Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-dyc8mawfrr
Target 1f5257a6bb7f294588c2c7871df95960_JaffaCakes118
SHA256 57194af0f251effbcae37460c06fdf476fdea061b1c8ec87251bd28be62f8b46
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

57194af0f251effbcae37460c06fdf476fdea061b1c8ec87251bd28be62f8b46

Threat Level: Known bad

The file 1f5257a6bb7f294588c2c7871df95960_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2181) files with added filename extension

Renames multiple (2183) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 03:24

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 03:24

Reported

2024-10-08 14:31

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02742G.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR35F.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14868_.GIF C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-pentraining-adm_31bf3856ad364e35_6.1.7600.16385_none_97d8591eff34f5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39d3bb4b3fea013c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..p-provsvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ca5f33128c54b8a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b9d33f69760d3b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..trics-cpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9cc244c688b4a7a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-secpriv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4cd3c21490242b78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_fr-fr_b8433714d56623a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..moregames.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cd54bd2dbd5436da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.1.7600.16385_none_aef4e407776a19b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9666f6e1dbe77f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc53e808eda33786\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_it-it_46e7f1f4bdaedd67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c764748ebbb625b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4344f5fd149fa43d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prngt002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4060ca3886538c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_en-us_72e204af7ddd5d15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bde200ae871a59b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5ebf9d632f172d6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_f59e20ddece8f922\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_it-it_826215eb3de0f470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-onex.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b3a767cbb3ea917b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\Help\Windows\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_920c092685ce6f3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stickynotes-app_31bf3856ad364e35_6.1.7600.16385_none_493ba8a4d2fc9697\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_6.1.7600.16385_it-it_789174f89a833193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500-17.htm C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17514_none_f8373ee981acd109\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5e22647efe8fc5c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_a116e710cac6dc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmvdecod_31bf3856ad364e35_6.1.7601.17514_none_20b089c0f6efacae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasifmon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50f4a4d6418fc3c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_53712ba885839443\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ea8c19459ddd1771\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmmoto1.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa7a63ef9bf8c237\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e0c803777a7cc698\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_4490ac689fb31af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e597f24ff89aa82c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b7ef5df3770026c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0708866546abddd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9bb0cde6683692ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sqlliteoledb_31bf3856ad364e35_6.1.7600.16385_none_be555cece2277ff9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpf-globalserifcf_31bf3856ad364e35_6.1.7600.16385_none_8f6eab2bb993c745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b5a84a5872eca4d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_899618b0c85f9413\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cb9f2652ac79e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f39c7dc580011c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00x.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8bfcedccf2a7e1bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-usercpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f302914c04ea20f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\8.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f11d165352651d65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..eraccount.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2cf978a34335da7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3ba1f5d34890f57b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_020bf59234fd9577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx002.inf_31bf3856ad364e35_6.1.7600.16385_none_47a30bdfc616cefe\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open\command C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UISURIYYTUPGNIV" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe,0" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe"

Network

N/A

Files

memory/2668-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 617ba0d83223aec5d918f881e885a7b9
SHA1 e778056385a8cdc3ccba942459b10fea0c100535
SHA256 08e71d7496788bb892c62a0038534a60d62f864286125dc3c1b59cf3fa000f1e
SHA512 107fa887c533a23c4d3df92eee0b9f6fc6eb73d3c23e9dc606acf00a0bc94978e224dff8a0131bff06afdcc2cad008e9d1c5a512bb3801860c9819a8413138a4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 abda2d480a81d9f0631199b6a5fbfe07
SHA1 3474df6712272b12c04ff6a7aa380ca0e097e1da
SHA256 956fc6fabfc5d30dde2489f7866197df935235b8fdb5fe3c5bb8448d2c99f4d4
SHA512 96e46013f15ab379bfcdb19af8ff74c4d94287496f67950a89465cdefcd1c45b981a79370eaa9c1d34a93a643336c95006fb86e28b0cb42f79f13d0b25794598

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 531751e30242b840eafaefa9b802ec1b
SHA1 bda47a738a3928549cab5e2dae970bd59ef49a14
SHA256 c4adb5db53f685e436ec65669ca5b843a6be4a125a317a99c0b7dad06823bdfe
SHA512 b9d2303cccb769e02e0b71adb2c84790978d7384e2e43be8102723d76968a45323b49f4ee832d5daa02f3f81ac793feb75364b8419e437d0bc44ad56b403127f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 5e63ac9b9770dbe8c50d8946d409ea9b
SHA1 00e14842c6553f790c311b7348bd495dd15b7286
SHA256 1dea41a4a8b813f7c0ab28b4d9f81a44d6836c2274cb3c61d8474c8220b2f7cd
SHA512 e150a2bc5b94091c908151c0dfc5aceceb8a5ebab19da534f7b9dd9a0f8d22d71c8f2fc46c44c7e48dcef2807efe01d335119122c99ba624835f5c5893d31e1c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 59e076d26295c63e897f24751cb9a183
SHA1 6e9fbbcd08be127f7bfca852bb31d621cbf587a8
SHA256 4887f9a50cbde505ff6d5948c08e27780c5cde18cb475c7241f205ea80780a0a
SHA512 01867e7a26a0c2af0ad4224191ce99d1500b67f2d6896a4caa35ecc781074cd7f8cc9dad331b120014419ed6b0d2b3cd44b9afbc08e2eb0135e1a85612733f9f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0fecff4ad203ec4306c40384d16722e3
SHA1 0795e626ac8891ae9313f9706df452a3e86a2d6e
SHA256 df7e9648040d5a4524587e0106510c8c848ad9dc8f9db7584e9f2f817bfa4a72
SHA512 89ad01a06982c538b13b32594368a6090ca0c2a5fd85af9de1bb55f0329e7becd203993b1596e4e58c28d0e33e3444ad213fb0f520f864e04619942f08d93bbd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 ae2111a3373af16d1f34571c7dfd6ea9
SHA1 0e7f0543b3683506c68ead01066202db0568b8e1
SHA256 c43150473f6c9decebe55d1d7a09246191cd28f11fd5b487f4fda9c8786e55e4
SHA512 281a7946aefd35bb6b84e22cf775a039aaa110b57dcd6cf5421734bd986257c6d2dffd6fcb5401b1d9f9355bb492bab702bfbdafb3b7d7821d0c08503bdd42e4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 942ed2ef036c880f26dd4e511880ba3d
SHA1 64940b02e9985966bced25547683b007de65a5c9
SHA256 38ff516a9605ef1c19b6040835a8238017e07dcba55404536ade1c5b9484091e
SHA512 be562efd6307732c2e266d505ca6b16e19ef73c59649723a5a43fc24b35588740e7f795a609ee44f7b8d443d00226c195701643ee4b2d8c54670788694ec9bba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 b987ced4576aa29ae4736d9ff16e427a
SHA1 e64f2fb402e86b1ff20eb00704aebff7e96690a8
SHA256 f136d107d0614a161c526c682ed2aba260ef5b77354567bfacd7055a283fe08c
SHA512 94045eb1e6ed5899a4eb1d706fc12f40b559063751c583fdd1dd27cb49a213f01be3dcfb2630969645e05028acc9918f8bb07ae58767323355769d7de6065ab0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 08ce86fea9d689d156a450bc59938316
SHA1 c06122e629dc5bdb388e5ea54bf65bab8a7e2532
SHA256 4ebe2b6705e09c80b5fd4f1b9e727b90e79707b529d745d814f2491dd49215ef
SHA512 8997cc517debb90da7762548bb7b11d2864641732faacb24fee1e1b4dbd01335f4a7a6da2c6ad26558755ad4ba6a2735202d1a3761822dbce4d7232d32b7733f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 4da48918ca2e106cc919261d1e945e86
SHA1 621ac98785d26beb3186bed8655be3fcef799c0d
SHA256 23741bbe368ced5993e393cb03f0d87605141af83841481f24b6c4fe598980e3
SHA512 e7b0b5ae3cd9d79e4d74794c7e4b38f0aa68a7688b32cda324c424895563cad876140019c9cfb35c68d09577412ef2e3fc09a39d02051d2a3b5efbed2a5fe8f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 f2c2873626c6cb203c7e3804b3a3aaac
SHA1 24020fe3e399c8875bdc0ae37e899638ef5329bb
SHA256 e5d632571bef5ffd534a633b1f47f529f5e3d44f7bb9434a8d590594cca96ade
SHA512 eab90fb8ab5da774e68892969ba1364def3c870a836ff540d4ba0b9f816179d579462f168a596f2a4dac71d72e4dc208ab6a92de900a3e3c2d8b50537861ea5b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 9f6ad3a6812d63fcfa534c8b70efb153
SHA1 8473fb3cc81bcb8fbb1f7562dab5da06d7f468db
SHA256 8526c37f2fb62bfd8fa3a580fe5543978e80a6d8bbab9e2b9a3f01ac116cc2eb
SHA512 e5b8c9175d33cafe3cf4b4e2304f82db8720d596ab1d430d7ee0511bddb035878fc014034b305464ac94d6aa9f76ab713bbc92fb3217cb394bcc655ce8e5dbe6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b32cdb5be3106c497238dc6b1bdb5d30
SHA1 b4d49f55208c671dadf4c1c3d214e05ed8d1ec56
SHA256 d838c2b4a460355a0f1e337a696dea7223dcb7bade8dcfc2242513799b13a7c3
SHA512 650eacafe46d80642d10aec56de51c70fd1fdf37294143ff90e77514cc1cbf7347aec0d2ab3195e31c8ddfde9a3f5b184d8fe47407d71515e4133cb6cc541201

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 a33b5073185a5e35e728ec817a040fe2
SHA1 b3e91669b118700a6b6f2bf57a56ccaffa6df1e9
SHA256 2bd07883dae053810cf763df5d094321cb51f5c92418aad861442e2147a46ea8
SHA512 4be53c3d908af8e66cf7c5e671ab97369d0d533b21480b75dfae299f16d9ec8884a6abaaebdc6fea90491cf55fc6c68903ecbb2732e3b34302b0bce770cc5a36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 b35ddf170f1ae3a1cb8be9fa21dbbca4
SHA1 fa26d38f351331fe2b50cd7a4e9ad6427e992d9b
SHA256 dc4b6cf9e3757da593bc3d21eeb4df27a58f14b1d8e5616dabf109a8b35b5b68
SHA512 07d22cda67f5dcfe46efac00e4e05ffbbf617a2fac4b35d15acb6c0966dcb01b6cc3ed030bc3a49587c85bf881e1c68db01c49daa88d8fc8dc1ce3d56f7ccbfd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 94ae87a9708d2d1549b2a6ff302969b7
SHA1 d7d8787171872f1a9dd99d26e6013fcbbd97de82
SHA256 4ddf56392f059751aa84594a680d7f12a94646839b712b176abca18fe16236bb
SHA512 f5816d93d9c5b2707ec753a7e054553777a85d68ad770571c5be71a3aa3d8596ea34d40418625865feb67a80003c8535c5f2cbc9f54cb0c39dadd68247ebebab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5e39f08b6bdb9444c7883160e6d66ed7
SHA1 3d2673a73c9b8ff50c4123b8462baa43e43c7cdf
SHA256 d9a7107fb014bbc71b5923c872bd66087807c3083ddf828c30303b34ee8de4dc
SHA512 d267b703d1e5de1292c6fa4e7709a0b673bf6ef75b52fa5789c0db0402223248cb84664772890d270a5202ab1276efd777e4b21084e3a1e8536ea1e65a075dce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 bc3270a22093611cee0bfe191d419177
SHA1 b3122cbcdfac0c7a7e62ce7fbd6f07c2ddc86050
SHA256 be60a5d5d5a65930279c6bcc61ecd50215bc296ef5267f866d573928acef4fc5
SHA512 39080e37b93e300cee60087cfc1564ed2351725c8ff900cd38d45621ab83c4c02bfd3ae283cadde6920b8b9c2479f24986d73ddc0e6f9eae1dd5578406be632c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 3e62553d97eb81441c04edd73b26b0eb
SHA1 bee4e46a416fc61ece9bb3165d40d44d71ccc91e
SHA256 70d7c89f4fe1f3a7f24d20cfdeffcb402e9a7a515b7e619e33a8c3ad10409ff1
SHA512 164a8df723d0c6888482c36bfb80d3b0c148cf6058e82f2262ba29d8ecf95f67616c1a3626b2d933769eb3fb1320d9cd29942be82158a73fcb105316dd92e9fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 5f459ffe66da6cafd9658d9060fc4894
SHA1 e2121072de8a53f66627769eb5c9332826bd1305
SHA256 113c762265b56a2f147446c34bf8a360b65d70bb6304fe4a23deb6af48ab1588
SHA512 b852abc9c7c83b10d26993e796e23c6b0f5ceade3669e0d9a4146a3e19906cb6484e6b4d8972b34d34730358db521f098c5c2dab60bd12cf86a47cbeb2d547e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 b514726b57f1d443976478eed6280f28
SHA1 16628cddcea2737caf771d4c2cfa3b410a525694
SHA256 4637584afe320b1531ade6e51df0072bbdf49b839fc2e9394a596e2740b297c5
SHA512 bb0da5d84b4c271803526c866ab2f18faa995c4f8f5fae3d5cf8dd53bba141108188d70fdf739eca345d4a01a83ee49ff5179c4d7a139f2680704492bf9d4743

