063ef95b5766ef55
SHA256 f80afbb1dc09afd1632b628e9c122a3d59ff7a85b7b65f03719ca4fa0de862d3
SHA512 fc3a8227178b19c58a651f8c91d6a9f107603ac5293989de8e3420986fe7825e79c1f63a4b0b5e984b8fd34809734cb4c0f1ad01bce679053d0291aa4b2ac680

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 cc09e3f4d9c8a3b2cc55e7f7ee3ff18a
SHA1 403324e7dcd0fb8370720c2c9409fb89bd6693da
SHA256 a86fc8b264a6b16d51e3cf5974a0964d6d05ee0bf995ee4aa1ff968e36d32a63
SHA512 a2087cf655a8e3a1e7263a0cfaf665553bba4672d22775891fd18978fe533ad07a8a59b9f9467f3f7da658e9f0056a72dfa212d67fbf3f1a2355377950d98cc0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5145207ff70d1964033f54b97e2be844
SHA1 c2bc15912fb3ef0a30885ff3f7d8f5088f99784f
SHA256 689101faac08e214596fc909ffaff83d4283d676588929ff3b3903d0e261d22c
SHA512 2670b82a3600442deccc1b24ff7afc9d8a5a3825ba92053cd22f3fd25913d8dd63ae8be1174f6aae3541a2ff276eb95fa5e0d295d8525a21cca6882e2c8d601a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 4c2420d1e607272de277528ac0c541b1
SHA1 f3e270183bb9b212f8c640bd15761077a35af379
SHA256 c5d0e9cacf5b8e26e21031c88a4d3ecd006cabb5a6d61a2fd19de35e52616e34
SHA512 13a12e4bc1e537aa660cabc0afdb3cdb15ceda4797aeea32ceecff26c289ef0fbd015046955b34887d204037770f96dc5a36a989b736b8b8f55efbe0cf02f841

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 8c89c5181e5128426ae37a46fe072534
SHA1 8551d62500eff052b30dc31156be5c2f294ed9fa
SHA256 f7b822cb81044f4edb0aa240f784699ca642e153fd94cfc1a9239215d16d93bc
SHA512 7dc34279c1b969292c822aef1ab579fa99628866780727a17836e2669b96a679ba650e779959819b81056e8a3fa4d26c1039d21c2a87cd991ee100446f4cbb14

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 a6a8bf3f7dd6c6a6f1432061927bd45a
SHA1 807e0c065c886f25e2b46fd4cd06b0c8bb4aeff6
SHA256 03a65b26a490e914145a18192070a12d9297645d7c580fb07b5e2da237054cdc
SHA512 6081c3bb4092e0570c67f62684b5e7910b1f6d04cf28105bf7916bdb7e949514ce34f55346b1c24e038827bd0905e9e3ba55b98d96a9dd7b18d1b8b1466ffcfe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 bdf782be200748e75e9e2e9e446e500c
SHA1 826bab57c1334e954e68871b7a2a2254039a7a0d
SHA256 48899cf21cf9b499f9757cff235ad8a9a871403f0c0f7eafebd4fffb0b561989
SHA512 d556a6a8fd709aca86942b6f10f4b4b2ab82134840e69bbd61e8cb27813b2563b4a5f20e0c2613574274835f38fb9594127ef212b1a51399c98fdb4d42b051b9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 73aeaa28897be79dd62a05146c8e6ecd
SHA1 d1411eec545f0a9c42702d77568a85aaf7bfa9dd
SHA256 257620e288d775f02ee04a3516465da40f0a3fe5f57af66f6bd6374979f4d142
SHA512 49c9817299add0fe34f8f74607abe39d65b732830ced96402156e8452550c8c1beb5c93468b38e94a2b59fc52ac890d215c17158144293c641943c9049290738

