Malware Analysis Report

2024-10-19 10:42

Sample ID 241008-lynncszflm
Target 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118
SHA256 b0ff77903804ee3d866b81ff8b94be59dad33721475d56812da9e9850beadfba
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b0ff77903804ee3d866b81ff8b94be59dad33721475d56812da9e9850beadfba

Threat Level: Known bad

The file 20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2212) files with added filename extension

Renames multiple (2183) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 09:56

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 09:56

Reported

2024-10-08 17:30

Platform

win7-20240903-en

Max time kernel

117s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2212) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql40xx.inf_amd64_neutral_77a826e5c0a07842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\Web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_neutral_207a02df8e9e6552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\ConvertFromEnable.bmp C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\SubmitRestart.htm C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83661b0cd6f2e9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..lsettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cab3e22a2a611f58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#\d39ce5e7df72ddb95f2098899b7330ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_55b918c49d849381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec7b56669f624a73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx004.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8f4a162defaf87d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d7bee0b8cd3291fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e73f612bab1da2d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e1de9eeb9e402a99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bb60591bb35cbb2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\d660f850b373b57c4e22a7100feeb1a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#\42295046050399a00e1928eeb8e37adc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_es-es_61539089b51fc4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\047c9c4a6b9dcd9d1985b95e0f4f1daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbcir.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cd4b50319eaad1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_16ff8462601ba3b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_bthspp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_96b8910de8c5c670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bec341e40d6de22d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-powercpl_31bf3856ad364e35_6.1.7601.17514_none_c006f86a8ad7ce0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_61938a7c9881fb83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_6.1.7600.16385_none_157658b455c19edc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpf-presentationbuildtasks_31bf3856ad364e35_6.1.7601.17514_none_ae33444d641b1282\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ac242baf9e65abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7505c7587ad1ced7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3ff34e8f69e91f80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5c8e97ba7ce245d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2006deb2755754f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_de-de_63baff6af370f039\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-peertopeercollab_31bf3856ad364e35_6.1.7600.16385_none_fd7eea7c7b3453ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-mls.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a96104734a0c6a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msls31_31bf3856ad364e35_6.1.7600.16385_none_27f4c55dbc24c492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b688998da4283456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f8822f6862ea41ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..show-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4ecf3b0a9f27618c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_4871a5da2b2cebc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ae1bce6b81c0916\settings.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7e99fd9a16e35287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..baaupdate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe2bb34cf70900bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_c985d2947338b739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d3e4cff267639013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\42d791a24a46d268377418a5c39a5390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5a9bfb846ea663ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_9d506eac7623b401\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_333cbcbf2f402a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_c9f484476f1589ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_67818b195b376b53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d63c29482d3e3b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c46250e3eeebe311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\CreateDisc\SonicResources\ClickMe.htm C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Garden\Windows Information Bar.wav C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-perf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1ba3d0c151887382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cac45a6f1489d997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SYOLECSRBRGHMIH" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe,0" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"

Network

N/A

Files

memory/2556-0-0x0000000000400000-0x000000000045A000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0e823b2192841b7ab657d598c7f8d102
SHA1 39334061db7b29c4ee2b9ba2e665602a57591ec2
SHA256 e9bb09224381f242827be7da5d3af8deb7caf0fad06179f69e9d41efa46191c8
SHA512 b50bd57d06242c68a8549a3885040b3809cb238d7f777392f530ed4569b0cd099831160bd68f9a898f3914b0379f1801f83be97680f70c08d96433e650aabe9d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0881c11a1154327c5d0405545f4fc35f
SHA1 be0b73ff518fc2742bbbbc7b4a63b909837c74cf
SHA256 9ea1598e7dec64d9d1a1121415d88730b17b3425c2f401796af72f9acc2197fd
SHA512 a5db6d3e7768edb21668aa681bdbd9ce7e9a1787d561f3b678b4cf311633047a2a1c2113cee79c79d1591d1407d516bf96aaa6c4bacfda79bb15b0f855f14358

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 ea009490145d226c66d515864a8e0150
SHA1 752f2a323a518fe87eaee7fd4ccfedd5a315e466
SHA256 72179fdad4e71fe486679508f00f84fe5b57c6e1f4855a7f0b39f512c48a4e1d
SHA512 edce44267a36918f87b58026e0425a16b254394635a84269c733897f8031115834a932ca37169f70cc163b0b0e0bc2c31352653fb9d4237aee185716fd546144

