Malware Analysis Report

2024-10-19 10:43

Sample ID 241007-d4x5zsshpm
Target 1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118
SHA256 d042f6a6594c0bd38678ada6a56304930bbc4df71ba6c66487715c20e5859582
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d042f6a6594c0bd38678ada6a56304930bbc4df71ba6c66487715c20e5859582

Threat Level: Known bad

The file 1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2184) files with added filename extension

Renames multiple (2196) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 03:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 03:34

Reported

2024-10-07 03:36

Platform

win7-20240708-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2184) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\manifeststore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_neutral_10affee00545fb45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\System.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_neutral_f89b8a357327f615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc7.inf_amd64_neutral_348f512722c79525\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\Welcome.html C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_289c11decbcd81fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_cs-cz_bead2d4cb2216064\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_iscsi.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d5f0cdf505a7cc8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0cf741683187a097\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_5a529eebe274363c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_tpm.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5cc40134931b2b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-com-oleui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f6b6084bfe971dd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-dvdupgrd.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7d32dd2e2de21adb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-network.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1da4ab7a8467851d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9b91f4c11edec673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.1.7601.17514_none_ea0a1ee824b5330b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_it-it_524bb44d60ddbc71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..trolpoint.resources_31bf3856ad364e35_6.1.7600.16385_de-de_af4763203b9df341\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_431b58a93bdaa3f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4364fcf00df86e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.1.7601.17514_none_43a6335240be578b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET\0001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a9f7adfa0d9a71a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f7011c65ffa757c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-dfshim_dll_31bf3856ad364e35_6.2.7601.17514_none_9ed4c9241264ce4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netr28x.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c2c8bc055b57e65f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_6.1.7601.17514_none_7d0125c85cc31d2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_it-it_484a5ac5d5c1ab46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-peertopeerbase_31bf3856ad364e35_6.1.7600.16385_none_d221d7067418b278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3212d2329e541465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_47b8ac96851475dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ilter-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0227bcb6ade494cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_1c0dbd69636d746a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6f6ef85e234a7943\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..icesframework-msutb_31bf3856ad364e35_6.1.7601.17514_none_761702814e1ae8a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7f39423c10569a04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b37c5d13bbf6ac8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_85be50917459a218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv43e0ae6e#\be97f3855d5ee65e57f6c510078213d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_315b8652f9a9113a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehglid.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0ba241a5773937f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..ptdebugui.resources_31bf3856ad364e35_8.0.7600.16385_en-us_0c7a569d729ac0f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..mostfiles.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_2fd80ab5f18f4a32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.visualbas..lity.data.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_5099ada3a511b17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_it-it_ad460456d2632e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_ac18c667d7c3743b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-webdavredir-helper_31bf3856ad364e35_6.1.7600.16385_none_347509385fc225bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..ctivation.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_86ef8c9ba37da226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_6.1.7600.16385_it-it_66fbb8414f27ecfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_897e705b17c06c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d8f9821ec01add2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_bc35c9a22f7dc1b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..-mscandui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a826a24b15f9c2f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f2d8dcb146b08b94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_30036b761fc10149\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..-schedule.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aad4dac4f1263aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netrtx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e21f49fcb87d674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35wpf-sentinel.v3.5client_31bf3856ad364e35_6.1.7600.16385_none_67ce5e483a0c0216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\21a1606b6c00f9abe7db55c02e0f87c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ncywizard.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c09bb0c35d546d09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4a7fbba98600197c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe,0" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UDCILLEPOQZTSZC" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe"

Network

N/A

Files

memory/2212-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 b1e89cb1602840cab5a72e9f8027b4a5
SHA1 365ce96db523ec7af6fd133965f59eb1bab515e8
SHA256 d6aa2633aeb94a577901da646d150941253534702cd5757e0dbe24def133e1d9
SHA512 c8fcca52af576c201b99b2f262f7a2875ce862511f28ea97ef1ae75661734da9564a145cf320353c0b1ee1303284321c5f35b43a1494ca3330389104a57c9f04

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2e5a10b1cdd592f05b9789422dfb21bb
SHA1 9149b7572481fe69eaf049c87b6fad3e22862f28
SHA256 ff23a01137e3d61267c8d4627585de4dc1930e402492707288ad36cc7e1ca1c4
SHA512 3bae8873bab418812561ae621bfa6bf2b160418e17e2dddaee5a68f81397bad32f1b5dbdbe64971992dc52ccc7c2049745f0f3524639871778d04efc3d45c27a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 943ee7174185930c40155bce08c33190
SHA1 11e61c59238dd2bd9de050d824e08bc3f7f7e9a4
SHA256 91e8acec197098a599818cb6b35ce4791c78cabf1c6cb6892d2096183ef6552b
SHA512 b60658094f570e1bbe358e649910ecfe7f2dfde9909fb1bb73aaee4a2e6a5a550ddfaa34743dfaa23df5440ef7a133236bcf379265d06ddcdfe85b7724e499e6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 bf6bc215b50f70e0b6b25dce7e1111f5
SHA1 8692c46d6ab8705c1e974075e913573d9f600a73
SHA256 0b078127802f2672ff18c251a74e1397413d625164a27fa73c8d9b5af7c254ec
SHA512 e0845b8134352cc31bd8b775b40d8a3652f6584ff325305f418ecf99744694ceaffc6d5b6f4ff8f8a50ab5c1148f42cd94b80e727d9df5ed8476047f471b076a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 7dce950c903c43687ac82a041fb77f48
SHA1 4ff6d377111777fbb214ea818c689403ce3efae9
SHA256 c8536abc43f316f5d7856bce72755a3a6aba4745293e5a0a76699c535daf80b2
SHA512 b17a966b04d03adeafb04af66224d6594bbd04d064a319b2bfd9f9368ac42a6f9d15fba9c6636c1cfd0b67b0698671d5c8f9751d867dea1a3850f30d92774c25

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 b0a1243c09f8308bb49a116a10ac3ed1
SHA1 fe5862d73850a2699bd8ff2f65b07f289fadcb5b
SHA256 e69c747de9d1522d257b58fc785fc9c079e6f38abf959347319b6a398e7ba896
SHA512 103710594eb11130f76aaade8927df9b00d4f0aead5c85fb76836df60e5c0bf6af7a073f55fd6d995580c93cf4b99633c573f231fb4d0e49b30cb2f77df3a917

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 d5452a470d2ebbb2b50c434fdfedfc31
SHA1 97c96b8076805788b3c94dc8af2bbc5fd486980a
SHA256 dc500307f46157719b58ca3cb8019fcc4d7f06cee64a1d5498d25e7726d4078c
SHA512 dc47dff6f67b8d438a87a89df0165400c03c688d46008a1d5c52345863fb11e60439f6878affd9a7c504cb1a6fa80de34ff84e7e0021866d1cc31383dca9e0a2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 9c5579139ddd053fc30cbadec2f213fc
SHA1 234bd6d901551960ab38b8fbbbf49a505e5471db
SHA256 8806fc643a29246bd7b9e34040f39d7100e6034577911079e989ba410df9a642
SHA512 fed1f5ecef9dc6496bbea3aabc401cdccf1508d9b94fc6c4a9200a4893e42d24c71dadcf698996500c7019019bc6c10035052e63ba06a18c730bbbd356c64103

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 5a3c8834f40585056d230ca9a0d2ca7d
SHA1 114383c942d18548b349e9f824f2ba16471f1b80
SHA256 c0e1b44cafcfbc43a8addb3d6fcd1974c77c5a9068f9669f416e309a679d7dbe
SHA512 9652941be6af7b5ad155407fb92ea19b0d25abf6883e0f0b913eb2916fa23fc828fb71301711a8d318cc7ddb6ebb37a031854cff452d814e25b6e600a51f80c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 4ef64aa8055dfb7bbae6af376c823a29
SHA1 4ffd01ba1f81b132d7755a8f5802aef9c8d724dc
SHA256 8c4db26118b8b31cc775baa0da9e7409c4f9b7b3a3f1fab853b2f05c83f6eb63
SHA512 ed499d9435bbd3bd4a18072752a840b667f27400aa6b6f1aed2bf316f23b6fa45bf9274d0195a82c76c74269c2c41370f9dea9fc355236a92eeb74bd2628394a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 a538cb280e7d95f1a62e507aac2a1a9e
SHA1 62281927de11d19459370e03602a48f9dd5ee417
SHA256 b5ed39ffdbda4eaa4e6a68d3794d12290461ed32bb676709ae74dedbd5189628
SHA512 f54be0e4081d34788d18ccd226c5b12f734307d123662b890791b557df4d55b4fd4a5e5d499d28c1f97ec86b8cf2489cb30051e31c56562292506aeb08012bac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 36fe2ed094ab5eef1917782f22af0b62
SHA1 9eb320f1976ca018ae4f98e23a6707059d503189
SHA256 e67563cd1897b12124ec4cf78f99f1e5f98bf10480ec28882f9edc94b13c7b33
SHA512 60772789589ff6c97b9bb404b2fb6c87e5c7e8a3975ce4f45169605226ea7b2a527e04d466502536bb98391e03753d7df275adafb918a6769844195257b70e5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8b0cbf2679ebddf81bc747d9e2e550a5
SHA1 ee6ab9b4eaf88e709ec8610df91ea4cd1ee96ae6
SHA256 f58dbe96c64ab36051d73eeb16d5b72e3021bb91897e6fc2af212774aff648eb
SHA512 b4094d1ea93a4b8d7c69eb16ad97ede81a010028ee074cf34c441c5bd13b6576a8682baa761b82a923ca6649599366c381467d00d9eace35e112aa34038c6463

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 b6a0887f45fe2cab90fc02d79d092483
SHA1 e0346db39acd814fb64d2614b0d8bf529f1e042d
SHA256 d0b621bedbbe19ae0dadc0dcbbc5bd98a93af680d028f61929e2b6f56709ed38
SHA512 0ad13429e4e6a97c142afbb5e1ef681799df14ca0ffa58454eaacd63e5f5873e6c40b3e64402449ebed824ae23f2f1c3c629f8008dfd86aa2bbf75d3a1d56771

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 4aed6b258109cd1db98e3f6e53a7b465
SHA1 f358e75963f707b26ee8aec359b9cb8d1662fd7b
SHA256 f5cfcf2fb4876d7918ede57612f12915da5f615e4b32fe0aaed3c8505b6108c4
SHA512 db284ac9295762b04527944b2a1c41996e23a967be2e962a1f776251323dddb59487a19a956bbf0360e3320eaf990c3a83f07adec0e82b23741829c60493ea22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 1673b25d2e74b5415d2c6361275fc986
SHA1 d49c6aa2ce9ebd0b53bbc36fe823771162d97b6f
SHA256 fd4469f696235e17724185be1655ec8d84c155d392027c307a88ecdbf7cdddee
SHA512 c6c2890621abb3de1ccb1f9fae9382344b488d12725acc6af80ff19de429c28fc92346fbf4829d65b858b3005f6dc5f9af48ee07ecd6b2fdfc73016c32c14ade

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 ce223042986904539752399f40b4088d
SHA1 3f7917beb66bac9856e64752431905a6b6674ee6
SHA256 155d93eab7639fc83aec1eb54624d2f9e92460a3e687d43a87aa80783434b1e4
SHA512 2f74a32816cc348e86f211b1e3acffd197d6ff03d109471cf665f875a53a6191e82fda950e98b30a2f9b3189fadea4aa231c742a24a43a371cabe1f86398ba3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 9cc46620b194ee3e7cb910a1e08fbb30
SHA1 90fe096c95627ab2ecab53dbd416fb4360e9bf1c
SHA256 864a5a22922d3d986c0470d91e8c1d77300461baaac040b8e66afa70220bfc58
SHA512 cb666eb36e6cb9c224a723acd1c308851662e0fdffb1cde8adb2515f2e11150ad892a05ca1db7a906c2404b016577ac21e78a36bec0965d6733506206f8233b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 1dbbcffe61593b19bf15a627d333f51a
SHA1 b95c578037e7b0203364d690eb1d1cfe30bf6a41
SHA256 5e8deb3bff2048a0fd21c5e8f47419a3307dc48121ea605ca4812c66e4b9591d
SHA512 1297b280d5754c76597711d2a3d185a69eccf0cdcc7411aa1d2c1cac017edd17823c2dc46ecec26c23d05f365afeab897a3c4f6b4a60e7686cd1b892fe23ec32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 a2abebae48b550d5fae5f4a39065f1a1
SHA1 9be95c42932148883f8743c1759023cd4b8208c2
SHA256 7e3b7394ce8a1991f3596cfd4d2946b23d2964e49a7181824a4e42974a61ad67
SHA512 b3988ed87c02905e1713e9419fa2abd99a8b807a799b528275c5d4ef7e2abfa811c5ab2546735b163e85dfb97cc2146096e3349067817fe5ff6f405020f7b895

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 09e8e363e853961e942758158c15333e
SHA1 5366e9be3a6679975442c28cfa92a06e896ff4a2
SHA256 bbf472568f111a59dc00da3329a4c1930e1297e91182b7da41a0304090ac9c5d
SHA512 eee00d7aee111c4cc09703b7ce906cd0df428e9694a928b8c8effca4f5d2716e7ba0cfb59c82477a3a4b3b1431d257b4a738bf96e5fe3709f669e0d0e80bb55a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 a0f76248ec9c5a29297812d3ac3960aa
SHA1 b8e984d424de214388c4c4bd0f46ea63454473ac
SHA256 342b2c9699b8b700de43f8e418d8cb89196576a98034b05fcccbb33f0290273c
SHA512 bd8559dbd0c6f54ea560beab9a37c1b9112f4309c4d83c01e81d13e74b1ff9adaaf5a4700769ee815df7bbedcd1a93aa8630cc65b1ee082fa654dc4e23a6d105

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 972c50bcd7a47d458fa9cc527056cd2a
SHA1 b411dce5e9e0be465a491320e429d45e289f7cab
SHA256 a3b7eec2857d51491284ed4a34db0e140553ad8b99cc248a3414efd95fd078ca
SHA512 df41dcb3acd7a399a3e55cb5f5529e230eebfefe1b371ba9e61f067d3109623ea5cc29368f46a4de6e8d2e240b5ad4eb6b010e31089335e7b8ac4b0d40fa82ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 8599950f345907fd402ac6a23b8a3075
SHA1 684a177e92d8c74780f4df433f5169a6c8a1e324
SHA256 a2b081b646c63e4101b3459fa911aa8b52b6e32c45eee2de976961902e551391
SHA512 3e458ccc69d85476654862993b5f8fd4614807d0ada2b95d15565dcdacb264de8df7bc3d18411dbfc0c1958d89a7b7d09c864a83d20d096e791dbc8e2127917c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 b06f2a3f64d16af0bb00dbb75ae981ce
SHA1 731468385495a69c6b34f57646a4689dd8fca46d
SHA256 ba881c90f236a1c873b35ba896de0f46cdaf950d693d52a422808f274804829a
SHA512 bdbe24a842fe129580b2e700bbe087bd6055694d0d8c74048259c5a61cbed98b5ff7d9b0bf90e1df165adaa14373bb306c14762d93e83669493f3d5af747e872

