Malware Analysis Report

2024-10-19 10:43

Sample ID 241007-ztyjnatcmm
Target 1def9a900a56445340184d0403357d4f_JaffaCakes118
SHA256 2443e9a982e62ad116f871f7133e9276d48f1c84a0663c17d6a6a1348efdd552
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2443e9a982e62ad116f871f7133e9276d48f1c84a0663c17d6a6a1348efdd552

Threat Level: Known bad

The file 1def9a900a56445340184d0403357d4f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2181) files with added filename extension

Renames multiple (2211) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 21:01

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 21:01

Reported

2024-10-08 11:52

Platform

win7-20240708-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2211) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_neutral_407146dba80d1566\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_neutral_1975687236603184\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_68988e550e69a417\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\EXPLODE.WAV C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8F.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-class_ss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_28edda75bec5c04e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2d711b631084234c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_it-it_46e7f1f4bdaedd67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_net1kx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2451d80ce52b4139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-mulanttsvoiceenudsk_31bf3856ad364e35_6.1.7600.16385_none_75c520ccf1df00ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_cloudy.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-13.htm C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9b84a779e457f3e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8a2dc19c51d102b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_6d67606a112afa9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_55a5838a25a5fe77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-media-mp3acm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_872be93eaa9f6a40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.1.7601.17514_none_597476cfa608388a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05a824ea7447f385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-adm_31bf3856ad364e35_6.1.7600.16385_none_893d90cda53294d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cd71dff5a132d2ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.Writer\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\curl.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67dc559c08dab90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fbc641931b6a7d77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-notepadwin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_81c88c3faef544a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\SpecialNavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..c-usb-rpm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_143c71aed140e65e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_647fe89caea2a08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_70897adaf67ef72e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_de-de_da3238e0b81f7561\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-3.htm C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba88bec7f5c72fd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..simple-provider-tlb_31bf3856ad364e35_6.1.7600.16385_none_c675e5f221bf8d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_874b0738fb71ce09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmneuhs.inf_31bf3856ad364e35_6.1.7600.16385_none_22b2d74734caa1f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_55486069e967bd79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b502a62ac370cd05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_43eea28fe31c4968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2ceb4c3f8f31bd2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-video.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7c8b1147a98de824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..c-results.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b334020d5d61f256\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.1.7601.17514_none_8e41636aa94da31c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_de-de_87d88cc81f420418\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\setting_back.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0a615764d5644890\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ompat-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b9f38c8f575e0175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_amdsata.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3ea4ad375858b344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60a91f8ca6165abb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cf881ed50c2b4148\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.1.7600.16385_none_ec90596b8cb45ecc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_de-de_291eb1dc1e8490a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5ea8eb97e1637fb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Web\Wallpaper\Nature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XMETOVVOBKTPXKF" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe,0" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe"

Network

N/A

Files

memory/2660-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6387701fbe1898c05075a93730b640dc
SHA1 f26a214d2728ef18f1b8121ebd0200bd13104137
SHA256 e06b94455815843a9edf0a86e586ded641800b97d8f2449d663984fba32def6c
SHA512 eb447b88454903e1a5f822fe9a0a8b432e362ce01a1a415adeda6957a5b6f62a231ec045b5f0ad6ec254476b01bd18cdc857e74c2e462ca72968b27d34ca3c6b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 2535eaafed7a3467a912fe3852d97bd9
SHA1 9b006486411e3828e049aa83da0f19c141864b84
SHA256 7556b0ea9adaae8cec8cddc597a7e7b388f4647e92ecb274ba76addde6ecfa1c
SHA512 ffba700d597aea94bb43d5e45d415eabc21acecaa111f5618af506f736d780228c3da5f6a0d6a327f606c64ddda29718baec160756c3466735c24b3e2a1dd9b8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 1032e89ce3bb818e8b10d490b748e092
SHA1 6bf07bdbdc485302a1dc523bfebfcff6d8c361b3
SHA256 e26c260eea800a8217e2dae3e63cdd1235d0844da004f98b9b0e735cc97d5802
SHA512 a088b54d29f1de7de874d854cb8046f287dc35ece5d429364acaef07c5faeeb17983ecaa732a0a7b391be554cbaa2b2d47a9b27d6ff165263943bcfb0defee51

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 26acab803741d160be2dcd4933b056a8
SHA1 c4f51fd864f59b17659876f3da4862a88a0ca5f3
SHA256 96828ff55eecdd657fb4a01da7493b24b36f33a0fcbba9b9b3e90fb7029f8774
SHA512 d94b9686286702d4b7697ff31a91bed17b58c21f96c998783f10e9bf008ee1843ac6c2663f1b763b3c178231da8a2a277f8e7b3c1c87949261dc2d4da40ea3bb

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 41f62e4452c62afa0451bd8f6e54a302
SHA1 f59b14a19a2788ff6eb6866c1d9939f83c4a7200
SHA256 26664d2bb87eed5e341af0746e9a8ac094baea622e1a31a9819aa2f3ac7568bc
SHA512 5f3a687aca1bf7c16835215f15f889791714f001c769139cd475d5575221e56132eadfc5bdd76a66a8e4a13fc3ad2a60d9d1ce8db71a6045d8635c379f0d688a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a62932faae12e376b67ffbbbf83b7f52
SHA1 b0b8ce8ce335714eb07a3734bfdb843eb945e897
SHA256 d9d5d7284c33200efaae9ea642dee19241ce8e60ff0b32f271d84b93de6f2711
SHA512 12dabab6a65dbb646d33aa4ca24c318b1f146ca7aa92ae8d74f2c988935a9e79061e506f32ba0e3c4587ff6c126f1deffba0a8365f979654dcf65203cb8af274

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 7507ff88d802ea66e8fe4d536e93e3ec
SHA1 238e038ac5c60905fd53804323652ba7689e0504
SHA256 bc6f999cfd925c347ed51b61c5866f899c2e869f51307476debb10a04df62ef6
SHA512 6092444e03c1228c5979cab13c1c4d717695e5a68d7e94382f948c929870db2e9a859cbc23abfa53a69c0e8e9efeb20ea103df5bdbaefb33cb8dbbb3f8ddcdcf

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 e83df9858a7b6450fee7e5fd651086ee
SHA1 8b565dcafa884595c50b94c47cf53639da4487a3
SHA256 486497011929892178622524fec43264b68d6503986fd881550ab33740276f9a
SHA512 b91e69ee57b45e94bcdd8410afb9c007283338002f3b7b5f262a90bd686d1e4750302d61448db08a09e5b61e03437e9457c52e1ff233608a0413eaeb5c40e683

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 dc09fb735dc158db2537dd571d6ebcc7
SHA1 50565ff4229816d58c4f8cfc21d1058b81de193f
SHA256 ac1ea29f5d6756bef8403cddd63f2e7948fc215a7a5d57e2a665279f8a86db20
SHA512 72b4704d913b8abe846a05cb1ebef713ddb55dfb90248c5cbce8938ca1e5b642b20997c0f47aa199db87fe83f8a488b996a67cdd8c3f685be25f505a1d9236ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 938443abb020550106b6a949c021d052
SHA1 9bee7c051022c08f1e4a38115afc902a9e42c35f
SHA256 67ec6617a0780cf46aea2b88754d02b7349cbf0b6431e8c62fa052c0938c1f37
SHA512 68a954ff213f0c6247d93ffa91f6a190eed204063d09cfcf07ed3e3b5f42c88230ba9e5265fcf5ced4f1f9d48f2ce954538f94db8582458d55682d7f1aff1ffb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 785e12dd4e616930273aa423df5c489b
SHA1 81de4e7d8804c8771d7f7d31cff7f0f434285743
SHA256 1f32b4fe56b10616560d693624a827d3dbaa91ecde2d7549b339f62410f146d9
SHA512 642ac3e5c63f3a46a402e6cacfc09dfb4aeade0bb325c8cc941e931f092d94a5991031eddff90229822b1b1c18818a02d0d58737fc649e3706df7ebd1a44cd26

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 24d5bb37e2a12dec9ff379bd565b3312
SHA1 968d4897ed4d13eaf8ca0f30c20414defa96f0d3
SHA256 f65d4ffb1a0b38bd34f3b4d1351374af199ad59eb942efd202106f78053a1ec3
SHA512 3cb7aafa79d0730722dad19fa28bf7a81d69e05208cdfe10b6442ce775caec7a4a4a1f759b88f1d2da748cc20f17cc100b1904d13f19d2badc34b3db28231e56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 58ca66be87764c8768aaaae7be82fdff
SHA1 f9ac0fae7d229fdb5f8de036b5def4a51a08fb38
SHA256 4c5ee94ce4893725adc263f55cada1a640b56f06dd4373328db4592a1e9d8b9b
SHA512 305bfc03cd8243a58670e00fa0c6c73854b168e7b274d43b7ac0d00f600cae183e51cf002fc0e3feb45a8e997b39cac3f6c58379b73bfe1f6e78d4eaf49cb449

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 1fd8e8927b2fe8f17a821d20f8d3b20a
SHA1 20d28dbdcae8bf0d8203e0447621fdebeb01d2dc
SHA256 09ec785d53a3879d405156af29b0785d9b7568d8676d68ad4cfac50a17031246
SHA512 ddb5f7e1312db8b202bdb1128c55117cff5801f289b1d411027018ed5b84769b9ada8bf8205606938fd07e540fa49e1f2dab9827c8a0d29c2e9ccbbb3d902b6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 3c3b9ca6e3dced11bb64b20c0c9ac1d3
SHA1 208a2e9c22402cd252b806f52c6944473af77003
SHA256 78f436618957a3ffae7b907950a7e54095c95b38d2e3126a0ef80cb74c3af734
SHA512 bb7b7f408f0fa399163064b18d1cbc39331c8567bec853beef58c0b600a164fcf6386d12bf0cfdd2a427323b03fe100339c614910d041be467f31d1bef2601c9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 4536e8c494b81802198cf62c70a5899b
SHA1 a38cc982679d94ba8436fa2a347510d5170d19db
SHA256 aad5db49f1a15b62844eb66b2dba325d5c6e0394f532aa76b0e651e4fdcee94a
SHA512 2159b3c263fc144517d36838e7e25396c939ad73f8c1024af244ef25e77468415a728382cf445a74025d7fa37fcd7796d732f8f914973fc280c96783de9996b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 c21da4118fc04f4727bb83c707984696
SHA1 21abd11af131e23193ec489f72652f9071c6cbc3
SHA256 8c4ce63395b0c1492206919259b3f971765cb2943b952c2b8c4d3053f4d9d089
SHA512 2bde27e7ad20574b2fc2ea8b0cacbe9534bdc27540b64ea47ea963e467f43ef1b4ee589af9016de31a044ba43250637395c5acd6030a38a60a4ded68a62e0ebe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e5a0e315f1599eefc069c68948c30844
SHA1 0bd4d684c65922a31da4c3ed6f0a82e70da47786
SHA256 5598f1c444a41d37a7318392b976eeab76d667aed2b2783569cda82d7b0673d8
SHA512 8b12f7f0e6543a7b6cf00eafff1682b63e6a5403eea43bc367a576c8af702b82470df1881662353210f55d1fc51cc1ba8e1c5bebbc177dae20cdefcf1ef5c992

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 96eabba702befeb6580b27016fb78dc0
SHA1 23133b21bbe3bae0cc3fc62d66a591bd7c8dc4f1
SHA256 92fd43903bd12d05fbc00b2a3e1768e628651b8fdb2c99d9cf7d0a4a6dd2d5fc
SHA512 63cf8779dd47063d6f92ec6e922bd0568f786396e7d489e2a734801e4aff39c58daec19d803ee11f40397fc157a424f2fa740d4a8f4a900c2ff23dd905c678fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 6e83446f2015b5739e87371a87ba3b26
SHA1 ba6ee5a3d5240c03d050a0de87a4a40817e40313
SHA256 cbb2ebbdca3707dc958bbfd3084a4c7ed364ef0e5b093f3f69d639792c25623b
SHA512 34316199cbcf34571a7e782a96460bca154bcb76b9f269c2db6ef2051c6e1dd1f42d25886bb6826b0ba803a262ad8a6a9ea5d67c22a1a56a729bb1390a207900

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 72e2ff35b005f5aaa575a081711323be
SHA1 99e527c4e07345f2bf81cb5aeaa35656a976b3ac
SHA256 962204cffcbab11c49eff31d1f9d57e0419370be235f1f51595b88eb3fb6e1b3
SHA512 d12b509a8ee18a782b6bdc47527853dfdf27a9de5e4b797950da0eee915af6ead11d7f6b3d5d3f90382c67ded4ea5c8492de017d4ea1b27d2bf9f2f03a66faa4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 2ea88970eba0ca2e5aa74b119f2a166b
SHA1 b87370ccd0d3b9c633b9ad9b0cc755b0e01ab78b
SHA256 7cae04463a98c4aa4aacb79afb22815cc360b27fe630c465c1737682ba4fa230
SHA512 5d15352bb2fff91ffc1ea4ad9e8850528b6f9e118717e9f39ce1b0b2c3d18e4183f6511c1821e36034ca0bc1f33a2a832f6e19eef0a4d9fc6ca50fb4fbf3f8ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 e1f40bf606a6043d1b72d05bbd29506c
SHA1 a242d31eafbdafdba4dfee9551c2f23454a53e51
SHA256 c16407532309461e9aeb9720cb95dc2f66d542db22e1cfaab8cf7801cda8e759
SHA512 dc9555f3052c3f8750f4cbcdeb713bd3554ccd2df21461151c1e466d6bd875a64bfd7a170d482c1923b42ea8b05e2a452d455af60434600d06ad2186177cf5dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 eb0eb34848538c0e1452ca80fe46eb2f
SHA1 8bb06f1fb650be05094e8a31feebedb196b6af9d
SHA256 e3657b981e77997c6ab21190cf4be564677765b095bb3cc25628f78a56cba912
SHA512 dc1f78f408ac14c1b00df689e715828b416759d44c6557ea5f1806bd5b8c05fc6c4d5d1d1d90b52860e899fbab979f537b589e407620935af7286ffd9643749d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 da1e33e3597106814d8d4361654117c3
SHA1 2b94f40bfc685e074a3b647f79442a04d38b53a2
SHA256 8a47b05697a18206d200f77416957bc75c463cc25ea647b21e4c8a4e1aa3cb17
SHA512 6f90480e04bd95dad7d417d9498d60ecdaa732d45c0de164c0198a9e475300b0c01088f03bbcbf911cf3548589554832c588b15b077e2a6da6c84f1b9de42760