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 f624313a5f78d908b38d16e35c4e317a
SHA1 92f255fa3615215e8cd11499225a0fa7c7ce5b06
SHA256 8b95c4e7db57e93b4cc692794de37cdf90e3f2f5b3ef081518437111267b8cce
SHA512 81628de1906fa9253e12be0cbdf4a87b34eaac81cf7b6fcd180b5ab2bdd103c419e4788bb9ed6e510171dd5fc3d1300788e47c95edda0f253f792362dc481bc4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 87948e0043efee770f727cfd6d8b1216
SHA1 e20937dba7b668fb6a65704b613cbc1b54106586
SHA256 4de84db5adabe0ca37b3ef8084a872fc328e3f040d013ac13aad1d53b9d6ef30
SHA512 978bc5be6475bf3c056a0512f9e1da6156ea31fa3404d93f8c3fc47a6e12d2f028bf7a63e65d1920925deba354dd9ad0e6329f8c334d9d7cf63154490a7d86fb

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ac7a031cee1717202e883321b76d6016
SHA1 a9b2ba772533ed4d903c9db3d67e538609d68abf
SHA256 263f37866723945d18a8cf7e0fb8b57a6da19d28f004d86cc48e2e0f2e1056b3
SHA512 158fe09bb271f7ff6943c14de756b3cf899ec396d86586a32d6ce8b35d0d4c5e7d1561e7cacdf2fa3ab1e387bfa7ffbdcf718142e7401134bb0dc5c57230b994

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 33077a61d580c2ce87aab314b0a95a14
SHA1 e081e2f642c727c19914588f3c2d6b89ed69112a
SHA256 1a741b90e204b813cc12793e7dace9d44ad88b430bf1e9ffa164081b5d951260
SHA512 8d19c9799761b11bb003ccd3e7dc439e42efa65508f57eb437959eae2cd901865f852a027ab48b216b41e0a16f9be89aecb35023d951eecbe5d64a45933ff3d6

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 f0053a39917b83af3c3ee38d3ce3a2ea
SHA1 9cd39d54643153d142fc2cdd6442003097b7d5cb
SHA256 c468a63b28ce55f386b8662bb2052ab534364c1732a1a5aaa5eeb36b0ca3e968
SHA512 ebb5d363b7ed93ce0bc11d50884abe6fb6c3bfffa29411d8cedfeed892d234c13e445f02c5f0890b6f60715193bf39953c5802917da6817dc359875d319b0baa

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 82e31bb2421ae27f9ae7efb4034d0973
SHA1 85effa89081ec78ecf6370449df7e31321fbb28f
SHA256 aa5878edb61be8720c1d6cc7e6e200b77dec12b3cee06efaa2b3d373dee3ee65
SHA512 fc5901a28143bfae1ba396b440cbec16b51b308133a8008682d1ec94424cf6d2a5f4710b2931323d12431efcbc5cbfe5c0ebf847f32824d3e1aed6ddddd2def0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 9ab427016766d20de6deb58029d60214
SHA1 380349b66b2dd59600a25410b9a01c6e330cdc87
SHA256 8a1fb48ab4a45fd3cfb49644b0ae055865aca97a77417db6ec5599cbff485068
SHA512 afea364c710c4e7ab26da5f6e109511c638bef1787417eb0a7b1ce5ca54322496eb6b3290493f46adb7a9147da84183eb61b3130e638cc22aba6e171edcdf9ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 b6b4d598f7a0168c44657fb88995997f
SHA1 357236b6e19d80f175f58e971876f77aab9799d9
SHA256 8983bb088e43910b76cd1955a437930ff336234bd120bdb7e1d2503b6ebbef77
SHA512 db934d1472c44acef7c9f536578e0729a22075a7d6de0b9e612f4ab8d4676125ce7bd8345318b1c68787674524a17369d1d2246cd908d8b24a75b7eba0971722