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 62cc51116687b52c757b952dd83a0102
SHA1 7b3b3220be21533971f197e1e1069e8f61c17a6b
SHA256 f487731eda729a0829ef63490fa493da2e0d335e2df0eec2de8223cad3a4ba17
SHA512 ec93f159ccc518f911497b643d060cdbb5fe8fe8353c2f024cfc64ab181c3e3160d701ceeda5cd2f845d13eb1d1a471592da436f4355f5ebaae4b1cc31ead0f0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 574fccdf8e8db99885493e12e068a8bf
SHA1 0e412ee38248371db0a0392a1c94bbc6b99ae771
SHA256 e763f327f5469004eff8c24286fe13c7d78929dd42dda579c1f3cd1cc44bf23c
SHA512 1957c722528c1616bc9fc0c9d67d08cb8d1903dcf9b16f099c61b0c9b37cd4a3f50390a887686ccf3b2153d62b15fef91bfa6674d9ed76e3866ba7bc8119da57

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4ed2d8e9bbc3ff5c32c35f7d112df075
SHA1 1e43a1ed28dacb81dff83c9a58badc59a97c626c
SHA256 9ff380a6c1d579e5ab9f031ca8e4aaafc4fb6b429c0b4ba2b864b495f7de05ed
SHA512 6e08aa711e902f0251f1bddc4e36ff5f95cde90174418edb650a123c1f6c36e27663c85a17d4f4866a451bd19e96a1716dcaec3620b8f36b15bb9318c9018735

memory/4904-10035-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4904-10874-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 3dd43027cb15d1e996bc3a650aaffa29
SHA1 133f75dace673cdf125bf378578856834b9b564c
SHA256 b64a620f8a933fe270d206d066dc35ca53d4fdbe5f5084362bb47ec5c29b8836
SHA512 5c27ae055c88be1759f5be360e6c13b81b9e6acbd743a2c16e4ef57bbb9136da0cfd7fd3296a3dde10bb651f0729225312db76e0d8347d3c06854af7d286c9ec

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 261045cac48a735a5e4a544dda2175ca
SHA1 794d4edbdea4fd4772663a221ef1f903f220f77a
SHA256 9380c1a8b959af7ca50526485e97efc74b0e949f192d626332b4aca7886232cf
SHA512 4e2c2386df47f7dffccd2ddac4f8b30ec6d4b7768bb0e9a7493361b5b7bb7e2106d851cdc6694e752f34ba6f90357a8b85f7e9224249517b1438778804b97d79

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 07954249d4dd3f90b852067c5f91720d
SHA1 6a231bc35c9a4070a0c4ace5fd4f9b0635dd2259
SHA256 bf663d3d4b6fcf9c41ce9a6371cc9c77a1e02ad89e6db6fa100582789b9fd592
SHA512 e856f6349c46ab42f6e87a291ee6b489b371df067c187550c2feeae4062dc5a5fb57948be31d964199104b2618b33d726d75a1195f646298f73bcf17bd23652b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 532b2a1f2573d27486ee69bea99fc9f6
SHA1 277ba7e537b2af4869ac848a61b913bb1124ae03
SHA256 9fcaef01ecf88777a9f578c53ecd1e57705e4bc990ad187678a417c10d0ecebb
SHA512 6ad35925940831540b92facd6f10cfbf8331611bf97775fbc52ac5145f8b864913d006758be8ee1b6f9351f9401a68e58f6a3c5998baac86f9980e859c610b35

memory/4904-11211-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4904-11212-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 68e8ffc96383654f0fe98977b0f28f8e
SHA1 8dc11f1110d6d1b71283ab1a15c24ade782bb6e5
SHA256 9278baca353bc3aa972d92769d6373991a8d5cb4052699106373257ba2063be0
SHA512 b433956cfe2b3d08fc2788b5c5e163ea297acdc95620bd65e01dc0bd760372cc9a09731114f6b42ef63e2f6bab6eea824a8141f2e9a25b24e586d5f73553bf22

memory/4904-11217-0x0000000000400000-0x000000000040C000-memory.dmp