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2a0cc5cfb6b4d1c66043635ad979694f
SHA1 a0566d2aa82723869af97811eb6ad6feb732c4e9
SHA256 63897ace515e450e859043624f476775928c904df81d335b7757a529d38d034a
SHA512 06ac06e33270c6b63950793112aa99521262d39709e742d5bbf05a277aec4265a87118cd946f7adc041ca2cf8d488b5b212b529b12ee880baf4014fb8eb1c11a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e0a06ca26232ea85a95c192e41e4724f
SHA1 f457ec2bfa1a49771c493c0a00ad72e9d1f1558d
SHA256 8766fe651111d9a7dd589d36a14e7f9759b296ff49d05b7b06376cc17703cf75
SHA512 b0d086b27d8ec04c0db3b5ab8dede2a94f55647de5ab166f43e1dcf3ffcd82b767e53f9c50896da9c249070c1421cfcb4fe98be7d51b531d35b1cc75e0b26424

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 8d0f3b32a29904ed4f1cab61ee699cff
SHA1 9cd41bfa43a7d7a45b1e7c184029450f0435bdd9
SHA256 5799a2a27165eaeb8de1f15b18c6ed4ff8351beb3ff76db5777e63079943a0be
SHA512 3950626623f37828da61f648242ceb45d7f988c761234ff2c152dedda5e41f79cc6e49b8d17e9fa09bb5b8c4d01f3d26b5bd793a530d35a6b2b1aede4fa7ffeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 d38eb02f90044811f43488c0b9ebde9a
SHA1 0805d78f33697ff59956d66cb3a0686cf22795d3
SHA256 0dc67c8aeaf9b46ca67663570818dd1ede28afdc925d3fa7e2d34ee6f3395408
SHA512 f2219501e775dad5edb689076d11c1b64a7cc056ba8325d1f8d7c62a9d3702977c7129587f5a441fa7dc825addd8118c46d8383c40311b3bffaef5c8287338f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 bef2f1e841a9ebca72c4f46eb97ec1b8
SHA1 950312bff5851a2cd96169d73f43637890194db3
SHA256 3d8044c692b7fbf56717b450a7468b95065dc69d9175650dbf53de5cf2e5bd17
SHA512 9b32fae66bc272e1f2763d6d2f777d53b256a97671c45ee91cd68304a86cc66e184d1bf0891670d8d686cc0ca008df87b729cb87c92d3060296d2b5567c44365

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 6d7e36b43175a327d80ccd4fc469ff45
SHA1 8e507af6ee4384e87b49c2477604bb6e50d3525e
SHA256 0c24e6668d3e953dfa9c6769d38533c4d0796d44646a00e636df51d7fc77f2ca
SHA512 fa3b5b2a564b7de39c940b2d9196aeffd8de15467037473665861c891dd399af15ee64617caa847059b3d95034ade54ddaddfc9983238e1b1775da97cf7079a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 bf48cddb030d9439f392262ece8d9356
SHA1 ca977ee41453dec81c81207efbebe75917792bf4
SHA256 6dfa8d99f9f2549fa4ad093c280d6f53eda4645430b9b8f2f9843b2f7f2d99b6
SHA512 03a17616f64809b153c1a5c2f64e2fa027b02e9444a24fac8b93bb3d6061ece7e8d9c0361d2fe9fd860439f2681ce6ba2c37f663a3ddb25a6ba39e06ed996980

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 f64a7006f78402a731f936ca4d54cc92
SHA1 12e4a03ad9990ee499db1437f44c96f0bd790ddb
SHA256 bf87b120c0bed7cc81c3c2786b1709902599c4e78df136ba0a5f2f9feb098eb0
SHA512 618a6f280760c6a687b18cf456d1a8e584dcfc54c2e82f13845d421f61c8ba312c09261e149cdb302cc2ccccf9a2897b2442d13f315478c39a82dc6dce291ec4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 129293d047636b868a0beea0083859b1
SHA1 feae29396957f82acb53ff7826a840ec5c16a8e6
SHA256 47f4c153be3bce628d65a5f46cba01e6409eaf11003ebcaf8b0885b6bcd553c3
SHA512 03877a0c8efe018f889d4dbbf160f9848f67893feafd9e53a350ffa41a4a0c5e48efaff92c4c09a4320a8ea57f50d11ef0afa51bfe066bb7d0ac396768772ca8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 101db561b565f9479d65c8f5b0ed78ae
SHA1 9af1eaa2aaac9c48b4cb980271dddb77d139906b
SHA256 d1430071de2999ff927b1358ab27a72ae436868101d9789d1c15e95546b03ef3
SHA512 9104c22211b6c8a62cad3ff881f724ae089bc8f0549ad7483fd985c1b43ffb636e0ad590e6e81ab057c2391dfabc3c52b523dae9038ee84448e3f5029ce2ef99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 8d63952d9e390ecbc1b9e8d2a00e4d25
SHA1 21b39927e87c636a210f64a3b0819b84879424ca
SHA256 15ecf7919b478d9d59ecda108d0bc12820e0dff7db64083135085d337cc42619
SHA512 48329d0302f899bc18eb137e0707df9f612cd3590e83a93eafe4737001db49885434fc2aba13fee2180b87c2afd89e86e61b9af31a5a0cfa4c10cbed3018c654

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 7d33988273356c34970fd153971620a9
SHA1 7cf0f29de83c7656d30a62e3564acb1421b8a9ea
SHA256 e887c75dd08539946c645b35aa44dfc81c082bfb8de979aea7cb1ca8a39c3152
SHA512 84b80dc835693cfccddd409a52769e33bb9e2fbe8644508157a2c01cfe42dd2e5ffaa502acf12bfa7f6cface745fda048aba43e61936acb6198b0f4da5c44060

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 971d14664e40a068f4cd17a26ce58fb6
SHA1 acec00a582dd55a2dc9e5d21b9b4f3ce4924897a
SHA256 81909bb774491660b865e23e4c5b06082d85e1ccb5dd027f75bfd962fb506c0e
SHA512 6bf179232a29bbe9123a2ec1939f9e00ef543cda487cc9ce342fdfdd631a426af4479a607d255a28d02b25a32eefc69dc27a1fbbf65063d82cce65b751bfa054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 04c5eee9cc0eed7b1d9116f8629aafdf
SHA1 fe82453354f43e1945a00bccd49a92567452c5b0
SHA256 7554f3f9b97a7df9dca01d74098348dd7af9b44dc1e2e7ecae9112ca9e3c7522
SHA512 c7bf7140cac164f80616efc50b8c74b52504ebeb3fbc8925dc66e4227a92c44cb289c8da902e29f2833c4d782e81c921dc6b1f2dde92fb3bbeb5dd2d39cfa616

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 0b1ecdb79d2f7ef9f9965498ceff3e09
SHA1 5b6ae423d12940a6739a50f118b4a15c42a956b0
SHA256 efcf75de87957c8e9df21b0f98c15dc60020f3d2f7898b850b34436e51e62b95
SHA512 6193db17a82f1635403e93bffcff2821e576bc0d722dc09c94708bbf50e79d2020eae8c383fd18a7885dd66405bb57a83d3b76b0de1fbb055b2d6f25b2740b3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 294025448f15408201fb72ea374ee844
SHA1 26a0e81a7ec63beef6f36134483d9535718f48b7
SHA256 49bf3cb5536d79dc24c3a5b07cee0d4cd8037a335d0ae9172c0ce5f5b678f2a0
SHA512 58b6008d25be9a818c6a07d6b0301a78a98dca4cf6e88c932da07ffe62f3f86a046010ced7235e0af34f0e1d6360258e84c97f023ed8fb5f3a3a3d109242b9f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 d36715f6d1922f5c053cb2529fe7f7ab
SHA1 e0236efecc4fcf3d3ec84131ef2ecb8fcf960111
SHA256 f080524711a14f94502014a099a3c67b4911f8bd1594cb1216e566848c2811df
SHA512 b43aaf48baabc5b537adee7ed48c8d195c8408dd2242873d8d87e9b7aaf35b052388278e6b5479bce87b5d0a04f6a76513910016a82f7dfc12db85110388dc3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 a9cf7b9f2f92669fad82fa220685448e
SHA1 5388a0f50e89d36b48bb1bee0a63a57a8994a3bd
SHA256 e7ec1bbe2020f0ae29a38a2a0ea80487153c4a8c5d17b4d10351222e9f1c6dff
SHA512 c3c0a438502e43af629418a356a6b27585adf5dac619ff80b4b376670cdb3e51946990d8466d481e67c959dd19a500dccd3bf3e7f0579dcef265e0accf9f5648

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 9d8380795776aaa333543ba1b37b5c14
SHA1 24fb7ca57c0af894c339f4324d783e5fdbd101bd
SHA256 553abc57a7c31eeaf9aa68536dc72ab71735e12d750bb846d3c4cfb807ef04d1
SHA512 a71e120ee3fe1f682ae19e3d380b10ac34a5da52c03205e4e24b586c301547d7980fdcbbee7136d2be42b9cab3313a037da6bf44224cde39031a381ad04384a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 5057f08e3701b077ec4f802a5a35a8f9
SHA1 7cbb5515cdc6bfd4d03d452a93922783c3c14e6b
SHA256 03a8d1b3db4af414af69a75a00f254a57805a7780f43688cb42f39476a4b6fe3
SHA512 44cf502fff4f690a0220fa312b56ea009d39b95ca07ef7a5fa4f070e9038b35a95c6ec16264a2c321d744f3e01d8fbc751236ec078ddd28f78c360767fc9de43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 450fcb1b0c203719ee91b614828b03a0
SHA1 82d4653aadacaceda04a7e467f1d68cd5242f190
SHA256 978c857391fb9bee0ee12a8f385d44ce0a08dc2f9df8a64979b1a46efa4c5968
SHA512 d5eaf6e3e40bc6e1d693f50e82ea9a50fb2adf3aa37e352e99ddbfd6b01e7794e9d81c310cb73157cdea16836493200861f7789b0e9b15938a68d80fd2c95920

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 863cbefd37927c5a96568ec94f259772
SHA1 34314169872acad433e20bae2349077d4d3b1172
SHA256 ea53305f496c56775c157b3ef90d69651fcd9c213e131d3689b606bc30732848
SHA512 188d11c3a9dd86d8d7aaabf5bb71e57f4f9e4d0cff9defd29732ab1a920173410842e6de336d2334b098466a6b70ff964bdc6f915f1a5bbfaa2c2c547fd04cf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 f7e05e91d3c3b9c16c9295bcd12a56e5
SHA1 176e92b831b49217dd356ca01bceaa4565681fdb
SHA256 a9eb324fd32806ebf7708bf16ece716032173ed0e1274c09412a4290f9766402
SHA512 915cb94b21da4500308e8cf3b16a0fa1ca2a1b22b5e50f4c6ae5fe80514b2e7822b5378604aff71c0956a3e3656f4471a4b157e6c10c9e2b530ed1c772c9ce53

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 515c024276105e23d140494707fa5262
SHA1 7eafc02ed2ce786d96fa03b2424cf4e2d9ffd7e2
SHA256 4dd48c40647b352932ac741a090c7403bbca1ddf381529a198256e9785592785
SHA512 b6620146dace9637793013508f39fd4883c70e8fd6cc4a691e3660cf146b41d68afd5d595d8a6729742ffbc4fc6b7766ee474e4dcc9e416d0df32ccdaf4342d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 badd4dae87763948c970a4c603e73f19
SHA1 dca2cd5896b1e4d7b6b6efad2333219467c503bb
SHA256 567f599e17247568f8f757516e7afcc157191b87df44781264f2cdc0015c4f71
SHA512 cd1c18f3844a71d0c5fe62cfaa110499f2e59382cdcf30b410ef4667becb26a0898a1cc21578a5f4eea5b33ee3f0dca64077e03831b6aefa7eb14d8b09bbf8a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 3ed8a9506749e2c62ee2905f87b959ae
SHA1 e489ec6d4e0546a9e1449175428d463de07ae474
SHA256 9767c4fee1ecc88e534494250d34c42d5cfdeb1d3341e1d66499cae488882e3a
SHA512 3092e4fb791e64bc8eb27c2cfd5813bda3238465175a388af9c0691baf4d70c2896c426d464a774b8c57a433c374137beea3c9bb3cf15ddecea23f869e3b38d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 32cc5e5b328d19fe6e8bb700b024e353
SHA1 64eaa9f1b958a48c1c085828518cb226ced7eaab
SHA256 78d2c95b2c8f0e7b14d39e35d4a7dc3be0388082617d113f9694d563805d6091
SHA512 3e433827ba81de46e453cb4b95f0e46f0f4a4c365f2a5b9bc24e4885108f83d48b70629e607e0fe3b1ce7f7b48f9a69df3cfbd7b52a4e29dfb5d3834f6350aea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e265ffb059b5d4b5e56f160abe816bb1
SHA1 2b1661a0090cfdfeec465d7200201821b1994d42
SHA256 f0d4ae4eabddb12f1fe64947b5e9f4379c7a613f36f83c5a5dd3a0b64bc60309
SHA512 e3e39bb248918473daaf3ede150ed5088af728afa727c58baebacf1d03e29560a6ded444f7e43c2db42c93233e8076bf42d164463c7d454cd5f02f796668efcd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 9557bc1f04a45326c03368dc836d6042
SHA1 86173c36a2cf40b11d5e8098c51f110526f7336f
SHA256 2e141c1d00dc85fe8e7bec2457efaeb0a649530ddc172d8e47d9ac087d5afe16
SHA512 228885f993686c02728a3d8caf41ad2a168507f67f41b2f921bc6252078636c978f731f0c238debc0c6e16a992431e4613907023d53cde405c61e9c9eb9a113d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ceb846233656b17730ccc4b5b6ae7107
SHA1 4b53872c97a89fe233c9b8b6a9a78d4903ee5500
SHA256 a2eabbf78cf3e9fc883a8be0a4fec4182b53920baa6f320f5da90d9e9bd33e25
SHA512 6caf13ad923bf928ee4d514f02da8cec8f4b2439cf297c06f46ae3a9a394719d6afcfe48e7e520cf4970c815baf9433829c9718e6af446ec91e1f182f50bd7b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 32339fcf6bed5c24a5709726dec43ffa
SHA1 9a70b4657bbd7fac23fcba87f9c5d7fcabbdcd0b
SHA256 2553795cc9471d77573f7a0145ec7445502e089242e8a54aab56830c2ce28bfe
SHA512 40d847be510bbd3d434d05181ab77976ece103bf241a91a7450e23162765ac916c7d36e5dbb2fd3ae6c7d10cbc431bafbca5d9e48d7034d51baf84914076a157