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 cbc8b1c478054831c307a8b4ba8e4e35
SHA1 13ab2cb22ba7b647c70cab95d62bbabe23aa19b3
SHA256 b59ddc0b4ab353f6b3a4d0ecc188c73b8278483234ffc3ae38f3fdbd6c60d9d9
SHA512 e1db8deda449667f0a3b8f80c7520cf24c377d630f8da7141afed172c313736b735892fe94a0a7e1c49822ed86f42be5aef1cb4265910e0852a1e7df42d9384a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 55baad4ca5a995c9f526e62d933cc6f2
SHA1 c0748f7055ea4e72bf5ff7cd7228892ef72a1d67
SHA256 399b09fc2c8032a72ff0c0bbcbfc66d49062835afb48b97f943aeb0e3100f64c
SHA512 150071ec3975370fddacc4c381678bc0673573591463b20a580a6435bcbba69dcf55a3e3120a6cd776b34567c14b5c9546161dbbd36f69ecb64636940fc853b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 f2a1bf06827b83d0398d3d8da61bc927
SHA1 8952aeab77590e7bb1c0265f53ff0686c933706f
SHA256 42d05e805c6b1676c6bc850ba4efa2c8dceb349af83be032b82999504deaf1d9
SHA512 4791413bc28f8c23b9f1245f9df321914df2f6206303ec858125e3f8e5fad866c668f52c62a2d8ffebdaafab99a10918c67f1641ebe6d73753c97eab6d6a269b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 bf7aeee996ce9bb559ae58b88adff3bb
SHA1 afb9edab554742f37ab5696337b9dc1ad2d306ef
SHA256 2d5fd956b4d13e5a1b6433d80b8606b43c378fedcac2affafea888848ff969ae
SHA512 e92f9e5c7f0ba24b1da180e91a2f3f5dc54de52b9f24561b8942982bf4a04b83dde31df904e75f8f08d7156493b185907d3377222ecd7aea5a7aff59300e61a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 71ef5bff52cd2a2ba86946f39b34b7f0
SHA1 6d96bf3660fd184efffebf9dbe8d44fc276aaef0
SHA256 aec8355c93dea18308a1102dd21c675efea6c802de80f7239cf8e69ba63f2941
SHA512 9c056ce085519bbe08640a9d728a41b954a2692b9538d1116d69fa27378549897a89fb1699a77dea182ad023ace1b1e3542cce941918f1e719c770b6541738de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 1ac6836fc2881766bb7cb7400ff6ec3a
SHA1 7ae9b2d233b3645a0192347588681c69f1a94c56
SHA256 199b4ebbd768866a12f99b633452a527a9e08f8ef151fa26f254e1818844e2a4
SHA512 969b7955158616b01184ee71bb5843561732482e5ea413d0dc1d8501d3fedbd7b4c32d6814561ffddf9fc06536a37b3b27f5579864651a27eb1bccc467cd2ca0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 d0c24b0b5c90c4a969f9b4e99aa06460
SHA1 4f0294365e41c1cfbc64508f01555700887ad5fb
SHA256 b0daee96e874e7ec2f80705b1876b86c1a1047c9b564bef995cb8eb85f85f0ae
SHA512 c200c28e9d610e5b7cb5711a25aaa41d28f0c2ea78436d25b852dac212c13d6b45d3fe5f95493af25797a5bbe2b00a9f5fa2097b9d5b3973f257c78e743ae40f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f15f553840c240f755700f55726649aa
SHA1 fa808a4ab2ac920e6f5d100504eb20a37367709d
SHA256 3e6b35c2d47fc4534d3406885f9e3e0c562b1b8c0b45e6dfeb9131d61da972a6
SHA512 a088d9f09ebc306f16800d1ba432de6cb9b6aa045bcb7913b93beb3610a52691787a6684faf501cda6f41a06bb4598651a4a8a7f7a15602b66c7c0b61a82601e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 a0c76403219f5786d95500bf77793ccd
SHA1 d011d9292ec40485132ba0b89a309316acf85296
SHA256 5713d573ecac398bce6a68dd1b8d4dc4e2687daac572236811aee56289cbe1de
SHA512 c58ee3082f7aa4cd2007b86fa44a546dfa5eb00bf650e22e5b3da8f1f390f3440c54c99b7acc240de1a676da1c9c137f3d36034bd4589b60d8ee7e69350f8bc9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 972ff73ecddd84ecb3457971caa2da0b
SHA1 938ae85a2be0e8102623e6d13346c3e5ba7c8a35
SHA256 b84c1196670a8c1479d6e3434b1556c606f0b1fb719070ac0c0b9014b3ca871a
SHA512 6911cb56ea74c4f394b6c35ca33ebc5211ac1559b84913f7f90293feaab9e45a0b7de3c2390640f91390bbe21522e1a648b4a80b7aaf911f90e8e8875601f5f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 41b9f662dc77d5ce7ca9c7cf9271bf51
SHA1 fd211f825227c5d23ef049356b99540787ca3516
SHA256 549499cc8c9bbc7e59e6e8a53d785a3c55a423eada21a7a1d9d6189a77c9ba5b
SHA512 f5d726843f51204772d9f900cfad1b081e71f96b43371321c52bd386310aaef75f99d4cdfc5d7c608f256fa2c11b38d92ddfd7098dcfd90e38411aa3e386bfa1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 f3ba2ad78e84a101f0180916e30feeb6
SHA1 5c797d30dbd69e4d58634ed4003b697be684df2d
SHA256 8e9e2e4d1c0959afbad1328124a28ef0e6db02425babf7b7b5529853809bd59f
SHA512 5dfe28ff521beac7543122e6de958f07819b740776d093f32e8b9306217ae5dd14cbb3104522634a6dc0701e1d3d31b47783a5eb919fae9cc46119ed4ef80f94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 7ca2fb06018933c505b45877cddb051c
SHA1 6cbbce27e30fa72c15121c3e9fba189f46e67edf
SHA256 b9c07498fa5704881fd81dc1f2c14b6ecbb10da73a73f5cb1005463bd66ea8e8
SHA512 a259ab084b284b8953c434fc3770111d1d5bc494ab8381d06e32c8cbd55749391aa43af96653dad84f7c7c4ce5f35addcd1ea791892c8dcfd8aeddf056dbdedd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 443d8746c005bd0c87059382fb0f6d79
SHA1 a62813dc7b04e159aabfed459dd1681ae16c8f5e
SHA256 0390997f6367ecd1f7d4000eb166ad0fb9874f412b0c6771ee7822282bb8f937
SHA512 681b6dd21d4b4af6d1433ca5a37734428656e4a648a143a94735cad39ff768fab2ed62c60488d2716c11868118c3e58fce9d9dcaed7d033f33ed4f1be019dca0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 0a69987a30c3092599d0ba091ec9c7d5
SHA1 6d740576967ddeef830879e18a06dbc1006f140d
SHA256 2e862198391bc8679211c0aef2adf147764dcef0469f07a7487f0d2d421a6bd1
SHA512 6938cb1a963c440090a597b3e76da1565e71864fea7307370a3d7388c3fd308527d8cf923f0cc45298676e7fe73808dc57ac78b21f9bc7a9f152183dc6e79a9a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 2037d934ef5342dfbd3d58266def4ff8
SHA1 55119ccd16d7660c821bae8cd83497a9bd6898d3
SHA256 461398ffc3b08226983c8ac9e5600b1f35631f95434945bf78463e9be93f8fa6
SHA512 bdb715245ac5fa1643a608e241d609a3792605a8d07a1c74e224c9d75839ea87b6b351687da39aa7e3c1644bbdd9d525aca4c7704175d07ea5412accb5ae30b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 0fe8b0dddf1a07b745c6de6b0efe1558
SHA1 60de983cf9ccc0bb0a4c3de5ece03549a75b703c
SHA256 7763847e83e416f0d98df1cc0df0f1d0a9d169090c6d9bf5acc0ffdd4c1ed27b
SHA512 f269941ad386d9844ce9858c780c12a43a29e62e693f9144f438258a1b67de3e9ed903cf95b83b8ecbf153cc5acc818fdbc2477d525aef45f0a35c40f2159487

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 494156ac4677410cba650289a58f89ba
SHA1 55d61c9e9ed357482cab81d13223b764a6c0a65e
SHA256 f4c48614da80438ad09688b74fae17e08ee62495535dad2a07c5e70f7a69f311
SHA512 e27265b09cd035cbd4734f9cfc631b857b08408a078caf55a51a6972161f80308ef318cf5ca173df7fda697155cea22f09de213f1ee4b57d312b937a4b7661db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 79e64f1c415be797046a1635d3428866
SHA1 9ca87d907d126bb01e574d7789df8091cd9a173f
SHA256 c599069e46c989e8b5221233daef9a1f70104255014731de53f2f6ee149a182d
SHA512 c104b93e585945b95909ac5e49fe5f5b5f6cba4a2a2ca7a9f4e12d711ce49b4ffd0d7b7ff16415dc662eec62ab179ae39cda0184ca318b8eac511e0bc6e73942

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 391c4e3d1b33ce1b5b221a9f90fa627f
SHA1 d56e6f806cc631fc4e52f26423df0165dea74cf9
SHA256 73ed6b648c2ef2593f5a005a7221f92b2196d0a12fd9d59a436a31222ffb5c6c
SHA512 32d6f9e88c6da95b6705497b1fb44875e9d04bbc86af4f896e3c3757869e865e845b99ddf6ad2407add081523ea38296a0b04e2afb68b04fb5a9ce234b030334

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 42fe0864ee2a6710ab0e2fd95325c67e
SHA1 04b4c14288d0455df2d0ea2cd1ba6a2a6af5a993
SHA256 0509b2fb7fcfe46bb6ea9129f45c66bc6ddf45edf1020f20cead8de6e32b0469
SHA512 0b884ca77b63b43e5bfc0bee38e72fc6f8902dca66a8fa76ac116fe0b2e27010863298e235fb5afcc29604dd1c2de1942b1c50a213efda3be59a765645a39726

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 4e6d219eaba561b12222ad13a69a2ee7
SHA1 da2bb507730f8f2c8ab6586000c0fc7a14b2dd7a
SHA256 d979e087d83fea6557e868059c1b95cdd1f4dcead06042a17be2a32bc559d677
SHA512 04f2131796d7c84a4c4862a8d011f5864c7af3be07e73e4ad80350adb0b87d927b4ad47cc53e47622f3abe6a3b22ce42704857aeb0238226bcf356adcaf6172e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 1b40ba631cf5f7ab09d3a0c00815c29e
SHA1 f19e9353cdf531980e270db149d21ad04be5f753
SHA256 f83c88f53f2cd0f61c443f96cb6dc358504bf0dd2f5cf98265dddcddb3da31b3
SHA512 e466c10f8c767b30e7e0c2d11a6d86527a2c4a503492e5c9e9d9b815d04f855a3919c5f15efd740fba6e2f73c00f0ab14212cb47e94dd3f9e1b94dc99008fee1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 c09df4c788828fb2634162e18d12ed00
SHA1 43ee4bbb05cff14bf2fecf85f00a325a4c1fd2ab
SHA256 8277504230f58e5da5fce4902b545bbc9c759d710a184e058aa5b6f11884b4c0
SHA512 39c8af2e0e1c1bf55903c104c2059eb2047e57101acd1637eec2ed50d70cd903c1eceecc457bc2fb23144e31732c6583f6a7245acb5a25a3d6ea8ff41cf519ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 1d998d3556d2c6c02dee3f69725abd3f
SHA1 261351b944f77794fe217ee858d5928088fceed8
SHA256 60c2c05d6492079298efd46444c9e0fcf28da72b5a6bdf38fbf78fbe8b3b15b1
SHA512 2835bb68609c27a6ae40b6403f45732a586732de2e5050ccf01bad77d73890295999214726051f8cf71fd3732df71bd1692ed0f35040e9a7f6c1c916d8ab7ecf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 7b1642052516142f5030f7b56fef8dda
SHA1 1f818bb1d77b96b3b937de4dfdce63e6866a4806
SHA256 34d38d324cd0d2be68d5f3755519f2ad958ade18ca047e1f033c2a57bd625669
SHA512 d226ed0e55043bc71d869930aab7a165114f686e62268d790bf0ca044f5487c967c5506b4cc561eb74126a5a230746ecc102c22a3b68d52c1051bec9550c925d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 304e8cefa8b35368a8976343d6f7e1c9
SHA1 3011a7d5112266505c7a363e83919815bbdb9794
SHA256 24c7bb2797aa6732e7eea3da6c848c9f579b1d088418cb503d93037d47c8cbf9
SHA512 27a5f3ede59047002904666b130a7c9fe8708ec91c58e09ca842d48ea4c06ce1512da93e2d1c1a2c893708baa6eae648cdf65628beac1ade8404d1515dee5b78