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 96a4acd89befa09e991c1d6b4a35a326
SHA1 098c9dc9aecebd7cf5bfdf7aa17d85f8c87595eb
SHA256 4d044fafa75f07060bb94a6ef5585544345a25432f2715b8a418798bc16a3dde
SHA512 60611b8b73460bfe70c6771493a7d21c58cbebeb44406f537029331806f4d292785cfc51602fe2925986ad24ec8ad272742c668582f902295ea74a1fc47f239c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 fa8d62b353e963a6a802dfbeac3e724f
SHA1 529356eff7b5db5c4245a41d610fb38eb66da758
SHA256 a1e95860da32090bae068f1a92fb35e7e5320aed2dc1bd8a8dd1d707b2e75ec6
SHA512 4b6616c11f0713e5fa37ae1cff6b27a9edeba8efa5992c0fcfd254c51ceecb8907f49f48d723df3b334dc581c648b5a07661cc05bcb4a442935dac4827e38b89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 71d32fd6f4cc1a783e1ec8a41180e487
SHA1 c2a7811a8da3b448a2570dcc85e316db1b037656
SHA256 f4d2638c40a657b3364ecb613dd6ae6e5e44711549d513983600239f6ffbc5b0
SHA512 73746d105a931d00ca549210287c879355cb7a05c9a0ded68c9df22a1d6b8a42dd3690e9f81eb78cfdd2e83b53bf211896aff4013d43b64af040676a939cedd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 0e10c63e37a41070a24d263f3041d071
SHA1 9dd0c247c2c0c4972253cc530aedd4ec96a1083a
SHA256 a0ffe0f875e217a74944c59125827d2054815136e07a45ebe1915ef17f14f129
SHA512 a830d0686070b8772b264c894866176a3cb057daa1fe16425488f5f144e03d9dea14d4c127a3c44f740525211ed952f0e7bbf4cf64ac2b7e40e36542888d407a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 1241a960ae9367761055bd35cd5b5a2d
SHA1 b4c7daef5c2810d0a466883276d402204d699a1b
SHA256 d4540c41e889c535e97bcc89a14c91c49d9b2d962d48ce12dc3cec67f295b600
SHA512 391477bf2c5ebc3229f3775e56e2e76485c23927636749707eaae2922aaa98b1d5b53367de2634cc06a36177bc3939158fd7801f4983c5a2c22d4442bfcba4f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 35d62042f2a13ad0878bbf4acdc157c1
SHA1 41d6137aae37ef0b83f2a0744914841f1af0d96a
SHA256 919f90557393943850ce905611f97885d46c59a3e7d38b8692e80a0f14d0c157
SHA512 ff0cab9b4d2d66d0e2930c00e2bc1ba001613f3c3ce9a3734b28c3151904859d89aa6c160ae3bdcd740b043671e59bc56da8432d8b9b5bdf72a8ad0f9dfd41d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 33c68714e321bebab658e3cac3f8fc47
SHA1 94ac42240c3cdb282119b61c67bc4cca7e9670a1
SHA256 b9a07ac2f1837ad5265db3e3f845469ee0527b50234568053302713e9578571a
SHA512 c6b32369bce7f42d7878b2ef9f5908ee47fa7e1f360d96f5a8ecf4ccedd82c8c8f5234b45949482d071cd78dbbefa827f31e453e153db8c3f6f47023389c3b4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 bc4c5dcb27bbb0d20e181046803e0e62
SHA1 21f1475c7a439b3a32475b1df24690da181d3b45
SHA256 487165f7f56e184e8bc807724d323bf8e13d952c044ca105241d287ef19b1cad
SHA512 2d53edf0137e11936e86a2cfe676b9d3e9a9544bc918241b9f7945de5dfe610f660e8746d763fe76628a069ed4a0ab72348aa8028cb4343a9c4ce22ec8f18dc8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 0a13132c70082cdbe09986efdc4c9dd5
SHA1 24dfab899479ab76272266ab9f3a92fe2e7a94c6
SHA256 c8af1a0623a28be5908aa6bf6e08fbde5e8e099a95536e982e7745d5b01c5baa
SHA512 f6478cefc776ec102f2eeca34e7d2af3256f2e92c3b56abb1a6ef21bb2e53390b06e7cf58ab2a1f2c8805dca8669e9be380e46517daa1706f7a4088b257794b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 ebef6f0f53cbdf36218a7a0213f36fa5
SHA1 b29335db5e7a6379cd0bc8ec2d11ec5ca800f702
SHA256 6bd7ae58c829d8ed0d791f2af93a3554f7879d5922d78918c54b9b88ab69b6cd
SHA512 03a9f154a001c0ca43969e2e562ffe33a0dc134b73b70741245ea67c8e5520f75d4a4f75e8e3712222df43197c749ceb16318a0eb9cd14d393920efa1e290a61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 67fa87e85085a92974e612ea2478a506
SHA1 bb3cb04b069177e06e9cc21840c6a3617b685fe4
SHA256 efb749e230a43c3748030398bd38fbfa272b86ae790776c2d374099d7abdeb0a
SHA512 83de8af97c66dca6c523a8480de70c8725b2429ecbff196f9f418cc1c1e105f3d73b7c62b95d34cb9f21254738b965425641187f382b99ce2c88018c91c919da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 1900db4a9189d616add661077de221e6
SHA1 0f43a957c1006f639b50917fdc387e749eef2d00
SHA256 94301982eb7b271f4249a07f7c1eed87980d0eb3b48f5edab0b8027728806f0e
SHA512 3120d8a7e1d5838f4547e818336e0276dbefd68848d78f5392972e0af0cd4abc068ec91a89fde19200a114f05c490e38e06cdb534011a3068b7fa5de884d4ca1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 818af86514f8578f15254358d059df08
SHA1 1c747165d03391699dd19899d3bbdee0795b8c7d
SHA256 ee2dd7f28ca87915dd264acc69ae8f49d2d843d75d6b4b72dd9f9f2fd6ff99cc
SHA512 130f8077d4a4fa682ed6f4251d8f2e457fd51b7ef8c7b062e80772b809be763a2d482f13b7a27b8806ed8e59a5147a6a25f1b07c39d7a59db3e99edbc87c18d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 5230703a81686290d1b29524ebce4fff
SHA1 a917612ba438956449150f0445d574a68114dce3
SHA256 6153dc54dfd7a59e70d0ec927c9abeb91696bb67e8e5450c60bc9c87c3bcfcae
SHA512 92477efb155e6ecb6cdc17b565445fef6feb87b2c5d3b12c9a0875688ab975910c14d58b46a376c6db19c7a4a4fa7e63801ea0ce111c3e0c712f3999e60ee734