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 73b24ec1a5e0853adcd314bfab490917
SHA1 cd49e429ab4cf5b16079c16e04e61f5d8aeee8d5
SHA256 d57621767d5d5d8af04a3b069a9bc34fbc0809d1a443f734602f54adef2a5848
SHA512 fad5f6db2c0c8bc9de854accf87278824b2d2e30e1b17b05433ab4045c3eb14f37adbe2516e39114f65eaf7dfa253ff77ade7273df7aae240b73ef1f8114d5b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 03ef8740c3e636ffb89facdc27e7db7c
SHA1 de79f5f79aedd247009216abaa553cb72cf6b299
SHA256 08da754fdd0709d0b034648cad3cd67613a9131a8bc3b7e68b8cb568fc1a759a
SHA512 d2ddfff64079bdfbe17c4aeb4612c39c00b4299670383fcfd3d710e6be97756b199b548673576eef901cda5aaa8e8a971b2223b1d76798f356c648ba65d0f578

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 e207d7a225a9d7053dcd9cb6c69b65de
SHA1 4b67c03ac95d6dbb56cd6ee58ae0a9e2d7a99076
SHA256 c30bb614b0a569d686c0b75d656fd825a12b2a52f7d162e7ad6f4a8d3f051a71
SHA512 fafc944fe4bf5a93150b0b6c718f516f9202c633eed7d4255cb8ef1626585d333df1f0a12d75c0a6087b75bee5b7a543ae7f0d9e1677ae6778688dc64e967864

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 fd1f09342ff2d1e0c73d94af2482b28b
SHA1 fc9548c04df31c846493fbf09410878d8764d19c
SHA256 1085c7b049f1a19b44a4f4d1f4450925783c1a187955b82c5696af28d8719498
SHA512 856b3630083307832f8f621224920b5700831fb3b844823934c221afcb711be2e3d52056e4e509fada536bead48c7bc47d2bbe2e2bc40af4fa1ef6c306a7a5a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 765a9e7b2fd450f46858abcb4f091f58
SHA1 71c600b279653fe7a13fb11289e3229d49363064
SHA256 b7e3da519ca582ee93bf12f448b57f5e45ebeeb15f0a99b6b9a70d74a5043493
SHA512 412b4a8a42784a62fd7041725563b61186b1e17d89bdd5c013505ba2435147fad184f5fca389a4d703ea790112eebb74147087fb99a5507306662feff2f48460

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 823b394f50427750636ef1d432ffcfe8
SHA1 3be8f6512786a6db307b2619a306d1c096d23a61
SHA256 2d980632d2316a068e3a3e6df8a50a48c756e4574f9ebd3baa0e9b6e5fc5cb24
SHA512 9affd60291c62d6defa411d901385b6fe76f42f8a2a0756c38350bb257396739adc0c028a2aad7a497a6c7a0cb431b70aaef9b7fd6dc73d00a75cfef8e594c76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 fb2b87b58c823e408ec641ba3b626159
SHA1 431b4747f50c963409c089c511c7d0ba3e6dfee1
SHA256 2b1a258f943737ceeee57bd00caf68781fe9bd7e2cea488beb6e38614b5df26d
SHA512 cf280bdd72c2e42512761ffb2b27d8fa8aeb01e67be401b3bcf2c9c7b70af918d8b090ae42622b53369cf3f3162f9dd918dc3dab51a3c2bdc16952440d45fdb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 2278a3d1fc883bc3a3e6fa662ae55341
SHA1 db2fd5eae007c143f1885c781885fecf1909061f
SHA256 55a5f691e332f0cb36653fd149866224f04358987b101d648a2bb496633da51c
SHA512 b6a35f420fae68976ad253db2ef98d1228137c9257acb8e99323f3633762c2e1fdaceea38e8c3d474b37e7f9c4502b71984765114513d42c937fda065eefb567

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 ea902bcf0038e292241cd099647b7f25
SHA1 8009e64ea48d1cbd976fc9ef735cbe6c43c0e57e
SHA256 fbf642c295af59989eefb54aafa28dcdc4b9c3152676ff98226039ace7d3aca7
SHA512 6b2aeb186ad3af52e969348767bec099e61e21fe4fd334af2cdf8f173f34a441810f4abd1ab0f4deb2583a4272c6f12d84a6567ec53b0cbe0f13f383fc3c0521

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8f79d1e35ce5cfc14fd391c03ea15e97
SHA1 f24142c6ec6935e41fd92e7a15d22b08245106f3
SHA256 c4e5473cb713441511e5efb2698d80fa7b2c2d81a2a0dde01cf7db6cf1d12b40
SHA512 553b446e6fb9a11bee9dc97b9864901745d13c287a2f4d3a87cea0060d0cf55dafc89d7f04402b8cd90e0142276048d690f9e74749e1b77e0e3cde75b59b6195

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d1ce16e75fcab34a2faebc900607d3d3
SHA1 9e0b28f2a0e835f2d0b543c21514da0cec4c81c4
SHA256 fe38cd5159ee073790dc8d05db2c967a7c5889faf95e50955e240cd5635be466
SHA512 387bdba89d8c677c842a403af408430bf34e50e106af7049311c075f0c0794e52b641c73d5d1ad696c311267c078e7347e8a96da6d0f7a70991589b3578c422d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 12ea42738126795963bc7aa7b3383d78
SHA1 66b2363ade09ddb58c4054b714c84a2a7195d6b7
SHA256 1562cc360f0c333cf3eccf51f54aa64f1393af43d337d61bc0401dbd1803c860
SHA512 96162a9dc84d5775150d1432f3103644d321e35b82a747a04fa38e901c41ce28df66e9e62e9eaffe7c6c5675abdee6c44dbd3d54e53a08a819fbd21709545074

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 86977fa5d3038115ab6de011f6a0a992
SHA1 a9d15953fdc53042f82237e89c9f976efed7b58f
SHA256 d6af938f6184bb8593dde6a710d5c56e49616f26f2c6d546d6034ff149bab235
SHA512 cdcacc596538d39fb0a9e28fe03a4777d4d63501325fdbc0505cd959579dfc2011cbe4fde170873c1aec4e0f432b464a95f4c34200450de3b8d119869ffe0b2c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7ce6f821f89acc23fbbcd026a82074d4
SHA1 57e888eaaafb0500177c2d16fb64a06808cc959e
SHA256 eee27afc6da772df868b9045d918d1854f6fe4149ff8073eaabb5fe872132088
SHA512 818c4b0db894aebd4f952a138e05842ca8ad13b294e3f9a3cd1066f2f87bb2fc9b72161a46dc22a66e4dc67dd852f55686a5412d281dde8593f10b391c9e93d9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f51e69d46729469a8a31e24aeabde7bc
SHA1 a6abcada61589235ff3534a14afcfa5076e7ccfb
SHA256 3701f17832ff3ecf2f6c55b51d19e2725cd992236bf73f2acef79b928207b10c
SHA512 8ac5dbe51cc51b3acb058089bcbf8d3e254a51c74c3c15936cfffed191ec97d908f795214ce9956c6411f08a1e8b7dd492337ad6e1c3e8361ae9e921e5cfd6d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bec22784013741d009e4ecc61aaa304b
SHA1 94982f3bb8d7652a03c4f96427456a819376929b
SHA256 1ed8899c0a352eea3083645e093d4e3a94a9e8af51209b538e3caa4f4449c754
SHA512 829b55f5b4841b883f40bb4cd738f1a021673109164b44571215f930290446c9ca854ffb7ec268363091650d8f75eec65864c184ddfa5e16be3d244929b5c80a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bdf66f52493bc4b807458fae81e5f580
SHA1 7fd249a9b9c53dcdc058a663d604b9788da3a8bf
SHA256 e99a8f816dfb5e75742ab50e92f91aa62c831bdde6ec8798f4cfeadb4141726d
SHA512 49fe52dc12b0e4b6b3a57aefe0992accffea8700c9c6a28bd899211406bb560f2428ceebbbb0f30fa824de4938f836335723f36e21d5c3a18501dc6c67026858

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 eeb13368e3d9e096287283e30e7af3f3
SHA1 4853e77ab53cf90a6eaac6f39bb18e0c36305c05
SHA256 e74723a1e7e5446b24d34fafc71699a2794e667c8040862c4c8eeb00767278da
SHA512 59b413cf110c523e5d6cce982308f4192ea080249b25d6aa961b6cf1786cc89ca98c58d55ac29a98dbbec59ff1c25bdcd3c0ed5669631ccdc8b6a2f8d79a64d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 55ffce0b5cb2b2b7083d8b3105dbc306
SHA1 6a017e807138d3f490ad11c5dc3c88431225fcd9
SHA256 740529b1e69b8919404ef1e344cab0ccae2743fa6525ed7449c6cc01d67f8340
SHA512 c1e5c0fc197f409047ad0b7e0349962256bf8224a154d1f1926187f6237fa1cde8b9adc8d8c642f064a0afe734c4d9055ab933712ff185c7feb4026422932c83

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d07eb0e7262036f19b47fa613e316676
SHA1 9107a63e473e17135219740cd892314096602990
SHA256 463223dd53547e73d7f09aed6f9b60cfa673374e124ca04d81429d6554116778
SHA512 dcf3bd198ac537bb38d8556e55a5fa7e0d93f0c1dfcdc510d5c48f0a4be633f0fd1ff3d3f8a18913656c158212a15c8b8d6606eba47c6c1bb900f092b22045ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 2051209da422ac054c75d22f79f7058f
SHA1 5010d680d748870383277dbd8060a7f7843554e0
SHA256 f139decf4fe365b089dd693354aa903ca08ca8da1da707701594729984c02dac
SHA512 392cb115d62cd15554bfd9daf3ea4940593f7d8c27d7db3940c5815039ad07781da1e96cfcf7d06e9b8cdfd054b23746f02707cd0e38190062a94dfbb1b575cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4bce4ae8032505d3c8de0a328e1f4f42
SHA1 c8cfa9522a35d93431328cc7da0d9dcf390c61e5
SHA256 bbeb46a5c425cf151bef674f07299356b7b6a85f7b5a1669a25e3672f24ca020
SHA512 4c7efdd9316f99030de2b7864ebd7b932b1b2766c2b4bd853a25efcd2f479773ca879e22bd3aff4a024c217d0e2c8fdcf2283b5c9c8cf1482e65dc5d19ccdf13

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ec83760e86ce100481ea880bed7fbc18
SHA1 a88c68445af8bb454578e4263d15f49c80de1032
SHA256 1f0ca1fd7e43590abe53011c24fbaf0673b72a7b940b9faf25001658a8b6ab3d
SHA512 24316baac3a451744c574c5b7239d290bf032bb35d85fdbdc98df4d70a562b5d5209db25fb0b17bc123942259075db2041d6f88282eb1e35fd5152523b7ca8d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f5b296f9bc15d42eb4a7a61dffab2a21
SHA1 9651658dcbdb44f6509170fc03d97c5195e6aecb
SHA256 076b24c36d58481085271a751507271e4538fd6ff684cbf7c00531456cf3f6a3
SHA512 d39519a0fa236b9b093edbb8b7a7da31cd75d76c5640bd62b52bfa55bd9ae83aab0a9dff85d52a88ea463248e4b533613e0e67dc58ff78d1ac8a63b59646793e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 97f9e5804c5befe1813517221d0b2339
SHA1 f02c16e4402d05b68a4028c458c76d1d55e99fe7
SHA256 a65afaeac6ecc1463e2f0045f6247317e9f785a0a8751645309253972738ea7e
SHA512 5cc3d20f35dc04dc30686f6f8aacd8a8188a9951fe8f3e0ea970e05aa91e08f902200560655cb93655b8d2c877b4bf9c2016015ab659ddc6dd9d1b10292f2c39

memory/2660-8896-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2660-9119-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 21:01