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 cb11267037456e330c350a81c8fce56a
SHA1 51b582adc023760de4dfc5ad92b64694e60c3c27
SHA256 45f9d6693b3851f3a2afa2afbc6979a1dfb943a4dc704098830a609c95ed80a6
SHA512 4bec13315ac7a9c8792241fe08b76606569dae3328b61d0b57467bbfc90a78d5cb1976bd41b20fcd3b543950d54747cf742e3a4ebaddb9c0ceb4efdd1e2449b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 63da809ea0fbe4c7df8e2b48b31b0da4
SHA1 f39f285a342d215f493590934d04917b171e089f
SHA256 7bab70db11e085ca6c4acf749b2b4de18492e70c948db395cf6c398d98042076
SHA512 382417c37ea96efb9dd3cc38ccee371b81b2a674a34709f1eaab42dd8b44bc33a51f4ac2f638a16f4118446864756aefbde7e9160429ec29378b2fe166e71b95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 3c0cd4fad14e43f326f7edb219833038
SHA1 1b813a0ed01c509cad7c6f08d436f825d5c1fe51
SHA256 c0a40af395ce5452e982e1febea32c927a687dab5eeeeeebc3c431c5680f0e76
SHA512 a2053effb5ccfcc5c07d1d3a402bbe0bb4981bf7f76c66c651f952e6a5a597c55a17b8d694a5437ff5c7db0f3e05070ead335e941f069c9bf87aee8576a7b777

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 1e8950c6c445508213a91a264aa4775f
SHA1 97e39da8e681459e96e6602f7279e128e484ce8f
SHA256 d6c3a2fd4b7db5ed23bf6f51737d499532812a3a5011fb49663e688a114cbe28
SHA512 bea8e163391c4f23844682ebab5ebe524616af1295f7a06a9e5cab23aee0950eeca3baf830681e6535600fe6a9c1d71c1637bab5a58554f2e4a8f90f077088d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 9530c91fe4f8d786175c9d2b60531b9f
SHA1 1b55d1abcf72b96b7bc6063be4953247cec429f3
SHA256 0cf2313a46b99ad5ee1527bac1b416be37d357f5573ce81e6a303d78c48e0b92
SHA512 81f43122859fad0d164bcc1a0fdc0e59a246f84fb45f1e2d41f831e25a1db7779ba1171fdb0a2fc8c8cf03140a8ed82008bc110a2337007d3981168561c11b5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 6a36a2f49b2c8b27f24e67850f56935d
SHA1 02c45745f5cebd96ce5dc96e22522cd3e9e7a0ae
SHA256 2e3c3939c0797abc36bdc9b6f61a9ea5c4f0d43b56b4f31ed650ce5d567ea232
SHA512 53b7f551837d50c622650c3333921aad67ba891a55400e95529b37192661130a8192d4f7f5ad7da17ea5b62daae7188f59b3db801a134297433bd927980d68a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 49fe8f8ca313ab27f7d8f21a4a22a9eb
SHA1 8c9912699d868886e5743c4a3e15bad8831df458
SHA256 d878485241b5fd6d57becd452ead6d0b427e4717c939417082ec195f4b044e2d
SHA512 f29f003a241397d7dc0fe6fb907d01c2b57f238a27282c56197e7b3ba58f35b5e9a05682ce2d6e7efd4b332413adfc9699cd5b088994f3700d4c03345f97c95a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 49721cf5d144679c4b345b3616c87a17
SHA1 9684d435f20ff89147e4322ea46c098faad40d87
SHA256 061cb94c7ad6a259487addb0bc3bf4c7f8bdab652bdb7048d2cad8af3f36ad4f
SHA512 db9937d438a49096485aaeeee366e2f10d2b9475266a7e5cb582dcc14b0bfffb8b8c017ee75250aabb662c6ee4730fe4ac951a0146179f5fd264b1c7bcc41b2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 524990b5d2054d950048d727302d407f
SHA1 a014bf251565b1109ba4d94676e35392d229d61b
SHA256 6c2033bbc6382aff23f26877aea8259dc932e0a79a10e9c2136e41a2db114827
SHA512 0a4e60eb50f600233d4afaaca77b1efbe4ba2e0cac328f0cb7b5c4313567f4bf8c7a36cf9ebbf12e9e646f63c2bb41d5e9f67cf052029ebfa6c1c8eb8739e20d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 086db06f4d066245272a99f5a15f25a7
SHA1 ef8122969f01791f404f083aee76764a2857aeaf
SHA256 a90434551db9d43040fbc3bca741d49fe31fe87f6a090c8b84e99569c10542bf
SHA512 f058e2400f2d34cc1c22d9a5f840412caf718d14316374cb21a0655130b350d7257b3fcfb9d67fe430c7690b5cd6b6a71a14fdc7d2f5390aba82b96e1639de02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 7b0c952e1352c9761800dcb2c744b280
SHA1 ee8b00447d1f58e081f552a2034432a971b83035
SHA256 a1e142c4d0a5a49b034f421635a98edcb1958e0330e8becd45599c25ee26e231
SHA512 195d518c42c1adbdbd96d5129b6cd5cf0742e84c9e793a9d7a9e92d6cb5c61f9f72c329df6fba87d255f4abcd0f0f8b445bd6bff9fd6baff3b75e647e467a9d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 ab4b179bc611a66faddeab8cfaa9537d
SHA1 fa0f9cb13695705747784f12e2af9cff8f7f9f4d
SHA256 045afcac100af334df5c7ae9f22753929f9a90d0813d251bc5e7070295d2b99c
SHA512 88d64759f4049c146fec0f73f68d80043cc554900f06c29e80a9c73dcc58bda53356a624fc7be73cd92e817139292cb40d6de901f68904eeb1369cdf178262b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 10a7db0882b6da2ab365989ff71700ae
SHA1 f325a35434d0947d40573be0b7fb11113e49cd4e
SHA256 8a93b6dc4185159ee37d7317c41c574713acaa135b14265c9aeadfff05f99b9a
SHA512 67cf050559d43f1843e1a11178556c04acbbe38fffcd5e79895a3c0e9892ffd1a8c1408f11ac36a76a4db3343992a7176231f9293bde2554027110b3af1411ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 4ee0f79ac541fd697553d50247619fc8
SHA1 aced68fc8314ab8b6b38c653a09c79fd5076c044
SHA256 25abe764a72674a78c6311258846f6852ca7303743be641cea64c48d8ca382b2
SHA512 3895cb885cd219a643dd1b2168086029c90249a187fd73984502a18963256e7dcf0eff4603a66ff7e4d5b36fa06a0862b27ccbd60b0836cdba2d1eb2d6722d05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 bad207c23d048d3ea9970bcd2a5364e1
SHA1 be1d834375a496cf78160f10b32e8367d6a2db8a
SHA256 5a49147c5c5fd9dfb0db4872af21d17272602f621a7d36e63b3abf62ad18c8e3
SHA512 cec1f6aa2c8124e094ceed53bc3678369198c858d1447f340a647ce8f27ffbc3dacb81a8600973ed4cfc8eea4056c533954996d95a7a4518e3b03efc1946fe4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ac6932f383a0985de2afc9b7589dd038
SHA1 a57a1252e0c67b6420864384ed138c2899327407
SHA256 76cf937bb507935670c372ad9853e4a1150e25d10bbc7d8065de651a318ed834
SHA512 32a743a713af7c91e06ead90b9f3179fb76a1d74c74e34f7701cde2a062d28fd70f6059b6bc2eb7410feda79422b42abc3b1aebbd6bec39f6b2b00a2d1e194d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 3f3efd3fade8bcbad8bc79d15e030160
SHA1 77297eb18f25f8b00229530456088382b43cf680
SHA256 a5845042a43feaed0b9a5d2dc08d8433217774db340bb3fbafcb2ed97e39198b
SHA512 133bfe7b99aa2a2c8e635249e947083fd9679712a1743876413674abd4afc879d15537bd61b5409d234b37637bfdcd4d958a28ef64e3498ce12fe0dc9987fddd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 ebf3f5358a3aa33d248dc1904c9104f9
SHA1 cf2e990a0b570b2e09152cfcf02cbf16d4a00e01
SHA256 903b7e5b9255790e9f79f0d3ae8620d951f6ed2a05aae0d22dd07d9ca17f9689
SHA512 134e8a665b98181585e8126458e796b9f11ce39e43a7adedaf1c7b2442d3752f9390c8aab4cfb44a98802d861dbcc302d46c5f334a9df51f8a172710c29297c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 8a47ce76c3af0dc9cff3590ddaa44ce2
SHA1 ffd7181a229e991b9de9f93b6e1a39d83b8bcb2c
SHA256 065185561c6836f17d2d0a0f2da5227704de86ed2b85522fa59194f909428d2d
SHA512 396ea6e90f0c96b1667af193b4dbac1643420413ada27af34c95638c309cb37a757ceccd258bbcbec97d490e5b8bda3d0cd47c4d69a39017004156fc4a653544

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 1a990d30a97acd2d1f5186bb56124e2d
SHA1 452b016b24b9d5592fd01911c6008aba92ca4c3e
SHA256 acbd99480b29deddfd4c55835f36b63c8e9fc9bf36c684bcbda83bb824567dc3
SHA512 1b58e5a2d590f67606ccbb50905c7a145cd7c73896f9531aed7745381011daa0413b1bc177c9191a2ea5e3f25cf812cdb4f7b530b598b4dd167c2b0ee41b2704

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 5ed694822b0ae0f743f7183708c9079b
SHA1 2cd866b141a35d74a8083645106633c12e8194da
SHA256 ae07afa0e7099244f661b4ebdcd7a9e196e3ec69b3b6462966c79f391d56a71a
SHA512 20ec5ff96714e2917b5721f30d5057eb9538bce7c1b5d37ef1900ead4339ec3ddcc6d44bd8a3f3d28ff9be9c75f5f57ff889075b1c6754947f96e88d658703b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 cd6ccc32405ecf28a748e627fe65d71c
SHA1 e91575d5cc91dfa142fb9044a4f7a6ea2d8c5da6
SHA256 8bb1c31c734bc6e76ef4237f8e4457c0819be3d6e29e5d971d5f511ccb1d2b4d
SHA512 e4bcb68ae843c1d76ab4750c491d658fe6402bef90ad1593ea97c189f43198d5f5a32db55c4f0e412c7d25758562f6c331332e0363bd1198501fa746df731d12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 c43e335a0bc2f22893216de665e5c3d0
SHA1 e5f2b1e53dfd7963736714b479a02755537689bd
SHA256 7a2dad8505a03029d9093b57bd43c303fb23cfd80da269c2b8f9486c3eab5e80
SHA512 555997bb0d69a2e1b3ce90e21a07e30e502cc75e2337458859b91b2ec6b224a1e98a5902be3b5cdedb410bf8ee3f96eeb897d32d6873fb35d1b0dad7228a7fe1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 45d95892cf6b5da51772d8893482615a
SHA1 8a0a0eb97f5b8cce4a49ed19100e9a606f01fcf5
SHA256 58ddf7cfe9da9e2f408cf9376098189bf5afc1753c389925bf9ec4de9083b02b
SHA512 6a93dd75eca331fa3a1e6ecf70c8641785a30eed03999da4aada99e9c6072ca7ef0906190af43c2c6dcdeba6aef1c1d68343e2f780abca70a5f1460239c1a8eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 ca34cf139cb766c91edb61f348b183d9
SHA1 76ffa6d8e8032804de34ee009e32ced763eb7a89
SHA256 471a72c297711698fdc0e4b4b7a04254499f63ad52e3c7c0602e659763d74e31
SHA512 365585ce6d96bf2b8d7fa4c3ba7fb1c45ff84a42702c97cb5d3589b8db55c439b5bb0d580cf468e6bf0b8c0cb0ca403fd87b4b9e3f6038e104e534b9fae9daca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 4b5dc4511f565f0547a36ca6cead7677
SHA1 d60e6f1995e4002a6a58b7e67c7d804a978f7b13
SHA256 360a1863a73b6a6dd84ff6d48e8d6c2c65b6fde2b19b0495a2bde02c94c7cea7
SHA512 b0209f52f29f7b32d11e1b1764122cac0a3f490e029b918848dd5b83910a92144c13e42bb743279881775f7cfb3ce9476c7109278522b25fa7d2103f1b980de3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 cd64104ed9c0f1ce3f95be2291c51816
SHA1 ba830bd260e1f632a2f4b5a1ef8c873ee8b1c273
SHA256 a70486884365a9993492f12bb6112ffbf6f32ab89867f91ea3b419f8687e7420
SHA512 49034eca5b099197d1efbf7f34803b7b45ed6535a584fb1e5097e6d1ce6add4948f35ce2384d23dc6f749860398262bb0316b0ca1a7166c0295d613028710c99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 a390e98c7cf5a72ca3ad5ccacd10d748
SHA1 9e14087335d4d110262832d1088d04958a0ad926
SHA256 6b4daa05889881ebd84bc07651ae321e22e080d177179d42d121a041f6193422
SHA512 e61a6b02bb8bd7a7cd3f7fcc386c8d2c62ef9f3290d84d188ea1fb4aba03550a26969bcc7c765bbf68d467f18c9c13f196a32baef1a89c8044951ee77aae9620