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 16fd2ca3c87a9dda16327e55ec5a0644
SHA1 1e29772bfeef60978a69874c872c31048bd775ae
SHA256 8bfe0a26984bdba8bfeed2bec7e4c4f7546c3e9664c8ffa24a562d8f37cb9452
SHA512 f3296a86acca470b350c1338cc74081780c3f2e0173d0ef545a69f77d2a9e3e4857b64f319063a3a9f0948db87191df622143f3fff0c7457d6401ba92890f011

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 3eb79d1b056eef936c3f77774bcc8500
SHA1 59c0f5aa87b22b749b103665d4372184011acbb7
SHA256 ee1fd4cedf599f45bbbf7319ba52431f54aa5d4f49a1340453f31415a06abb49
SHA512 50bf42ee5ddca64a77fd5c81c0e19a6b80f4bd04b992f7e38c08cbe86e096d4a4e9004b5511a84465e3e03e3cc297639ef3bb731d88a86e7b37a84484bfa8f90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 02230d346f9435ed9a8f761642d8f1a0
SHA1 7b53b3e849225cb6f1a185d8afd3e483f09b403f
SHA256 256fe3215a25df8bcac7d22fc3540afe58a9615a1eecd9cd905eec00290efb99
SHA512 ffa7297b3048cbb15d0176528e0bc2de277f882dca7eb77062fa492f5207330ee233038aa23ef5a63035681cbdd240266960646cad9bfe9cb807402170c62935

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 81fb2e00fe55772300dea1660c5ab70a
SHA1 c8b8331cea99c26e4e8e4cfdcdc7e9f7387871ae
SHA256 84ab793cc1e6b01de4282090d73e571a7afcad09fcde49b09f642bf8ede3691a
SHA512 1c5068d94838532032efc24f86b6d8daf829c1f9e724f408a73081f8643f886b04356397afeddb4d0032e0f6e3cadf26b88ea3bf6b6a1d5a5b1eef650cca17cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 06e5b3fe5d73f8ce33dd276f867e841a
SHA1 a25d4a672c0ad7b834c78b21d1c06c2c85d69ded
SHA256 90cd285fca12423623e3dbffbf0d7ed69f2b360a732756aba8e2ea774e5de19f
SHA512 37b773c1c4e07ffd22b25df08311bd201d85edcb1ae7f1710c7c74723794280377926eaf55e6ebd22d319bdc2a0403c530eda9acd2b14c64e3771f1ed44af638

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 0bafe5405fec7feb30bfac81bad919f0
SHA1 84c059dd3025db04252465a1614abbb6d6dc5640
SHA256 69c857f6e482c1d7ad865f01098f694df164fda860e0a6f876382217988351bf
SHA512 de7e9986d176c125f5d4ef7f6e6c739e744d927b77f039b80daa72d6bd5fae70ec471975e86dac4d454cf8b74ebf3b2bfed086d0dbdee25e5ec5443536f336dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 e4c83cf5b7f735b255e20adfec2f413f
SHA1 ea36b43888046e1cb4a2f24068f04e82429d7e28
SHA256 49b80927a82be7a7297dd9fd3bd4ba792b3fc007e2d713bb04160c9c78d2a1c9
SHA512 f96a655a06bb13d543e2bd375df234fed5fea92dac8e28f0aa9ff829a8f77ba29b906655bb826af359362d5c26f3c46b080dd85f61be36db4fa791656b50ecd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 4a97f4ae7e70128c34a82cc4eda38140
SHA1 1e9216a209b8c8c5c0a737f26e1c1db0abfce387
SHA256 2eba1be47555b988e4b80d50ea43509300d3c293dce1d12bb17a6689801c0854
SHA512 e50c4f64bd73dbe8edbf07cdecbc1364896c719d2dd1aab6534e88d1c612df75aa4b3295617f64e10b493302cbb97425e5610963680a0d5915658980bc50fae9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 4066294b97107b4962e331bf3c902d16
SHA1 f874187b98511a26122fc099361f2c2c4b22da49
SHA256 b1a2cdc73f217185efb3fe911847a2ca90ab113a478838dbe079ec778e5eb87e
SHA512 f1292914c9d1dcf9de8ce2463db24498442d5d96b33431d0035538dc50ce2b7b2e1a9181e5831fda82b7afe2f6e0925727f5a05ecbc87be9cbd0673c3d9ad033