Reported

2024-10-08 11:52

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wgencounter.inf_amd64_f496147578cad554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\SmallTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-24.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_NoObjects.jpg C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\add-comment.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\jit_rich_capture.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-129.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adobe_logo.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\165.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\diagnostics\system\Video\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_de-de_8d6f695aec65b134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setx.resources_31bf3856ad364e35_10.0.19041.1_de-de_ce7bd00a8852f3df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_029352bc55b97dc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_de-de_70c1fa69abfe1cb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_cht4vx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7d1d1474114e99b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\SplashScreen.Theme-Light_Scale-100.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ctivities.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d2c815be3200cfdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_d61139c349b152ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_de-de_0052639388a73fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_10.0.19041.746_none_6fecf6012ef3141e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvmbusvideo.inf_31bf3856ad364e35_10.0.19041.1_none_de3985843aea7810\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..shandlers.resources_31bf3856ad364e35_10.0.19041.1_en-us_6da3db0fcf018dfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_6ec00aca1b2e6c05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_it-it_ca57817406f8d94f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-microsoftedgesh_31bf3856ad364e35_10.0.19041.1_none_7e963f23aba941dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_10.0.19041.1_en-us_14c5563bfa462253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_10.0.19041.1_it-it_0aaf724f8b9b24ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2e0732b519b168fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1266_none_b7a58d8ba78355f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..astbannerexperience_31bf3856ad364e35_10.0.19041.964_none_acbf591d9a871232\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_547ea41a639c8518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-s..ngs-inputcloudstore_31bf3856ad364e35_10.0.19041.746_none_3d56dc154f99b586\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..sisengine.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3a5b7ab7d27df4dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_672218d31369e729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_shutdown.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_7a63570498e46ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-web_mediumtrust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_90c8556ad9960374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..paces-sso.resources_31bf3856ad364e35_10.0.19041.1_de-de_368bc4d59f289350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pantherengine_31bf3856ad364e35_10.0.19041.546_none_8c0ab69104a6024b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..orkaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_14a8baa7daae523c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.extensions.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_0b65d118be147295\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobekeyboard-main.html C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_10.0.19041.1_none_8c345a944c987d6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\http_410.htm C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-directx-dxcore_31bf3856ad364e35_10.0.19041.546_none_9c168f6993b795e3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..tenanceui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_260d606218bbc420\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_10.0.19041.1_es-es_df71bede6e43d9f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..filterwmi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_974ddacee5f1ce41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_10.0.19041.746_none_032870f78565c3a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.264_none_be3893cb65ecff6c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windowscore-coreglobconfig_31bf3856ad364e35_10.0.19041.746_none_0eb88db7e89945d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_4dd3528a1dcda753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_10.0.19041.662_none_40c8c738b5e395db\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_10.0.19041.1_none_aa5f70ccd473fb32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..haringsvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_172e1bcbdcad7013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.264_none_920963acedc8777d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_e2xw10x64.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3eda281e699609db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-assignedaccess-csp_31bf3856ad364e35_10.0.19041.153_none_2f9be98cc4191f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_10.0.19041.1_es-es_4da8bcf07fccda29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cd245fb0bbfdc24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.928_none_1ce84af23e15656c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_10.0.19041.1_none_8c35e106587e58e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvkrnlintvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_f86a79cae170fe4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-system-launcher_31bf3856ad364e35_10.0.19041.264_none_c1b96dbe7635847c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1202_none_00db2d0511543928\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XMETOVVOBKTPXKF" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe,0" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1def9a900a56445340184d0403357d4f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/1512-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6387701fbe1898c05075a93730b640dc
SHA1 f26a214d2728ef18f1b8121ebd0200bd13104137
SHA256 e06b94455815843a9edf0a86e586ded641800b97d8f2449d663984fba32def6c
SHA512 eb447b88454903e1a5f822fe9a0a8b432e362ce01a1a415adeda6957a5b6f62a231ec045b5f0ad6ec254476b01bd18cdc857e74c2e462ca72968b27d34ca3c6b

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 89e553a0f201ee4a5ff48ce86f0cb2a8
SHA1 7a996b5ec989e9c24d3e347a5504d9d44a9f260b
SHA256 f17f738c0a5e6e28c389f458ca7494e6655023d682d00307161785a065a51ba5
SHA512 9302e3bcb1e37d0c2f8ab0ddfae2d435aa3b4b68f4221a4ba57aa7599a8dc8b30b79dda8d7f576bc4ec33a175e31af5a569bf1bf2ca25e8146fae3d643c518b4

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 dc186360814a0899af7d68ca98934e9c
SHA1 2331a0abc8f1f600cd0d2c40208e0ddee26fbc8d
SHA256 9b374e4d4883beb375369e1387b13f4a9a6a5c12307fcdc6adb83ed3f953818c
SHA512 259ae08abf275083b1e90f8a290f5faf904d7f4cf563c7b3e2ea782a9ba0a262bbe1ebfa78966e16c095193956dd6eef31b7a24787b3122b9e2a025019966ccf

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 39da9a2da1d61ca73c04e316d1705ee7
SHA1 a1e2e301b7edab0523a1441e808795f553c82477
SHA256 510a5504e29888bf28a1e96e86a4fd291163eafabc6feeb17d75effb66e79bad
SHA512 417fc71ec650d4bd9e636c160f6ee8e9fad2d886c0eda952caf7b4b88004e41bc6835a8c15c3b779d62995c5f1c85b5dc0e8c6d62059bcb5675b26a68f198b58

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 db691b431b4d8a67bb76164851b9b11e
SHA1 16286a96b7ce1f35ddfee061d27e0e438028812d
SHA256 97a2dd58da347585650272a39e90f7c749cfb2ac88ddf07161df37d302116f82
SHA512 4f3e982369d887d7ffe34bfad588c9ae5468881eb7ad5d9ada2ae5295a59402b67454af522c02274ff5cbc74ede2867c73feb6deeb0e5f01f27539283f12d00b

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 463c930922139a8cd6a25fe3d3c2dacb
SHA1 a85ee18b6a1163d9d38da875847d8205792ac0da
SHA256 252d422fe8d62a757595a28d0263ef24fdc5e0267658203309a5b982bd52ed28
SHA512 52c425b5c82aed3de32fae640233b01b57439f2d45096699e56131af737bdc1c001ba1a230ffea6b29a1c1222a96322af156ce17919a17a162fb3438dc5b469a

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 165729ee1e9ab050262170f00ef4d363
SHA1 b7878d18778a0bb18767ed96b57e1abd3afebf4e
SHA256 9867c1a3bc5b97b419dd668124a73d1f1339729d99a655c42040fe38e7754883
SHA512 d8cac67f8f4d90b31425d00a06531dd8238cb8209949525e902b08159df2613e783a20d48af627f3e2365f6c69cd22504c98cc4aaf84fbe8ca215986fccc9191

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 5f65ceac4b6aa74c44129e081a2cc5d1
SHA1 63d57094d2c44a1549533a7df85fb1de02ee8f67
SHA256 92bc8270de5019599c32c52c2b9218f4e4a184b0de552bb5164ca083a7e16dc2
SHA512 0486c8f313c9a2b1c74efa785e10c6ef5b1cedec22d0cd540ca7d75ff19e04789ac21ae5d264a918416fa228930135143ea258b8d1f8d78e22c2b6f0839c1a94

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 e85ca222c69c0689ffe8d98ec9a0f9fe
SHA1 86f76bf626b4b8a923e3c505028083586c78418e
SHA256 6316411c4d06acb60042882cb60a3b5145d8e92cc5a7ffcae280c421abd561c7
SHA512 0cf5e972e328f4648d6018d16b3a7d641a706483c591468a79d6d909c712bb0e1942d393b891c101246e261bd6bd42ab68b1d45209d7f10230d4efc25998847d

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6e1831570a1c0400c2d710a700d87bc5
SHA1 0f477c2d53ddd56d498018ce5e36681ed2639bde
SHA256 63a74b6e6b938a692e4ad70eb2fb4c5d744d1f3aefde2ac53faeb303c9a38d70
SHA512 64661b2ec9687c51230814f9701fbbb205795f161284ffb9e2a6ca4bf4ff962730ca4c29b6283d5e59455cffe45c4ca27942c9a2bf1082d48d4c03b975485881

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 06bf1f359cc5cfc21a5c4e6564b30b28
SHA1 7a34a092934f4ed262abe3d039f8b48c6bcb6679
SHA256 23adbf9e9aa005b767079b896eb06173b5e3813a4cd8562f2a817cf1aa4712fd
SHA512 40efc0fc15aac618b7b9bfa3c632ced5b4e2bff2e746c4056c6eb8206648b5476e5b304c5878eea81286809fa5c2ad5a9c6aab18fe43b7ba6338999e8089fa57

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 b32d4d07d3706fd9a6cb119920b49a13
SHA1 da0904fe52b0f672562221e592888a9f419b19df
SHA256 4e545b0ee64646b33361b8f91e32f3024dc33be5a17af421c073ec12ac86694e
SHA512 e21463a034533c0308d8a5f63c7522193cc96403c00afa7ac7539d05446ade03249015bd4104d0ba5e11d9805dec77e2ed51458d012cb3e3e1792b51cb4d827f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 e528ae09cecf76981657311988535f8c
SHA1 560228be4650211e2cc9c4ebd72493d27c8cfcc7
SHA256 4f6071ed435bd33df9e917f26c918b710bc9f873ab96b68a58fc6014c3001652
SHA512 fe33830457708f13b9211ac7b0f7f654b5c034ef9fefe7e73b5c5ab244ff0af77d539a62e0598135b51dd2e70c356ba83cc1d1fef859e175dfeab8e162d3640c

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 6e35b70da9310b86f161ee5013cc5a9b
SHA1 6b687b0bf29bca1e79ada881c626e34e82003be6
SHA256 2888a2ccd488613d7babba6c7d18e26389f7e06c470b55b07d70b7034b228ec3
SHA512 c3c9402078503913050551cb6be70a76e4c85d135dd260c07f3ead6c244e9821f70853e6d40d6b95642ab3405db131428ce3e23626594773ac7e65dd6111c5aa

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8d0e573b7fba6dd229e8a444c00fb669
SHA1 87ec664d0a2721ec194488d72e9d0332bdcfda23
SHA256 c2ad98063c37321bd204245cdfd56691bb9ee6ae1cd98388b89fde80d72f954d
SHA512 d239855f619ed509f2529123869b55dd622cec6c5a80d3876c32974008a033f6df92c754a65d9f35769c9324148e36e173b062d99c7209d0c2f0e1c0fd216701

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 d8ad821153bac06e1a092253f7878b40
SHA1 7d186d51b619538497b3f6a8822ccd063d40028a
SHA256 2062590434772eaaa4774c225beba71efd4dd1fc693e03d43b76b4f5ea9049ad
SHA512 cb8b209eb71daea03eca3f8d26fc5e1b82b1dfa8b42b4f83c6b4e6ba7ac80c66ccd11e81e51d07c5ca9586b7e5431f4947b06c5455be42dd2674bfd8c819e429

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 d991d7bd864c80d48e9c412ff0cd4e14
SHA1 c39e52b0d1fedaaafa3c5aeaf15d41d46ba312c6
SHA256 da18c7bcec4f036c796b26fa58677e840e14e6623a2a91b31fde8d8819bc9600
SHA512 5ccf4c5e766a9e0ceba513496ac4c49487b708c6dbaf8cd7b043e93efa4d906dd1f4e3cbc5c9bfe9140fc1c967f671e104ee8d8691938566d0e8e853b7dcf0ab

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 198bfaf8246ca2424598bb5a00c96009
SHA1 467913c458f5ef448385934b845ce5ffb4f297ed
SHA256 25bef674f5732683fbfd4a2fb7d593a77c8847a0fef01092ee5171f5e5fde202
SHA512 f1aaf9a1e6cabaaa6722d1cae4f9573f16caa41f1d0be09044ce46cc98b31d0e6177a3478a3d7cc64028bf1cdf1cba812f00f079504b6f3d4bf488ab54e0a0e8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 244ef3cb26c880d98b0b3820aa937841
SHA1 600974c9c5dd729bd0f5603c7efbf51619eafbcd
SHA256 13b1ad017d8a6190aca500e721d18b58613ff5cdd77287c90df2f4d201a6a5dd
SHA512 d101cfffa7cdaad922019c1db4ec9f7497b2776df904476d426abf4eb0051a147fcadbef1d26622df3ddc7cc4580b5aef4b88af5a85ffe0aafcd462dce26e6eb

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 8d7d4b8236b81e9c6ddb7ce1c647f6f2
SHA1 9372837db89610dca4d286cd4c05dbc27b1502f8
SHA256 41e55bd3931e35a122a21487b927d0d34f586cf4bbb7425e3cda3b8966428047
SHA512 b609336fb1f021551e2b6cb7dafe8715713a2c8d342ed19249c8b2420b920d0791e3a7f3463e451d5536a2e9ab95be2a0bde48d176d85133162ca3f170d60b03

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 ae1f265d89927106fc9121fe520acb31
SHA1 97acce1bbc7da712f17338521a4db834075355d1
SHA256 50351407bf263dd920f6cc7c1adcb305b715b7541ccaf746f67baca6327b5505
SHA512 b6018d40a9de10f0d6b38b10d02b4b495187404f92dd00a7537a11a25a1220ef0d0186f22ec5d1504ecf71594bb60b6b9ca8b1bf9d4766d46c606634d6a86104

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 201c84222161608f8b2f2b09f1e8194d
SHA1 61958cabaff3082b1b3a770e73f3865250aaf5c9
SHA256 67b4870e75956db57b37f734222886765dc4c0a87117e7043095802866eca43f
SHA512 2d41d0ce73f71cf272574818b60fb0653a22336a9e22283209c370abeaca45e06d7da35f6f01d17b1e9e6021d69c5a2149491acd7d2d63351da8f080a6e06ee8

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 94c5130f09830cf5cceecb8fed62ae52
SHA1 fdbef341e8c1482cef063803a22c0bd9bc5dd7cf
SHA256 505b484fe0578f6d40a9db7d19c7006f8237f8a4c3f26d789bc8d2732601f3e3
SHA512 07f139659ca957712de2fc1e9f6ccf30318407feafcea06f0b31f54afd2416d8f4f6eedade52aa1901791284def6ef65f1329e5456217c77e021466ee687a1a4