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 64705402ec98c8d58ee51bbf25f972f6
SHA1 62464ffd00c35591b2fc1e5ee3cf47edb5488f26
SHA256 6f8503cf7bd5e0fdcc62752c8c85ad4dc5fb342432dd4f81a82d82edc5649ad3
SHA512 f84662fb02f05596621aa6d66c71936e14e00fe5e771cd88cadbbf0cde2ff16e32fe0d9d1f92a846e271923190512f4ab7c69dcc8655e2c55dc08a08c814a68c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 fe2a6175717228e1b1bc306c72d58216
SHA1 ac60c8076e495a6fdc4fe9f2fb7e49b7d78d81bb
SHA256 92f2643b527c713d24e9170c87c591bd31c068d2f3000bb50ad4b3c833e7cdfd
SHA512 f27e2558db4442887273c3db317f76e12985e24e1af34205dd7c85d3ea556506f2c7db851e80afa9a7f84ba7cbc2e06f9fb43f5a6ce31dbcb5ea3241a94e65e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2fa22ffd7408bc5699c9293ce33d79e6
SHA1 5584ae446598dda6facd1bae509beb73bd9faae8
SHA256 0ec729df62a90db8fc7ad1e4a15694a19d52a7c872442121be06b12bf5f11a8c
SHA512 cac944bf0e2486dde4a04a6179420ed1fdaf0f3ce1034ff593cc203722f9423e37260ec484a5655ece4f82ae892a9ad30859b03a3ef529888d4c2f1decd36a24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 653f8525626c509bc4ba2ee6663a9bd2
SHA1 c3428cf6862eccf5688b0e77bbf6e9334a44911a
SHA256 7992cfe9bd799d2f5455c3c782d24d8260593eef08565aed567c0b80240a4351
SHA512 88d6981c25e07d21faba1ab21ed7bc5e333c5b08702202624dc8c0357cd6ba334ce66fa96b41d6b4d74bffe919dde909e9ac2f93dbcc47781b35f04dd6845c5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 82bfd0d3c08b7bb8452e10d75b543b4d
SHA1 415ab42860beacce56d0924ba4d80490e7307ebe
SHA256 b3223a90d0091350cfbd74165398e9f680bc6992cd48656e262f0122ac71d3aa
SHA512 02d9c4978e66711832f4d0dbe705849086ee25e84fb4762a31d61e9165cd8bde5cb536529d1de2702e10f7bac7347a9336234a1aef7b7599ccb1abf59dfef530

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 9bc344474116dc52f4bcb2611406b0e7
SHA1 e0249193cb9e3b03a4d5cb4a1426176426f272e0
SHA256 07720e2e4f029b8cbfba78c7cda42f073fcc57bab3ae0a90a1a87640576ba2c0
SHA512 f86d4d7c5de3921a94d5e9f9b3e697274967e1f67ba07ae3ce65cf5d482ad53be8676cf8cbc298447d6050bdfc25ed06722190ec12f693fec72ae9a8fb090f61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 e869a1eea3c5b58ca8d69f367ff51f7e
SHA1 6276af2ce3fc9c93ab2c8c2332f5ec233cbbee5b
SHA256 24e2c987bdc77d6c02c96140b096b464969cab1e2a7f19add983bef077a1cd64
SHA512 0e879ec2cbc57560e25f1b12ff712f031673db68a8ac5b5d9f5fc6ff5a7fc9f7093b3d0a3090fcd971a0617e323d26cbea89d90384ea68f3a155b8716e9eeb61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 fb9b0e6f91be8a95bcff4020d92daeed
SHA1 f6f294c6353ad6c826437ca0aa0c7c852795c705
SHA256 5fa8d0134ed1ef8c7b4a0842f4f3870bd0601753152b635c6a7652aa6612903d
SHA512 ce9adcd056f3a556ae5f76932d6f26c36c7632fdf5882da4a4a1cc86fde6a78bb7d44139c42c09b0846f880dad6fb7c726fe20518ae4ef10393a1b7f2a18496b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 8c94312b19c907c8a1716f40eb2ff3b0
SHA1 d8a4d3cdb8ca28ad913d8253f48e63993714da9a
SHA256 7adcc62291747e95662c8a0360f25dbf0f45f5e4d212dff5427e8451086ee0a2
SHA512 a031e7125c48a06e8959f62b13e0a10e4c8aa0f5d86cc48ed23f132780d0f42645fc3902281ecd9faa425ca1522a913dd9a0b06d264c420c50a40ed82aab03de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 6f3b7c5ace624933cbcf1b8151bd7d7b
SHA1 5e8eaca0939273a4fde5d77a54b40bb21fbb996b
SHA256 68ed0af5da9ea9d6932e5e1b89b685f1bd59eaa1b8a3a22797ca02c05fd0d1cf
SHA512 47975aaf0063bffe8d933599a79250d9e29f138780cc64649016e18172ced7d6f1c68b5ce1acab64b5cb2d4d8b4d2acfdbebe78105e338d9ef7466b06d562a72

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 594cbfb85b19b19fd06439f5727a0eba
SHA1 5f7adf5cbc2359211ede6ad722b8d352770c7282
SHA256 b1de7257b402d778abdb95b5c0a593bdc36a8a834bc68179ab5ed209fbd0d3b2
SHA512 aa95470322880b2aeefa4e8ea7568850f336fa2f9076ff7c4fc581f396964bf2d24fde1beaf43d91ee3b01e9458911cbc0d4ccd69ae6482c612f6bdf02368477

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 cf1eea09e9365f58bb2067fc084a6c0b
SHA1 3e97fddab1b41231a24ff503c3b088476cf0126a
SHA256 3c07fb51321b94371a3d2e7b54df4fbe9126e78d8466cf305260ee32c43fdf63
SHA512 b5c1f6127f67ec52acd017ffeacc26f45ee68c33ba286558c28f33aeea640958a33954a0c3d593d1c12c14437db94f82dcd387c77b22818cd361896b93cc7a3b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 d4da916df8acefaa7954a11895222cda
SHA1 2785b30641e5ac088c6285b37829762943250898
SHA256 9dc25cdc50bf28cd9c375c86d23e091d113c58359e1a1f79321d3108820faedb
SHA512 cb79b997b4e973880ed9a2c795294b1cd0a3043ed9969a6c409ba06bafb0227c78f7eb9155fc03f73d9ad5906515208f7be7df58f46712580a3a37800bb1285b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif.EnCiPhErEd

MD5 4f9b0f5125261e883b99dd7292a19de6
SHA1 12b28b2c16f74064f5274ddfda607bb0d367f783
SHA256 6f088800af995a74d533f21850c3d585dbe25ce452330877ecb4b1aef8895964
SHA512 c11882bcb6b4c4c30daa7fb972ae372e43bc4b054de073d8fdd1dbfc9d2f1eb8260141810741d911dc9c104cb5b7a3b7b54ddc1f94e3a411660757b2eb1b7801

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bebc0fc167b4241812666fe8b1b85c54
SHA1 22f3036d5ec282b60d90ff21dbb3bc2dd6d4d1f1
SHA256 8629f791f11188c17515a30b0591f6159dfc8d2f2f56cfef2ed6800b8568869b
SHA512 8a772e005393a47db2e85086911d219c5d1db0b53c127add9d24ff3a2204ef68334f65f7e0ff15e525d20dcac366c0b3c0525977d3b5393d64bb00d36e8c5a2d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 49cf41c4d36650215f13d18859ab87a9
SHA1 959fef7cad1228a62f81a2f4e32658c5c001858a
SHA256 752fe23b08546dff5d7be5115e6d8b8309b9367759f1df5fa761446811db856b
SHA512 537fa6759a24fa84d9a9b2e660c1229d2fba9923485de530888cc63dc8e966bba52737d97f2ab7386d54372c7bec5ab0f259a7b5c01d9a98ee270fa97f6840d1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 73694c2cc2c38f4c53e7c14a9bca0e4b
SHA1 a66dceb7e3118acc59e10c1fc1bc6236308ed93f
SHA256 0080c1e34997f178d5627437bb73bd0eea5caefe069f68003dbd8b5354422b63
SHA512 ca094cd61bb7b5ee228e559324ba3c5917dfdf74b0825c70580caa125fcef288eb1386411d9f208204d8063a036137f1f12bfc807fb054f1f33f39c2c6bc7525

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 d62083a5bda49c670148ba33511a48ed
SHA1 dd4f745b61bb0a12f155918496c1b04608e3fa66
SHA256 2bf0408fef9c0e4e57100355330c799dfec60d380be093f64ecf8fd65de3f1b0
SHA512 0de05d6a575da2e4bf2520f09950197ad50394981871599e4c8af53b9c31d3884fa56976a716f38e283fe74e7013e52d3345202ade68f6e94e708f50743a9612

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 68d8f1304e53afeacb25282bc4bb6514
SHA1 f4c1ff12c90500da861c0d11d601f01b8955c9d3
SHA256 1b4122ec2fbfd1514c7aeceed51ddb95f7f98c2562eb168a7b30240b9bf1a5a4
SHA512 b6aee996e60cb167774a064f215991750b5c1095d045f1e44efaddae94d76f41f6aa18e7408012893e6fc546b5ed105120e6eb481bc6d5582318b127a71782d0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 28d2541d78d041dbe11032c073f66e71
SHA1 a9dd58f679dc3f9314fe7f625e4af690e7547586
SHA256 31d7757ebd3ec742093c713491578b04628312fbeb6bd40b41ea124c942c0e14
SHA512 bc2c6edefdfb160dd791e1629948a20c1c21f7ad850450d0a741cb0d961fb1d6d01fd933090235d705aecdcba37e5d608d80965205597f90e0dd9bbf6b1ac83e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b5ca45fe75d7640af6e76a9ba508a789
SHA1 b00f53c5462ea99f5ab6e90d66dadeaa19215f6d
SHA256 c6725adbf4fbf898ede5b63443f6af6c4f54ee68f2fc96f604d31aa30231c582
SHA512 f92c9a82cf3241c5bb54eaa65ea6f7da2bcbf88521ef5e45a491c160c4cc70b1c591e7a76194342f2422ac4ba79e5afe6d9467ae52a2a79d0901ac98c9a31f2d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 eca3bd06305e340d106c3eb6458e0dc6
SHA1 3ca070ff75de6651b48a8fef78a09824544faa68
SHA256 b3c1a74df08e5ed2a0f67d625cb53eb34f610a8b1644a613e6c6ef0b537a9c10
SHA512 060c2dc4987d83ae3da4bfe7e643e28723538d4716d03bf3e9ab4f1b1c5c8f7cc77bca069363e7090145cb8b3a9c2a9b059f85d9e718f0f10823f8f7563fcdf3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5d8ae7bbd9146346f666bb6b851ff031
SHA1 81324e7d6d3a024143eaa60a1a99eb853bc0bbde
SHA256 6d2c3e5255674c81dd8773d3d6e7079f3d52a041265ad61edcd81d50f8ce870c
SHA512 7f86f0234a3f5ab475beb7dde6172fe83df6a2c6f3403e270462ac0c2eb0f186709076c3a2e14de6ba38c9c8df83e92be1ce2f475ec63ae3ee17f36fbc4e298d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 6c7c4cc35baa5197a008c6c793a70a60
SHA1 615b29a0672d3a397fe7a3f91b8dfcd2c270ef0e
SHA256 b78d04d40e5b924063138c1e0e61f95c4480a28b6005fd64e90db37e34fa9c31
SHA512 b0326b25ca8c8d8b41c1b00ca419bf2ee955739042234759f6e0f878f02223fa66c507c0d5eadf8b7c2a2f5c69bfd27cc1dc007de24fe0e9419f5179214120e5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 85812d30d5f2a1ab7d98a21956ff0a68
SHA1 c15064a54045b65c3274da9256be83ea0ec07318
SHA256 b8bddd9d408f08c7a29f72414cde78821c652ac95ff67e42c15e70435eed19ff
SHA512 1ffd5df76be8ed11390aac773522df86ffbc3d48f81e00f18d3521905411bb83fc0c7dff58e423304d8d56a1104b507be5f995e713be913ca4ddf63ec86731ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 51f6e5e27135a77521038ba58fcd8657
SHA1 1ffe6c12154e2b09ce51b011056f1a49a858b8a6
SHA256 41be78bb26f84d4556a6c15ab0bd9dbfa7fc21f118e5b6e9afbe6c482e551c83
SHA512 a041c0074a733d6b445824acc7ca011446e623ab1be7eca0eade62170025bddcd460464ae53b15035d281a0a57432a37878d37d22204f6463bfd93d478d3c92f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dc18e6abf9831c56912bd27086fdfdcd
SHA1 b81cbab69b74de16fa6254cc60a003d6df712aa4
SHA256 07a3140332d0bb96996c48f7db38121793ffa8fb2f3889986ea7812180e0700d
SHA512 c6b08969bd4aa90e2fcd43ddc40a47a529c1b2a9d39c1cea174545cedab9b8c16755c2d8d27c5e5230df1a2ff99dc149b3303c4125d051c3bcee24fbda65a291

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 fd12b5434f0a726c16e0f936ed10a557
SHA1 3a0bd8f2e52a3f510ed08a85aa25addbdafbd0df
SHA256 8f1156d8de52770e7c13953db36fa8b8f3f78921f0548d90d411d36c6c324f55
SHA512 b3ea5ad22e33f3ae635d74b37b44cd6ea88a84a3ea24a59bb19643953483068001227d46a8a41a2083fad7357e8eb55c2995a0f19a5a6aeb6d7025412288be5e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 88d2669eeca06adeb94ea513b26b068c
SHA1 9a72439d25c1d473a56c9589dfa6f212c357b652
SHA256 0ce4c066ac75c3a34b5a6da2f4eef9ddbffefbf5350ded9adf3d52963aee04eb
SHA512 ea3896a23d54c3f9bc0f9baed4d50408a503aee1fae7b25477fe4c15de8f5fea28f6b42e87dc31d021b9c77b55d1df3f0b9fd92e5a98b768a2c6666b1814dba7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 40e2e213542f1daf20b5f55766dee53c
SHA1 aa4161bfc0bccd31c94926f87d381ef99a10129d
SHA256 f100ce4a8d1da029b0ecbd821a57a7ad165fd370c450f015a347282752cb1b81
SHA512 1005d8516e62473de37a2f58fcde5f172c312e3d1037725f105fa0d4ef1a536c4629a5204a96431b8f36e63a2cf908fd761af7ea910e34092fafbea82f5a9957

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 d1315c98252dc6598c6be422fcef6eb5
SHA1 9dac757509b3b37eb5c263aa0948dcb8a439527e
SHA256 0f2267b6661da1ee4c0656d45a8824fd89ea068abe5b8f4ec39475e5bf9fc207
SHA512 a15613f73c38b35abacbf05ce4e31de3073f37d647cec701374f74283b3297f16f4b134ea5cd7432f7018f498d87367766367456371c3cffeb9ad35a174def4f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 c96d636d51313865177bfda5f5064d7d
SHA1 c8e1a6da84801fd38a80c5aca46d475c577ff3d0
SHA256 e05badabc4d61ef759d2222cddbafc02572d9a57a0ff8db578c1159351311f18
SHA512 22bc3555845dde78ee1fec95439fbd6059761088dd91750d7db4d49ec52a8d805ba8af921666ea5b52e52d91e289b36df885b01a608a6d9cf0ebe98d38a03ddf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f2793b7665246f8c3a8b78dae1d34adf
SHA1 bfb8450163d49703d50a54676e2a793f168cf01a
SHA256 1933abff1a607e73c34ee4cd7696359203091d80d677edaf132dbb7a4f038100
SHA512 c7b922a60a3f08ed32e56b4717cea630659af1bdc414c25df5689b9d14c4ee100cf4348de743844ebd096f945cb0dde2383a773f3a03918fd28563a300067568

memory/2212-8874-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2212-8875-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2212-9095-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2212-9097-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 03:34