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 7fe9d466d8cf45f9e7f14d4b61c4f7a8
SHA1 f599616d70ce34a4ca88da22a7da5629c6f591c2
SHA256 0eec06d81b4279a629223263c7e9e0e18a6348580c1b0741decd22c53ee7a958
SHA512 690b54b0f01d99a01dfeb6c4a29619ffc0e4847f7b4faae550e329468914db51a4f9068b06a3a9b3b6e6140d999cd333878a72dcb81ab5293f06a9f55ae98336

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 662e1eda307a0f760d23db2a21e1ad3b
SHA1 bbc5879de790e368fdf58b23d63b42dd3ba13434
SHA256 0579fa553e7e744440912dfaf29289da54826506bc5cbb1e8a0742923b06f210
SHA512 0a3e78400d0b6872b8be1ef1807b882f18e1c309910c774f363c93ce9a906e322dc5406f8bcdd2d5b6df5914d393d2f341cf84dd98ea6f28e2c3a843568b11c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 ab55733065261487b0085e40568a4030
SHA1 15af8080189a0c0b9a562063c9a5f4c0b10afb03
SHA256 7184b2b929a51b06086fa77603ea7cf3b836180c3799c08f589345556ecb87de
SHA512 dee479fb38c0044ba1780c5ae08e3bfd6daa133ce4a49dcb2a47355085b4518dabf8972b468092c2080397e8b24c4c11e19b1c1796f9ad3a3c33313c9b59d041

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 5614679af941cf958caa9e52279d735a
SHA1 25b2a5b1a1674ac9c693b3475cf04cdd93c15dd2
SHA256 006c8b691d554cf37d799b28dad39648499b739010e8ac622062e5f2d4d503b6
SHA512 985bf75102558c4e80d3377e3806502efd4a2bfb7e10a1d2c2ee86e4c122dc8363b815ecb1a31c735d23deca500b11ace2e727d375cdfd98e89e1adc865458ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 e73f4980647b8f7583150d118b0f0326
SHA1 40e3f6f3cbdec9ef2ec09bd0ddcd158e8508f222
SHA256 1765d4f0f00b49dd87835dff29c5fde9cd1857dba14a64edb5645d61452da7f2
SHA512 c890c78accc0edb032424d890d31270d08d00114e8d4c3364291ac674601d1d43f1af49798737f0be95c257701b90064c2f7839a1bc879bcae7c7bbc5043f6c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 48a37210378fce2d3d925ba3951fc891
SHA1 2a60b87bb7275d97a7c4d7f55d7da5e999951a91
SHA256 696b903b6c30ac2032fc24b079c7ee906b6ea209f605a6630be503419536b02c
SHA512 77b3ee55c8e82673cb1aef53d4de35daf2a1136596ca22e4e80d7de067a2905a8d21413f1e121dfb3bd412298acf140e99a67439568bae7fa4184ebc0dd96f2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 5efe2e11f8a51eef4ec67589a0211e17
SHA1 86e3e844689d90ffe41ebbaf43c9e71553218eca
SHA256 ec894d70d0403853ed2bad35371c57579bad7fd7962fa35a8db9b415563ddd94
SHA512 5c6e87d8fe6f9f71fc5bc18b71cd3f358e5c5b7d3cd3bc747ec60ea18dac40e6d074e9999f76e04c776c6ec9abab3dfda52a715a678b939cb76c6508f63f256f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 0a29970d1d01e7f2968e1e8db1898a68
SHA1 29f92deea290ff5a455277493046ac67277663d2
SHA256 cd4e6d5dcbac42dc062a3157a7c2e95be0c879abbe9bc3362d8241a1d9e0afa9
SHA512 da1763462ac95d96472431df07550fdc59f7cc862288b73e604358a239e74ae21d937fe56428a00a0499b387883091d6527c6be733919ac4145632bba3a7efb9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 bc884a6f2854a8270c6053a99663b4cb
SHA1 1ef783fb0b0f90cac84c6295166309ad58def57e
SHA256 f5862ffa12e4a6b1fbc2029f73664629e2c60996acf07b136c24ff20a4f6e0a4
SHA512 f344dc622079b31bf2101f7d53ab883d0a2c7796bba6127c00b4549d9dda997a0264f0b4037255e3d422487f5a0daa3c05a1bcf723f61fbfefb0e77f8949cf22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 559e65bfd462c6d8bcd5e994dcac8560
SHA1 6f0cf9acb13cdfc0d63b93a1380e00cdb469f60c
SHA256 9bb8f59efcad40eec30ac5dbc1cbfd508a541d4744fac6ad344b1ee7d19b5d75
SHA512 79988e86a5c3e99005d70339624c82d2cdac412b5e1e02aa329b2041719ef22183f62444c4be5fb3d943fa0b0469d46b6a48e4ff9d6746212988d1e3a30c346c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e869ea0f35be248558315a65cbafd28a
SHA1 0f655804be643e39c5e463edaddd411bc07dfae0
SHA256 5e6377e1571f0ebf2579d81c57f7abcf7a1b0d2881c913fb6e55055f1adabb04
SHA512 3667c231957617687b019da8bb25ee1d975a9fa0ee2b4061eb3a3481c6eacf5640d8bbf8b4f8981805366f4cc34972b044aa4420d3031064c893d6ea3b75b080