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 5c3ec8d57503d02fce9776efb57216ca
SHA1 11977cb9cbf58aaa348662219e6ea5bdf4e8d3bf
SHA256 4931f625ad400643e36750713e86e573fc3985962c1e164765b04bb39d9e3ca8
SHA512 22300e86b1c665aa07ddf504a4a30c7967fe5893a2c40fe27c42d57548786a6af728a214f25198f83e4d8c867d847c2df89c7b84a4bcb9d7a5036a50fc3aac54

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 f58310b3d5a9980169cd0d852d8a7ace
SHA1 adab9f892c8cb1c80d4ff29e75067b55da0ff1c9
SHA256 2206f9931b7751cde894fd53cccf18086adb221eba7d66e29ceee0d8419a29cc
SHA512 22288a551e761ed29a93967952fe198f87a7111ba80f6086068915c093a52e2afad1126a4575d2a97121083fb07b1daa772f97374b511fa6851bafcce034a111

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 6dc57afd049d4311ad28d758ccbe1283
SHA1 852413119bf9982fe7c63b3544b9289a1e6b3df5
SHA256 4f7d7cbcdb79b89e30723dd33a4431d021a231e79ebd32b54a44938153643773
SHA512 abeebb7e271ace1b99d1ce234a21726b65c28e88d41c8d307ad35e4333ce2060e60a8e88b826ea0f7257cb16efa445b5f9c9fe2ecd1a83c4de01de50ee45c374

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 ead8cdeaae8ce8c7da84198fd3edcaea
SHA1 4a9a3a326d36e077682096e8b3ade73d5474fbee
SHA256 5bd8f6d1acf2ca9aaae17ee9e78608a5693c40a59953bb10e886eb9c51dbfff9
SHA512 9e8530c68d733b67511e7080f5743a07c053edc09fae6b77b241feb07b1c5a85eec6626a166a35437bfffa6fe97e4b60933b0df4d7844f8549b9d1857fa6fc42

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 1ffa87ee79a8030c146e34766d5f61d9
SHA1 513b4adb1217a84ba9e05b608fdeb2d19379604a
SHA256 d611129a70041b52b77b176d8d5656644d108c3750febbf3038ef5423929a1b7
SHA512 aa246a6b956fdf3ed913bd4a62c5ce4838682b0135132f8544c684d79f99851442092967adb0c248fcd497ef64423ce350b21756adc231b43032acb6819d2860

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 f9a69b776fc3c87b8abf719084e7776a
SHA1 08a74436734a20a071dfe9c58320d1b1be812102
SHA256 5d62cfe89c612779329b0512ab01038d7b7b3694ca86840c5460cfceb4ce97d4
SHA512 e10c36760f0a564f1873fb09d56f671a4a8cbce65ebfe7fbcd09ccfccfe349b83e35630ceb210503083a93fe6ccb814635a6256c91a4f5a0bcb3a7c4fd058879

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 6dad8a7730b7e6c18becad3dbd31169f
SHA1 57150b3e3d6b2d2814e3f4b51464938cf12dc330
SHA256 47aea3b248117a70d259982ca5888170be324b7e240b395e142039eeb1436505
SHA512 9ab49c90a59b840c493c832cf0060f2c7c9914dded9100934ff42c10773f6401bfdc64aa2b2194d6f77b2d2d74d9eaaffad173d0af94351cfeb1bee7d6bc4a15

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 4d0e72ceb8b57676e8dfe68466aa7805
SHA1 55bf954358ea9925a99f49ff08f2b807f0061488
SHA256 bafec9e22365963409ffc4001fe92cf918cc929ab0bc43b042498f09a680c521
SHA512 652487a5c9a2d141ec9eb687886f6d347cd6f60aff00ede117c7775b41633f59312829d8d48006621d45f00dce08fbb7a919b3214b8d6aa5bb4eba839d39d39b

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 0d58fad9d0bd30e4c3fa81af40833e00
SHA1 82c7331b010cdd87be439f40097df00fbde83362
SHA256 5d42ac59470e8b1c049094cd6556eb6eeeeba1c36e8cd98c4dc233f28f8b51e7
SHA512 148609760c8b0e3f7377d92f64f1dad909fb147f4e6d8519edf5a0a0ae870316de17967ae18021609f79010944d939f9b119fc8c6d3dbbee45dc5bed399a27c4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 45bf415929f0df76e521eb114b67cec5
SHA1 5fc9a322689ed2461142d3af6d5c764cd82d5bb0
SHA256 cfd227f62b87147244a01f7c798c745b3facc7b8f2cbb50a708ebf036a7caed8
SHA512 3a819f4139869da477bc0514decd033476ae2c18ee565d3fd05acf06db23454d69776d4ea4dcbe6562b1f098634cc7e2f73ce15bed0b1b525a440828cb00c817

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 f572ce4047db8c4453d329efdf30db12
SHA1 fc7b77ba95b6630cae75bb9f30b7113c701f6adb
SHA256 7ec834185e7803cca88c0c72645916c426205fae04b933f1aff92ca3417e4c18
SHA512 e56563de8bcddd89dd5b3aa83a0ea5eb778e11d6be905ba056f6b52eb94bf3fefafacf8bb2c1f10da62caa39e514557c4d6b5820028b92a87e505e34a08065e4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 d9fc4ce4cbbf355eadb7debb61c8176c
SHA1 5e027f6110025496004f559ad6356c2d506e8101
SHA256 019dfeb236b8e39d10efad00600ea340de1eec1550d7bc04016467a368833fa8
SHA512 b38aec7a967bf05359e1fe40679c4c5dea07728e8aaef572624b357155db056bc2da3dafe5a4e59d321b7b626393e9442a0b04ccbc0e59e065248e7d4ef960a7

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 631656c53f71cc77a0792c7648bd8aa0
SHA1 8c89e72037579eaefdb22aed3efd6c347060d427
SHA256 8f68634444e17e74e80a229f17473a3aa5d17194475b93236b3ef0eea67a3e80
SHA512 fa7f6bc2db4be07f9ec8dd1bd39f391c7ef52c5583932dc646690a98a35f2fa552c8ae3d810d6f8fac9be79259007b19f2d853471d37c8671bb0a37de326a410

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 e7290bf6d015c2706578f057c383f30f
SHA1 4be2e6f7c4437edd1d4fb55bab7af59be3b14314
SHA256 5574daaf4aed58541822ef9ed59f89412056305406bdc2eb1b108ff066654f72
SHA512 5df22daac4b5a31de9a52a6f39e22128c71b03864d6b9961d1033a35586ca24a613dfa31ecc56aa4c01a0b6465eca9e99b047f9dc5462f22c2adcbc3a0d4a484

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 244a1d291a2912f55568edd46d5a9616
SHA1 d1467b822bccc2d21f0767fb66b2f10872feff8c
SHA256 2a345f36af06d6d92385ca1e3df474ffb8f486c6e3c88c910ead1acc9b056f6c
SHA512 2a7e758a7cdf10674f5673b9d8e6bbc768924b83a2a6330bb036f204f84b5c8a9656a7788bbeeb4b64164d889b17898bf37878f7c209ce71e360936112bc7b50

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2a188a184941ad292794c7cf3850e5e3
SHA1 f96354c6361e6117ca38a7d1c4e1e5fccb66818a
SHA256 d7c0ef87486416e1eaf315a618ef0caf5ec60ae187b58a0980a2ad558335b3a2
SHA512 99fc3e8c4f9b76bae81fa19ce94de11723b886878988cbc5fece07e2020edf6a26030ac4c3a2eed41a08586b6fc531cd568c4596239c7e71f354230988860f18

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 7e16c02905152234111347d27c73a638
SHA1 4a5391dade9fa6d0838bf1cbf73f51043885fed1
SHA256 7dd167e1ecf819a65dd28f9ca872d74f4fc0050c06e5186a0f6705a94e829185
SHA512 faed10af3df149a1cb8fff722f167d7c1ebbb006eecf61e6b62b8b4991224ee63d13ceadf30053cb3bcdf808a13002c0548693ee174600bb55e9d2c24d4ccda6

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 584b4728592afffbf4c1fc5e532790b0
SHA1 d414a37a712086c99e7198192c7d43a0fca99427
SHA256 50e09b4a5313923a972fb3dbb211fbb505a95cb9ec9ec55343e61a31d2c6cf97
SHA512 ae647ca95cf230cfe8b91986d82a56fc51490141f47edd54b9408748832eccad84c5f59241b95219845f5dd821cf9aceff75a045161cc40be4f0c17dabed1f80

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 62df17a167b4bf23f46bdcfd381703e3
SHA1 ccd825502c869b372af9d9968b443feb84f0fb8b
SHA256 d52df7fbaedc23c05a048945fe100b02ba7ade4c39118013e4c63fa3854b4f88
SHA512 21f09861afaf3ec4e89c869ffb973dc78734713bb7553521987d339658b5d25a169d0e65c135789e0ebb8f4ec61a80bfa5fb70cc31af5c702da9f702aa195660

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 041187173a5d7bae3ac8655ffa260dfd
SHA1 6887f27c75256375a3410ecca4bf9a309e57c72a
SHA256 d169dfbbd69fa25effa7b394ced00cb11b16dda6bc5d0c79ad32d5de00d2b1a8
SHA512 07fe89553d1d6e554ea0def34a765eeca213e26b3bb6e2fe2c457104c90f5a37c0cec8fae94979a37510cb6621c08c6d3a9767f7a5d144f3c5a6330d518560a2

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 36750d15e3d899b1322b8575ff9e6b55
SHA1 6a0c5734bfd6d920022898a0bd2761d55eb4279a
SHA256 c893ddb80596a84440ea15e4a26ec714ca98acf44fea46885bdd45d230e287d2
SHA512 e210d38ef8e207c573f9c66a8887610cc647a3fd844f79254d3062d269c0a04a01451b72f6c8d34ee2738e93bebfcf927e093495702a84213c2e9d13c050f954

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 8959273d5e117f3cc25f7717b4f2b0af
SHA1 b9867143eee7b5bdcc330ef86f160420cda52e1c
SHA256 63d09d9cbba093c1b2f462a3b8390f8b8f784bc66b440b640830f2b66192f06c
SHA512 8ae62e0dde04ff720beb095df926856a9e4945f584d736697a0f7868d33f3aa7a902f4ad31621d2f4b52ac329b2f8256dedb8ae5f0b8d8fc94d56d061bb1ac6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 042b1e03885a58c84a0db59c64b50752
SHA1 ab6926c4b1a63bc316b2c50ff415f74033858240
SHA256 31f21f1a5b141b967b4d34325caee29c5c6c3924373195cdf802a2c196455fe9
SHA512 f5784982a0b6e8bcb9dae1582dcaf32ea056ce7c97f77aeaa289073710b990f3f1ae4da3872ab451b1835d32ab212785eec5f7749b83600228ae09f24a8c7fd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 b182e631b232dc35c60440d68a94a8d7
SHA1 5be1b18dc76b4ff6c729fbe8a70fead028876b94
SHA256 b17aa0b76272962bed99cbeb676fcb31509ee773490bc5512177972391d2f088
SHA512 b327e679844eeb6d8063b1eb9e5f6c63932a1f452e13dd51e232e68243774dad0e27cb7b7a5f1a602e8c35007c0f7a932d9a138c91ee794f4cb7e92af83644ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 385bc789fc2373a367f5aee5c9380d1c
SHA1 ee5976149d0dc02b1839f8bdb5a88f4e6d8962a5
SHA256 e29171c1841f64a5346c3ac85761a8888e27e2384585bfc06cec5bc1602f8381
SHA512 e26134a89062df58143a0dab3a2eb92ab8b14ef3d608a7e45bc57e0862513910a756086274f9dda2e9fc539d65bc90839195121e6812a9911d8cce7ec852ad2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 3d8d2cae0ae72ba437dc3400b53f3bca
SHA1 c7ddda410b4520d9c249618f55ef39db20f0bb98
SHA256 74550b89d6d3da957d070c59e6d4621e3edb1090a7a6f5df215a95fa9cb6ce99
SHA512 2ac0e5df8ae9bd249f886691eb4082048d23bcc69c80e43234766b2abb2c0cbec1410e370edb5c680d4e8f3ebb6710e1e52b7adb551a00e408d5ff58ca0533fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f17f743d46fb04395bfd687ff6e8b82f
SHA1 9ded89ed36adc6f5c7a5020d7c4743f755166f65
SHA256 ffe773c925be6e79bb36cded09c7fd8ba32cb626ecb56fbba2924f91d2ae5be1
SHA512 f37f548b8f93ed1ec61baa03ea660c560b89320885e1db9ee34fb86afa8c36ac7910db780254f1afeafd4b0d869fb44e1787eaebe919edc8a33f8a7ca1ce74f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 64ba41bdfaeb8ecf85e11beca4b8aa61
SHA1 b64057665ed02ffd1772c987c57ea5f9451b0d9d
SHA256 999ce205ce116ffdaa79e04f9d97b6e7c0fd9e168c6f3387c31e0ad0f5ac47bc
SHA512 dd7e4c3f47774ed694d4d2f8f313a2873c3e09131b4d267667435a8bb5e48e0f579d3d48fdf02187d823746f9a6ad299e4206e55cb95eb6583a4ab2ae50f9aa4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 a38e839663e87600b8a1d17f1d9199bf
SHA1 795fbe91f706beec8c94817cf7608f049cfc0bfb
SHA256 3ae0074bba85147fcac9b3debf6b65afc7a3ef919841259e74b99165a280a4cf
SHA512 aee46924b821ca90feeb6a49f4a6812c220e2042632bfebd3ec9ae6707a5d80b3221736e18531ab555defed3f879465f95a482bb20a80384e31d70815aac9419