Reported

2024-10-07 03:37

Platform

win10v2004-20240802-en

Max time kernel

94s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2196) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_9977beff54a96490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions2x.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-250.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-180.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\agavedefaulticon32x32.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MusicStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_24x24x32.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\android-call-monitor-perm-illustration.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_contrast-high.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\185.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\6.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-96.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\measure_poster.jpg C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..yphanimator-library_31bf3856ad364e35_10.0.19041.746_none_faa6ec755f8b9fdf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_startupapp-task-data.resources_31bf3856ad364e35_10.0.19041.1_es-es_d04e614dd8a94ce0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_sensorsalsdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_8d2c517b3ab0d02e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\speech\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\pdferrorunknownerror.html C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\18.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_8f48a1e2598394c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f0befdaf019daffb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowstrustedrtproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cd56c0cb7998a1dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.services_b03f5f7f11d50a3a_10.0.19041.1_none_b3ae3b0143191c93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_es-es_887348a5de2bdf45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.746_none_fbd1acf77c7e8ac8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..riseclientsync-host_31bf3856ad364e35_10.0.19041.207_none_ac38fc33d542b487\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..utilities.resources_31bf3856ad364e35_11.0.19041.1_en-us_bed91589fe846e33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_es-es_eaa6db7a16fb79a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ncehost.shellcommon_31bf3856ad364e35_10.0.19041.153_none_26ae4fecb4891f46\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.administration.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2529c5fada89f25a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..eduler-ciminterface_31bf3856ad364e35_10.0.19041.1202_none_000e3037d7cf3d70\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_10.0.19041.546_none_53749dbb14008a53\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TinyTile.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_10.0.19041.84_none_de79fa63deeaf9aa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_it-it_bb92a664ad378299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ddriverprovider-dll_31bf3856ad364e35_10.0.19041.1110_none_f1b21c499e57b756\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Resources\3.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-dragdrop.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f2884a38e8cb4d6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_8636783e05df6f4e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.19041.1_none_f6e35a697a06e63e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_10.0.19041.1151_en-us_c9f16b25e2c56827\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_d249cec5c17262a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_313c187783322535\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.drawing.design.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_fb831ad6c9e747a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-l..layserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4375057fdfdef72c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmvdecod.resources_31bf3856ad364e35_10.0.19041.1_es-es_1cae96c0529257e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f58df9e51a5bc36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_10.0.19041.1_de-de_81e68877c07e9294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c7a5c07aa28ed3ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_de-de_e9addfd366a145cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7cada8433cebe7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.powershel..resources.resources_31bf3856ad364e35_10.0.19041.1_it-it_c46793fe17af391a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlane_13.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_6204d23dd9c863a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_39580c3d1f32c14d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ntmanifests-inetsrv_31bf3856ad364e35_10.0.19041.906_none_400dbb73197fff8a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\surfaceHubDeviceUser\view\main.html C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.964_none_a302f6630325804a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare150x150Logo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.19041.1_fr-fr_9428f6c528ac917f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\pdferrorquitapplicationguard.html C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.264_none_33cd145286244f7a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_cb9d9e153111af5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wallet-winrt_31bf3856ad364e35_10.0.19041.264_none_b390ddf34aa76759\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b1452e547626c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\SMDiagnostics.Resources\3.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..ttpprotocolbinaries_31bf3856ad364e35_10.0.19041.1_none_5a1a71630d30823f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.1266_none_6ed2b5e6b73e4927\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.0.19041.746_none_c3cc58213e48b110\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-windowscodec_31bf3856ad364e35_10.0.19041.207_none_7efbe315342cdc8b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netwtw04.inf_31bf3856ad364e35_10.0.19041.1_none_d04005f89378a864\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..nt-events.resources_31bf3856ad364e35_10.0.19041.1_it-it_20bc1a267decfd13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..oundtransfer-common_31bf3856ad364e35_10.0.19041.1_none_59a356832789f6cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe,0" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XclWp5W9KAI6fNr.exe" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UDCILLEPOQZTSZC" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UDCILLEPOQZTSZC\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b3eb710de5103bfc386ad9c59d8850f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4056-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 b1e89cb1602840cab5a72e9f8027b4a5
SHA1 365ce96db523ec7af6fd133965f59eb1bab515e8
SHA256 d6aa2633aeb94a577901da646d150941253534702cd5757e0dbe24def133e1d9
SHA512 c8fcca52af576c201b99b2f262f7a2875ce862511f28ea97ef1ae75661734da9564a145cf320353c0b1ee1303284321c5f35b43a1494ca3330389104a57c9f04

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2e5a10b1cdd592f05b9789422dfb21bb
SHA1 9149b7572481fe69eaf049c87b6fad3e22862f28
SHA256 ff23a01137e3d61267c8d4627585de4dc1930e402492707288ad36cc7e1ca1c4
SHA512 3bae8873bab418812561ae621bfa6bf2b160418e17e2dddaee5a68f81397bad32f1b5dbdbe64971992dc52ccc7c2049745f0f3524639871778d04efc3d45c27a

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ca4531b620260bb70a17ea73be453b6b
SHA1 2f1e7c1e4457c960c2361cb52e8b2e66dd14c694
SHA256 b792aa4de4d6ba79130eb7c10d8d0fac3524005351a48193c199772e6f07cd04
SHA512 4eb6a6d004939f674603dd3233bfc1302e33b4baceb63680a6fdddbe741d4723fd351849ef774c2fe09a87a21a507e0a2f8c64de0583f1f4365d5551aa7a8ea0

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 d51f8005fc76749c182a460ce9555160
SHA1 7d3b338e1ea2c3c357cb349e502c643c2c0bfd90
SHA256 d7a736ea818e6cc8c5a7ac3351e497c8aef81b57f7d75f1e89e794045e8e4590
SHA512 3ba7848d27ec0d0009527f63f856c955ee92134278db2a1a3b6dd5b008f64d6ebfaee700258a676a6e553b40a01f7a5e7b729dfca6ef85c21749a48141b09478

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 748d6e96dbd816dc2dcf049335bf4af9
SHA1 ccc1df14a0c7a429578519fde2520c569dce392d
SHA256 b43553dd0b09167a3bf7de91b2382245880fab5933d7bb0ce9f2f6b46052cd10
SHA512 f678280729d05c8369b6da10c7ca37869ecfb2a0060ca948bd76dc05113d069629723e0c399498b2c0e8c9c4076efe2a250a989e6d429d544b76fb92ac3e856b

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 cc2674436fb4b02cbd0bb4427258caba
SHA1 f3b8730de57b282dbb7f4985bfacb5ff4d50e3a2
SHA256 1c0be3f8bbe3021f07ebaa46a25c580f906950749eb6e80149d14c064ae5615c
SHA512 a3bafe98c7dba6cc39a76ff1dbd4b04507351c43232db0a0fae5673cd006d7328c316a9c2ff2b28c457998a13c020015117f2818e4a22789100a2849259e85ee

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 663deebdc7ebe9fd9beb38003f3c3dcb
SHA1 32bb3c72c6247b5a317ce7e090ddcaa570428a6f
SHA256 e5d973a20ef0e617004e8aac3959c80f8a422bf6c292d67f3341e3db38b60966
SHA512 621273ed679279ae78d3a87e890ec219a873d94ce47feef0680a115ac456953af869386731ccabeeaa1c897b7ef2fdfba16e7299b67982aca343036fabbdabee

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 aa81f08b65c6b3327a03dfb6937be249
SHA1 03e850086b9060218a1e16adcb5f5b1a41d068cb
SHA256 081a4fbef77fdff34d542bb6bea7b611cf8640c88bb6843dfb8c2781d27271c1
SHA512 f843210eda63d0c82397626097991295c7e4bdc7b5d55d2085fdb699cb0711663f8fe465a27aab9f620066cc19da37835214bfce2d9bc618c2975d827d95df5d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 5809c6a40309006088f7649f9daaef98
SHA1 4ea25459647d66ac247a33b2b49d9d08ac0bbc61
SHA256 b76cdff2595270811f473c407ce0085a7f49e0da9dd2a1a45927d236ea16f983
SHA512 433a7fc28f050912a474b6714f5fe9602e0a735ce926cdba6a495cec9d0c97eb808b5010cbcb26aac477623d0c6232e3af14906b69bb02a157244aaddc9d3e66

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 4ec5221479cf9ffd52a642be56efa43c
SHA1 a347241d00c1abeff4075f5f139ccf6557bd5716
SHA256 198f42e92a7eef74ba8d45ef2c802c9bd2f1313d6ceed50f8f08bec2088a50f1
SHA512 16574be4631b5e1879c09a0ecde01f4faeae7ec0490ab0a80b97a95b2c81a495780bedf121e4ad406ef68b3c9ba6308721dde7379798ff29a62554c87d72c88b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 5be52b55039ac2fc7cc9f5076a84116b
SHA1 b379ef1fe0272ff0eef36fa781ab0e91e0a6e075
SHA256 1533e5909e77a7726a61424eb1e3c16c4eb30da1719f25a3e81dc60bfdbb9114
SHA512 699a9247e32f8efe0e91ce5bfc398fc3672c9c976273f62856cf7e4e60eac9d6911fe2cb42ae3217418859cd7728a036b1d9455d1b8c5381c0565ae0426fd76b

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 138774a799228aea30cf371c7e07bfd8
SHA1 282a0827701c0c7012512358ced4eaa73494090f
SHA256 2da8e245c291b7649146d658f8a25cbc801b6f07d99196f76b4bd6496598f4be
SHA512 1a1fbcbc807d243c64eacdd28bd654b712d3802f0d5400947ae949aeb28d6d7dcdb9d0130a10be6fc8a2eda3a4d6382ebdec36e94a4bcb40fd762733482a1f3b

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 aa1c537ecc6d38f30f96db6575482ebc
SHA1 ffcc18b502e92a2e6936dc382cca6654b35ed118
SHA256 4a6a98cdc8b2b7c404ef8bdcad75dede61c03af08fcc75896dd7a98b986c2923
SHA512 d19e9a2acbbc4373c9259e34481890fd9d424cb2824b096f6846b2bdd867adede27ba7a84226e7e82b67dcc1dc5588f604c6bdaab04e6c1e723b17796cae9467

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a28cb4c50198cbb3bafe6d0507664960
SHA1 9fb6b14b7ca89d93970dea864aa873fc339475f3
SHA256 642b35ad5567dfde680b3c0caddd4d1000330ff376fb8eccf0b21b12ecae5532
SHA512 f0ca82a6f639e30cc30729b8a432866334a5a88ba1e0a5f48f28efc9c499f6a770c8fedb55e5c5d5c5ac4055517b6817d2ce4344f045937b2328863fa3339d7a

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 af8508ee18ca3da6a8e5a3e7c32cd146
SHA1 3e4795cffe57f599db2103c048502bd4d61d0d48
SHA256 de6aaa2216b1bd177e0a26e15e35e7f6b390cc8a9edcb9545b3b948638554078
SHA512 c28ca56a22ac24d6c3595c7c3e7c8cd3847566f1b4e03d98dbaed61dbfa2b8d4be87dd2c9b4f0d0e584854b37215a84106cfb7b63faa0820867c986ea032a123

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 4286b3c9ffafa6b547e9df3ca0fddd54
SHA1 9be7748ae4317b2399abbe3290fd49a1d5d459cf
SHA256 fde3c1de222c9e99fad7da53f4da6ce58856c413d3b9154127d95cb2b26b8a43
SHA512 c0122d5ca902dee2f7b294ddb0cc1bdbe2263784c8b10fd32832c4a6d46dc2b83cb4a6bf997fedf27e534357d119f7a5160d8d434e1482cbc396420b01899e2c

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 d8022cfccf6493962468d22579a53f62
SHA1 f62ae2058a4ce4378f7efc0554ac8e1a5f874133
SHA256 0be809fdf1729dc45314646db995497250ce6b2b7f80e0823093a9e2c7830fb1
SHA512 624f6ee68129a9a6e68eb93444573f2ad89487102caf6b0bccf5df8b47cbd1f49bc440aac20757de1ca17dad14f7099214903cc0e2eb4209f12cb6bfa1a80cb9

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 d76e85b2b6c3f8af0074d23b27637b97
SHA1 d09853c5259e488fc72ae26c9a7d3dc3cc80db18
SHA256 21393ed3540bc0512c95766c258b9861138a00b16e35629fbb9ffca4d8fe3b3d
SHA512 591a9bf024baa33e3020e56ebad691be62f3f492698db312750d8b69a273b9baff2fb3e8e7a5896a3069abfd53ed1fd4a43ec8292430e29609c233b20e9c2ee3

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d25f35c9d63334e37c9f951513bff782
SHA1 8487a2c802f5a11179583d4b91e005531cdcf9e9
SHA256 0a4bb517901032708d06a9961c4b781af44e9d15b032a1d61559694cf51e94f4
SHA512 aeb45c0eddcd48f2aa11c0fb4319be22772d87b65234a85cedacf259c26d40e586f4b6b16d5897fa6e966345c25bb83a8ea2158053cf6b9c67b225ba13e186c3

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 eeba3f2470f944086f75d54c95531661
SHA1 1a8b67106c0dea65ecfcaeae1a39b870de7a0402
SHA256 3a1df9805d0a228246231d54b59ad9eaada01a66ba339777f8e61869f8bab5c8
SHA512 b88fff565314da3cc21fd8b584608fcb6471e98b60f394cf0a8a026ce7f9613a5b629950e8438f58254720acbcd8e913c03c31d0aa25429621a9b840dd452907

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 1d0a63d9809465a46c7fb01656856823
SHA1 c997760a9525a0e1ac3466751e40e12c879c775f
SHA256 87a34a78f2641f1cfe199ba125822e74df89e343c2784875964e40db8d7d0ea1
SHA512 52e44c4f2a9cd12c4d24dc9e6554ac080bac317c53a1361326230744549cad05f019d89ced29d37af60b963143c9d29545e94629b7a0582aa8b76a91deadf703