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 9e44612a1948c4932dbfe7cd9bdb3078
SHA1 cd29f05e4d4a9f212c3ee0194c83905b6516029b
SHA256 176f11ee52f684010e487bf51d2b3f46356c8f1c63ce0df2d04fdb0739d361b6
SHA512 f287f15f6ebb1ccba147bcca67858da0516fec6689da35141715be19b6b2f43731c4492f6872132a1c11d9125d6ce95cf4a293acca274d5d32054c5e1a7d0720

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 a0d00aeb36e9fa3226e28442cddb8646
SHA1 4b2ef9b50e4a0ab8fbb27619f79bd51790b244a9
SHA256 a80fed0b2072fd13023979bb8115bff30fb45ed13d70eeb4d36f61c69c8a39e0
SHA512 3853f5e057ee776fe7fe12a0ec9fc26b15e6c9975a960088ea764e14268fca77c48f839715147b1c88a9d7535e85a7249c04535a02f889e8339747eab2111e1a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b57a9b22dd5c2df01f4e960a83322fa9
SHA1 ec5a87490f76739ca8e6b07b81bba8e7f88235bd
SHA256 51256f13322e4030c77d01f7fcc8deb6c097b11dff3ae96f0d4d851b5285c493
SHA512 3f20e5f4e9e6757fa800ef7365d71f7fa3d0feb121cac22f2e4e03862fef6b87dbd5089ac3613e3c72e33ded3e85bfcb297f677ef40ba828c4d9d7348b848c4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 471de9004fe81fc67e14fa7f22b36fc7
SHA1 229ea0a89fd40e83367b4d8e12bf75a51fb1a7fe
SHA256 b5150b01e694301a4b4537dee3f04d198fc0a2b0d2ecf686082a7d7d447def06
SHA512 4f5d0e73493ea9ef530918342aa8ab92fdd1b0ebc76d07d28b97ffa741b897034825c6d946839939cd7693190d4e5105ea061985330a43df1ed6d029cc2faa97

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 de93a7454d1a7a0f40f81c4bbf8a9180
SHA1 68f22bec1d376a30dfe7653f6846947cea28697e
SHA256 f3e3b677f9e3fc38b3b3a7962ade1423502969525d20a25bed84e5763b0586fe
SHA512 5f715b3431ae3ad7fcdfae551b16720c53dc93f3d98f77987697bab4d4ecd35df4f4a3fea1bf6056d98939a6ddcab6ce4ff040ed791d573b319efb4bd92a84b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 4d0427f347d38935e62a67e6d15916a1
SHA1 f0204d02cef47d56d63856fbaf104b7d31ba20d0
SHA256 b50a8327a91220f890e337189821e44603d73fb0aec1da5538af666d0d6f399a
SHA512 5ad484d3a935e5381c557f7ade6b28bdd321855f7268dbb2092fdd4e525ee44c77488e40106ed1661efe372bb941e8327389f655388bdf1b666baca67129347e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 c16c2e90f55b237d12f95ed482c34d0d
SHA1 eb9402615ee4d992287cb7f1d8d959592ca2aff8
SHA256 ca29d7937e8ff33721d2dc2af0ed11b1f105421993661a07466b000ae9755324
SHA512 3bebea95c78bdd0cb46933a12704b786a0a55c21eb542c64f652050fb964196f2aecc1861d05ef3fdf2b3b11824bda6a2772dd1d713e25e14735f5c3c03dc59d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 cd346f50a807b7dd41ba8c48b383a48b
SHA1 2c37042adb776d8b6cace82378f2e7d12ef32c4b
SHA256 8d5ee4893e456d241defb62290ebe46d047373732cfd6c8334013471f3d96d62
SHA512 ad2adabd42a9dc06ebd28143755f3b3462f8159005b7cad4dc33209639d3c728e5b6bf0068a08ea085384c875107d7cd14fe0e1fa1cbbed9309bc60680fc79a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 a9a2e2ae21dde752f5ac97cfd21a1666
SHA1 81a83494e78ee3403f552e422eba2572097efb02
SHA256 2f22b343249692a8ab873734172b9402845ac5cca60a38b95bee033b6bc5b66c
SHA512 39c3ac3b342d077aa20079b69bb24db22d8698c27e42b5501615da3315935d5c1104aad53aad0d4e9ce6b0c86423f0dfdd6a8b2327a60316da8e5fe56904b61d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 63e18df0c059a9e6e683048f8d5bda6e
SHA1 d9dced73a749c8572fb45747ab30ff52c0600c28
SHA256 930e11367ebea7f67a6b5d5403258fbd7c50e9b73fb5745bea7aa98a290384f7
SHA512 55bc80be776105f44b802efb56c2ea1b8012b9f6696e309e1ff329e2271f902486344742c714a6372b160ff3c6f08e0d1761f0b50b9f0f97f8dfb9126194060c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 df673311c3572dc00b2851bc4c8c306d
SHA1 5736f4079b7be6d1cf100340acc86e245592d604
SHA256 2f737c7e107ad27aad1d93f41f686c657a04bfaef5f9886a580d3667ee04b36d
SHA512 4ad6433f1ed4e49c2f01dd0461402084991603693a71f4ee7238d28faa4755a7ff31c13766e0f804eaf2d2b805bd76f20b5d13e7ccc6cee5a7d8c86828ea7f12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 eca6b9872d83e6b92c086b6cfba24a09
SHA1 883378404f48c75e0b997cbaf120b7e3f650a2da
SHA256 bda2163fe0beaaea9714b71aad42ff57e3674eaf8f0a8ef11925de69ec76b5f2
SHA512 45f57b4030d9c4383998b8318d7c958cc0d1fdc80f0fef537a2fcf3c0356ac45430ee22f7c7df58612e347561bf18b7d9d6571dc9cd61e2862aa5e1e10b847df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 159575b4b9f8a81dd0ffd3a881a1b029
SHA1 fead8fa808cff28d7cde3e166cbdfbf0ac752b75
SHA256 0182eb50f5705f0117127af1b39d1c61c5bd823b92daa7676a47c2a8e57eac23
SHA512 865b6a2bf5e2c21b74768396036330f2598cbfa835eccdf3ca6a4d5d64bd4e6feb871dd010a44930ef9d6655f4a85019c5ffbeccea48d41d453b1e248a1e3201