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 15ca41596fa8d4f458801234b54ed7f6
SHA1 0504cc6cf11eb2c6340f52ae0a11824814b6fc4a
SHA256 2720059c9881c7dc69432799efc7998f78b95c139e50c47e4c9ee084635b7205
SHA512 f5e031e179d32f14c8a72b94ce0aada355b73b826ea2d92b8bcf500c452da40e97d8e732aa3b33922f2ffa4fac6e299c577ee91214e893ff305239e5104f8deb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1fd9d19976ef48fe4a9d045fc14eac82
SHA1 1e54877e6b9ada476920457f71737b60a5d7267a
SHA256 3d313534d29d4410fe21a7d883d4b5ed4678ef6b3a2475c0f9e52056e860bfed
SHA512 7c18f068ed2662b18488c60daea9a47eb8aa737571a934b17339d864a31969f9703401d81ef731cf166f82f6cca31ef8cb29cc97455c7d203408b23b9fe222ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 205943a56be5764974a3bfa5d9080c86
SHA1 e5a801653ff8785dae7e2dbe61533f76e9b84321
SHA256 5dfe34e6d8d5a30146daedfd6625f84c6ce9280f49fc3f435e360aeff64f97a2
SHA512 9c5f044ffbd4b61e58a54efb8f475950c43d71ade657c8e3932f0bda882dd005901362fdbe59e1988507ece173a7f0da144a4c6767ae03a827f6aa527fe0020e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 75165ef8f9aca7a3bcf74218705e8d55
SHA1 fceff8c4eda8e951f3be9c7c81e73d56b0b5219d
SHA256 5a150e6a8eab141fd4ad513a10d2e80f0eeb33e75f18a8f08716b371f860c9b8
SHA512 58ef2b54fb65af1f05c650e4adb1615203c6889438653c80170c5e59b0bb68772919a6aed3a60fa4e671755a489b3d94071fbee05da8b408fc1b99353fc7d1a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 c285af0b028708240595d22c02a2f501
SHA1 b439b5dd7c7880126abe47f7e03fd973e6504f13
SHA256 5421c0c9f9b1b9d5d0f44fc918720e8109d75ccfeed5973fdb6acae3aa7ca2e6
SHA512 9e8105b99bba3a96c37e92a10e14d06f86aafa0586ed0fe38616ea27585b0f8994fbd1620b29119e12a6043c01c2d16df80f52c74e0c3e1d1290525a24049a4a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 2fbfde800fb156f4803068f309713ea8
SHA1 bfd559b94aea7ed3201dc52562c9a592cebf8a33
SHA256 c4b2852b9bd8808eaa723dfecad269d08aaa6c943ef0f569b0dd70d3f88a2a75
SHA512 f16e82e1078c5810bef829b93b77ec2ab33dfd6cb10219d8824302f1e5c550f08795f1adc2d99f5e9603b4a0977d13788c15301f959e37df10fd1d3b5e3b4f51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a45ad91500f78b8b82a6e71c765ea06f
SHA1 3a1f3204df76e392ce1b5a112c49c181cb218d1a
SHA256 7e5e524cd00e5b51d1eb8af729b88322186c2e17ba611f0301d37577275479e0
SHA512 35afbfd8d95a5169d90cffece386cefd7e1b246a67551f553da047ee77b3b383a9e20cb83d6bd2e286c418a46be2216dea92602cef221521bd6c628d1a6c85f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 724085b877297f1e3920e140bbd23872
SHA1 74606a269e01d4ae5c73d55118e66065241abd62
SHA256 66aae1364af4b4a9638f43e8a4df75f420c5d1c97cd8e86c514f62e2f6657e70
SHA512 abba7afffc91099dfb661ea467555caa1a32763c541edd7d243af0ef7ea964482f0bdd226f6b2bd669836077da51c72725298192b85bd38c4f51edbeece866b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 50ec0c69aa116f5a4e8a5402c2b6def4
SHA1 ef9c3ea6320aac0efcfc44e4a9f155ddac958f99
SHA256 61aa864768f03ff317950c4894accf3c42936bed436159f614dbd34c995c7f38
SHA512 419f5872cc311f788f95d636b73f4074517abf34c5062358dc260787ee062e985d47c68c1ab58d8539882163b970117f5d5c92980bfd49ad923aeb5ad0521dd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 f0b642ec875586d1f0808e0402fb3bcf
SHA1 9dfda98d232023c296be3f2cdbbc7064a615af50
SHA256 a28d825f204ef65da17cd2cca26c435123d15ecf259863c277f7b60868a2cb7e
SHA512 55367e592c5b19e8d7b1e22f2b4df7b96e852e53a7e1265838822e54d90a0222e75f5681251f2e4077700b3467e5a8f6e77b5c1a2b241666b5a1608541a9ebe6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 ede8137aa89df201e9c2fc974fd73c6c
SHA1 6c32960d3d9800cf295bae6edbc4255372c321f7
SHA256 d302f948530cba5fcac314d8d67fb19f84c3418e00bd7134f95ff0cdeca2a55b
SHA512 7e399df0273273db5219ed53bde437fded339532004519115b9efaf928fc6c5d829b856ac35c0784443be423e7504b39a68f2bfd5dfaf049935d33a2b3b4a4ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 651f1d2cba92dd6aa35bfcd663eb4100
SHA1 cd5f1279799c9414980d7b2a7bdf047f7cf85845
SHA256 5a0daf9ff4ce6a6ae2846ef75c18dae7e45e034ad206bb4f0fe810fcdb7baeaf
SHA512 76fda2228eddf124bc1b532a2450bd5ea85a421a0641fbb84f64a3946fe4f082f7695a15a84067b4e72527546a4f133ec51fa2b9d2dcf4b4cd8bb9c058d1c260

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 3b99e94a33574c149b905db0a7f46001
SHA1 400e7a63c679d3578f085b4cdf78c98c3db34a22
SHA256 089909a76ce827cbe0e0d91d4ab80151dd72ee4bcee6398750ff91b605e8f22d
SHA512 3d3ab28b42108e40773f9953743cc1adb2ee9ebbfeafcc383ef4f63a3e2cecb7616a3c45124d823661936a40c7ad9e010055f8bee6dfebaf694a8a0bf8897931

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 f78a3f712711ba9c1171ca3f872d62ae
SHA1 793598dd1c9c21e7d5f61a130020f6ca4faf0679
SHA256 d5dea754a2410a1dffa1c09fcbfd26fd95df0e98863a4c8c1f058aa434e8b5b9
SHA512 a6ba610c40a8cf16756f31c9d8744ad216dde20a1169d24216816184e59421e721c20861d0788620388485b943a6fd8663fc4cf6fb2b59b5aea13b5f25a6313c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 840d4520913d82c80399e8c39d5b6483
SHA1 93b9015d108d898546ea8b8c4586706d013969a5
SHA256 fe803d64b278be29ef3c719460a30c3d7e92cdf1c9d5004eadce4151ea02b150
SHA512 aa1169a5218e06b03df33e2e422eaf5a6c7369be32e0a32602e73f6b47a7d8055ce71fbfbdaeb5ffeea8e4dfe5054a5626f13b720dc529de21a5411b7e19ef63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 74ac6e5b49de8d550833e4077c6f8786
SHA1 c198cf7e5bc516a3426dfeb3aa4e983114e57c32
SHA256 cb7768c487bdf9222b07e86c8eca1e6c9b28a2100f3ebfdd74bd57efe144471b
SHA512 140a832e957daa1e4ac42b48dd0624212be01a88e260ededbd4b487a2890a65465aa0b17de289679de79a43a8e18d1e4bbffd0ce52d6c075cf22febb192b4b0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 f86fe7f313fd40871c58eccf88cb564b
SHA1 0ded8499044201b4f8c4d7dc4749bae966d86b15
SHA256 7a75edbb227b8530a53e26ea23dfda0166b1443a5f7d81a3c162ac5978bc72e7
SHA512 ef5f0eaef59ad761572c8af4f23c4c755ec427167b085e83d7bab295be43f187b5cb8a935e8da1ab946393f7916862429da773bc4d1f3676044d223f404106c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1d2f79aead8f2435ab6a35c3e63bf631
SHA1 cee72b13c9e207e0c2c39b04474c8548a1c0d624
SHA256 24fd6bc86510dd0e0d80fd0befb1bfddf5a98db762135844d0880151d5c1c976
SHA512 0de14891a99072494d7be94713fb8cb53ac10cce11363f2c723e94cbce92d70dce8927fb3e5cb20b39a1c7bb4d78acceb9f1675594627c4e3dcc59ec969be304

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 7f3663375cc03a739ae5fa165bd86286
SHA1 792129a7d5bd83e4bc156ad11fe4a4247e7c512b
SHA256 ca2d76e570fb2552bd4e92d63a2d15b9fa3badaa67c6935e6add07dcc369fcb9
SHA512 7e9efcf3d6b543361a1f43b5f8ee95a21fdd1bd41b2c97cfbddfef7745ff8e597e59ce7407ce6b8e331d156f80ad7c610e13ebe38d774afad6ecf3094d78be8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 e8929c3d99b9791c324b04d846cfcc7d
SHA1 f603b547e8848e31d6359d7bc8ca869f2aca1b59
SHA256 f280a72730438196f704f9ff9ec638b2c0be2178c4b544885dd92a89790a1aee
SHA512 7eb6f4fabd2955f41aefffbdce789cc8685e599128968facdb9e6b6ab5f7439f55e71579aeb0d4792a36a44a313549e4768c765b3e926d36630c6e25f285afbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 876c510fb700e26dcb8c8e54a1aa2e5c
SHA1 dd5eb9d496c6f30bcafe1ed5b02a87a72b48ae17
SHA256 d6d08c9b2e04baa8962cc0a395bfaae93b14df2d57160c91e5d67428c26c65f4
SHA512 02bbf3a0c4566afd8fc26e372e29101db9acf6487530947465bde47b90410e07ca6c909b6c55b1fbd65aa4bd0433f47d2b185d22ca8f061dc5a44c0ee59f1482

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d541d46f06a69f88885692595d1a996c
SHA1 4b70fc1baad95aaf94c40719847f1697c164e211
SHA256 1d65247b04c2daf6ecabed0eaa30b5c105a85bc9490ec7e9a360c6aaa570a98f
SHA512 f91ce3b64210ea9edc65ac636317f68579a2efb56d34baf8421342c14f07fb1f18765ed2632b75bb0db040d822c2518bdaab24a764a79241540adaf6e844efca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 df7b6d173bbe0f1d70dde8dddace3f0f
SHA1 769ca31f3b88c7769ec75efc55dc71b7dd8744d0
SHA256 08fbfd65eefcfdebf44d7cc565672fbca40515b7f98e938e0c0f3136220e6785
SHA512 b92650e9e40f3209f3987c52ee60ad18f22f7d7d270c6dbb57bdd62cad18838445e6af796dd8f87053ea497321fe5b168dc98c97776f113df11a2b7ced5e3bab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 350b6542a0a77ac461e1f2043bbdc89a
SHA1 a0ac12e8517f28030505848a20b27e84cd0c2125
SHA256 23351b90770adf5b7afb122e043273d348eb36ebf5e41467ea7cc4216b10461e
SHA512 dfc7e8ca0b4e16a3b15b944f127f8a015633b96ce98718a448d25e0d8a7ba7812f7827cc1dd544f9abb9c7072491077a9c8080ef6b969a233bfc8557005cba24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 b6b6d0f00199b19496fdc267b72d59ef
SHA1 2a8aa96c9b40021937e7543c59840fb64bd281f2
SHA256 9892cca5ac921f8ee65a9d4d6402b4c668c8f3b41973996752e8c03ccc686171
SHA512 8e7a08335748b787eb730cda9fe609d102246d41d67fbcbc056dcf628a95dd8d539b13160890ad4462b64714c2c5f9b6daaf68086e74f04138af9a470817b8a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 68ff2a5518cd1139adc9666a0bbbde74
SHA1 c627bcf2f359265d5c479f24a82efa2c173250e7
SHA256 c4ad0c5acdd0319bd7ad1109e4b8260d29137281b2efe33c1bdaaab757c6724f
SHA512 98dbe7565bb81d80d85bcb9d48ff07c5c8e2c6adf69d54d05a107c2a28b7c709c1cf82d15e5f1537fb0dbe9eaa284a2a600c2c1e1200be2e066b29a21a96e138

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 3129e98044ed91dbad3665b1fb60c82c
SHA1 b7409c1b785af8f7bcaf356334f0ee5f15a2fd34
SHA256 a7431b80c80f4d2c11f127702ee411a7dd926d08110722354645e8f72adaf257
SHA512 5de54b49c27cca8e382eed927330e416550a7cee0f986ae799aab3cdc3bf002e310b229ea487560b94f93b64205a8faa269c6e8752e2f7f9adb5da30f1983ee5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9151fa82f8a4e6f73dc34e11689178f2
SHA1 af98400e3ae0216c8c0696beb8890f9c672a0d9e
SHA256 02a90e7e73546816ab9368818141855bb01cbedd9f5403230cecae7f48b9450e
SHA512 600f201fcabf8b19895de3c84a09625f4baaf28a8be46eb02a9673b042e67a2b7c7473e3bdb897f71d25dcecaf5ac4135f8f55ea20b6eab6c32fa0f127dc99c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 ba726c913108ae28f15d7b007ee01850
SHA1 7ca56bb656a01dfe175d7bd5d96f0f72e0440bed
SHA256 3f6234c6b2bc56039c27c172800abb1f628908b18898396bad79262d0822a5ad
SHA512 3c09a14e3061a06f1fb6e487509f4c0f61ccecc68ac2663ca33f5823110b48c89615c579ec2fdf00f2021c356ea97065c0f0e7a8509db35962ddc4de3aed37d9