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 9074288ee555d8d6e9c008b6fb8f37dd
SHA1 f2cd9a7df721d5b3ae4fa6e8e7dcfcffbddac246
SHA256 392703e7fe28a1d60e5172bce4ecbca1fc6e09c3ac15e4441d8ea14c4dcadf2b
SHA512 87494f0cb40f9f4bec5b4625e25446717428abf6bcf59dee880b585891196ea2cf9d355685aff7fe48c4cf0df5f97a7369a51d71934d0a8b4ffcb2fa58b12242

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 154348b2331477ebd95ac6f004d58551
SHA1 afb5c10961abd76c9a0e01c4b0b22328022a5e14
SHA256 3d0645923a1fc55e6bccdb45d3c938623c198efff19247bea3713dfee9ea7771
SHA512 70627c9e2d64c33e21b7bfbda7418ff4baa4b7fc2298bc79bf0c0c360b5b8a086b01ebf2a9639a2b1f0490976150888889e5c98bd8134d8b8691250904fc9caa

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 0ff3aaaae1ccaa5057434276e03e52d4
SHA1 b496f1e17d9383ca3be28b479f326c153b2dd1a1
SHA256 e98ebe5713c5f7a6779cae7274d941af90230a8b0f677a2a82782a46204d1043
SHA512 056fbee2437b1db71dc2aa15e6ae7234621624b45f8c29c980ee59d7d70e0dae612bee3ed6ec7cddbd60787070ce0e254e0cd0f4e08299895e6333fb8c3c68ef

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e6da400bb55a2490a327a6d76b7bf8ec
SHA1 138395b299ce4969c94428426682ced4b91963f2
SHA256 4225f1e0dcf6e9f080555d891ee01bc5a7130106bf82bcfb81aefeab1de1fa2c
SHA512 7952316a9de86f45c4bf2af5bdc5e4399242582cfb39f82bd8dfdd7dac60b889bb63fc6326a2c377a61bdc9763e2b1040d0983daa2bf9d0014ab0ede5955a4bb

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 16e8ae431af22c4d7795250fb624b29b
SHA1 ac82cae317f8381d2be50c60fbbcc505368093ea
SHA256 c98eee0c20b3a545d5d5fd52a50c96b8ead90c61fa5920f60deb234b90925a31
SHA512 5d326fe2f5444c002170527970a9bbe22e5f37e55c7c14c2d1c1c02bd159c55f638a2a5dd8c12ca6f19b5f7b3dd08a85a2df28ea438a43bf2d002da7d5d2b7d1

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f7189dae5eef0c4cf97ab03a8ef44898
SHA1 67b6830a778b6715f0db0f5cdf2df68c71170f1c
SHA256 a95a02ee6e67fdd1da2b1124bfa32820e10138d608660314b5bb4961181bff64
SHA512 66976e21ffb3bc42fb2c95e95864bc90988ad1cdec73f140a4aaa4cb6089ffcad29e81d141de6f33f58a596978f4c7138f1cf40b108352eed30403d189fbd896

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 ac5c6843196ac957c262508bd9f5d243
SHA1 f83b4d2e739969c98eba17c5c1af6bb8eb2bf929
SHA256 164f7c6923e0c240bb5fe538c6ed05f9b646c40bed4e3915e1d41e65fa2bf719
SHA512 8650f771cb6160501b50dd5d55ef7bac205725bf2f712acd1f2f0e38ca9f8868e9640c1867bef5fa3b3350cb4407d6040058c60f345a2ebb8af31ce212af8fa0

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 4049cc64a88a3cc31e0aacfed3459a3d
SHA1 ebbfd5915cf236b52fa29f1530ee7782d498b066
SHA256 059f722750366d4ad5cba7ff2eb5193ff5a00068ac03f6d9e59b3aca42db660c
SHA512 e33bd83b25513cb53df48068ab01924df199f57e71ab01700a2402770ededd7c7a13b2c6a5a2383983864b5aed0e96f13c36711ad522c4b1c8944a82fbd4d9da

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 88a120ac5ca00b4a01cafb5f987588ef
SHA1 c4ef769f89acbedcd012b44e58e9a7253ed7eb9e
SHA256 69fbcdb000140d0463dbba926258ddcd76643f9b0992c8cdbd76c0ad652c5a57
SHA512 e2b63584a5f86df3e0fd9b6184c211730b44b5c9ac05746aa9f2843b0a3ccce535e20dfc9e62e2cbd357e1e80c431825ac382ac63bf465875e0f81797f6de3e1

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 ee45db3874099d07f9f9f801e8230676
SHA1 05936cfc7e8d08dd3927fd13d6ef5e9bbc9e888c
SHA256 86c58dd94aa19c24ee5f0ffc46706045d9a7f5cb68cce94bf2eba358f3b6492a
SHA512 719fd35bdb74a8d5668143def92e4ed07652231e253721c31b19d82fadfb6052bf3b0527119ac90337819ad7f0196f1396726fd0d8a77888a14cc16c6c76808a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 64f5efc62f533d96225d3b434a788187
SHA1 65208eef84638b2ef2f547e9b062b2ef19872acd
SHA256 199cea5d95924b93206845578c70edafaa549f0abb747fc6ef598312bb924e28
SHA512 570493b195c9bc44e79fa59dff4fb389ee58a1d0a970841c718876c9c07e6e9feca0c5d07d31f58a2c94620d68cae2db6db878060a456557897b70b85f21cafe

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 42a6cd6f8d02652a0f93ff0a00e06826
SHA1 ce4f86540bc0d45132b51d777cfb3552da672060
SHA256 5fb0654a161040a687ed593e1d5ab1a50e5fc0bde6bedfa091a9c537d737b054
SHA512 60f5eed1509d93457794c05cca0a4de0862519852ac213bdb5f8e073efca231efe75130a42ddce45faa057b5d0cad67784b95a276edbc02a9eb011dd0f5784f4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 0737405a688870db58e093aefc9604c7
SHA1 afd4ea1932995e2e914b0ea8caa0cb53924ad158
SHA256 ecba3a4b7166a6fb09bd29bb15249456d4c0f74fbabe0accd6cd1c126b57f715
SHA512 fc51daf4066902a35b69e60c6c32d5ab2f6abb53067cd013154193eac25416562d73658496854a52cf8e385be7ba3d1fc03ccfc3b7b708230237a73560de9fbe

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 9c53f3ddbcd2f61137cbca58e27de686
SHA1 15d926866b4b11ec7c9191febf229f656a81766b
SHA256 2b1752f3f967f1bffd94699b6d7e86fe4b6793f6e66dbee4e8f08a6a268ff745
SHA512 1cc6794cf230b76f71ccb4f47aa1668c54683415e8979b8fc5c0fba9626f38ddcb4e54c20384d136a65be090c513fd938eb87477013d68137ced37ad8f966788

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 949d551c38eb8a4ecca5a99d19139b55
SHA1 5c6ebf9d035d148dfbf2ba246bd6fe8588987e0d
SHA256 e24aa9625da6cbdb2d69b8b732072876285cb58a3dd24d1891a15b8631e318fc
SHA512 a7e8c89e49ddaee2a28283a9dd9ff60f0923ee604f65e574dce1be7c7cc9b6ab7a5787947ded8581921484608623c4830d74e5633d234be02e240f049e50228d

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e8d7350e66f5ab36aec7877e856a2ac3
SHA1 9e6a703e149e756c53e0a66d3b20e699b3ede82a
SHA256 2a7902d6f1ced1db600c2b97216cf07c6940712dfbbb3374343e3cf0cf2d7166
SHA512 f4a2e07ee92fb67d26627fe30cccbd879d9344a3777975cf08aa3b70dfb3d35d2bfbf5578b2c883eeebe8c81b7547871d1df3769e88be5eb74676fd4c3a3c09a

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 b08183fbcb0e63e5d71431c0f5a3c897
SHA1 df958b01088fa2691184e185e49da18813bcf036
SHA256 c7ca587e30df3f582dc55a7d5808c1daebdb435a8eead442e92f4c83e7d67926
SHA512 141b9867b5e167d44a58e383550ffeec1e70a8484b926bb16372d20b92e57d80d04250488fdf731aa380047ccc11aa30083f7f9cb75c6745a2079e3f32dddc0e

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 b8fe381a3102a2228df940ff5db7e70e
SHA1 dc0d031c358efdda679a5f68ea1026ba529d4191
SHA256 eb61b322c34284e2e289d2557c20e8f4ccc231b22c6963ed40f354430372888f
SHA512 7e66a815d88e2b39f62aa6c68efc0e4757ea21881b4bc335e6efe0f18ba88653b7905559a6d15a934663369d957fe5f5af8dcafdbbea956868dc3125a20323c4

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 cd59f96f42145afda52ee8cd349acf6c
SHA1 28518fb8e83a11b4162a73f825209fcb04a05f38
SHA256 1c1cddb0a9b9ca37aa0d7a194e1277993fb66240615f055f63d339053ff3c1d4
SHA512 9c476179eb5d92bdca633cadf5bbbe545a95bc872505a4c8180e828bbe4573fe4f806f530ed411b7f42280cfe4436c6884ae64cbca329e4c5b1bf3eb243f663c

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 1c36e692c6c1f6363b115073b90dfb77
SHA1 a44bbd773d016a59dec56cb518a1599cf73bd10d
SHA256 512f2acb7f2e1e08407b4099bbeea76fab2a8a9495599f2348990a8882b60012
SHA512 2818afc7d8cbccc354873040afdd3982f5b27d68a522ae94272de4e4f392f47faa725d9427858628710fb657aa077dec1c8dd4d7fb63f3d60229f72a7328d83f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 25d923b21e22a8320ad4d55fabc2658e
SHA1 454dc8174205e309c387aa41dfa8f6c6877dc553
SHA256 7bf8a6314643b1d29ab233670def8c581ee87fb63485f74f4dce1fab919d538e
SHA512 19dc85e69b4a401aad8c974ce9ca8ecc9a4ece2becca1df51cefa9746b74195dc0be3183714d90c7e96e5636c79c83f9bebb87ca07a72143214af3eb2c939651

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 789b007775b227ea8b62e07183298440
SHA1 f8abcb9f21623ed6328c9ca55eb7cfded7539a7a
SHA256 1cbe53794fe2d647a58592b3ef588b1ee55269ac8fe37078c42c9eb92bb21faa
SHA512 c6a3aeba17e47115aa5b5fc9b24f446a569e74bdd2e5d102f45212b2eb4bed6adfc1634d98745d2b6648384b320b6907340785ebccdaf976c6b66d7f6db836cb

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5b7dd0be16fae9b16c6c349e7277b661
SHA1 49c51cec31d1d26f10e9d420c74180acf986bb45
SHA256 b1769935efcaca9344e2412d13f2907da55079347ff059201eed069670c348fa
SHA512 b89db529666a285b8bed4562b25387994c029210b3e2ed22c47fe9599587d3f0fa8205c9986ad9ba85b9995363d3b6633ddcde45694a07fb4d102f5bcb6e5fd0

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 8ed3da294d7b7089161e2147fb353a59
SHA1 871af53ac9702c3a05d2b6b925099c842c99efd1
SHA256 236e6e8d2f5e9713a2634dc73a541392886bbe412dd084935d48c0370adc8819
SHA512 7ebd722d7b680ae17698e6c0de7744ec3bbaf664a251ce93d84d5db589afb7117027018c534fada443483617294f1500bf7e960fe4fcb2f82a693847e8a105c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 2293e29731e9c3c60e4d6b7d5ddba49e
SHA1 2d8aae9931ac707a3bce38ae95fda4d891114e3b
SHA256 c39be84bf83466109a91a7cc679be43ab08dbda040e6cf2a9a63d6b2bd1fcb4d
SHA512 90b5e4a98bb2c9ea2d99e3b8258d2a5a07bad3e085e713321ba67445d91e9da636b82bfc8692cf63ccdf5f2f65cd6efa04fc813bea99adfdb67be0155a20524b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 db062901fdbb8f70d36e5af67859019b
SHA1 fa011c127794c7cd932cd1c21b91d1bd52d397ab
SHA256 9769751974b2e510dc1d751ade5b3bccfbe8612677e2fcdb5e43e90da59ef38f
SHA512 0b043aab0b726bb952af1d980a1a6722f3427cdcb285427ab91e7d3ef03053297fc47f078b4dd5d886641d9aa541668ea8e2d8e94bb194b38b1e94386c9c263a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 c3dc5d050310625f01abde607dc45dc9
SHA1 2732f1cddbd43f3500f61e144c43a3ae1ef9a160
SHA256 f944582f4dd64b73421eb3cd51e422efc79099394b20302decb3d1ff2b22717d
SHA512 20261aaa75fa6b4bd2669e4f5c25ad4338899098275fb53e3d4db16f7aa1d2e8a6dfdd72d6b072eea38e6317becb444f5525c3fa6071076947d555ffbf4116b0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.EnCiPhErEd

MD5 3608e0e7b6bca89ba37d510bc9c88df2
SHA1 bf7f6a1c596da156806ea4a592916e2cbaee0044
SHA256 b7e2eb836c95dc1da8080ac2d48a8e571c4449938b16f2794240bbf84912f7fa
SHA512 9de53b6e3738ed3938aace702f6c3b21ff793054723b99af34e4afd31c9a95259fe1fc8a8e7345a18084b93b1a9991e3ba7b64c383ae2127105fc8742e3f9242

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 416f38b8ad296695c565c408786694e4
SHA1 6618921accac17ec1d8ad0e377b6314a30c73c1c
SHA256 fbbaf425b7f24a269a59e4f7649f7f97e436f40760af7455ba8520eed5122622
SHA512 f8d9effd5ddac4a8cd53c3e732e7c7400137f2a7e86b02a610882bca315dacde9e85688514670403526bd7b6101a38401525d29840f72b8cb0ec9a19fb80c430