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 65413c775ac8f350d20189f654a15cee
SHA1 6147f53a59579697284bbda1c5d490c31eb3c24d
SHA256 1a3a847ab123e49d9be29a80e97a49595e966f5aaebd26d58f29bb16467cc31a
SHA512 159bd84f01daeef7ea758d96377349e5a8d85c0b2dff5067aa637ad41bc5da54448c908ac7354366ca2e711b27ad615c7b9bfb7de1acb41ef4ff1f1d326cf12f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5aeaeb75343b703e60d1d1509219fb0e
SHA1 9714ca9c4a2df25b760e212334cca05b10d16682
SHA256 f2dc766cabf053f1dd72488b6eb2560478ba12c321e4c23a3b7be2ae6a1d6322
SHA512 7486cfb090b5369ca40c7cfa7ad3447eac0ac08d7c1d63ad5a91c59c2e068bedbd0762e30ade9dc6a57e7c92077a427621e77502a07f2164339f3a2f410e7d43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 faa62d6a3deb3108312a97e4dba42b45
SHA1 838c984d69d1fbfd2d74fc193e72d612888466f9
SHA256 5a8b385ab8b66da5d65ee4f19eac3485ecba24272e95c1c87091a0098151b884
SHA512 273316893fa0ca489109e7b38a8ca878416a28e906c271c9b958adeb4dd067195000e7a77bc48f1c67847b76fe702087ef90bae588691148ce91956df9421af1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 cb8c6852bd778574f0fc5c2f05a714bf
SHA1 5028845288224fd837d7fb39d4a2a2d551536393
SHA256 aeb8f79c4d8c5e7c35e4be10af4c6743cfb6063ace8ba98d7b92a2da7dacb377
SHA512 5f93f7b3fdf2acc1cc138e4c456c76f53b79e195a69cf5120dc5780d77c6e9a5f2c8302ded837522d8db5c799964082b5e004aa12b276a246345387a20f5ea91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 b46a16e69d086a87c8e2ca73435b4440
SHA1 bb711a86a3b9b7da29b6db6e82e0313f4b173087
SHA256 29e3ac07fec304b2cc0d6a177a5e900a20917239f7cb61bae757f0ef56379d8f
SHA512 ebdef547ae93b8198026960ffae8bc9d6fc6daba09790058bebf1ca7382dd6d81487a5ca5c7fb65d0fba8fcedd474ec765d81e51efd6c6b423fba8491ffe47c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 5df8c268dc21ed2ff7cf95715c889264
SHA1 803e8ce4c56d29cc90da542ff6896b7fe4bfd448
SHA256 4973fb14cf91bdd2146b75fb78d1c5a21c23bbaa25d3674bdfe9c698935a8c49
SHA512 12af31af42af70bb95035da3e822ac932d1e9c568e594832863a7cb9b8bd7f938720f3cba8191ad7299911588cfd878d2118d62f4bdd2c2b96dcca8ac5e78ac0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 39110b3830184f0129ecb246a645e109
SHA1 78cbe103a07472268faa06265408dc9994632ea1
SHA256 975801cfa6458e9677beb1a6931192e40be12fa185fb6bbc5277ff1023702d54
SHA512 af42e9632ea98fde434b3416703c44f0d6b25a41ead65cf39bb32a64a3c466baab94fdd9b902cc0df8bc8a0bfcdfa112a154d4c14aeeca0540f2f83298c10662

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 a48bc3392ddc5948458ec781ec554522
SHA1 94429e2b6a3158a3b9c036d95d29c538821282f2
SHA256 f6db179cc5441a888f8a340257cdcbd87914505cb09b05265f25d2639e13baff
SHA512 d9d9f69559e82f39f7b44a97d208f7b20870a520a0896dd9ffc9b59e02debec0f819bedf242909fccac101705c1f72fc779f241da98d8cd78c3cdb1c24bd0b28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 1d12d074be098365484c3b88064761dd
SHA1 98f8635c562f5d164d205531a4c08fb8c6e2a826
SHA256 d12bf2570f9c8148aedf82fb940097b565764f329890006dccd1fd5dc2a61a27
SHA512 0a1c01039d36c9c36580ec37ee85d9113ae0af866b4fc30a92da58660bee05e2ebcfa91a9cbb8ce85771b9c2d5e2bac9ee8ee37b8868fe1b080be8245ec8e142

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 32f730232edb578ce9a3cde133292086
SHA1 21aed3f09f169647ae7d114255c3db1054f03dff
SHA256 d7d1e4f2daa519514df925199d0527992dc44c0027f0f4a248c7a7461653a573
SHA512 034600ae726667d5b81bbe683b89a310d2601be73e683c0841e1e1bb327b09f26f5f81c8ef6c3b72d49ae8fd6da98c5096c83af3793ab2008a016c9ef36c4120

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 a4f2474bc03501f521fc51e6b7fe8574
SHA1 3139e8ee0fb1c7f79159dc513cafe1f2e7d7f4ab
SHA256 c0651d831d74fb7da22890348687879ff1f85c8f08162f4994520797ed315d3f
SHA512 a2c49579f4d782e19da9ec348596d7c1d681dee633d9e1b0a103468439b2ad0fc1c343ec50efae8514bda649ecb42cb08738dc046832c6b2d0096f3a22a2f887

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 ae6f5dc36a6fcce6c78a156e64ce268b
SHA1 415b3fe4894dc8ee8e26f4b562450742bb86773a
SHA256 7ce7bb21f3b364a4386a232c5f01267329bb4d0c0d5470cdf34b67ce55a45313
SHA512 4ad6a11bb96be092aef92af65415027e3f19094d4f2b8516f1eda9f7b34e060595a281a0deb54cc54db1df49c0179b659b59f52d5df0bfc907924093a74a432c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a89457512af36b4a5de3c33a9fe825ca
SHA1 0500da77bb8d70d12c4b075d87fd937a0c7edf51
SHA256 1b1896f9de9b58982932d83331a4e7fff939b128759ae6d4b29191bec5cfe98d
SHA512 f10e543f0defe470401e4e440ec84aaadf8a6ed7b890fa4d96b16e8be8d869f43054f2fa3b6a940784deccda04a7f4fce365c220a445268f1a5683f29628e82e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 372062d684a7a99be88d8e7f6d1a3c5f
SHA1 f10067ee4ff790ccbb5e7aaa3b2aff8ca2e1a342
SHA256 fc11551102257bbae536268bc76380aeda9b77d9ee95c3a22ef167a7970b2ddc
SHA512 98c0b028ec6e663113cdb53a77618ce41d89ff0b646044f87f6eacb96c623ecda01d5db4b2976e2bb8a04e63d4c32226f7d37112a2c9909dd0b31618c4bbffca

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 d465d23357c2959cc5c50aa5c2982475
SHA1 b595dfa26084d77eaaa83a35fc226193a0d651c5
SHA256 fb652c19d1b9ef2fe793a891357e1cc408e3b5cc9c6e896f474c20e184c64775
SHA512 8b4949078cc0efea4fbb4d11995ec4ac6ede75d0846ae9837c18976a7063c4a5b896a4a40f1092e52a42828c967574c7a8f3047f732451b0f2ffa190ce18b073

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b6a1962593447a4c0bbd38b0d95ee2c6
SHA1 d652918eee2ed79b06e60a66a998f29893e862eb
SHA256 da92c33d874738ca8e5971b9323193c22f712b3f73e42395bb8c1cf684405ae3
SHA512 216b1d7bc29613c10c0e90c1a3d58f76045f81dc1d83d8c4e917c5389de39083dc0651a87a44e9cf87a935e016c9080e2fd16a5441bf894b037884a7e063ee88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5d7d2dee1a3f9b9e47bf7ec11ba9d98b
SHA1 588a6f75bfe938ed74afbb9d0191274bfc8fad86
SHA256 e1f5da52f91a9257a5d079fc32b833ff0722365b8fe8af72d08f73fff4f9a605
SHA512 336f1b768812d615536d22d2d12dd9003cf9c7995f6ffdacb750fc2d05e8a934cb8592c876f7f03b7fb52eebbd48b588dd948d252ea4392439b6b01facb22094

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a3668938b91d1abf963fe7652f2fda8e
SHA1 1bc7390e05ebcb114f931e43a5127ba73fc0645f
SHA256 12b9989ac5a2b3cf79922c600b4a87cb0a22a08133e2f03fe2723e008b93bd16
SHA512 af482cf09c9715f3c7c9f38131818b32fb2a15dba9c03bc5a04f66f09af8c343ff1b56eb15e50ec57f7e35da897b79de2a27791066e07dbe4e2df2a13198f61c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b51f97c98ff867343bcea48bb2a5cb7c
SHA1 fc8a2fb68d3183574dd968f00a0d86367fcc3a1d
SHA256 c08da82b437b7f147c842c5a72b0d8e37cddbbe8073d0589c38c1a7c5ba6b597
SHA512 659587b35b7db3f510985c356660d295c0695460f53920c01aa3da9d3b6ce42012476a8e77910ae6c80402ecf3a48ec5c2d13bfb4a85e326c2c76237bbb05449

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 03908a38f7e3f17088bb399b7d01fcd9
SHA1 3399b55936fdd8cf505b8a5ae5270a0638500b77
SHA256 18a1950676ecd79250b4eeb9fea701294dde0705b5d2b03729a2debb2da5685e
SHA512 5b9b1aad8ea779185547e6bc71907cf208b4a99fd07f16a7d0e580c5dc4a9c2595681ec631fdf5175f88acc7b9c5def18c361b031d50e2b06003418ffca7995c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0bbdd9712b0f772742359855ca3695ec
SHA1 70f007ee1ea3da89d04eb434acbd5c15fc301815
SHA256 0e13bc4c9e8a6a2bea4d830deb580a3cc901d4e9b9a67179b9f541fd3de10294
SHA512 764f999ae3d37fc627435b81112af29d6c487b525b59f99fc268a8689fa82ac033cebf5e5cc044f5fead021245833f3ba70e0fc52b567c06c525eff4a3eb6511

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7b8e1c63526e2d5c0a63d557f475f226
SHA1 ca4554baf36367109c8f3a6896a044349b78e05a
SHA256 8944b5232dd0adca082ae530cf7824f6ae99d5620b7264eb32a52fb9bebd78f4
SHA512 8202f577df93755e494473fce31427a09c7961d65d05bb98d24a1bf771bcad62ad0f967fdbfff909885b25adfeb64fc4706fb5197f65d15c1d5871fcc069465c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 5a72da1216a1fe2d788f5f99a189d8bc
SHA1 fd8a95b0c5e0519cc47376057e087180ae121eca
SHA256 6836ebe7db1b334ead958cf9803f058a67ab0baf73819962d796e54405bdd8ea
SHA512 764e0f97e3a35121caa3cac031a4f80712764ac99575381c7d9abb50cb052a4536776ac982ba23b38d9cf46c7fb128ed3b2395a8c5c67d3dc326566462aecf27

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4a92a9b897bcd49a6217deed5827cc22
SHA1 740179a1eb745f3f5e4700fe7c0544034aebbcf0
SHA256 62a111c93792fb25ee452cf584801a522f14dd084770bb72c1b9682670873323
SHA512 7c4a18f460cf09b14b6e2578e01eb4221c78002235373b6aac3117b16893ef7cbfebd369f65be591edad89104ab691b71acba141acbdf69832549e5b0eb2ab29

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 7241430a4efb8e881374383c13eb2e87
SHA1 48edc9b326141ffaf5f8b1600d58fa9edb250af2
SHA256 1e26995741f367c8e2c8983da1715b8e4b857e5d6c04683cfd6b5efea5e6583f
SHA512 c1a6f3d2b8772350d9448d6ac7fffe4b247fba3a9e90ff64a04ee0a3b6cffdce1b5cea962f3f33d758a249a0814fc5bbbbab15e68dc6cd1eb287efea76b346bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 68d6d2400991315727ef86bd269976a9
SHA1 deddbc96a7070a37821f5f5d053a04a9dfc7cc01
SHA256 65ead79ffed0503e113f861aae0bc938389d0c2c62532e668fb0712a8f26271a
SHA512 7ac3eea783ac2340047c40ce8e5bd04f6f0158b6e7e2543e335216dc76c95093f42c0f483ffb88815b5adc3dbc535aa70e7f8d81e6656f7aedaf9be609680135

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 67c0722a889fe7780c7d5b6d3f9fdbbf
SHA1 d0aa29f8f918cd8ea24ea35bca240df71f7b74a1
SHA256 74655e2c7aca7bb65f89c21c2f3f8c94b8f8806813f413c0908802fd6374bfe0
SHA512 f36989f4a8ea6f52c88463cf85427bc99e6ac5ce2e6de1b4618dabe4d42592dcb82b3d8a5a3233b816133e96f09ece94b49f97f744bfeed4581885bf682214d8

memory/2668-8981-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2668-8983-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2668-8989-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2668-8990-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 03:24