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 ad38698014f345cd7fdac590abc28d29
SHA1 a027d3d4b52b5368b7f3bd5e2d474dc4113ea22e
SHA256 a9a36d65cffa9f8690131aef60c800ba462db08ed2e0d0176b3324dbd0de6b6e
SHA512 7304f29c2058f5d31114e769517eb13d30de34e6f3a101ab6985dd8f8a2772fb12e96d3d16af64c4c8a252f13e5b2c58dea196075faa9c073ecbf3418e611739

memory/1512-5678-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

MD5 d61662fdd53c188b1bdb25927d76234c
SHA1 1e42db37098b3a6731ae0bf50f168daf3b32a852
SHA256 8aaa11af166549b3279efa7d64240ec02224d36f05a085f9f5bc273818d9d160
SHA512 e1fbd5c875d2fcf98b8db162f015ed417c45112ae6c7403e68131b90f13ed9083ccf176a16d6aedbf6937119a50eafb58a87d678cf3e17b9e9063429a99deec3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

MD5 397a2753fb62b60e961a5a8a596ff1ad
SHA1 1fe5e8a3dbd797f57897679d357687086204a345
SHA256 9f1fbaf694b63bb3251ca6e2ccdf56a38d22df58837cd844f72027b01e207f33
SHA512 4f8ace45d8bee245f224a801d8aaab78fda12f75b0a5c883e7f289dce7e53d4b77e87875afbcc962fa65abe9b584954f4ee4c4f233bc8dfea98dac07adf1c6d2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

MD5 983d256f86afb451e7592f1dadb9b25c
SHA1 f176764628d6c95d3b35c86cc5e828bd4026b951
SHA256 baee7a0bad6c09aff746cc9fb69fdb8e32758965a9732176820ca321e8003b01
SHA512 b3ebf0cf51db53f941e71b4a4444ae241873c1bed6b246ce28bef349b21983bb9aa2793a6f871cfb88fab3590c4a5a5b7b9514a34818da426f6de14986df4800

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

MD5 8a1bd4f967619d477d25f4052e93e56f
SHA1 a25cc5d8ef3fa5b0e8b8b87b8c2a586f0543bc72
SHA256 29c15dfbe81c54c6f3a71755d0ee44ff7bdf5fc94ec12e9352bd916df95434a5
SHA512 b92565c838ce61cbbe5efa8f419f04e5b7a36daaf2b06757c30413a93ec11566319a64b7624ed4c0faf4a53c2cc286f06e9bb1ded5b986e449e9f02d67fc8e33

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 4c71d258e13eac6c3c78e77a8dae439e
SHA1 b8707ee34ca3b44d82a076683d1b06bb58f742c7
SHA256 9f359c6ae7d50fa19ed6f6fafbc73c7d6645b643619a2454b5dbfa4824b56620
SHA512 cac2f7bbda601d7afc249f080959b72a1c20c1aa9e61ba7185ebd461eae1de17007f5314b9ac79946816331a6a26e53ec99589cfa41653007f85e91cdbf6d08c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 8f79d1e35ce5cfc14fd391c03ea15e97
SHA1 f24142c6ec6935e41fd92e7a15d22b08245106f3
SHA256 c4e5473cb713441511e5efb2698d80fa7b2c2d81a2a0dde01cf7db6cf1d12b40
SHA512 553b446e6fb9a11bee9dc97b9864901745d13c287a2f4d3a87cea0060d0cf55dafc89d7f04402b8cd90e0142276048d690f9e74749e1b77e0e3cde75b59b6195

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d1ce16e75fcab34a2faebc900607d3d3
SHA1 9e0b28f2a0e835f2d0b543c21514da0cec4c81c4
SHA256 fe38cd5159ee073790dc8d05db2c967a7c5889faf95e50955e240cd5635be466
SHA512 387bdba89d8c677c842a403af408430bf34e50e106af7049311c075f0c0794e52b641c73d5d1ad696c311267c078e7347e8a96da6d0f7a70991589b3578c422d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 12ea42738126795963bc7aa7b3383d78
SHA1 66b2363ade09ddb58c4054b714c84a2a7195d6b7
SHA256 1562cc360f0c333cf3eccf51f54aa64f1393af43d337d61bc0401dbd1803c860
SHA512 96162a9dc84d5775150d1432f3103644d321e35b82a747a04fa38e901c41ce28df66e9e62e9eaffe7c6c5675abdee6c44dbd3d54e53a08a819fbd21709545074

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7ce6f821f89acc23fbbcd026a82074d4
SHA1 57e888eaaafb0500177c2d16fb64a06808cc959e
SHA256 eee27afc6da772df868b9045d918d1854f6fe4149ff8073eaabb5fe872132088
SHA512 818c4b0db894aebd4f952a138e05842ca8ad13b294e3f9a3cd1066f2f87bb2fc9b72161a46dc22a66e4dc67dd852f55686a5412d281dde8593f10b391c9e93d9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 86977fa5d3038115ab6de011f6a0a992
SHA1 a9d15953fdc53042f82237e89c9f976efed7b58f
SHA256 d6af938f6184bb8593dde6a710d5c56e49616f26f2c6d546d6034ff149bab235
SHA512 cdcacc596538d39fb0a9e28fe03a4777d4d63501325fdbc0505cd959579dfc2011cbe4fde170873c1aec4e0f432b464a95f4c34200450de3b8d119869ffe0b2c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f51e69d46729469a8a31e24aeabde7bc
SHA1 a6abcada61589235ff3534a14afcfa5076e7ccfb
SHA256 3701f17832ff3ecf2f6c55b51d19e2725cd992236bf73f2acef79b928207b10c
SHA512 8ac5dbe51cc51b3acb058089bcbf8d3e254a51c74c3c15936cfffed191ec97d908f795214ce9956c6411f08a1e8b7dd492337ad6e1c3e8361ae9e921e5cfd6d6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 55ffce0b5cb2b2b7083d8b3105dbc306
SHA1 6a017e807138d3f490ad11c5dc3c88431225fcd9
SHA256 740529b1e69b8919404ef1e344cab0ccae2743fa6525ed7449c6cc01d67f8340
SHA512 c1e5c0fc197f409047ad0b7e0349962256bf8224a154d1f1926187f6237fa1cde8b9adc8d8c642f064a0afe734c4d9055ab933712ff185c7feb4026422932c83

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bdf66f52493bc4b807458fae81e5f580
SHA1 7fd249a9b9c53dcdc058a663d604b9788da3a8bf
SHA256 e99a8f816dfb5e75742ab50e92f91aa62c831bdde6ec8798f4cfeadb4141726d
SHA512 49fe52dc12b0e4b6b3a57aefe0992accffea8700c9c6a28bd899211406bb560f2428ceebbbb0f30fa824de4938f836335723f36e21d5c3a18501dc6c67026858

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 bec22784013741d009e4ecc61aaa304b
SHA1 94982f3bb8d7652a03c4f96427456a819376929b
SHA256 1ed8899c0a352eea3083645e093d4e3a94a9e8af51209b538e3caa4f4449c754
SHA512 829b55f5b4841b883f40bb4cd738f1a021673109164b44571215f930290446c9ca854ffb7ec268363091650d8f75eec65864c184ddfa5e16be3d244929b5c80a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 eeb13368e3d9e096287283e30e7af3f3
SHA1 4853e77ab53cf90a6eaac6f39bb18e0c36305c05
SHA256 e74723a1e7e5446b24d34fafc71699a2794e667c8040862c4c8eeb00767278da
SHA512 59b413cf110c523e5d6cce982308f4192ea080249b25d6aa961b6cf1786cc89ca98c58d55ac29a98dbbec59ff1c25bdcd3c0ed5669631ccdc8b6a2f8d79a64d2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d07eb0e7262036f19b47fa613e316676
SHA1 9107a63e473e17135219740cd892314096602990
SHA256 463223dd53547e73d7f09aed6f9b60cfa673374e124ca04d81429d6554116778
SHA512 dcf3bd198ac537bb38d8556e55a5fa7e0d93f0c1dfcdc510d5c48f0a4be633f0fd1ff3d3f8a18913656c158212a15c8b8d6606eba47c6c1bb900f092b22045ac

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 2051209da422ac054c75d22f79f7058f
SHA1 5010d680d748870383277dbd8060a7f7843554e0
SHA256 f139decf4fe365b089dd693354aa903ca08ca8da1da707701594729984c02dac
SHA512 392cb115d62cd15554bfd9daf3ea4940593f7d8c27d7db3940c5815039ad07781da1e96cfcf7d06e9b8cdfd054b23746f02707cd0e38190062a94dfbb1b575cd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4bce4ae8032505d3c8de0a328e1f4f42
SHA1 c8cfa9522a35d93431328cc7da0d9dcf390c61e5
SHA256 bbeb46a5c425cf151bef674f07299356b7b6a85f7b5a1669a25e3672f24ca020
SHA512 4c7efdd9316f99030de2b7864ebd7b932b1b2766c2b4bd853a25efcd2f479773ca879e22bd3aff4a024c217d0e2c8fdcf2283b5c9c8cf1482e65dc5d19ccdf13

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ec83760e86ce100481ea880bed7fbc18
SHA1 a88c68445af8bb454578e4263d15f49c80de1032
SHA256 1f0ca1fd7e43590abe53011c24fbaf0673b72a7b940b9faf25001658a8b6ab3d
SHA512 24316baac3a451744c574c5b7239d290bf032bb35d85fdbdc98df4d70a562b5d5209db25fb0b17bc123942259075db2041d6f88282eb1e35fd5152523b7ca8d2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f5b296f9bc15d42eb4a7a61dffab2a21
SHA1 9651658dcbdb44f6509170fc03d97c5195e6aecb
SHA256 076b24c36d58481085271a751507271e4538fd6ff684cbf7c00531456cf3f6a3
SHA512 d39519a0fa236b9b093edbb8b7a7da31cd75d76c5640bd62b52bfa55bd9ae83aab0a9dff85d52a88ea463248e4b533613e0e67dc58ff78d1ac8a63b59646793e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 97f9e5804c5befe1813517221d0b2339
SHA1 f02c16e4402d05b68a4028c458c76d1d55e99fe7
SHA256 a65afaeac6ecc1463e2f0045f6247317e9f785a0a8751645309253972738ea7e
SHA512 5cc3d20f35dc04dc30686f6f8aacd8a8188a9951fe8f3e0ea970e05aa91e08f902200560655cb93655b8d2c877b4bf9c2016015ab659ddc6dd9d1b10292f2c39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 3c92ac51a1853ed7b0d6db95f6bde542
SHA1 bfa168944b10514042726ca20253fecb8ba57198
SHA256 fa7637e6c57ef32e478629498950358dca72f46aed7e8189c6f6d730b5218a8c
SHA512 d1c7dfc40b57b10cc24f5e87a01b7429fb99cdf2dceba87d9d398b7c411eac4eb4fe7e5ccb9a42e549089b098f5aa3222390189c96700e222ac3b1d266cbfd47

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 0bb0c3826c50e5c7e3019f4d7bf0f37d
SHA1 098f63601d52c19271483a3abbd35bc53fceeb1e
SHA256 079ade77730a264451dfc281bd9e7e0b5ecd0631368b91ee77ff761fb8365878
SHA512 2fd0a27276e08d4b9987fd67b29a98422fa25cb6e7aaf56a74b1b632555abb6ecc8a2621dc0e5e542e1b119a83b94473ab90cdae15215851d12abdcb0a0725b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 46b07866399413cd1605e062d3c924c7
SHA1 9fa23d6b0491b852c9e9c7e6076ef7cb1fe4c50a
SHA256 dc574f711ed870bb91ac4c01f3ad8e5bc3b25303984b30b585b53cd22d622c76
SHA512 ea8f0094760de947a2201ecf2fe342470ab6c6900df01177ff7545f0a5aa90f35ff7fdd30277e86786f006bbb10bb9ab4f5411bb6ecc3b4f28cc6bf2f923772e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 6c1d18e1827e7b8362909a55b024fe1e
SHA1 bbb26fee22ebe29a2ca2a4807da48ea67a91db00
SHA256 0c572e08321080ec1e7634ee801c541b422ff231a75afd5544b5efb0ebc23ebf
SHA512 9220567502b27ae2cbf4f30c36619cab1310502172c190568a5f833b78c4d49536fa51c3cb2ba3e5588d20785e01a3afddf635dbc8e38d459c98aac0684c34bd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 06af3ca34403c04cd0054eb4cd988f76
SHA1 641f551a3afce6bd17cafcce5da05f22b325a7e6
SHA256 54e28610f2ebbaee8ab5da9ef4095179b5f99f40deb1ccac130771c18a1e4bc5
SHA512 e3296cbf18ceb422779b1a041ba876ebcb35ab4cd6b660113e08e1d623fe6d2f3e51801dbcb4a9a8e80cb9c77b140e18b46be61a53543ad6068218892fd0c288

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a121d070595c52321aca83f4d78de991
SHA1 8354a878eaa2875631c46a29520e998a0a42e9ab
SHA256 b067a9ecb37bcb0d1c8b15c2f47631f57bebecfe6c44be690820c6a6749e8db9
SHA512 636da7910af61246e9b71495d45b16aa0cda711e8bd71dcd9785c946610575bfabbb7f92fce5fe09f0f1acc3536082aa498a62a4b7d07b7d4253ad8246914cd9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 a68ab3c98d11b7a97661a7c0ef7fc6e5
SHA1 98ebc82c0bbe3cff459b17aeb86c1148b6c770c0
SHA256 a10e84f38e8f966f5349d63cab1875c66cda5429d4fd92549c1e1a02fd7fc245
SHA512 52ba91899e8cc19c67da4ec782ade5c50af9fa78ea0d04eb77e443928b3bbcf594dc19c9502e68bd2501a89a3d496f5a359a3f9fa135775da95c2715f69ee723