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e1d6162b2f38b156eadeaf591a29948b
SHA1 74042e3e8c7daf8d2d288f16023157909cb2c4ce
SHA256 cec2fb209e8bdf6ea8fa1c1152b038d295486e5ffb3fb6b7581ffddb9c64fe3b
SHA512 7654da3d4c33dc02762a9570440aa60470fdb81ee53519d8a2f19c00c0ce9d6637dcef2299b08a81a19b3831b243c77e1f9e3877126f6e526c0735577470e1c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f60050c596088a6a0a2ea6c1f7503929
SHA1 f698060a93dfcbe3c28dfd0ee968829880428635
SHA256 b3ec6ce03a30298f2bbd45dd6d49d092cc8f1fb1809f04e3e29654a84e91b624
SHA512 3998b34a6266bb3bede9817115eece0041205db66bed29c958ce484b2faa49e7890fae1562ab00a5667a24b5aab4d99fdc4889cb768f84b38d537ba9e03eabd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 8d2f5e5899aa3e77e2026d928cca64b3
SHA1 6620f6ceca7394755d2eaac84027eed74fc6d4e3
SHA256 9cb77a4bd3aa5f8c2457607ec4f46edcd42cedc05ad4be56b4a7cb576aa5b268
SHA512 aec87605d238d21afc150c53668441046c2bb7f58d55a43656e212ef22b7465d4a9b6493ba02cd530ac14d68e0e249ed38424fc2872bbaf8071c936051eda3ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 b883c4c1de4cab7c745c144a0331c02d
SHA1 f72e73652c72a602a55e8956610dc8ed7dc580d5
SHA256 86503727d2a3328232521a2d1fc328790500a55815046388820414e85d49bfe5
SHA512 f03d4ea1ab7959c990e2d289b41a23b0be7992bfc9f45a45c4ba374ac435573177681f20d6453d912b5ca2fc61e50995ba7debcbdd10c888141a20d9b9d75411

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 2a2754e4127550e8427b6d9e9052243c
SHA1 4d99432ec4a8b664cbb3b188042756c3a6373936
SHA256 fff8b5dfcc0d866ae3bcb3d91feeb62ec61f8a475992b4d9e397fcd1fc7e4970
SHA512 ed73e746439feeadde4229bd2988825cc4c805d3619663abe2d8f00df4918eabd51f29417188a3b6631a03db7e1953d0f169fa30e8c1e4d0815b82731a48fb1a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 8edc77ee2de3b8d85cb7276f6252375a
SHA1 166da5cc92a509bdb65a00b37af1166ddb968cd7
SHA256 fe5a22dbfc7140892a893c27b5aa85e0e32d2bd2dc1663e27ee7c8ed64a9ca84
SHA512 defda3266c34b670bae23cdaa2cb935797f8b9c11be361b428b199ff4e24042caa00a950f91665ebeca0cdf1b3886612225920155efc8f63083a9bdd5c2b0ddc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 450e918daa9a0971fcc6078516ea7018
SHA1 d369407e131f88502ddf89723dcb9762d36b5d25
SHA256 5a8180572f277abde645123f07e7970f28d19b7a2d51ddfe69d02d30af6a24a3
SHA512 5d4f599af8cb139526cfb61451d3c3b179e8e4653db002e3393bb896be1b9af2eab5279b96f85d68c6c78810398664330abea6640a4a482097bf524207a8c457

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 2d4c0b08521819147d6aeeedbe424e23
SHA1 0e767b63c142ec55b9fd48ea0d86eb85d8e5fea5
SHA256 0116d2ec73d0193145a37c794dfc38ca84e0709edaea81bdca034c808eee1834
SHA512 0806b2488058884a87a4ab91d5c4350cd17277965869c7a87c30e0e46f65c389fe9895aebd073158b73bfee5fd392651fecab0ecf5ddbb10908f65b6b194449a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 d98005ae98782d656603950bf842332a
SHA1 42078fe6b3e4755b84291b29d06ca74d86590fc0
SHA256 4e8702f932efb85f9d1bcb0b77fad6e7e416310fece73aa66bff1e057131aa5d
SHA512 185c4c868ae799efb22c655a941f21181815e487275b46a526abd70684dca81e000fb90dcd336c0d63725b41dd5e1bc07406f7eb9e7e47579209f02d4ae03ba0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9ff086f0cf479a1badc289f6859124f6
SHA1 95b811eb6140f2dd7730d0ea3423567793812e34
SHA256 3b843910266a6d10528e05868bd9434e90fb242dbdc1b0144275456a52e424fb
SHA512 47c9f4464a4739c7aec160a9be202c0d520566106048339e0d70726a46e213477d0113c4f1e8db1b0932f519913ae57481e0920253ef28259001dc056c2753f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 162add675d63c0ab247fc025bc1acad3
SHA1 a15cdfa6403b41743b2f589fbfe7812f84ec5a57
SHA256 2c4c7359904e1f593f2ad6ceb48b5c927b848193351f3d60a315a2368b35de8f
SHA512 360fb6f9a1fc75a1affc17bbcaf09212de1729a4ea359862a3bfed0bb17fcd10d87d1eab307dae775d4d651037d86e89ecd1ab5d1040a39470daa0721056922e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 66aa825b65680999d66e0a78d32ad632
SHA1 dd4712a90621e5f323627bb99d9e274ba4adb8f3
SHA256 45f6b321debaa73b1aac8f59ddab517b17931b2e9a1686372c0309dd58dd3e68
SHA512 a6b532af2331af85652a3d7cfa18bfcd51e295663c9ae5ea5a3d42d1a409204f63a9425b20d850b87f8e4627ce0d1534e6af9afb6f117c1b00ba60c90a910466

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 c401055f4214ee424773448f4a74a763
SHA1 9d340cc7ef644bddff67fefab2e7b4ea393e2f22
SHA256 1b8a92a53a0b4673320b34e6f16860f49add6fb6fed31f0283508c571a47c44c
SHA512 b1763d8ef742744977dba46415208138b51c70e364c2183237683b7945c7269eb4d71f469e35643aa2a3cf88629d0722084557c7461984d492a0996d84946a71

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 a878c546badcc7fe3c7929130986a0ef
SHA1 0809998795bcca0a45f42e831b523f571dd8aed9
SHA256 359f446febff229dc1f45f729b7a5f04830a2998bdcc48b1de51635935a5eba6
SHA512 0a8acce913126bfbb5caecc36bbdc940924c259f467d2043495e02ed899deb230269f8cf03f644c63b2c697824ed7d2791bf91882b39cd049c623a1d0cfcd842

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3ef57d7666422eeac21455e10a645c64
SHA1 090c561e8d449f69d1634e0abd0142386adff611
SHA256 9871c6d1e74dda2c4dc14ed440b83cf347917cc12fec601a70a2e9f27e50a2d3
SHA512 e58433ff8de3e4f4c2c43aebd87e8a852f80c993040da52b0fc81521c108f5c9939f29021c1364a3d341707daf874884285b922401fd59c59ac2bf30b6bf86e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f195be86a90151bea75853b832f0ad22
SHA1 cf8a1dc5fe4856b316ed70cde78b9b1a2cba44f9
SHA256 484834399c175b8cf0c1093e69b254e6626c5ee5037497807341f0c2aa49afc7
SHA512 19cc3f64f9b21fda6bedc610076ffe95f395d1b321eadf5a65c4e20e0c359ccbce89f6be0512b0a01fc2b2b051594f48a4ca7aa15a8b55e0dd54e4674995dcb5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e8037be2697105451f2578dd5c8f0c77
SHA1 3f5a74f4f34720321b174e52abdf8c75e7ed1af8
SHA256 2e211e90eaa4fa983c9c3e6d9c179d5591dc856e2e04ac52f1655490ac04b3ed
SHA512 e0270d48f0a05978a15e3cbb5c087416512706299afc22f4be95316948fddd8f95cacbbcdbcee127e3722ff05bb40f870491d72564393b722f85f6a13604f3eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 25a458f514abc8f10ba940ebdfa09f53
SHA1 74c6a57aa61e270765e6880d2a8c47dd4081c1fc
SHA256 f7bed9f4783ec32e7e6f17006e1622bf727756aa9627a64bde85f29120ccd145
SHA512 ffbedc1a85f4a1ac8d2c8c529977c7147058035a12dda4dcd5f3e767206ab2a81ace64f5b56271ded070619569f962f1ea3b4243279185e81fb85ab69422317e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7e6b03551c7c3dba02439629b7cda55f
SHA1 0eef7ffa3aec1b06a167ec8478e8170fabd7841e
SHA256 0dfb4ce39e04415a5de1512d913d8da62f7736579be168aa9b3cf06112f84c21
SHA512 0df18e161a932547ee9fe15adcd29087fe5c5dbe8d81116f5ddec6957aea7ad8fe8151888f83d37d0429e25e884c425065dfb390c9182d25fe649a9b17972f8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 7d05828e20d3508d35f90d4872853ec6
SHA1 aa7c19920fc42427c683b9f1e20123ea93148076
SHA256 7751928c921f2af34006c5bc52c778ddfb5ea2cef811b10ccdeb1e0dfd314f65
SHA512 6f90f26026ad08daad86030528d39a27b0f5fd0a6e22178386c264fd1a9057e5e701ad1c2831842210c7ef9d92836af7a20f13daffba0ff2893aba8729240cee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 51106768ead67ef464f7a02c7b91e2dc
SHA1 20db6243903e930df7e59b20b9fc67362349030b
SHA256 49cb1285066320d7b31f282289f6401679162e96a0f7694cbe9c1914d7224388
SHA512 0c20f96fee04f7cbe5110fcf7fae51b6257c163c3045981978c28d6563bc0e69305d5d2d8e9b345a16445bd01915ca94570ffc0e0ccda373741f11f68080c833

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 cf3e1e38536cb707d85ef67397899463
SHA1 a7612ebe55f9c16ba9cfd44cd8a1a8d0e1423b89
SHA256 afe0dab551b4f7ec3837eac87bc0f4cf96ef52b421ad3e14c9280351c105057a
SHA512 56109c53b2b9e09bd237b5fd89dafbbb84ee39859ac3b526f316478ec4a01868cb128186f4468bdac51fa3634438f217d8c00d60daa75bd369ce4c04e53790e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 3f2615fbe01b0685e8854bdbf1d32098
SHA1 e40f6348632817d107401be10f2e11976849de5f
SHA256 5ad6dc28dbdc2f7d328e755e245185531e49ff545fe3af29d00ea021ec021da8
SHA512 9a44a606b4293fff93363c423b9e1c42dc83f098c50e836522f12741bfff2f04d4513c27bfade249917a1e222ad46abdbb35ca00f3bc39325c2678f36d50daeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 3db8b70dfc1b93c7bc5ff9383357f10c
SHA1 d7ce8cb29a53e819a335c3377517d9714c35ef3c
SHA256 6dacb73da6337eeb487cbb5c7b7ff6bd62ce6c19db4d3b13ea32217cb8caab03
SHA512 9424747f77fb6ad60cba2575fb186ee6d0a817c68a6690bbb422b0b58c62a0af6a5f5c1a737fea4f2e84c4764e5b8f0c7ff7eb28d35775bf762da7b5c5d81431

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 db9e0ba2bf528adf895835c1cb8e43f4
SHA1 a1536edcc95ad6e8a14ec007302aa443d8e37893
SHA256 fe180c7d45f8c28fa140566e2e74d202401356aa7149f18b65dff14771826601
SHA512 32c03e46f769508d0ceed1210c3a95cdac8d0c06365b91326176318e2935b85454b4b550b3a89d3eaee9361419b2988d326ac3922d6db1caab8e684e3c54dd9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 586135ce6abbef400961bdb5a7d94c0c
SHA1 3381ec471d1f5e1c664d99b9fe84869bd23de3e9
SHA256 6807aad9e02500304e9c60d36f54614b6504b7b0be4e46abb8e63e5fe26e9284
SHA512 1020556fea602d19af69d04ea00f0deb60e1bcbff455f68a771aadfa2663d02d5d04e49522b29fcf78d20fcc6a824198aed8ce1f7b461371e7be481514229870

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2d241b34de108fa948363c46c72a740a
SHA1 23c2b7b2c4444087783b113cb90e4ec86287f1e4
SHA256 e9e08221c1d323562b5f889a706ead2bdbf44fc69bb1d4e2fc1a2507fb4daad1
SHA512 499e7fb648684c1ef9b507b92ea987f9891af448074107372660bc963905fc6cfa283de20d66156964b93656725d107249fa6314baf5faf3141ad48682f317c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 8ec6bde8f1579f6d733d5d3589dfd5d9
SHA1 90fd8d6220303a0b5209dff7cd985801d051e971
SHA256 bf9fbb778b2c81cbe9d86ea06c68e73720f7d74990e00f1d30814f1dceab4ee0
SHA512 c4860a1787ae141cff6e669db476208406c89af12ada9d05810826835fdd463205cb24a1bae2bf73b40b073c2baf28438c1a7777043120cc4b627fe428f41ce7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 0bf533f004b7816a490f8b789652a3dd
SHA1 2128a87f423bf1ac44ea91543071c0d161807d48
SHA256 bec8081ec6532ebb9346c6afe6f58822160f353b8add715fe9b34e58aa95a293
SHA512 b44036966372a64d102f3c709324e16074f6bbe863c5e56bb77cb64c6c82a4faf915923b580b08337b7f472654bc2bbc13bc90bb7b0e8177c49661b32f191115

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 1b5c2d24c9dd982d49513ad4ff87c894
SHA1 216930183a2ef7797170a0caaac8d0bd888c12c7
SHA256 8cc1c93a5282b0d3990ce53932065faf41afd9b854c01ed0c70f4faac51044a9
SHA512 db00cce3be93c3760307cafc47dc4db8be3a17a8d5b6d77076464e294cad43ba6448da700d2b0bc678eacbf6108769c7c7fc591bc3d3d12c7bbf177c28cb4636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 fc7992f5e7c5e143a980c787d92e4a67
SHA1 a69fdee375fe69d48bcf643c81f2337a3645d191
SHA256 c428559771edc66aec2e804c47f107fa0ee171ad21daf62d7420634086799187
SHA512 4d187a64451a24de2cf22b5d93bd6f68042a761efdba4857f38eba258fc9dac6af66ec6602b85a7859c3b5f7e0ed0aaa556dd79551ac2d777b7d96e22174ab1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 1854c06b2f80b27cc753451132ad7f21
SHA1 7e87482469383497409f234cbc89d4a85165812d
SHA256 2f94adb13c4ee221615c15b5dc0f2cf07e4a8d54effcbcc7ae45d8756e950753
SHA512 8e969a89a1fa73d7af336b8d36a50f6a1d4a0e5e0fe32e76ed6ce0cdd72d01f30455cd99f2e5c2e8a0bc93422bc09cbcd297af4003b8f7073672a472277f77d3

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 5f13fc3de14d02b9b5a52bac87773204
SHA1 dd53730e783f119d9d6a9320b8e8c24966365f1d
SHA256 266076c28cedd6aba41d03ca4f974c2cf8c5bcb23ae3b97e411ec97fd72b50db
SHA512 a04d4e68a690830ec9c20039c8d8f7a5daf88ad1dcbe6459db535dab3dedd53f301080528e82c7aea84eb42391d5668b33e5662f7a17cd076201fe71d274ff7b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753932944810.txt.EnCiPhErEd