Reported

2024-10-08 14:32

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2183) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_dot4print.inf_amd64_33c48c563d7541f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_6383331cfa0a32be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Content\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation2x.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EMLAttachmentIcon.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\placeholder.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell-2x.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\VALoading.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_connect.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\AgentPlaceholder.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateHorizontallyOverlay.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\SquareTile71x71.scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..sprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_f60cf6dcfa7516c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iodatamodel-library_31bf3856ad364e35_10.0.19041.264_none_52f277f293540161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wceisvista.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7f2d1afe34e27907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptuiwizard-dll_31bf3856ad364e35_10.0.19041.804_none_a39946334bc3ad6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00090c00_31bf3856ad364e35_10.0.19041.1_none_6355c6d9bf2eab73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..pc-mathinputcontrol_31bf3856ad364e35_10.0.19041.746_none_6aab5e113f4fdc07\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_de-de_24ef4a4f210d5393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_de-de_85f70741f42e894f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\TileSmall.contrast-black_scale-150.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\openlink.white.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_eb6597ac99d11603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-taskkill.resources_31bf3856ad364e35_10.0.19041.1_de-de_179da6ab031b5067\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_10.0.19041.1_none_f50dcea7214e5b1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_10.0.19041.1_en-us_deeb6c5b09b0815f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ncehost.shellcommon_31bf3856ad364e35_10.0.19041.1288_none_c9c1f87300f820c5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..xperience.resources_31bf3856ad364e35_10.0.19041.1_it-it_fe3354b09bc89b25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn\f615f628433cab34a98f99334931a2a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-a..nmodel-datatransfer_31bf3856ad364e35_10.0.19041.746_none_fd8e61597ba0bc62\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-consentux-clientapi_31bf3856ad364e35_10.0.19041.746_none_f643f18d5152ff00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_it-it_3abe8f5edfda8b95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-addinprocess_31bf3856ad364e35_10.0.19041.1_none_e688384bec188769\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_10.0.19041.1_es-es_0c9794b84b969f93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\NearShare.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square150x150logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_10.0.19041.1_es-es_72ee1c8ef0d2c4ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmgid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dcf14e4252f01c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ddores_31bf3856ad364e35_10.0.19041.1_none_df0b944f124acb83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-memoryanalyzer_31bf3856ad364e35_11.0.19041.746_none_8889db5dc377e286\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1_none_e9b79397c28488a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..tory-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_aec305a85fdb2d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e6a1faf2976af98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..emedia-controlpanel_31bf3856ad364e35_10.0.19041.1_none_65a4db7c34f1d1d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..vices-bpa.resources_31bf3856ad364e35_10.0.19041.1_es-es_f403ef9bdf718d25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b3fa59815483aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\acr_error.htm C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..m-productenumerator_31bf3856ad364e35_10.0.19041.1151_none_7b059fe9b1fa607e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.engine.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_cfbeabf0ed71241a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_10.0.19041.746_none_ffd341695e74bdfb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptext-dll_31bf3856ad364e35_10.0.19041.746_none_e7e0b7d9a8e927a8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..tionmodel.resources_31bf3856ad364e35_10.0.19041.1_es-es_56fd683f1ee35368\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.546_none_b400f714c4b791cc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wwf-system.workflow.runtime_31bf3856ad364e35_10.0.19200.101_none_90d2e46e68293ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmpnssui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2bfefaf95134ad67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_289dc3c4d62b9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dsprop.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3a667e9e5cbb753e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.964_none_c714ae0c7ae90eff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fontview.resources_31bf3856ad364e35_10.0.19041.1_it-it_16a7eeeff75a433b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_318cd87af60841ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..onsbroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_cab0561e44eb8c66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..workcollectionagent_31bf3856ad364e35_11.0.19041.1_none_5fd90136e4b2c468\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pcshellcommonproxystub_31bf3856ad364e35_10.0.19041.1023_none_1f3da32c5e566c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1151_none_71aa7fdbb41824a0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-storagespaces-altspace_31bf3856ad364e35_10.0.19041.1_none_9cd773e8b774f780\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.0.19041.1_it-it_62e8a49df43b3d79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_09509c5c03f07df6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_10.0.19041.1_none_30174582a020e7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\Digimarc-Logo.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile44x44.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_10.0.19041.1_none_6627533833f70d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d5b40fe7efd87a8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "UISURIYYTUPGNIV" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qUYUesw0w27oXlC.exe,0" C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UISURIYYTUPGNIV\shell\open\command C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1f5257a6bb7f294588c2c7871df95960_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/3184-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

MD5 617ba0d83223aec5d918f881e885a7b9
SHA1 e778056385a8cdc3ccba942459b10fea0c100535
SHA256 08e71d7496788bb892c62a0038534a60d62f864286125dc3c1b59cf3fa000f1e
SHA512 107fa887c533a23c4d3df92eee0b9f6fc6eb73d3c23e9dc606acf00a0bc94978e224dff8a0131bff06afdcc2cad008e9d1c5a512bb3801860c9819a8413138a4

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 18e4ecc0c4dbb2df66e42af258fb736a
SHA1 cf82dd97eb240b55f9fefd6ffb1d162136675274
SHA256 fbc780784fa5b520f854a0c7eeeed93e052009d1f36f53cd8d62f47b5c3fc040
SHA512 12ed17c3c3516975cfdc438b6874462c86a01ab7cd34edc9742b1ac6e0542125526135c5a7e25a68c79b758e3ef49a98cc9231afacba288518c04f2b1b2ed536

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 fcf8ad5aea6f416b991f6c1ec382c846
SHA1 6bc0c835efa3291eae94824cb3497556a3549691
SHA256 17839c8e5a0f0ffa9ada42c8b8bd940bdbc58828dce504edc904cc0b087269fd
SHA512 b3322cee6d3609ec56cec1db62be55092d45f393431824bd7ed5a23fdb438a959ecbd1767fcc4161049bc087fd285f5f7df19a8aa7c52c27ca84782cc76ea99a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8e0a5d56a8d1fd9f529e6ea1e9b62d14
SHA1 cdeade950d665882183bf98e46f2d7843879bd0b
SHA256 d891edc7308a4d11e02c20d3408b7af2b0c09129fc58b61e1ef39a785217924c
SHA512 b7f910119a5d12643783a265a820c49bb13de62bd8c1faeef7ce1a8b06e177801867fb6e4273f8557128f430b383c57593de3fb4d7ee0f56a121f20a12871177

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 6bc12ef76e4539940f4bb76bb4e4b096
SHA1 36b28e5cf6dbc1d9a37fe202ae0da30b789503a9
SHA256 a39abb39a32f469f828b4e8ddb007d50bd65291f48d650eeffcee63c527626a4
SHA512 36d4cffa40e8a48fccaab28f2825d7195ec146685f6af82ffa2fa3add6fc83ba6af8b69a94a3f3b5ea3a7091c664c1d3ad76ee27d1407c956fe3b84e37758a9d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 d8fd5e0b8c1d4edbc89866b719116bed
SHA1 0883c011bceca512c9662ef70ed29601aab4cf05
SHA256 53a7791714864f6d4866875cea9a43d64370849de63d441a71674cf8e7f438aa
SHA512 365219c0979a94042d687588256194325df51ccb25203cfce6c225bb9d0ef430c778a6953b3569ee896c635499bbaf19b7d8307388063c3cee107f79ba42be1b

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 588209a2007ae64a9e34033cf072762f
SHA1 2c4ae63c14f55920925514e3feabf0c9c0e4ae78
SHA256 68e47415a5d784514c00986a7b263f0ad1285b29e4838135a9b382a56f8591c8
SHA512 7731986b49e9a9196e3aa59c14357450af7380e90746892ae326b5926c42148e25652df2ca710d11a33a4528355d162ae3ca3a9971112970c45b7822af3a6bfd

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 7d53f495f80be83fabbba0c408d533ca
SHA1 8c6f3ff6db733b8288e371eedd9537e87e27f312
SHA256 c4c817983ecb6618af061026a8284868232ad6cc6040ae2eafe56b177a95f004
SHA512 16f6563db3ed791b7a9cde40e3e0d86c391d32c9dadeaef30bdd4da9ae2cfe60020297374fd7986935cf4e34659831bc7e61c2a994e5d3148f2fcb2e0a37db5d

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 1b9e22ffaee1285bfaaacff6b9c8521a
SHA1 bd473bbb1b4c5d00ac43183d03973a543dccd71a
SHA256 d9729965de123672c37e0625fa5f4cfd4ca817a912714655bf2b1835adb1e4ed
SHA512 4f29b823fd9971e802a1079fde4fb289e3efde580d15ce12c89a7b7b183cabcfe88c471de090ee04083210ce60aae4a7d7b64282264865b39f55a74729b5768b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 aee2b04dc97dc5b93bf67478824144af
SHA1 526dd37641db5dd78212274d121f9f23f82cae31
SHA256 ec32f7d2e920a451ed2dcfaa69858c6b88675cfd82de959eb9734e9ca7cc204c
SHA512 0fd0827023f7b8e6829dfcbeb4e89edd029b3ac521a49fffa33b482fe6d46f2ac7fe637bce2002d0e7aa42785f1583b3c26785919205631e14a9c878326aa1a6

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 855fd875402c920097d354167c15e3b6
SHA1 698bdbdd8f373115b6650c750cb3290aaacb5802
SHA256 55a25736ff72ee73e1a4fbd379e917e940dda56af8579d57502bd25464c860fb
SHA512 4ef2aa33b47b59412af5cb0980545041a86fe738b22e8ad9a56692d6bac6b77de70ca218d1941fb6fdf0e191f12ded79b863c7bd968394d32bcb115fa0e43dd9

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 6dfc1e6ac291e8d2841a01bd937eda41
SHA1 0233c65d44a3e051197fde7a6cdadb2c49f69aac
SHA256 a1860b4bdcf7fe8581baf353bfd5851c69fc28d3282a004858b829b714c95373
SHA512 5d2b6a37957e38b573ed21dc221e1ccf7c5f2e00971fd3e88d7eb14e90b9e9d298236f044b42a9b106f832d4291d33a49ff7c10e8ed09cc04f9841e4c3e354fb

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 056b91e52ec8bd3a8ed1d20730839a01
SHA1 123d7241d4654d76fe24975b2df1180a1575e3bd
SHA256 665b35cc570f2d1f9d1d6b246d0bae56c656572fa55856dbea27c2bfac9fe0e8
SHA512 803e935814ad12abdc48bb9163bb75ec12f653b4819435ba3678c4c91560c3c0d117ef4f2d1a8fdbde189cd9b80bc9b8fc2bbde7cfa85609d8472e38e1dde92f

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 bba10d148eaec357f5a106fb5aa8a7f8
SHA1 8d996f8eeec5ebf23823f50f963d547873f4654b
SHA256 10cbff821e16dba1fead4ca2829764d978f0b77cbbaa93cbd46e8fe800a41d91
SHA512 c93d1a11068bd43271d6d8e86051d88dd064310375ef9c7e966516ea87d96e44888d52828eae4a91aa80bc5c1a19c6f29ba6a9f5e4dd8b315932c707f38241e4

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 c8e8a7744c32aceaf4df168311ea377d
SHA1 6f5597566445ffcb8d18a0fc1b3093fbb6d00ca6
SHA256 e1d7e25d078df55801d015a14dc51c234a6ebb6ba04d81b2d373fee21ea2e9ed
SHA512 2e1352133d3ed2e5bf47f7de3fc4f9970046256409a1152ee5e460c6ac4c10413d8214b33ca14d9154a008c5c4a12159acc17c117f4fa72c21c8a839d22101ae

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 1bdca5709152a3f686883eab2e3ea8ce
SHA1 0ffeee3853ff3fa92ae8a193656a33ea64203192
SHA256 823db973275bb80f8bf19ce5ffc060f80224c2c2e7af5d86fb0dafcfbc51071f
SHA512 2acdb6e74ab3e9fcd64e0ebcb8513021b2370b89554a1921e539045a901d9c0c390a1a3d58d2968948933acf6443c8aa0fe1221a9e6fca95aca3aeaf7c5e7371

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 f7ad7988efae98acd85a73aa67c79bfc
SHA1 c99e5e178ded6d76b4ebc8fa5541e81b4e2c8129
SHA256 9c4450cfc514fdd19748a8be791440266ed17eda3c8e448a228b3676350d2a06
SHA512 89f8e17d2dd85b6b013d95e5f0908916ecd872e552961bfaec3d1c6574e6fe3b28ad79a85aca23ebb044850fb63fcff33363dc09110e446fee51bd9373a0342a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 bc194434e33d5b508a1112e00cc10641
SHA1 4414dd0f5396948908e83b8e8d2fb58a3e14d31a
SHA256 37c46874b027a3565013b5d3b1fcdc1b034f4b766c9f0f74ca9627e7dc32c974
SHA512 7e1ecd3d9e3c3a066df90e2a2859399988cc62049a2c24d272a80d211553054070e4d34e142d165a8a6056c9530c12f05a58f2e880d4736efddfb9848e297a28

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 5565ffbae9ed50622b939b5b1adb9cec
SHA1 6f2dda884038c288bbfd0592d10e64ac85a13121
SHA256 ff57bf538ff73290d512521b9a33fc4bd910463d53ddd2aaaabecaa2ecae0140
SHA512 4c2045bf877cfd87c13e00a7a0075969c5a71421aef1864786a809eca379f33a2f360367a6b4d9dbfbde92dad6134c94666c1020064df5377733e097f38dd7f1

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2f95a07fe0f77b42c5c9016c460e419f
SHA1 1f418f1a1b31033d78a031b7cdf875785d021c44
SHA256 5505291f18d2223044eaa2ba0e578450dffebe27fba364c995d5040a15452e3c
SHA512 3fc42528a4c79e95dd6d81a89145b6d83dd570473a1a1c867493e64feb2a2d7fd4e48077b6773c6736a01550fd960b4396a62347601900ab621fe6fae93b8191

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 c60f4098a468eb2f5cffbe9f60890323
SHA1 8fbf5cdc72781678a0845d1c738f761e81819a32
SHA256 c58cb272a55544c1b3f5cc947a5eeb5f0071f8d0f6aace1d453e7ac9a4809c8d
SHA512 3563d4e31e0ce89cca1093a05e5c560aee164e96648349c8ae0754176e1b197d3e3e0d5b0a02da073174bede1e2c4d602ab00e7f7ac1ff8c5683383d9c39fa8c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 a8837f86ea8f65f2eabea975c40cd0e2
SHA1 b3905ab78cd0c16a958ce94867a03d10f0aaba9d
SHA256 eeddb1b17e23b90938eb14d1cc3ec9bb52a96d197e79cda114a7047a9e0d1658
SHA512 ec52e4ab7b1c940f7a078a732ae8971efe7fde550cefad7eb30439cb544d3d8f908f3d9557ce0d53fec2ada73be31ab6bc62c8d2f09deeb4005c8aeb1cd3d0ec