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 0f922963e44b68e5dc57ba68749f03a9
SHA1 ebeadf493d30e436fd5503d9846eaa2f5f8c3b03
SHA256 f5cab3a2d98903d3cf9b037cd50e959578b4f813e94e472f6cee45997160e1d6
SHA512 c8124c67cc41d6b6abe92eedc8fc74297aa47dfb266503ace5a721d37fd9646a0dc95cc51e0ad2fca916c94cf77484583dfcd2d89bbd0be5d6cf54fd4b7002e6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 da41bd6ebe488d4ca7e0ec8c63ce5a75
SHA1 de023ce3bf9ddfbeab236f9dab03eb3a2010c9f5
SHA256 1204e08d9bf47c832019c3b2406dcf2b9d990c4a96f2a37c5b9a446229ab87e8
SHA512 020de78b1bb2ae8a21d048423135de66e120d98187d54d2ec460db0e575aa2fc06fd6dc416fe32aa5c696706186282fe39e574a495ee0ce3f05b4763ff5e7d63

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 e648e0e53b463e313eac89eb931416bf
SHA1 b7f2494ef397269883f0c077ca292e7b09ea7afa
SHA256 42a1fef2b0e8f9edaf3edb306e017284a9c95b8587c2951ca381556c796dcf71
SHA512 27fee629096884058e6a5408da3a512c795694e0d865f6fa5521349d837a6c20d7b0b6ad937f8faa2a5e90ce8686d248a37e413ad50d7adbbeda78aade5c59ea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 adc30b8b7f62019ab4f75c6778c4aa39
SHA1 cef5f4306ff4d007e7e8640a9ca289fc422d007f
SHA256 7c8a07aeda6e2f2033390b32f14a3d9cb465fc113fc5e3c518918e3ad509d84d
SHA512 b948465bd2ccb75c3975b7ed8260195e180a5893f1f0a4d3d387062fa5ef9bdced7dca5ab926a0164b4af3bbcb8d57dc1cc641476470e814d4a2109251c7fdb8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 43e7c0de09a2b5bc73464b71531aa910
SHA1 a50c53740666e292fb017da77cf3beb5dc6e4f29
SHA256 304eb159f176e00f0da6b93b0c4dffc212e0dfa2748046c684f71af354425cc5
SHA512 c978ecea83a4f53461c990d53aa8b79b68879a8a74d4fc04182eae3764b295aac17f03112a6e663440d239631827370aae3126a61286c68e84a34739d902b557

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 9883f8ce8be2b49cf0ef9aff7cfd95f9
SHA1 289f424fd050b166e8c6857f55a0814e06c77c6c
SHA256 c8750daf33af68f414d4fa78544ab8477c3718b02aca863388bd854fc5028893
SHA512 31c95cb5e182ed37c0547799bfa20342e36f8b981bba6abbc03aa07af465fe927aab3095fb09c75da07458ba0d3937f99fbb08b922d966c1c4bc8ee4c3fceea4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 a95ac54e43d5915c99b48ea665675728
SHA1 1c5e60af6391ae6e683db1eb82a67832070db93b
SHA256 e78995583fa7a2aefbb5e7d5857b1dbd42afb91f1a35b6dbefa770d3b118db2f
SHA512 18661b4fe99b90bf6a910c28f1c18eaf57d82ef38c0c2d64845e2c9ca84fbbf7f5ef646871725609dc346cc0989edd6992845a7570bcc7d7bfa471701a6263ef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 b914d0cdd14af538c8ac07f0b2ade06a
SHA1 1b7227ad5d31c55d1271bbbdf20b4cc4f8d67d58
SHA256 d7b7730fabd19172cec1441d84a136f711e8ebaf3626bd44f0e51423eef068ac
SHA512 10ba9c7685d0a024ff74e94b9455dceafdd5d66b468952d8ff97df64b7059d037d0b396b33011c7be8cd61a4c7e94f8fdf1dc0566d541b3c491e2a43fc78b8bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f4fc407d614f0b81d15199294278d66a
SHA1 8b2987801c61f28c5da8869e1d28b93798e848e7
SHA256 72460c5c725c431029048fa0e595e69ffcd212f4d3a85a4c4ffaefaa0be947a7
SHA512 00324a013ed67f43479cf75cf62150717018f016878068dfc73ef0c6cae0d0de752fccf176a6756aa64d24c970dbc28a875aedc93f9561839a0087918dd5c8ca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 0910add48addb879fa27ba7139045d86
SHA1 c47d80605267f7ab5e53c0cdad9b603fcf361d47
SHA256 3e57b5627d5140cf7ba3d700b72a53d526677395ab09007d1782c61b2c2177c9
SHA512 d5924106b66cfc5b2ee7a646d4cedaa8632ab2f3838095834e6370b63425021a3ee4d98898dcb291ae3388f4b57f634d298d213aeb25a79721d83599be9bb132

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 46938454e03151852ec1610e0059c7b8
SHA1 b185ce2780fcc8a901f2daa8b21af00474dfdb66
SHA256 38fd7c90292681685148d4c3cdc4d0cc412925395b9475fecc6e83b083de8347
SHA512 1da8b8f63feb9a48769a915ccd76178f200bac4f6ed2e051484773353b659567f930f0b716fb84667c88c7690ecd53325b98f7f98e4f8c310d2adfadd438c8a2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 438982d0113ffeb8887c717d0bad5a74
SHA1 21ea5d4371100a0a1c70b3be9f1c959d837a6b0b
SHA256 03d47a19ce6e815a07c011546ba26f666d06c73c95f2bdaa645ad8d8fee091c0
SHA512 71eadf15a36021b00e4998005b2f9c6991359cab25dc19982165063f6d054afd033e239d5bb8a97229a99ece282d17a4d36effcbb8a0598fd45f5dbfa653c98e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 dda8a173f0aa2924e8a6d5cab310769d
SHA1 31cc455e03b09255c1a46add4c66e07564a15473
SHA256 fb325f802b128fbec9a19129b5b86c88db23c837ca01af7c84099d4844e7dd9f
SHA512 c82c5794ecd381dfad412f1251799999bea98d45fa7184b7ec4147110cc16a3df09caa52b1768a78fa2171fd826295b9fabfc0760287aed1dff43b4cb35ce9dd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 9a92a1981f8309d139a773655d41580a
SHA1 53e990ee8e8fb2e5a0da48020399d1ceb636ca1a
SHA256 15b5ead7805e851f0caa2b39c537da5e6bbbe6b3d2c5a9a76a13d227bc2779c3
SHA512 73bbe4bdce921fccc531f0486e6f60cbd2fb18e79a1625054e0e1993cb515196a825a4c645980cfe1c15ca68e9b8ff29b5b94d6d2eca0241429c4e32e80e3897

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 e2911b4cdb7591e5fb893e37cce7ca82
SHA1 e813726f91fd4c8c7d6be10e4d438f4a7870e3b9
SHA256 64e6bc914795005ae33fcc7b029ec4973224d8da4ab1a0c08f04703882dfc480
SHA512 f7d3caa04505bb854df3603768268754c7500c2968fbb6e35eb74d7578b0e7730875f18a21a33f732221e472867efa6f9c633e16e8b2a5cb7819a1ecd3f6560c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 49c348d273c56b9925582ef8460b485b
SHA1 7aefb77d78fc3dcdec5653ec9db33bf08851900b
SHA256 f66a6eaabe2e11e16ad1771e626402dca54983940a2d1bc83dc4f615ac2857ac
SHA512 00318341529e577a4a66724e9e1c6c9aefaee1c7a60aa0d834283acce754ba921f08e1c0db52540d45d75b21db2b12b8f558e016c98831dc99ecbc9a7129ac0c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 d588c34e9a8c5f75bf5a63d32f8d3378
SHA1 d16bd2d58195f7855dea814928509170ced63128
SHA256 ad1d6b0781b9021d388d17f32de07e1b03d9b59743ac30f8eb8a32507e454b51
SHA512 7a226faba32c3a62e46cf5e2215dbb2dcf7cb4292d36aa939187f2827b25e0019692aebe0bfb1fd6d497956c9b19b3688686ccbfbd36becd019d7b1340676043

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 e43701b1ed4835a156bcb3608e2686fb
SHA1 4f2e35d494890c65590cfc052ed902c394e31cb7
SHA256 f0491edc4ecd0f017c71ec5ba3ee74673740954e03270f367f447a5250e77c30
SHA512 abf44c7f9877c5a310ba4622648fef403d3edf0081bf588ae5c5648f06624598eb4a725566bc5bb4aa76e8286a369f2e1d54148b3b33c28781b4212780428f98

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 f3c49881734d7a398e72723a84712186
SHA1 3aedb4c1eaf5205609d1fd21ad0a0ef8dc9737c4
SHA256 ecdc027dca15ec1da61607e723d240de50accfbf33795e3dd97df48dedcf43f3
SHA512 f791935387e8c9e274e4982296823cec91e574bfec412244cddca9a6aba2705585dc872027dccf6a8ba9338118c9727f61e4a2ce35c6bb4ce6cd31f2155b097e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b4121884cb8eef8cfba61ee8d1508487
SHA1 16f9d01029a5cae66b4a25eefdb88ee4a585c79f
SHA256 87ce4764725107e0aba60e17d0671d18337bd7346fa8b2aaadffcfc154c1da4c
SHA512 cfb76bb6fc2240e287c0e0d92a17f7cb0a3c8e8b85a403e8a05ebfacbb2a0abc663d62525c8683fb8b5ee1df5a16f2011ea1495c774fd2865876a9d610059ad2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 fa2d67753aa141c0cba9c48a2de92a41
SHA1 b7ca97fecf7a4b776d6433b727742ac31427b057
SHA256 a5798aec6357196d61692e71a15795d1363e00dc8c97a293c225a6cc171d6861
SHA512 11d0039528efa6d529b67b31c9f26b8e575a4b7e0693172661c0413d861094e63868f6edec89ce55f00371caf001bca881999bc27b9af941f9eccc1087bc0e59

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 44be5992948dc09c020365e92136b120
SHA1 6161e9b8113f60d03a9001a0b50edca6f2b31f35
SHA256 3e63fd43638709560fc22b09328ddf87c6f855d8ded2900366e728823716b549
SHA512 df662672ab45f7482b71677ba0695c061188da66a2b1354864d54d7cd8e916e831e25bed43b5127299dd14ab898bc7d545b1db6f4ae50976d3cb35bd5335ec7d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 071442973c9b06f117a0cc8fef6df98c
SHA1 f941103acd1969b80e7138def18be34bc3344c83
SHA256 c9b5177803f5fb9d534fff2f26873293bc17e90904065eb64a4d2888bf30148c
SHA512 5fcf636f8dcff60cfe09b60228bdf42035f9163b84a029ea0ce18511697a5397eab66170b1f6905ffae6e6b080623755cb275af1fb54cba9649a263cb9509a0e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 f2a026b09e380fd5d08d0c97f7e759b1
SHA1 5c3c6d9e5f292da5665bd067a79a6eb49033d672
SHA256 38bb4f3112f5be079af893655e035bb6a08b1906854dad991f4159fb8d3a1221
SHA512 7eaa3f21d0ad9130d442e4f9f398816ed8a2f360cd440175baf340d2db8f11e1afc67f7e7f75155152488ceec1289bc17a42f5d0d5f2f28fe491a3828a9fee06

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5ea21bf2c5d7f5abe796b2a26f38a7e2
SHA1 2a79ff39699b0865f21cd43a50d0a389cc392ee6
SHA256 fc50238cf5e3f71adc95a75032e4da7c8bcce23a3c3574b6382ca25446dba888
SHA512 e90a20acd921be523df8e1cf453c7dfc2b1d2fc3bae4d3d832de2ff3bc990c0ca37c62c88111ca1382741a08962cc22b37fe0cc291dcc2c538e30ef902b5050b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9609d624a466782f6aa0c7f72febf4e2
SHA1 541cd49ae35a17dd6cbde9c30464fbe93c1d6309
SHA256 a4ad2c1bbf689c486d2190a122acfe93bda4bd047d23cc93ee4df2aa9261c0c5
SHA512 bdf9619e18c5234d5d12d8ca250965e27ebf0f8a53eae655e2e731a606939b8624231348e0940165f85fa0031c7e4a21fbaa122b9b86dcef4e6ebc26c4c65121

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3157d90cf301ebe9d3a0408e0ab45e29
SHA1 d7dd0fba7d9a24bed2d2048b6393c33cc850523b
SHA256 b95782ff82d3822c06b14dbd1277ff52db64ac8431a4364a64af53f883ef471e
SHA512 1ed0cac207432ebd15dd774bc94a4b2fa17be8c4ec8ff423d86740700bc780d93ed2a54119e2f0816da77e611111fe54d7c74c28d4f5664dc0a25fcd3100585e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 833bf65a0782f5bda1c53e1a0711a26f
SHA1 c23f83d7c6da946db19d029ad3990891f69b7d31
SHA256 5ebcf8b0c203d7bd356bf39d545cb16d49c439ad11e501729543d79c2721e730
SHA512 c48119841294f7b2e1328435707fe6a18611bc34c63e79874c249f780d9190ee7a2c51624a364ccfd27c30e412e50e0d99eee65bea5cf2e42a8ccb41c6e6fd73

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 1d761b6d81e4f5dc44f3f680ac3de4fd
SHA1 1acce080b9055089ac57ac5d5cfff82055b70e43
SHA256 ac0df383f808680ff0609bbf4931a5e98aa1ffbc065d78ec6e8d9b4a2c1c7c7c
SHA512 d2614adaf7c78e00310b3b6ecc8ee980ddf659df0cc4d02e5ed1e9523e80ee77b97b6592f31340e7b764203c533bbdda666f459c3828b4cc8f917e595f5eca55

memory/1512-11212-0x0000000000400000-0x000000000040C000-memory.dmp