MD5 44333371c0f680ffafb24c14c956d9ca
SHA1 5b485b04f2e24f73be5a6ab095b7e3774b143118
SHA256 d21086b7c4fa23fd0d65fd09c058e8aa1334f519e8006d51e3095cc2ff06f955
SHA512 fc00f0fc7fd39ffe4932d6bac4ff1d23e4f28ea32b0075cbd08c14da86ae6bab78cf3fd672ffd45ad408a1c6cbf11f99133aa6ce80fabb59c386029e4bc10a77

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670756898663578.txt

MD5 d655cda208428c1e747095a802c05f73
SHA1 681456bf4ae9ba772e0cffd5a6396865fc882b6f
SHA256 c4360060c41e96506e5f98d4f3fe8ecf8dd9415b503887ccd41880bd56149661
SHA512 0ff6e790173b6a407327c4709bd76c998ce56dd76e6844889901e43477f7888adac2af911ed0eb765bedbb9c67feb56e601aabe4518823e8dc2390c483530d34

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761648682317.txt

MD5 607a5a27ae45e0045c068d1b2779fbac
SHA1 5d9a7d3667b1cfc982df3df31d727f2cd1356646
SHA256 132330df646200fb8e1ce2763f98d69097007594471f257bf869fc2ceb8031f3
SHA512 2099d6678b9d4c5338b9ab91ad9a56b6bff85f0448e125a7e125fa3a0edf59317463f1b9778078900d8ae4f3971feb01eeea9b9d5a1479374412965eae490549

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764200529937.txt

MD5 bb04639746769efc0f476bb6533cd5d6
SHA1 f9a164dff19b1ee9b29ab732f8f972c94704328d
SHA256 3b444749d57f97c4ddffeaaeb239786150c486a87e4ffd22ad7c72586be21c7b
SHA512 57a5a2657753178279ca90d38ce39448c7edb4d757115596f3e581e5f46562f406114196030fa486dcbb4c61ac9484a243e6d58a7c81aa1e0aa50db2026f382f

memory/4056-6284-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4056-6286-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 5c37ed692d1a144bed4637805ba816da
SHA1 27fb6a4a77b1b5e5eee597ceb2c1383c834e2c9a
SHA256 031409d204e588156667b6680f2c3afc72f0928afe4a5d4c63a4db10755e5dcf
SHA512 954b72e9f2f2aaca5e2a9f57e0376283aedcf8b4a60d70c45bb38a06e39bf6b2fd0338014aeca2b6812cf8b81ad2ab265066c8f4a2393910738ac939c8a24ed1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 4f9b0f5125261e883b99dd7292a19de6
SHA1 12b28b2c16f74064f5274ddfda607bb0d367f783
SHA256 6f088800af995a74d533f21850c3d585dbe25ce452330877ecb4b1aef8895964
SHA512 c11882bcb6b4c4c30daa7fb972ae372e43bc4b054de073d8fdd1dbfc9d2f1eb8260141810741d911dc9c104cb5b7a3b7b54ddc1f94e3a411660757b2eb1b7801

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 73694c2cc2c38f4c53e7c14a9bca0e4b
SHA1 a66dceb7e3118acc59e10c1fc1bc6236308ed93f
SHA256 0080c1e34997f178d5627437bb73bd0eea5caefe069f68003dbd8b5354422b63
SHA512 ca094cd61bb7b5ee228e559324ba3c5917dfdf74b0825c70580caa125fcef288eb1386411d9f208204d8063a036137f1f12bfc807fb054f1f33f39c2c6bc7525

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bebc0fc167b4241812666fe8b1b85c54
SHA1 22f3036d5ec282b60d90ff21dbb3bc2dd6d4d1f1
SHA256 8629f791f11188c17515a30b0591f6159dfc8d2f2f56cfef2ed6800b8568869b
SHA512 8a772e005393a47db2e85086911d219c5d1db0b53c127add9d24ff3a2204ef68334f65f7e0ff15e525d20dcac366c0b3c0525977d3b5393d64bb00d36e8c5a2d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 49cf41c4d36650215f13d18859ab87a9
SHA1 959fef7cad1228a62f81a2f4e32658c5c001858a
SHA256 752fe23b08546dff5d7be5115e6d8b8309b9367759f1df5fa761446811db856b
SHA512 537fa6759a24fa84d9a9b2e660c1229d2fba9923485de530888cc63dc8e966bba52737d97f2ab7386d54372c7bec5ab0f259a7b5c01d9a98ee270fa97f6840d1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 d62083a5bda49c670148ba33511a48ed
SHA1 dd4f745b61bb0a12f155918496c1b04608e3fa66
SHA256 2bf0408fef9c0e4e57100355330c799dfec60d380be093f64ecf8fd65de3f1b0
SHA512 0de05d6a575da2e4bf2520f09950197ad50394981871599e4c8af53b9c31d3884fa56976a716f38e283fe74e7013e52d3345202ade68f6e94e708f50743a9612

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 eca3bd06305e340d106c3eb6458e0dc6
SHA1 3ca070ff75de6651b48a8fef78a09824544faa68
SHA256 b3c1a74df08e5ed2a0f67d625cb53eb34f610a8b1644a613e6c6ef0b537a9c10
SHA512 060c2dc4987d83ae3da4bfe7e643e28723538d4716d03bf3e9ab4f1b1c5c8f7cc77bca069363e7090145cb8b3a9c2a9b059f85d9e718f0f10823f8f7563fcdf3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b5ca45fe75d7640af6e76a9ba508a789
SHA1 b00f53c5462ea99f5ab6e90d66dadeaa19215f6d
SHA256 c6725adbf4fbf898ede5b63443f6af6c4f54ee68f2fc96f604d31aa30231c582
SHA512 f92c9a82cf3241c5bb54eaa65ea6f7da2bcbf88521ef5e45a491c160c4cc70b1c591e7a76194342f2422ac4ba79e5afe6d9467ae52a2a79d0901ac98c9a31f2d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 28d2541d78d041dbe11032c073f66e71
SHA1 a9dd58f679dc3f9314fe7f625e4af690e7547586
SHA256 31d7757ebd3ec742093c713491578b04628312fbeb6bd40b41ea124c942c0e14
SHA512 bc2c6edefdfb160dd791e1629948a20c1c21f7ad850450d0a741cb0d961fb1d6d01fd933090235d705aecdcba37e5d608d80965205597f90e0dd9bbf6b1ac83e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 68d8f1304e53afeacb25282bc4bb6514
SHA1 f4c1ff12c90500da861c0d11d601f01b8955c9d3
SHA256 1b4122ec2fbfd1514c7aeceed51ddb95f7f98c2562eb168a7b30240b9bf1a5a4
SHA512 b6aee996e60cb167774a064f215991750b5c1095d045f1e44efaddae94d76f41f6aa18e7408012893e6fc546b5ed105120e6eb481bc6d5582318b127a71782d0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5d8ae7bbd9146346f666bb6b851ff031
SHA1 81324e7d6d3a024143eaa60a1a99eb853bc0bbde
SHA256 6d2c3e5255674c81dd8773d3d6e7079f3d52a041265ad61edcd81d50f8ce870c
SHA512 7f86f0234a3f5ab475beb7dde6172fe83df6a2c6f3403e270462ac0c2eb0f186709076c3a2e14de6ba38c9c8df83e92be1ce2f475ec63ae3ee17f36fbc4e298d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f2793b7665246f8c3a8b78dae1d34adf
SHA1 bfb8450163d49703d50a54676e2a793f168cf01a
SHA256 1933abff1a607e73c34ee4cd7696359203091d80d677edaf132dbb7a4f038100
SHA512 c7b922a60a3f08ed32e56b4717cea630659af1bdc414c25df5689b9d14c4ee100cf4348de743844ebd096f945cb0dde2383a773f3a03918fd28563a300067568

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 c96d636d51313865177bfda5f5064d7d
SHA1 c8e1a6da84801fd38a80c5aca46d475c577ff3d0
SHA256 e05badabc4d61ef759d2222cddbafc02572d9a57a0ff8db578c1159351311f18
SHA512 22bc3555845dde78ee1fec95439fbd6059761088dd91750d7db4d49ec52a8d805ba8af921666ea5b52e52d91e289b36df885b01a608a6d9cf0ebe98d38a03ddf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 d1315c98252dc6598c6be422fcef6eb5
SHA1 9dac757509b3b37eb5c263aa0948dcb8a439527e
SHA256 0f2267b6661da1ee4c0656d45a8824fd89ea068abe5b8f4ec39475e5bf9fc207
SHA512 a15613f73c38b35abacbf05ce4e31de3073f37d647cec701374f74283b3297f16f4b134ea5cd7432f7018f498d87367766367456371c3cffeb9ad35a174def4f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 6c7c4cc35baa5197a008c6c793a70a60
SHA1 615b29a0672d3a397fe7a3f91b8dfcd2c270ef0e
SHA256 b78d04d40e5b924063138c1e0e61f95c4480a28b6005fd64e90db37e34fa9c31
SHA512 b0326b25ca8c8d8b41c1b00ca419bf2ee955739042234759f6e0f878f02223fa66c507c0d5eadf8b7c2a2f5c69bfd27cc1dc007de24fe0e9419f5179214120e5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 88d2669eeca06adeb94ea513b26b068c
SHA1 9a72439d25c1d473a56c9589dfa6f212c357b652
SHA256 0ce4c066ac75c3a34b5a6da2f4eef9ddbffefbf5350ded9adf3d52963aee04eb
SHA512 ea3896a23d54c3f9bc0f9baed4d50408a503aee1fae7b25477fe4c15de8f5fea28f6b42e87dc31d021b9c77b55d1df3f0b9fd92e5a98b768a2c6666b1814dba7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 fd12b5434f0a726c16e0f936ed10a557
SHA1 3a0bd8f2e52a3f510ed08a85aa25addbdafbd0df
SHA256 8f1156d8de52770e7c13953db36fa8b8f3f78921f0548d90d411d36c6c324f55
SHA512 b3ea5ad22e33f3ae635d74b37b44cd6ea88a84a3ea24a59bb19643953483068001227d46a8a41a2083fad7357e8eb55c2995a0f19a5a6aeb6d7025412288be5e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dc18e6abf9831c56912bd27086fdfdcd
SHA1 b81cbab69b74de16fa6254cc60a003d6df712aa4
SHA256 07a3140332d0bb96996c48f7db38121793ffa8fb2f3889986ea7812180e0700d
SHA512 c6b08969bd4aa90e2fcd43ddc40a47a529c1b2a9d39c1cea174545cedab9b8c16755c2d8d27c5e5230df1a2ff99dc149b3303c4125d051c3bcee24fbda65a291

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 51f6e5e27135a77521038ba58fcd8657
SHA1 1ffe6c12154e2b09ce51b011056f1a49a858b8a6
SHA256 41be78bb26f84d4556a6c15ab0bd9dbfa7fc21f118e5b6e9afbe6c482e551c83
SHA512 a041c0074a733d6b445824acc7ca011446e623ab1be7eca0eade62170025bddcd460464ae53b15035d281a0a57432a37878d37d22204f6463bfd93d478d3c92f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 85812d30d5f2a1ab7d98a21956ff0a68
SHA1 c15064a54045b65c3274da9256be83ea0ec07318
SHA256 b8bddd9d408f08c7a29f72414cde78821c652ac95ff67e42c15e70435eed19ff
SHA512 1ffd5df76be8ed11390aac773522df86ffbc3d48f81e00f18d3521905411bb83fc0c7dff58e423304d8d56a1104b507be5f995e713be913ca4ddf63ec86731ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 40e2e213542f1daf20b5f55766dee53c
SHA1 aa4161bfc0bccd31c94926f87d381ef99a10129d
SHA256 f100ce4a8d1da029b0ecbd821a57a7ad165fd370c450f015a347282752cb1b81
SHA512 1005d8516e62473de37a2f58fcde5f172c312e3d1037725f105fa0d4ef1a536c4629a5204a96431b8f36e63a2cf908fd761af7ea910e34092fafbea82f5a9957

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 ad9c6aee9438c5ffc6f573a813e8c9ae
SHA1 3f687691cf85642bed690a70c237a7fcf9024a9c
SHA256 f5faab971be2c7c2d81d634fbd38ef4bf650f107507f54c9ffcf5af8415cdd97
SHA512 a569a1a851576ce70035be45d7f5380829ff30ab4e1064a28d2d27416a616cf34f1039f0147d9b10ee0cb51840afc8cd28a461209f3e1efd3b956cccddac68a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 cb42dfa1ff609095b3d788b4aa5eb4a8
SHA1 d9aaa4dab44e7c4d47da2a411b4a119f023baa67
SHA256 ba558ee96be101cb7485e4b3a69eade7096949eabe6d3af9876d5b6035db3eff
SHA512 b44665cdb9a444150950890da5adff5eca7fdc9bb6e470d30fa92d1ce5e262c3d95a1071c901632d70bac3de0772002bacf78dd020857aa926ce68c198729029

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 37046da1a985e2f22d52a0251df7932b
SHA1 fdc95cb583e98f0a5d2a62c1e7b13794c4a6b224
SHA256 484999ead33a717d3cdff5738bd20c98c60cfbdd86657ddca96709b04448c94a
SHA512 e16eb64788627eff7f775fe542a6b7099156bb36016165dc33226902cbb97b2bde6083507c0e222074b8130bd22428c6883e147085c9703190aeba0a5400e41b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 78e4ce439c1938adb9250891a43dec13
SHA1 17d33f1972c778466fac1858b2ef2318e6cfc0da
SHA256 13ee95b6ff9baa7202874d4b122766fe08b34a0419764815326e74135a3dadde
SHA512 a4d4f997dc1bdaced50a800ed2a326e29424d463326c8bdc32b3860bd83d812586672f07e805730667c0f90a5c2a3bf11b45203e560f751ffae2327c49b550f1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 26ac658f7aa2b88db45a9b08cf0958a5
SHA1 386769f0c824caeab8c30da438de6e05a557566f
SHA256 a124ca4fd3dae5a64520fb2b5e282f144d492fffb30f3b8ed4292050e8274d6f
SHA512 eff9ac3defc63980d54b015abdd28d775cd4bb9e87517ef879e74921fae0507d8909c74f0ff30fc6a92150e0d4b4e41f74bde2daca4acd009e6ce28f7eecb361