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 ae4782735dbcee83087e3e46d57609c9
SHA1 bca6fd8486eeac4d0d63f704a2e38b9df514fa0e
SHA256 c9ec61db919f51007f687f915ad29b212088460457f76fa90b470e1f96922588
SHA512 8c7f2dd6c5128f14de8ee8b19a2dd9912b8c27bdfc98f2710d6f488a1b11d88a9d7e307bc6a8c351edf482ecd085ef8ce041558e1f8fe15d8b0bef8e28dbb95c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 55ef777871ad3a3749c6ef306e1f2ee5
SHA1 009e565f2d8b21645484db609b017050c72e9456
SHA256 eb87e07bb3f174013d99da2d1f0193be79a69764655c955df0d72b8adf86423c
SHA512 bf28205b3023532bc2cb5d2bcc5a46dd32a4a49c4f7671f4547036ae0725f8ad3e0e87e46e92bb723650b1f4fd5d63a11b9ec9175242b1879475d017e9c2b8ce

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 e43688e3ff44a4c0fe82573d3bbbc1b1
SHA1 a594f50ecac8c1862a8967de7dfc93ccee58492b
SHA256 323542c6c850abf23762e84daf8f0e94d92033ed96372c0f429f21e7084ef675
SHA512 15ca3c9f976fb91c26d5cafb4947727fb01c2c9bca52545f47b741cfad1e560f9fe67988184d17580fc70c555b33de86c488238f3bf13c51cc86b467fa5d5383

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 ada9b6c7b5e088d79e0e07ee1521831b
SHA1 6b78c4660202b9452254fd5f9c5a8a5aa0345bb1
SHA256 251ca8f44bda61205c8dad60ed8f30e5810ca62fa3f27dd38365444f8dcc59c1
SHA512 36dd209424a3303bdd092c7a415ec6cd37d72b925e42b021559f204e113b4301a0409f50f0abebd2aae9769f6a69ec441f675cd4af821bf10fa1f52c4e1f1e0e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 3e7221c5a793c08f794ee1378b9f3ead
SHA1 406a869b7e9bcafe70d782bbea154b86f2a97799
SHA256 7df1113d9c86a89f70d02267380d9297e11222326d56a3ddcdf1544c3992f800
SHA512 ae94f3106999dd122cd8f6dc30e6b4b0d1350cc8b6406c18f7f4d51c64921b4415b6dfb474d8d5972474254f93e20f66f4f601f7da3c476818eb4cfeeb931920

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 71a8b040a29156439ca4614079c0b305
SHA1 c5691d2268860f9637096c872dc5f9d2e1c7dbf1
SHA256 3f04f5ab9c804c6f1241db12fcdd1d7a2116197e20cf0aa4d9635c25c62f8a0c
SHA512 99e5aebb967b945d98ea2b45be6b7c926907dd0b71db78a28a6e6bb967dc098333adb936b10bbddc7837586f11577cf0d08bda50ce67bdb0bd2ad9a2971558ca

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 efc309f3705de724a8059d90cb6eeb60
SHA1 1b17efc5fd342611cc2fbb7b37f2c11e63083b08
SHA256 baa547a3fd157acf57c973d2f9027c8aa85f3214b1e88ff6630159889591d5c0
SHA512 5fed1c2bedbb00b73f26fec527000b3e5dbf446dc153b54c5119654a3c403547bc9d1006f332810d8c711c50054ed081ac86eab31b59a46889d4b92f77929c7e

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 6aa39c14a7345e1c491551d3054cf873
SHA1 3ddc62e05e3db93f77c691713b62d4cf256ea634
SHA256 5f1691285bef76b7d7a9d8f853077c56246e1fdc222a9aec114458298fa6d87b
SHA512 3fc0f638684c0cc0703e3119337d6f8fdbb3d09c0ac3d2eb436fd090001db6e63e286688053574e7d1082b238ddc191ded3bd633874daaaccb940f052b3d47ff

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 197a04121aace45af85d4ebebb1fe878
SHA1 1832ce033f23679ae9f14786de5183bb1e82c83a
SHA256 33d9d3a82487ebb6a3f60ed154ed0de3e1ca5043d25476bb7ad9d563892403fe
SHA512 ff7a5afca58dfa4deedc61278661110ec21caf0b5a657bb9d46a62c15ab4c9057afb48a4e1fa17034cac9f20681dbf581d405eea7f127a03b7194b9b62d192d2

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 73cb2749c4ee0e599730c03d3ac7700b
SHA1 7710773537dc30afb0c86d081a8e4fff75e36f03
SHA256 613ed37bf1d3c8d1e6e09360857b06a1f53cd5a38ca8e833e35308e300d6f009
SHA512 5353f72af74bfb0c6cfaedef2dda9ddaf1be254b2ecb9ff0bdde640ea737aa38870103e51780e04b0ac0d8baf5f2501f2e89ad3020440d3ccc845e7096ff933f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 82e12f5ba4ce5e5d13bb4b7b71b83ca2
SHA1 a19280ae5c5ff98d93928b8299b099f6818c625f
SHA256 0544dd3efd24164ef76fbe50989ec1f1191b922f457291ff004384e2ab0af64f
SHA512 9113c623509d00e8f9d6378c6776175b6576c87ef95149ad36062a1a3d4e6eb7e7a45e2c744171fe474b94be9bd07e368d1905bd4a10c519e199edcdd56cb12a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 fa19a901e36e5082151f3f699f4c6487
SHA1 3e2c96a529bf730c2af6fdb19f17634774a0cef2
SHA256 fa77b6657574187bfdeec340b6aab23d1be39239f8697f25877fdf59c2730dcd
SHA512 ed40a5b507729419cf1b0e3dc7f4defd50598cabf2050cd010cb1b7915640763342596e9a8de838080f5e0dcbce7c725ed362b7c6a28dfb2da9330a8a6033cf3

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 84ecdd7b73dcc726840a0a0591fb662c
SHA1 3e3ac243a8acd9f07d63cd1d65c9c4a0a5d59f97
SHA256 6ab5b36f7291c61ab9dc732b42f72406dc9dc4f3602efa4bc2ba2c1084417821
SHA512 56515f35214c256ce10c1b3abce04cbc9e40d3607af65d0c3952a119a9bce12bd80ba7f0e016a5aed758e756b38877962be2386203f67ba57f72bc4d395b1585

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 12d6ffb0cc0be1ab0fcb5a50f87e877c
SHA1 a1a0d0f88b3cbb011bacbe6816d41d1a2ed5c969
SHA256 3538f0c39babadc9af16ac63bfc9e313c36529be0b6f192e2a0f7bf923e28230
SHA512 41464b64bc0c451db35c830fd47c866d4ac4a5c7d8ca2110b33185cd9a92f6806d08eb6351abffbd2d059029c01792165106251fe2d733f840d1ea473ac9e9dc

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 b1c5043c958094c68622c15d3685da2e
SHA1 63419b8f3cf9e89486baf7c55d384c540e1de6e0
SHA256 3e34e1bbc412d86d80e8222ba45b8784479dfb0c29ad585692692bbc44d87728
SHA512 535fde5108c72c9c5d2d54fb5121c52c5b0e8cbdb6a5a7e93f251bbeba36cdae40baae8971b545637f6dfe1f04cb5a13f8386e38ffd7aada7b41913157356548

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 2edfa334cea3e739b5b7ba970dd04697
SHA1 08ce52390ecfbfca1bc4147b1a4de5dd65aeba41
SHA256 757cf6a9d9f00e436ee0a294b2a0df0d944da2e366913019789e52f2b3ca98bb
SHA512 6b7ecbc0b14e4b05278dc069866624a5f89948b8247f6c17bdfbcbfa4fa4fa90bb5d91d64dcf7ea24d43d27e9a92a0d0da0c5f98bcd4d5b073a05b8c99c24b47

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 dbc30948dc66110a0bc8039fce174351
SHA1 165464fda046d4dc17d2fcf852e7586c65ddfd45
SHA256 fb5055c2dcc646104c10ce21a71f9f38f6516dd132c73490437624fe0bceecb9
SHA512 494f34bb0fe7f3b29e28bf3ab2cc99cb43c5c96e13dc86fe88deedf1aab1189da05ea08f01b3e6f4e9c130a17482f14279aaad735e57c080b16a3b14cbb96811

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f1b3dbc6399236807b32d0c35322bbf8
SHA1 abc9f3ea6356b3e064871e93d7b4ea3e1e333bc6
SHA256 ac441588e975ff751a3872ca49be4ee8d82a87b0fb5c2c3618e8b82305f1adab
SHA512 2d6ba8fba8e530aad51c9a24f24d39b6f76a84658657ab2cf12d8b85390910795047fefaa5300401ab5518c645a5e2ce371dafce17d7f8a6018c5de368a747a2

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 53ae3eb9cddbde727a4a05344f9ee261
SHA1 2b03219593a0326c61063b9f85af0776a911ed23
SHA256 f6e960cd3cd29fb63ffd431e69bf563516d8e60871fa2e0d53009c82e37bf871
SHA512 e6d68594ffacb5c7a7a8f572d7089d4c7d7c9886b38aa9da806fee0761973eac9b42e1e24c4f70d4fa28b4dc80df360232e927ec48de11d641c550e56e0542c8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 138312b82823998a6c6d7d843053342f
SHA1 179b3eab4ad31e6fb49df098152554a148a3070b
SHA256 d0c1ac863f9e807ab63a1543dd47ba0c5a5c3157204c7b2b047b5f67a7b26af0
SHA512 cf3454ae38bc42ad60183613994a9427880afb4fbc2108b069f59c31e1725fe9dbfb0b14268f58987f7d4d857cda5824f88bf464a7dff9e4ac6c6d9cba439210

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 06a6ef34056cd0e80bd75944911a816a
SHA1 7087e94c7725a749cb14276ae2c39863a3ececcf
SHA256 6fc060b5abedc38fd1f18311f4002cc02afbdbbdd0b84007230c5e6da2d4b286
SHA512 a00db2338e9cefb1f29e671e92506d409246fae43f56d47e9556c26ceb8dc19ccc0c288855144a5071194bc560b48e6945013abe827ec757b06ac10c5954ae99

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a37bab317d73a67fba3ae1d81e638197
SHA1 71ad743d6242fc815e0bdca4f6a5d13abf1cc23a
SHA256 05a424fef24c556c8f0f60c5b8ab866e5543115c7c3430340caa99c8956cc5ae
SHA512 09d788471e317dc4dabda95e06a56f1b0e7809153e1b1489b2a75233ceb4d909b8ec98dea5b63135080a9f86a10996168a71d9483e47e89d206589c161deedf3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 10044836ecb8e2634b776df5e60cd857
SHA1 33b5b7b924b39e1cb22cd68b0ca954877c0bffe5
SHA256 fce5e1b4df9648acf5e12ac38d67d097cee048da8b3ae9fff9039ca751b2a55e
SHA512 6eb9680d971b2d600b4eceaf023193c3c59397eb87340983a40abe759ab6ba7cfe665dbe13708b228dd334c776483e15b71fcf7ef67de70aee1e942ed36e1919

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 7ae2870bd63efae80282f35d3b4a8c9f
SHA1 8b5c13cf5c85f0dfff3eb386ec74dcffcc376614
SHA256 1ebc4418a93ed5c92df558a403a8761f7991a41618aeee8ac4773563ea2eabf4
SHA512 49e81b66e8f92ed834cde833736d668078e6557386b1e55219af56e72567b7f5094d60ec30bb4cd308ea0253eedda445306e1cfd69d85a6ab8986e950643e85d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 9d512d501de75a3449b39ae55e4be8e6
SHA1 ce31336bb4ba44d0b6f2d75cf1536b1a0f7300a7
SHA256 b3fc0022d4b7f775c400c74be0dd809ce596fa41565c1c29d1f081e9fdfc9fea
SHA512 4d6e4bacee2f6078416b2cb819aac1a5a81be9825d9ea0d4b101c1a3540fead7210e38c33acf373e69212e82e00e2df62fb2a3354fa29f3a09006c5ad4130584