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 7abfc5b2712a8dcb168344230c8392d0
SHA1 1bd21345ce1d3f28a6df593c95465cefe080ade4
SHA256 ac4ac233e4bc1d8f60b2aa17f6fcb2e10046d5a77132099219ec4b7d6ac4c31e
SHA512 2a746ac35ced9e613619a8e2078c047c0079a042547dc8566541dff7d8e0207ad1fa2a58ce2f569d75d2df45b1d1bb30fcb8e60ff2c297b8c80d25166519f5db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 9058e688f741463272a9cde014d9f188
SHA1 45ce60497248189b906a38760a8226aa31975373
SHA256 96ad576c53ed876349b5b2ea6af470bbe66c1c88b771b3f27c3f32ecdcf3cfd7
SHA512 4cf4a6e41a7e9493122a5fc4d7cf3f5f6d27e176932d6d2f35fead5f218d4c6cd61c56ac7df648575a40a530d5b35a82e195c75793a4758549e7035bf4a1571e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 91238c90847e5389dcd7cd66bf7201fc
SHA1 00590b80068cb4456035c708e93fe3b02039a44f
SHA256 3c43a5283ba5d124c6bf1123f95215ef4bdbacafd25be93a3277f5e2e6cf1894
SHA512 5e4cef7ee7032ca5ca8f082f47bdb6d645b5d9f68799201615f040143093083bf48d10f79cfa292e9f44192d778ba53a64889387aa1e04f51a91f50221298d86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9457deaf87a1db61a3a7444825e99e5f
SHA1 69a64b96e04cad28ae4eaa5929579b7c8c4eb040
SHA256 d1cfdb5e67dc8732cc879410c01c1ca911fcb7e34804823141c02152bc3d2972
SHA512 c7921ca7d181527dd4ce5a1a7d76900ca782c090fee9bdcbcf5f4797bf057aab160603fbd7cbf1ae2701c6a83bd65c5b4259c8e830d55e290759ccac1046cb88

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 9bd8b151903c8258eb4dde9b8fb641f7
SHA1 0340443f8a2da756339d18aaa96ff88e33d859e1
SHA256 f296efe82d5e3b791ed40d323df50b31238e87d35b6dd616e69b88539f7baeaf
SHA512 93746c9bebee97e2db28ef9d81dae7693848467fc506833fbb50a9050fde7c41481addc54ef99a6473010a946a85ee711697d686867dc8130cc5dd6ed5f2cc8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 7728d088e8d8c157ae0191e4448b78c7
SHA1 d65a2d5bfee0896c8ff4e7ce7e5ce5db4988fe49
SHA256 eeb3c8b04d20e00f07e1463adbd2343b97c2dd07275911950d5dbc198cceb4aa
SHA512 ff07950c51d58b3f10cf3af5d304fd6f218934cce941d2eb52147831ef5f73262ebe67f5bf29063df20ad207c53128c83e1218d815743aade4a916e0491337d9