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 005ea6be9868447493983d4441ad00ca
SHA1 e09c8e422dadeec60afe2dd7fd9b17bee56ca1fa
SHA256 6edf596368ce3b85eb1e25ccd84b4cade497c87230ef043011ebf673d412a4cd
SHA512 d1a41686a65dd7e2b8a9e94e537f7f2825e9b4e6961413df1c463b98605ca1c98926d3c70b80b46535d24871a45a6d3553a7f4356dc9a94eaf2bc0d20817b0d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 a193b6e57654f71c98c1aeb7da63b971
SHA1 639fc366274f328b7b776955d6490ebceaf4b596
SHA256 33a251a51a10922d993e015f5e1dae38ffccfeccde9dc05b82472aea06316290
SHA512 4204f7dd670399eb706e653a630753626ae1c95107eba7ca4b41a97cfcf8726576692cee85b0d8aabf8e6136a5e55e79c7fedd69d17ed2185a76887c220fcce6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 e6891fa6a65a4470ba1ea0bdf2b978a5
SHA1 cd17a765f2bb356fc2ac4628d4a53fc498f97db4
SHA256 321aa4f5b74d871eabd896ee7b71f10c77d4c40e844b7da9aad28832c333dc75
SHA512 ec11cf51fed5bf42b196e17ea18f7d7a5f724e6a85a6c70c4367f561c054e82aba711e76bfb1a0fbf9016dea0dced4d457e61f2168402d09bdc21ae15894b064

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 90d84a5334bc97b52a2a58908b1925cd
SHA1 25d3a145a3bb4b48206463cf47d82c55f43435e5
SHA256 8f27a35f6c4674237733a8725514430c0455ea408e2d7c4978add8c7f84f446d
SHA512 30289d087ef7c7eea10c24f3aa2a15787aa80ccd790d86e44cba8c4f6f5d4fdbc359b1e6988b91bb411198ed175ba6399383377acc789140262267bf7526881d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 15f21256fa0b098934bfd7d91cc5767d
SHA1 b1d40e7b211c7cb20ec5c2ad8cd666025d1be690
SHA256 2483244f88ef188c44d8a669d81675e2a9237005a4903bb29a21e7d76aab31a3
SHA512 66e569e983e0517dc376c9ed704e2544c0f868207d5296af0cc72acbf51a707d4b146c06b0c0a0b6746fe094fae74c47ab56abab080539a1bd25e310351743da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 9fe923e560d341ef4a2a6a80bae6f85d
SHA1 4a8d06903aed9a31e9a55e8a7884a1e779a30560
SHA256 9ddc7bd8e8f7678f3ce0070feb56be903e824904315e5fc05da8ba3c37267f27
SHA512 7a0b4a71af7c68d651e8aefc1409556f6fcf4ad3d2e5ac82d1be8c003b1b7cd55673966b20cdcc8c9af4564ad3cd019990b9e45a1d3a4a4e5f8d6d74e410acb0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 09771d02d3b719fd9736791cce757aed
SHA1 aeaab532bfde6b5500d79977054827fa95887844
SHA256 9f1a3a441dc8bc99d7fc7c7e6ac91f1f0debd1914569f68d0b7156d311d4a7b4
SHA512 c68225e917645f002e9f3f6a69c58e4da253a4d53f7f7eff8c55fa0f85851b02f80b01fa378d7f220530f1d61ae427cae60c8ab44ccda0c38fd2afe63bb0d43e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk.EnCiPhErEd

MD5 adec697caa152653897ce88c0638e473
SHA1 cc7bae02f03fe045e307012c0688d7dcab8619a8
SHA256 a96c19632491b97b32c3969a8b9aa51cf7011458812b2a61451b866efa8a27cd
SHA512 011fd7a9944cb89e6e6247c0087e0d2c7fbd63d9888aff896e778c0f2cd9f73319b6f4ed1ea89950fb4133bf3b12e546806b83c05d0cfd52c678eb546389f236

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 69a9bccedf1ae0ed882bc011c774a6e3
SHA1 dfddafc7f0d23ec358517f8fe1b837f350107a6f
SHA256 34a2bc7d207a8723e58bdd94240bd36a702a2622a4fc6b6c5677bc9baeb3d112
SHA512 5a448aa3b17248a3bbb034442b83ffa3955d94106346e48ccb0e23caf6f43ba83029cb3a3dd4f99f376c1c320e90dc05e2046f138a9fd9850f64f31aea2e0ab2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 67f5f70953f9de4e8363549a7caf3b9d
SHA1 135aa4b1ae62d9cde5970d901000b77eb58a1030
SHA256 8cedc114cc1519753c4ea79cf8675df104de9583c1c1b78481e14e802e6bdc06
SHA512 f8976a8deadaa4ace469e573bb9719edf81be3b5bfb18c8f21e410bfe71ed62dcd0956f345d7c2cb3f3ae7704c9d29a7bfd4db8a773f9a5759bef5bbd06e6525

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 444c42a216ac42dacd4642265df72e10
SHA1 1802463ea3baa8d7c71ca89043fbdf96c58b44c7
SHA256 eadd6926cd8f40b72240aeccd7a32257de171451eb7f16202ee4954f769d611e
SHA512 67a87f40f74ef8bfd95327d543d3a1e1dc34d4b9f36416c1937e740977a19b533951240a557c83e8c0352387c26c61fc8869a3e31154e05b8c4332293ec39c2b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 e6c98ce531d86fa2152000327661d475
SHA1 41aa6b06f4f69c44ebcbc075f19817fd3b6f8761
SHA256 739cabd38cb3c1146430ec4761e0319db499d94688f104f096af26f2affa1f25
SHA512 b253514a60692174f77adee452b0f9f2904b0b6736c5e5346042784b187f9c06229a0b671e667a360eca93b405a0c7d4d3a0944710578e6cb97883909c7de5bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 1fd5ea19fb0247878527c35d2d6cc10c
SHA1 ea28c5f19ee4d6fc025478d84e2a9dc1488c343d
SHA256 0a149e722a9a3401ddd7dec98c7893f92a01591e9f70f6389bbb4806232d2864
SHA512 02699d7b1696a70d430eddc04ae9b1ba9560e49a495f34e24f4d18c91c43c9459f2d4ba80f0aa74dc0211085a310d9d5552ae10aa4f1fcd533753097e6177881

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ef6870786621d4fd1704668da9d386aa
SHA1 f07053878e3f295f189de4331134c6818a2d6ef5
SHA256 c267d7eb9c30f110e9a40feb6e9c7cd92d6fda2ecd635f90a8439d836c2b9e57
SHA512 f5ce81ba1720fae422726d1637c0aac746a061c22e286956c4907d88be4a89d95bf49e7aae4a168684860894f760db43364fa373ae937e4dd5ca840b04732ac8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 74d4810703b4ced60ad45f73e85b31c3
SHA1 af241299eba94e1a1c039adf72f528322ac26423
SHA256 8b6861a5cfed39ffd51ebe1950b2d888b4f81f789638f313814be4f554442525
SHA512 483e1dcbfcb955d3896b53713b71fe4c6fd885d2f06603cb6c69613a764f8902db7016d5148557c1417e152f9c102334fa682257ad14bba2ba01e173014e1a59

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 432f502111c46680916b20cf2d806b14
SHA1 7f05fc55a9840202e96ec6cdeedd752fd4ac15a6
SHA256 ca44b05f5eca6e9f579102b4054be1a47e50f392e76d991ab09129ce3be667af
SHA512 d709f3eb7d2686f5a21d564351b29c10f48f34a0eb85fea76bcef4c29a7fc91521988fd1a5d2323db101b220103d11cd47bb09145549f62a5dc102c98d74bc6d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 0d861b0be6ed00053dec939716273cf5
SHA1 74cea190a8ee59ca98eef715b9d0901fcb46387a
SHA256 26b92eb843e98847456e1536bc23f11fd0eb34ea0e137ad3af2d3f6e1e203159
SHA512 a377ae58a800248f04572c91a129718b4ae00c691c76f03983ed76c0d42b46a980604ad5d81ee254e553abcbe96a676207cffe5a8c0c71250269e9920e16d023

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 c4c771cb25a542234129675f421b63ae
SHA1 ccaa1935a13fad4f50949681d6a5f88082f2315d
SHA256 d014b7f6e3d3934be5d94008ed5c27da06dd8fda2391322a0079c76e5996a9b3
SHA512 97724060365c097911acd6a1cbb522b840985cfed33a48e7e08ad7b8124c62be7757c83c145185f844e5544931388abde6ddaa0f49c96a5bb383bdc9e70d0794

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 58908c102865ffcc1ecc74c43988fbc2
SHA1 fa8cff94a0e6bf6989ccfbdf200bca4bb07aca41
SHA256 1c180ae716592ca6c5f9b59a386fa56488b212e03bedb976273c1b50758c192c
SHA512 3f1733132edb23a33419bae42389c3d05ac7b57946037825e80f003e9062a511d3c4019f437f8933fb386fc8ec992efa6dea208f237fc10aea2b2d8f623c90c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 6cd00e12a85d27dc373658641734a20b
SHA1 92d8b1dbb7f5fd448e7a79d0d489b5fef7d2a44f
SHA256 ff4ed444babd16d52c32ea6c0838f292a6934b6e996afe82c9180688af656267
SHA512 8877ef5539990fa5cfaaff11e6575ab263adbff9822b587f22128270671005564c619c8744222cfaf639540f4cd1eff266738e92280e63b4b32eaf5da070d17a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 eefac2cbe8c8acfe9b89f13a69ff364f
SHA1 13cbe7acaeb6b9e3749ecbcf912f1d35920e5e50
SHA256 527d17a04d8e82f934d04e8a00ff2e9c846bd06c3c7be7063d73ef53168c4f64
SHA512 8a9ca02d05124e299a799f6715bd63c303ea5d10beaeae6ed7c6e793232ef8a4213e29f1bf5321c5cd6966216f0792d407b0f45f3b7d80b417ec991022dad1f9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 90e0236eaa33385ee8c53cd6a3a9458f
SHA1 da7bba758091dae313f5794a6f83a019c40fe406
SHA256 6f4047df0a368a386b3687ffc8e7c2d7f8ebe6050bb1022cdca4d48beccbdc4b
SHA512 c1fc4076add2aa5664a6adeec04c276a03a99a41e0875bced118b462bf9b75e96df8bff42c48835887dad0da97ff7206097a7c31fba33ae82036da755df5687c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 3a46f7f824cf47784ca6094ec6702013
SHA1 1c2541fe0d21e96a3c553aacc314bcb1b84bcacb
SHA256 038aa1322c6df282ec00852d276b86558ddd7d48ae95e051d6314ad408ad5dbe
SHA512 3f8e859f337b8c00b54d6415c583b11b5611199551f067cc7d5b37535f226a527a7f4d138644f050578d35aa76bebfc03ca70dd327c63f81f165c17ee6420eed

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 433bb3b8da749aa91c412b39a9a4d772
SHA1 6303e2ec28366215ab04d68126599c502fea0ab7
SHA256 3837027bab8c839b5bfaec96843f9de69ac00634cf97705d3a95c67db0cfaed9
SHA512 26d36192e6584a9ff5eba90690c6d6e40ac51ec172639399cea6693bd5556c7528d5f90878c954648b141641ea0cf830912a73537ff6367611bdef3929a89fa6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 6d6c0f7093b0f3d37d02c2c65065b99a
SHA1 22ee71522cdaea841a62d7163d21298707c9008b
SHA256 465cf6d62c8f4cf7dadb3288139bde3f28e3afbeccd4b74e1d9f9c52960b8505
SHA512 ef5c3d20cc8dc43430508461c264036753ed921a4dba58d769b928c78be278795bae200691dd2abb027e285103b28308b27f84953fe9e0805c828180ff7272c9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 83b068b8d778c9135a94fa066d0d04b8
SHA1 27a94444068cf6256c41a7df03749a4ef10081a5
SHA256 cfbf4ba747f2cd1a702052ee0e27b1e2c9f6ec3888210d0512ba4c5e03b36377
SHA512 13e7aa3fadc4baf02c734bf68dba48bd8d7f90684cc2f8c695e9820e9fa3735d22c48c9dce98fec6068b09a127970a7047d1b55d58ef78999fe022868d23f05e

memory/4056-10547-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4056-10938-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated.png

MD5 c67a95742e9a3ff68142ec360ef839b8
SHA1 a36e89f1ffc2b8c83fa58d50fa27530a7a77f333
SHA256 b68fd2f6918e306fb8ca6960393c6611da7ef0981e1c9940ee1b7d1412725680
SHA512 2fd6ba319d3ef33d7da85bf244b53ec1cc764c3048227d72ee05b91b26b4524e6d9cc23daa67796782625ae063dc35ca6418a65ee3a55a85638fbbaf260a96d5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 f7ec436aba1424fb5dc205c3d0552588
SHA1 b927e9d2a88d1df9ea7a1dd2e901c072d421328a
SHA256 a10c3c0eceea8325abfbc8b18b541d80dcb58fbafc376bc9d5e0920e3e0cdbc8
SHA512 d52f9aa1aba403a6386703b21569bb7422352596e46fbd366e9b8feb9bd2cee302157c31b5e3144e43018bf813b478fe37b6d19f5ed4134785656d34417b7862

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 135b4d06942ce248cad69407cc83a4fa
SHA1 ec6f6b5a989f5cacc5488505544ccd02d94633b4
SHA256 5946dca4486044a463ae4afd3c5a4a03686c5de96ca3ad5df7b134a1a319aca5
SHA512 1512ae256204ba10d99544394960395f10250dce911ddfcab3c3e955a26b4ec99dbf9fc4923e17e8061b35c83b18b358996afa6a3469c2aabd3bd3e7f04e0ca0

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 840d6d225af92572e57a3e109a6feca1
SHA1 6a4db47cbc5d038560bcf56e39fdc9d3c2796c61
SHA256 0dadb1e64306d990e5c52e557349a568b9d38b82f2900f3f39ecc010c0717269
SHA512 7a155e3f594745a8294405f362a2d1b9ed4c829c4b970ddef84e1ef4dc283b7c5c3ab4ba97fbe003b55ec9d8f6d832fe64d8627bff5d144ae5a11345872b61dd

memory/4056-11271-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4056-11272-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 b193b4ea6cd4ba96a66591b0424377b1
SHA1 47305a106866fecdd106a278fb669097a9f71006
SHA256 b49d92bc4b8738cc64254a248c72c5eef95fa67fc56f469a83809b72218fff2e
SHA512 a94bd816222e60475361c4a3cb15e3f5c0caa8b9571f0b16f1302ea11dfd068b11baaf7c641392c0666a12c1c63deafc29d0e8e97b553faa2e53a10e15111645

memory/4056-11277-0x0000000000400000-0x000000000040C000-memory.dmp