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 4d7501400d5e9a5a4c385a5791627272
SHA1 d70c7b8e9b96c5c8d6c90992ec4d0f19955ad44f
SHA256 7cf5b3975b35742f8a824e295f7cf4525936411d298fa2171da9e5c142f1bded
SHA512 6d9b397f15ad576f7cf3b6f8727ba769808be88dfc09033e41a69b9a2975a30cfe6790583debdce684c5dc24e2173fa67d4ddb9a7fe6aa09ab28e8322ae790b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 dfc1f85dfbd98066fc3c37e9088b521a
SHA1 a8d11f0b2468f6b51022e9529af168020d9aee5f
SHA256 12313123a5b76679cbaff37a4bd8112797a44d1b185c62e690dc65ca4f3ddeb1
SHA512 ef69c15c1f698050d1cd7d9ecc24ff5479d52a478d4c8365414d37c1c4688153476d7c978b90a0a21c9bc6654c4ebba4d2a4795775f768c869e29677bfea22d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 54596b711f96775a4c65468efd009565
SHA1 5ae5a7771e1b7db2e623d20e0717bc8b0a3efb5a
SHA256 28e12063688f4343fc3de3c59f7d4d46691607e7525ce01080494f77e4d8d9bc
SHA512 e6ca2716d29545accdb7c48b1f4c9040e70b84b861b21e2728e46b706dcfc84d58d223213019904824dadb0aed3bad97850849761649b3fc09e5e9100d1d81c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4d2f08d1037313f1eec44f6a123bc294
SHA1 50ba94136eac0e4a1eae0d6861e411a0668307dd
SHA256 8a1b2f0d167fa78a3a001ee344837a180052c28a5d853251a6c83c99f3c9012c
SHA512 2cd333472160d5c7a8e3fc29b8fb93401caa23888ae47dfd6b2d08b2cac4d4c89a4cfcfbb4b9961fdc43a6ec33d8d172b088c27929eaf394cfcec722625d59a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 ff2ea1c0bcf2404f70bbffb516886e09
SHA1 752d23caebaeedeefb8e7c9b65ea6f632632475b
SHA256 6aa7e8ad91b01945c77bbad86aac156112e98177f92b81a40921a7209117c00d
SHA512 d068e70d3cfe942b114fdf67fce73f4d970e08794177dc4c4a94a9b6977f8a22e87ccb65be435d3c9dfe97263fef355e5c0204c6e241c4a1753f4af6227c0fa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 545232af10cbf18224c758b9dd36e999
SHA1 c864e6129dfe34479692a759bc91f3808957c7ad
SHA256 41a142cb13fceed1188bd8552a297d3c54d967969e876318577ab3bb7817b82c
SHA512 3d770bfbfbf07292591d0f40627a6305e51da2d20efe222856bf0fb45d43467a9d1d302361ead20f87bbcd69d2e7959316de375bd48c3a1df1cdea8dc4e64dc1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 527dc11e0ec67bc373c3f3203278c9e4
SHA1 a99b243a404d739d12ce131d5ed5a89623e78529
SHA256 e3dce49a8dd6ce31859653fcca926dd508d1bc83389ce777d4882fd61d7a994d
SHA512 de9744681688e7c62880dc061f1c545d87d1f4ff45cf3e85ba5548499af46265a4782bf14057eb418677ca7e16adeedb69b643aaa48e94a21aaae5a4f7df0373

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 1bc0d0da79660d6089698c5f26f3ccb7
SHA1 5e9fb4e978f03933f3b8093aad46aa7b6f88db24
SHA256 5dbaf4b03f7f23f4cba3ee824bdb41885c78a2c944d764438ded7ad06da1273f
SHA512 742a09fa8e9e9e59e44ddac84734cf25d6f56ff39bfa07b8ee532cdebde82db493854ad31fcafb1b40d9bcfee711093b17086c8b86a041eccf91171ba1d542dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 bb9a78ef48e669e31890765e6f823409
SHA1 1eb271109285d92a9f0bf8b033de18052feaf268
SHA256 43ab432b1cb8aea3bd022d881ffd74619466555814efe4daf11ed99750ca079a
SHA512 264d32d83948ca305b33592d2c484da19dd3533bf59f0f8d9e702412e60d03d3d9e0ff6273238fe9849b58cc6be897bbee4547b4f65e3182e5ba9e497b2d73f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 53c6f44a4c444ee9702f8b2edfb71fc0
SHA1 3c7aede726e092f1a43c00debfee9c498e9abdd3
SHA256 c45b498570afe8536dcc1de62c4087134bfe6a6ba9514d62143a8532e55e833a
SHA512 6e3850cd385644aaec82c9e6c2aed8f64f6ff9cfd16a41e38ef50f2f77c5858230476c469efef864206b9e59e84a3b47edc0a6ace8ed4612a4cf7376f8d99e6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 03dd17ec7ff1e74129c3ba352d0c5787
SHA1 d242f1618fd1509873e5e9480acab10c1faaf88e
SHA256 895c273eef2cff3c19513717f1d4d084b435a6a53a9661ab4090919b21654fe8
SHA512 35774af63892d0c1caf06519cbdaf4f434e421f76781033608a5f4fd50cd96a76dccd06e936b113c65357b624cb4f0084b940c56f19cc7b21747395bf6031346

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 1777e115ea5f2c4e13a80f7015203d9b
SHA1 d6523f6db52f484b521c4dab8d6316d609a917b7
SHA256 557d763ee979d7bd1cc22be00bcc16e22d8ac8782dac028bd1c249e22788215c
SHA512 64efd0659f3c6cac7667c83820f7c69cad7ea10b2f24d8826e676818612039c7847f186e5a4ea50421fbac3a45af4a173daefb46d79d3c75423ae9453c966fa0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 5a72c6970a3942ce8e66f3a245d1d9a6
SHA1 6cb1251c74449e8a8f3e6d00f70cd0251dda1690
SHA256 d44865f08f0e663f4e614b9843d8846038b8e92e27eaaf3f71a382d049d5ed70
SHA512 2ccb3ac49950914773b064f318cd4331e4ae8352dc7e0efb62b34d4b8a3c14c3dd13e14d0dfc8c5a0e2b3b570c004287fb63c49b8216ab3d07215f9c4730d90d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 075eb7767e1b13ee5956f115f2e85c1d
SHA1 da23bf3485a4fcc6ecbbd915544ab8052b9d023f
SHA256 67dc89b3d9b8fa9fa0f7bfd4b80d5169e2f8721e361350b8153dc7c364666598
SHA512 e4125e279b352fc5f0648ad03c71baccf443eee3236d97b842cefe776ee986cd3e0d037c4b4cc389a8ad4accadb3dc8b56639268a326a48fab1004bd94b6b417

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 71180617773211753ec00e704fecf0dd
SHA1 9d2a1dfcf4348f00b3b320df3ef844a6fa25c724
SHA256 c9a3209496657f672223fe668eeacb2f0e2333d746d576c429c9e65fc93d1d28
SHA512 5e4f75f5130e04e51006c62694482800e81cb02522c62bc968b6e0f02d10abf3c294412100e341c5956995c037cb5cf3c7b2ec707409f4d5e02ec19ba471aa40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 6a874767c8a8fcc9da0021731f05511a
SHA1 59da5d12631c6509e6e9d73246ec27409f2cb5c4
SHA256 120444cce3d26291cb3b732d30f26cbab3ed7cf63a0c60fca5c6724dddfa4a3f
SHA512 8ef1aa2b3247e0b8aca4f5cabda2295589bc74f8f858eb33ed2b06f310904d682508e7a216fa1262a1132ffe0f3e724e42c2cbae7446e883fe509fee903bad98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f274d4391a910901dc46ac88eb89c1a2
SHA1 f8615a8efc0ce7880324bc44af1876beea56ee46
SHA256 35ace51957d953762e108458a7681bee914371650f046e1a65c2d9ee9c245f35
SHA512 dc2660d19908b235d10e1a88b391b122008fc362fb013493028554a661da92e765201f1c1095d44a63ee07fa8b87271d093d252fec756dcf8aa27995bca803be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 93f43b6138209d9722026e9da0caaad4
SHA1 c54063ab624d22066f9f4285c7d6dfa677cdd681
SHA256 890659a746282ed1111570501139d8a68ee02e2820b0b25e91e703102a1ca04b
SHA512 8e9f8adb47bcd37d195112b3c18ee474d8df5c69ee7ba291087a8a9e36cb39fc77f01045d532a88758e5430039d58345e158f53f270dd3fc64afa8d2508cdad0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 807200f9455c90b31e8f4eec83a19181
SHA1 c04b85ec7544d757592ccc998fb221a78d18c7aa
SHA256 86dab1fe4f428f7c1a685dcc01ec60594d9681e68698f48a7c8f23b0777124df
SHA512 99a0d3ff002069258e11cb92352b76d67cd8af732dc1f910e8c01d93c1416fd485fd9d33ffc690c75cd67a09ec25d1c09aacbab34ab25fed7a7c6137c509f9fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 46843b7d0e5be86e29a0490e88195d1d
SHA1 c7529cfd366e72a3df13198457ac24b3974c16b7
SHA256 586344664b85c6b8218fe78223202208e683380ef42dd60540aee5ab02ff6e57
SHA512 e324aec23c4ad463a416372601ac6d6d46fea6f3ad4edbda1652b9a97c6e11f0655a874927d1782f994170750f777df484ed849051046bc89d0c2cb43829e06b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 368d8666636b72c9c43da98617503f8f
SHA1 1c3e21ca00b868ae54582d7fcdea87c5f3d2e816
SHA256 6ddb26d9cd4fd4816343bd94eff7094ba9a9efe4a24de811804249345505f722
SHA512 259b89e7e31d2465a3d0eed1f732cdfdc074cdb8164d1aecded19eb09e6dde87f55a36bb65ba1ef8375e3487682ee479b7225c7a3a4ddb2ea7fcb0d3c15077c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 3a17a6e12da0236fe1c79e69030a5a6e
SHA1 16ece6ba79ae4d1878a66468c2cf32b5022a17eb
SHA256 0b8f4d81bb3626a0ea2c90159f79ae907b159a9f65bb091e72e104016b57fbf6
SHA512 7cadb1fc5900a59beb937aab812e8e15b9a67e67893168b8e84bbb7f85a08a6aeec3a4ca0b632d27165f86d2ef87dc0063d34e8c8f6475a786322eb047f3de18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 12697ddc58c1278f871c3fafc2dd7a72
SHA1 f1431b0edaf3bd00e6f7e603c740f2d4d9eba9e4
SHA256 2f377b419a2e163e286dd5d082110ebdb42f02c0d7b568126f87035100544b5b
SHA512 0f4e2cef952a91f1f62b858f8cd97bd6a19f22aa6494a30f78671c7a3093ed205ea1c5acba7fdf83153f5253c31f9ad665d20c4bc6e001141777a028dc7a3696

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 3744da2acc841c01dc766ef21624ae7f
SHA1 150135ab8e9294c07021eab8f51a4dcd6c098eea
SHA256 fc517dd20523bcd73e60ca195ce49d3f841a46bf86c2f525590026547c2d7a99
SHA512 9ad35747bf5224a1e4fcf91bd64dc31fce35cb49957a76463e462ec25c78ef3f0ab724acb1b552b254f35647708ee265f60e9b41aef056f0351f5e3fdadc63d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 298fdb0f8d3f1c99bc8d3d05d02f3828
SHA1 d3a8bc44fc0e00a1fab4977c18f3564c1def4d0f
SHA256 b723baf567e69ab186490a66ba3bd67612c46ba681694de507ddaaa180ac547b
SHA512 dbb7e55089b242dae15a42bf04664b1acbde23226b6244f78e0c9e5c56f9bbf7377329c21d9a1441f9f7f565839b960c6f2064dc1b132d5258457a94f40bc954

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 f82a34ac41af0a3ba121ccc953777b92
SHA1 135bac634e09e6728d70092692bff6acd5584829
SHA256 01db450c4f4d4c8da94cf0be4b2a82a5f30be68a268cc8db5bf5d58c532e8aee
SHA512 f3d945459dd506867075e73d49a3a504161046b4f875e84153173df1ea646a8143c31608e078134f92305f14d794a060281cf4ecdcb1363f686901fa02b5f699

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 98cd9ca64e2962781d721710c9cda4c1
SHA1 2c0a4c07daaa9fe3164e06f38881612b942cb0d9
SHA256 b9e0573317ae04e8081235466d4bb4294bbbb91207ea0eb858c95f090c079323
SHA512 3fc0fb7a8793ac9202daa4185a3698c83b87f92885ad0bcfbf8db37c5668d972946ec2464b0aba02f943946725cdd873024eb63dca38a7a002b61bd0294aebd5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 83b5b42f4444588e9c65e498300d4bbc
SHA1 b7a407a6331d0525b6b1e6b84d20cc6f7c7ba91d
SHA256 801d3006025dafd1bdbd094bf68919ce55e3e4ee2c03ae2afc02c9b792770262
SHA512 5046ab3fafc05cbcd4736118295db9aa35476321f31a61f4609914164d2a6eef3a94284ebc4fedc5be01c209914f4291028f4357e314f45d687794916e2715d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 1f11c35b0bc905324c784a873421be4a
SHA1 26ef3505fb9fe51e941bf12e2a105e30f7691856
SHA256 7358f972cae17a81b4c08ec5aab4493c34a5264a976f9eaadaf1efaa12d506f6
SHA512 0a160dbd685a86225c0725bc4e7a166fafafd30c9d889b1f27abc3185d72982854a20569776015acb8755da392ac43ae03ad5bf907d2154a530bfe49248d87af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 2ca63642432936cf327c75735cc34d16
SHA1 c51003577bd8615179799958c8ade2308c7fc427
SHA256 e224ad5dc8f347dcd91097c6506d3bf7f8a2c21813b5853c4af8a3c69fe01eb7
SHA512 c7e095f3690849f9dd90a741b1328854ce075a92472919e800977324df19901564a18b4e278cc4ee6cf1fb31365496931d4b7c8705d88f96f054aacd9f0cf2ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 23e3a9e9d8f046dc3c3cd6d576618302
SHA1 59836e64474450063006c131688c6c2204cdd645
SHA256 2e68f5a33d8d29958cf469f5d8170de46de012b25a25f23873633734d070f9e9
SHA512 d1ec3f5d2439cbb645809201c28c74b5883690c5702d6658dd072b3c531ab0294f52cbb567f859016e66ee70ff1507a05fbf0a4b2234e31812ddb560007a518d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 474ade4b41629be2c2729b6907520ecd
SHA1 4b0fbbad73791989e57b8d4bd7b04dc9119b87eb
SHA256 f3852d15bef9bdd79be6a716806d18e342f6a9f5d8a8d3bd5f3c5f19f0d1daaa
SHA512 19bc67d17c94b05665b8fbe602c3d940b5dc34c51c0c7d9a14fba24680aa764bd8e7bb73d3f8c3d539c1fa974e20c3b9e7c747a5ecf46c9fffc953d93a9bf6ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 91c43d5b34116690197a8e3bbec5cfb6
SHA1 d53ece33afe72ff9e20712633471ab2013cad276
SHA256 c6eb944e69dcb241079f827bf8e2cb5d60e7733bd42f0f201a9f307e024a6c29
SHA512 9d0deb0c56747bfa9c5228b6e3cd5af453bef7e15e03819aded08e1191bdb15591405f9c7939e40704ecd23d6bc08ea0498ba06e72edd87c14b16eaf4db04545

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 bdeb7e723ef6887e72428399e3bf3d8d
SHA1 4ed17d13bc8500e7f9bbe9b24297fece6fd93861
SHA256 a68c5c51f54192351e04ffc428a9ec913b9256907e57b1ddf46d83f6ac026e62
SHA512 b060c910ea421e08e8c8239ca36a120fa21b2035e1cafec238d36431342df2392d453ae30bb401501e9410d049166d2b19cdba861e9111f39a267231de32f86d

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 63a1dd511b4e43e1f0b6dfc2e2530538
SHA1 292407d712cd35d08acfae559da425a280b25d97
SHA256 1cb17085551a4638bd575f322876c3f3f1a17001a08532d53709b078bce95690
SHA512 313adf33281bbf97cf006b410be3c452ec61fe8cd06628034c8e21c541fc2027428f7db3e7f61fd0e21751090082191660f65361544cc45dd3a6ef5173e2880e

memory/3184-6080-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3184-6079-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 d51c93cb54e7344d690689a1d284bf51
SHA1 24fa882bc18e66b6637b78e811e2ab5b8b6e297d
SHA256 2e8c17101c50654eada7e31abd587a7e12b171425728352d8fc0ede8cea779a5
SHA512 1561b93cdc4807e41894c565d05c127be1de9d096fbe0b43d49089de3067807be41c349c227283672378894d5d52fbb306aa53ba8da771ef217ddebe9e247e5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 789927f607b38c397ce7075af1e26848
SHA1 f94ecc7cf679e31c66cb3af8b7358e8d0e245bc4
SHA256 ee0b89d699567d665c8019c0baa289bf130a3a8ceee4d718eb69a4167701a2c9
SHA512 e4a70da52af23a9f9ca49b89474a18d92ce693329cf039e43422ec3a0e525855a83c06f4c48eed28d8b90c1705185d8a68b0b9426f5d4296c4c752438f086848

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 5d4ef3a5fba60d6a2f4ff779cf0a73da
SHA1 3458d7977b9eb2039b7a2dd52c8a4aa52899df19
SHA256 9fb30e8f058bfd5dc19a899a7277492dcbfcebf1f9f41507d91affc933d0a2cd
SHA512 6753031ae40edc2705f8b770cc65fc36572e2316e1e1743a34322657ea027cd1e44bb3c4c33a334a8c6b88602341e6d33a894221c9b4be59e2f7e3989810f08b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 b8e8bbcc4b55935692d5a0c995cc31e7
SHA1 0072f6508f28cd2dd41bb8d35a82d989e2e0bd30
SHA256 e108e46cd46a30e133f78e75b6f717301b9be46de1320eff1563112223c17191
SHA512 59bab97c5487317d089cef039d6a8ca9a89eb0a67f6893e2a9a5ff3a80dfb181f6bb4c4bfcc6a2887a82458798bc1930464470959101eebc049008efc45c9c3e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 d28d51dd911b9d7e0a8a82965cb6d304
SHA1 5f44f5f7470b0db3ee082530d31fc9166613b652
SHA256 c343a4510bf130354e9f33118d9b1e561e3745c877510f53820fa4cb839a9370
SHA512 a7c456dc8c855757cbe98d658e23f4f6f6e81c2b005fb9ce9ed3c59382d840a442dfe09d009cd16ea328712adee1903681332cd3da1b42e7592b649a77bf1b71

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b6a1962593447a4c0bbd38b0d95ee2c6
SHA1 d652918eee2ed79b06e60a66a998f29893e862eb
SHA256 da92c33d874738ca8e5971b9323193c22f712b3f73e42395bb8c1cf684405ae3
SHA512 216b1d7bc29613c10c0e90c1a3d58f76045f81dc1d83d8c4e917c5389de39083dc0651a87a44e9cf87a935e016c9080e2fd16a5441bf894b037884a7e063ee88

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5d7d2dee1a3f9b9e47bf7ec11ba9d98b
SHA1 588a6f75bfe938ed74afbb9d0191274bfc8fad86
SHA256 e1f5da52f91a9257a5d079fc32b833ff0722365b8fe8af72d08f73fff4f9a605
SHA512 336f1b768812d615536d22d2d12dd9003cf9c7995f6ffdacb750fc2d05e8a934cb8592c876f7f03b7fb52eebbd48b588dd948d252ea4392439b6b01facb22094

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a3668938b91d1abf963fe7652f2fda8e
SHA1 1bc7390e05ebcb114f931e43a5127ba73fc0645f
SHA256 12b9989ac5a2b3cf79922c600b4a87cb0a22a08133e2f03fe2723e008b93bd16
SHA512 af482cf09c9715f3c7c9f38131818b32fb2a15dba9c03bc5a04f66f09af8c343ff1b56eb15e50ec57f7e35da897b79de2a27791066e07dbe4e2df2a13198f61c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b51f97c98ff867343bcea48bb2a5cb7c
SHA1 fc8a2fb68d3183574dd968f00a0d86367fcc3a1d
SHA256 c08da82b437b7f147c842c5a72b0d8e37cddbbe8073d0589c38c1a7c5ba6b597
SHA512 659587b35b7db3f510985c356660d295c0695460f53920c01aa3da9d3b6ce42012476a8e77910ae6c80402ecf3a48ec5c2d13bfb4a85e326c2c76237bbb05449

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0bbdd9712b0f772742359855ca3695ec
SHA1 70f007ee1ea3da89d04eb434acbd5c15fc301815
SHA256 0e13bc4c9e8a6a2bea4d830deb580a3cc901d4e9b9a67179b9f541fd3de10294
SHA512 764f999ae3d37fc627435b81112af29d6c487b525b59f99fc268a8689fa82ac033cebf5e5cc044f5fead021245833f3ba70e0fc52b567c06c525eff4a3eb6511

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 03908a38f7e3f17088bb399b7d01fcd9
SHA1 3399b55936fdd8cf505b8a5ae5270a0638500b77
SHA256 18a1950676ecd79250b4eeb9fea701294dde0705b5d2b03729a2debb2da5685e
SHA512 5b9b1aad8ea779185547e6bc71907cf208b4a99fd07f16a7d0e580c5dc4a9c2595681ec631fdf5175f88acc7b9c5def18c361b031d50e2b06003418ffca7995c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7b8e1c63526e2d5c0a63d557f475f226
SHA1 ca4554baf36367109c8f3a6896a044349b78e05a
SHA256 8944b5232dd0adca082ae530cf7824f6ae99d5620b7264eb32a52fb9bebd78f4
SHA512 8202f577df93755e494473fce31427a09c7961d65d05bb98d24a1bf771bcad62ad0f967fdbfff909885b25adfeb64fc4706fb5197f65d15c1d5871fcc069465c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 5a72da1216a1fe2d788f5f99a189d8bc
SHA1 fd8a95b0c5e0519cc47376057e087180ae121eca
SHA256 6836ebe7db1b334ead958cf9803f058a67ab0baf73819962d796e54405bdd8ea
SHA512 764e0f97e3a35121caa3cac031a4f80712764ac99575381c7d9abb50cb052a4536776ac982ba23b38d9cf46c7fb128ed3b2395a8c5c67d3dc326566462aecf27

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 7241430a4efb8e881374383c13eb2e87
SHA1 48edc9b326141ffaf5f8b1600d58fa9edb250af2
SHA256 1e26995741f367c8e2c8983da1715b8e4b857e5d6c04683cfd6b5efea5e6583f
SHA512 c1a6f3d2b8772350d9448d6ac7fffe4b247fba3a9e90ff64a04ee0a3b6cffdce1b5cea962f3f33d758a249a0814fc5bbbbab15e68dc6cd1eb287efea76b346bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4a92a9b897bcd49a6217deed5827cc22
SHA1 740179a1eb745f3f5e4700fe7c0544034aebbcf0
SHA256 62a111c93792fb25ee452cf584801a522f14dd084770bb72c1b9682670873323
SHA512 7c4a18f460cf09b14b6e2578e01eb4221c78002235373b6aac3117b16893ef7cbfebd369f65be591edad89104ab691b71acba141acbdf69832549e5b0eb2ab29

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 68d6d2400991315727ef86bd269976a9
SHA1 deddbc96a7070a37821f5f5d053a04a9dfc7cc01
SHA256 65ead79ffed0503e113f861aae0bc938389d0c2c62532e668fb0712a8f26271a
SHA512 7ac3eea783ac2340047c40ce8e5bd04f6f0158b6e7e2543e335216dc76c95093f42c0f483ffb88815b5adc3dbc535aa70e7f8d81e6656f7aedaf9be609680135

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 67c0722a889fe7780c7d5b6d3f9fdbbf
SHA1 d0aa29f8f918cd8ea24ea35bca240df71f7b74a1
SHA256 74655e2c7aca7bb65f89c21c2f3f8c94b8f8806813f413c0908802fd6374bfe0
SHA512 f36989f4a8ea6f52c88463cf85427bc99e6ac5ce2e6de1b4618dabe4d42592dcb82b3d8a5a3233b816133e96f09ece94b49f97f744bfeed4581885bf682214d8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 869d1bbdf05e644a0fe607c7bcef9ce2
SHA1 ec607c04027bb383eaf3543b272d6e68c925643b
SHA256 8f72565e97b67558d7b400083427114032d37bab0bfe08f44d4e9536fc311403
SHA512 1f78937ded2bf2bd1a1ba59474c2135a2438f354fe12139d1c9e5951fe55420804660615302abe00a0c0d6eb2e6663496cb1c3011d8dd682aea4d6ff08509b4c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 af8d86d0fce04982418dcdd25e916b0c
SHA1 56e9d852602adb5eb84e231a943be4e8cfe5ff73
SHA256 4fe7a8ec4ff44ead80c743169ba1668ccd59f4d6f75ee621907146497128b2ff
SHA512 e51b9308c273b5abb4d34ed379288a5a42c4d81f3427fd98b965bceab94fdd28ca58fc591bd0e66860a4d84774083dad96b09e82cbb9bdc32d881818b7f60a52

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 ded5b19f3b93838375471001d34a3dc3
SHA1 fd674cd93037d8862b166629eb9f8b42b146bc2a
SHA256 66123e704dea634a7c15dd4814598d2928d434b3058bb0dc4ffc28d1d4c973b9
SHA512 9b5480f9e7b48ba3459d9f59ce6f07dedd8a5b133094c3314a75967671fdc31730ea15db348417933ace2619f581f87dc32934a0a872e804f5fc31b60b15c9ef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 0a9d8d09f7f028915ac66a740d40fa62
SHA1 7b6ac858f43078612f721c029deb91c53c02b4a0
SHA256 92afccc0ba819fcb9446cb35bd0a9631022d4efea355329eaf9ab2a0b17a6915
SHA512 115fa6f4c2f66a71fb3cce3d0b9ca591c1f883dd783b9811e55b3fb43ac16051fbde770e3a214d05561060995d8701ec720fbd987b45db8ee67ce9405215bc80

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 e658c43521cf1413de544f702458d863
SHA1 b91f65b4210d56d07b51bfa52cc6b6b92683fd0c
SHA256 1d1fe5d4e8df605a53014b235c0982833e84dec6cf6481754e5d44c0d437d146
SHA512 0e3f178455af6d942c96ebeba7de469e52c29d3086b3fe97698d449016403e9157b0b2c8dc2fa8c0274af386c2f31b0cfc360f4f713f4c5e72c845f83cdf0c8a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 9229dbcb44d37eb471dba1f9adf2c1f2
SHA1 9688b31262d79c44803cbebb9e25ab7693209d16
SHA256 d8e61b7b05f380808163de70dcbcf95c16b163c181ff03901d6ce24534162d6f
SHA512 f531e5931d03302dd2a6a212c9b6efae3225883c8ce4068f5f51f613a730ebb96f23080b6cbea3d0a9e7f4307b7181c8f598d538542dc817bb2e77e44fdbb7ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 5b7dd994cbc6acef187f052cd04f7807
SHA1 160e1d0e62d34aef9884c7610b374b03e02f5694
SHA256 cbb73d2a22c58a197d379d815bac2dd55c4514bbab42ed29c02408d7b7d2b507
SHA512 0472946f997b83db549456ae64796adfa560502686772bd96dd1e52940df24bcb60849ad77d8ed9621dba74c5074849fc139905e6299c5f5ae2d436260d0ea17

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 c90dc453958dbbce9f9c1470188af054
SHA1 939c5176d36f28131a9d4b30a582cd8c77cd114a
SHA256 78b702383ca58616f36be87bf83b9e61914882d6a862ef95bf3257ad2408c609
SHA512 ae8af28de2674f3c8225c25ed8a63e623d8bc8a38b70333ffa22a3a775fd813e48de561910f1e37a65ba4ebb24bdf4197a1884aa8d319eec6965a4fd732848a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 cc1e4ac4df7117a410e429074c35a794
SHA1 c518221d83cb46d5d861ecc4b61577105311c735
SHA256 de61a465dabed3d09f45907a52ef07662cdbaad7fa3d890653dc102d0cf8d38c
SHA512 9db6431419b3233c4d253cb604641b798919c6e3e00cd0f7b959775802e911c0178001b4c6da9c971d070c9a814f1e23ee20043f0b4c5c8ec449cf13fc2ebfd6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 6dac9019967820fc1ceed0b50d461eb5
SHA1 e36055f03c843c01f54dcee8562c65fae5d4ed65
SHA256 ad0fcab1bba4bfeb942877da59fb9758fea94c754064c8df8e5bd32a45ad8ad7
SHA512 79664e5bf955df83e9863fc032dc1aeb3dbdf785441ba73495a35fed7dbc87ede0a9dda27f173c6b110c4a777f1da6f1661cf72b0abf62cde2a13c2588ff092c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 6cce8ff8730e276024d4d422c6a31f18
SHA1 5856711fed0445366fde1d09dc946ff24b38d539
SHA256 c2969514c53a5bd5ab48fc4e27f03b0a085d24a872e8e99639283f35e687c976
SHA512 2b928d19fc01b29ac0331d2b9200f0f513ea9ca2ed5fed44045716157bd42e4ad1bfa641fd9c8b0190fc639d2e29fba473c95847527ececf5955755ec6554a97

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 82a59c5403cc3f67c9a974cfa54dc33d
SHA1 ed013c1209d1878e627bac6185ee7d4f54a1f346
SHA256 9ad7d95eda64698f151f3b2f67cfe1c6557e8636dc83ce86c27fa1742314a98d
SHA512 d0cb3cd931b058064e748b5c1a94fcec8d20fb5308fab7378fcc4ac28e6c7b80d859f1ac3cbdddaa2c72d5da0ee7ddb8cb8aa6f0f3f3d723eb39b262d321db60

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5c3008dcedae11cd0ed4237e929291ca
SHA1 724ee831558b0bd6bbda513d160cbf8905d56676
SHA256 cf8270f20092e7facc555ad9fd304f8ebfcbee2a202515ff17fce5ca6128f5ca
SHA512 f25f7134da890a828dc342a78836934146c5a77798d88338a9e2457de8ad80b0075a81b758a938f3768794b8aff3f5de7218baef28ac52860658752c50917813

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 15f791e1635fd96123816986bc801a6a
SHA1 ae84b8f60f9d949f4926be70741656be0d6653f6
SHA256 b9baf73c236ec295f3f983c103da4b8e6e711bb71030d1255936b526a45c5dcb
SHA512 2c4df0c02d0e5558ea8475f4b6204b3e4040a6ae14d789ede778f854c2de06cee150d3e129fdf200e1b0d8fb5ee035f75c9cc3fadbbebe7feb14080c1b2d794b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 7ed173ea05c4c643d8d4f3382015ae11
SHA1 3577cb7a0cf6b0497f5d529cc6c30cd09cb0a1bf
SHA256 dc76753435adf7a69edfe994fc33ba18c1324e1fea59279edd8c9bee0c5e9304
SHA512 adc525d1e3571dbca74f22d3b3ed9d9f3c7c691b068181b4fdda9336fca9230cfdb62d5399ab8bbc0de836b65146dcd7aeb90d3d076e214dcd9035f2d1037e6e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 14d9d26b21c7509e1fee2472dba50d10
SHA1 4d1b5c231f2dd9a0548860f36539b3bd38d63968
SHA256 d4197aff51b858e949c9d9470d2747cc1f91d3e773be10904dc5b7c94e52109e
SHA512 efa46b4f1ea87ba9b7d019b860daa39300df17651685abe35bc59401e8e66f27abb685ae9cd500f18f185044a513996af8217b1c22be82a6011335ab5c2836d1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 47a73393b7b07a6db925c172c258e5b0
SHA1 2b30f18d48c80ce88f0dfceb5b5e1d557572c69a
SHA256 f366edc8b95a188a2c721456493b1bf9c895a05ea1f8759f5a605f141a7b07ac
SHA512 d105849363f61ba0612a57834b4539214ed7aa73642c119d102c994d38935e75e14467ef4487bb0b8e3110d04f424406f2228b768df5e91baf3abfe6ed979461

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f93ac571ce074140d66be2541e22d4bd
SHA1 669ce4116f1106387bee50f0768c8c622544d6f1
SHA256 bbb55774722a749bf7f5e545be2d7bf0712f9e5e074933f941f32d388645351b
SHA512 04c8f22e39e4a2f88bd0b05a1840b3535a1db098c04b3bf0846e90d19fda5b9a99cf2452f3f48cded6f552eb4d9288dbad0146156a9801d862b8960343ed97d2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 db575068ae89d1584cc5ed781463b767
SHA1 d1e1c3fe325addd595716d2ecb13b218bc4ce19f
SHA256 37226c501bda053fa094d699af3d9e4ca730e4da53d4ab748061309e4fc74589
SHA512 a04012c8aae00609566176ce1930bb976dc59fe0f9f1ed054ee457869775452a6158b95811003b967dfac8b24784ada40c8c13ba5a6346ce5b893ff260013c83

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b467275cdba1362f192837010f59faf2
SHA1 6c1ca79e1251e65344645e5e297de12a1300a54f
SHA256 65198ac78737abddee92ff5d669aa6086b185edc4a2e8ef36a1378fe0e39b862
SHA512 4a29cb3e858d98a196e966a9f1833059065794690796a89360f5729017376dcc78ecde77b86d03eb05bec53e32e9f10896561fce1b26624655b08bcab8f0eb05

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 36c180e0245aee3c297fa64f521f4626
SHA1 ed79be7f3ee7d6cef1e275598f1948f002dec194
SHA256 76cc3e73990317a7f0a8c997e78de9b80bd7cd9cff2f752ec181ac63bf6ae714
SHA512 014b9194be8ffa8502b64b29f5b99a8fe439aa820cd9ebc4a2036318d73dc5b35617b82bea40b2629725de0e9d8454e5e471e035cff106b44f99ad6e0f35f48b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 5d54e00349a45929eb3c194dba9b1d2d
SHA1 b930a7b341e3a25feee3cbc0d883a5163508971a
SHA256 2cd4bcea9fff2276ed165cbc17a787414b6fc6ab270ff20d63d4d66a56439392
SHA512 bfd1809a78ec7b5e8df559676742fc94bd535760cb4dd3f7deeb00a9ed416ef667555f32f1314383a072b4633c5d582efad5becd482a8616a8312b0049678c73

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 20766195c62c0f79c51c5b5b0d919bc0
SHA1 c2c487534b3ea1e00c9b50d4f2fb58e6f2c8967a
SHA256 2bc42c751002cc385e8e65f7e1eeb925787bcb54cd48c76749f4626fc4d850b5
SHA512 ae303987c2f4a1253e3fcc167f8e46d3753640ce8668fb9a808f93e8181915643e115fe624677c79349b2fd33100d22fe948c5f84ec89cfc302c1085f43cca31

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 78e26774662f2199c7daac106794c170
SHA1 04b577f9c2ca26562ba6ed6626f5a3652fb17d10
SHA256 2ae163cc1a7962cd11b58fc67b715899c0f1c4e0bde7a4fe66c29213a82aeef4
SHA512 794d2d9a8e1262fd7fad2a4979c474e9d898d2fd077e24d757c86a8ce20b8c4768ead3c4030c3b9ec8133ca2e581e47c716c9d19b1b5055d82b819cfed640cca

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 df37f7b38568eb9df835a1bf6f6c096b
SHA1 401b30bd0cbadc025d6d2540dcf1dfc4d392ddba
SHA256 d9ac8ce3819004d1efe8e4ae2d06281aa86a17c39e4395417248aaf2631fecf6
SHA512 224b8acecb3b5921a658e605752ecea0c856212dafa8a9db39d8229aa6efa513116b36b8ceda704e05e1697fa717c33f1d51dacf18f3a8d31ec32aae97406fad

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 0bf091b6faa97e39f93673fc7cb7373d
SHA1 fbf4e8873c80f7311670fcb0c1765a098e0758f2
SHA256 1d061fa768173afed4db1c840727835d62056c55cc12674bc12aa0d8454e32ed
SHA512 1ad0e996ca830a1066bba25cdf4901953b995c195b1f7a0c882e2b958400f992cf0a8fba044184a588053367a771e4ba3288bc6b38e85bc4baa7849d7e8da155

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 36500ccb0fd32b19e763b10df76a90ac
SHA1 6a22133d5c781ae1027ca559ee50aca4121ca4e8
SHA256 e9ed6959907f949058e80e1737968eb38d3453fc95be7e74cefc582d7f021037
SHA512 a4331c0cfbcebdac986476072a08db688d05d4abeb1ea76dece24393ff85ac9717fe9a79b42879dfc3d4e74bc79afdf56288a8f8f45a2b8114710bc15a09df57

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 b3b25e9c8a277452c8e32ea11d24e1e1
SHA1 8739a8edb5f2b93d97af43e582453e442392c929
SHA256 8379fa0c1f83b63e5ea026e8866925605d01fd0f005e06ae0597da924353a4b8
SHA512 f9afb8ea6ee6219d92bc797f864e31e077b9a78abc35312288d9e9efd28a7360719dc6c43a6e36883f20051e13ba26570202141b1a2a5af4fe1e94f65d19bb95

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ea6fae15eff99e36b7faf04ea50db6b5
SHA1 8e362350f022e925c77c1c9b0eb2635721ff8743
SHA256 aab1dc26fce63c6820277426bed44e9f8875ec090df5d07362b862a622a107fc
SHA512 1bdf46fcd69728e715971b43aaec63581b4306f2a73532c5d5d8812da8627fc037c076590291231e051760f7a4dc18a9b23e86ffa8f82ab2a6ff7c1093db9dea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 98d2e1fda87d6abdbef5515341b450ba
SHA1 a7b8be6a31c8371cf9f7d63688d1970629867741
SHA256 e3fe4044e4ce58829d21311b6deff2b4875e6b10a932373e45369c7c9af07792
SHA512 a10bfd58cbf51f49c858f315be269bfa908efd8bf4c76d8a9a239969e857f5d94c37d3ac9f12f9e374cbc041268742a26612df933b79d7b71f5657b74381b98a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 8fd9aa4bf211fba0f7ae66a58679fc07
SHA1 245a16d99388075e53d77a42b8098576a3f8791d
SHA256 3e41b9818c236d7c4ef72e615ef6e6e8fa90926968a9323bb8c1957c1fb593de
SHA512 72611b2c6b15c106179dc41bf3acbad25087034adb55db3619b2e244c77c5623c7724787ef7ce2419e554b5ba4ceb5ecf1f8be6abfe6f44c3141538435fa923c

memory/3184-10469-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3184-10864-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 d4953e2d787dd212a7817c36d9ef3055
SHA1 fbe6b348fdd9964ab445ad8f3e0d92c435ce08cb
SHA256 b69a1482223632899b6ade8b0fbd2889d435fcf01ddb7bfdd3cec7f258211c9d
SHA512 0d24a5ea922452fdcf5f527877257978afca0c13c081ffb38610157f66bf6742ba8c3c14f185d4774d39d4e1573d21c28789f777adee4e2e601962fe98e011ca

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 13ee14e42f66ba40899f19f335c7f2b1
SHA1 ce0e9127c98ccdb4aeac15103240e69a0dc1d39a
SHA256 4479e4b3a50f1a54a9b2488d2e3c2a90e3b18f9e8c9a29bcd273a90687d724c2
SHA512 8ec497fe798291674c482631c720193c005ac007b97185669c31c1db93ce4b186b2bdd3196ce55a86e98d4efa1cda204606b7fd17b3d39694dbf0b8d839e00ba

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 dcd1a69714cd75a7f4a4879a822c201c
SHA1 5d8c2fce52c71d544ff27ac4d810e4b820f8a898
SHA256 971d509c310f8c7d1174e95d190d150dcdde05875db216f9d1ffb2992d3788c5
SHA512 9cd3665a11182062f40d92efd7ea399628583a38258378155661fc66e834dc7beba77b63b24f834a3c2ee4995d5ae73fa27149c7ff25a07cd1acdbfbcc6defdb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 5b00d106eeee369667190577f8ca53fe
SHA1 5f32a8c2b56c20831fe5248bc81fb6abf88f55a1
SHA256 f35d103f81a6d7981f428389a98a293a3fafdc405cf50451f188d6299957e2b6
SHA512 8ac4b90c1b5a604aa1a825266e138d6713ec771eb7d487bbb98f4ff200724ba7dc06adb4aad032a3412b2d647b5e78d873bf7a33329485597aeee47348994df2

memory/3184-11179-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 2060555748b1293c40777eeae10ffaf0
SHA1 22d46c6455335507bc97cda663304510c6b660ee
SHA256 d23a28e5d5f7dbcd1c7ef83e94c57fe7888479be173ae603ea7c37120193eafd
SHA512 23005332c83e73fc524d60e5b960afa251b7773817b2aed1081d97d97633f4fd7ec7dc7669842496596059914703b6c67e9a48457dde44992e217613717d5ab0

memory/3184-11184-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3184-11185-0x0000000000400000-0x000000000040C000-memory.dmp