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 7fb5a9780402387b847cec43894e61be
SHA1 4f71b732fb15d831cec55c6be7846611a7b08292
SHA256 dbb78c8e830884f701ec160dd68d8d9726e1cf16ddb7c44b47846dc31989113e
SHA512 1b8df9d5734de74714d9384a4ec8a52eecaa5a1aa0a00bde2e8a642cd805c3c91faed9466bdfb55c6e3f3313c84a41a91542d3d744682396a7a661ffeb8bbfc6

memory/2556-8438-0x0000000000400000-0x000000000045A000-memory.dmp

memory/2556-8446-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c526504658de7e24a19271c235f46ff6
SHA1 c04fbf18e5f65275a401a9a5db93387e5f39333c
SHA256 a56014b1ad47d7addd7e41da62eda392a6bf5b23fcf3f4930283317e4a2949f4
SHA512 6798ce504492d45c4fa3849aa03a6f924938627bfc27386636049a9b0041539a003ccaf43c014504047a2e3736911ff588547fb3a95ebb7182cedddf46f9eb76

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 092611f93f33071c12f4f73faede8bca
SHA1 c46a500d2a25b4ae289d892d8d55e91bce9b6554
SHA256 e6c3231bd51faade0c434c44fefe2cfe93f197df7507dad9a066447b6d0f8a48
SHA512 51d790b214fdff6214f7008f71fbcc64a894486ee60b61352f271a4fc1403e486560ae4d119a3578293c097ba91a9a1458d0865344cf5ed8fa8036bb734177c4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 6d859cea65128b9070a9e0be11007f1c
SHA1 8e37e7e98a748f9be7a8ee48a6c5b71fad8a3faf
SHA256 09c651857ab777c96b76fe33bc27ffd862e0f02a6b57a7e81412e87101cf7728
SHA512 a7ee2038e4cfe4f0e948acc4bae6c847580c7b165121b3c2c3eb66ac774472974fcb52297d70a26f19d7b43991b459dd7c772d16e7293107ac11bfa0fd9ea9ea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7d6ed6e911e0eee74c6c7350634acced
SHA1 9fe563ddcd0fbd916e84ac410a79d92041041fa1
SHA256 f9150896d019cfc401ea13facba47f30e8f7786bc1fc1e66d0bbb47fd0983806
SHA512 a9212dcf31928337dc25ee5c9171cc199835edad558727437ab03432a01c491c58225bfe0ce8c7f0f78834eedfa7c52806891b5bd82d7c7ee1a36635c4f44dba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 adbfd48b176b4d391bfb264a1275bda2
SHA1 e3eefcff5c020d07452a660fc1493171e592ef58
SHA256 c88fe07bcb7af0bf08df26b4e00458edf72e03f9a1c8d0f67b09228ff375bbb9
SHA512 35e3a7504fe1f920ec72590754699350ac7229f30cc555b7da65bcfcf517f92c59dbb49f7eda672377bb26a10ac384e806ef0233b4573717350a35b7a579e9c0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e409fb580d91ab0585a2a61ff55d2313
SHA1 206b3fcaca4e8f8362a5be21731caa7797736ace
SHA256 79a6b617c5d440a414e94def10d4acc926d09fcab43990f2141b0c68414f3d74
SHA512 de37a5ce29b334f6b9f0513a619ad26992d8615f9d1ea48a5aedec278bc5ac703403255d098a82cfd3b0c7bac52bf98e160a999f98cff8f8d76e1461c32abf30

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f4fa8bba95d2f44c238669718eb8cd55
SHA1 0fc1666aef04cfd1180e5fd8a969c7aa5aafadcc
SHA256 7d9ee83efe0791099f1dc46ebf9242790e14ab0b45a03e2180a4fe2b9d173d26
SHA512 6b92e179a829986774bf164e76a30e05248fa4b390fa50b48f3bb64620dfbea6072241c8886e9c464b9de2ebb7c6de09e87b57ff2d57ec16b75f4107bf5219bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b423af9d7700b913375436b6eed00254
SHA1 19d8b3c86ea33ff6a65b8bf121f09ecfa869e435
SHA256 8e797c19b2073e60f4f5b7d62ee2dd314c00212a82f337309a10b9200d52d4b0
SHA512 81a5c9d7ecc7ae767c4750a9c320332cea3369b915dcb58680118fb32383c3ef40f889dbfd77a3ef06532175170907ce70cb41d40249d97d2683d07be1992d82

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.EnCiPhErEd

MD5 bc0c7bf74dc85b0ea2f633286a2e1711
SHA1 1089690fd87fb04cbcd5b838ac95dd37244ccfc9
SHA256 e752219dd9ef5fb47f8ec2a92486af418fd95877b2586d7a9329b8a3b18710a5
SHA512 bfae19e38a47bf361a6a8d5eb7f278dd6e54c0acb652d99bdcf2def4a257b58ef909ea6b364d03e59c0e5663dfad9df84e78054e88fa53c522d71eaa5dba5288

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 393d1062b4d22a5681fc45a68a9b5746
SHA1 3617b99ff477dd755d33334682d4d7a5d010d921
SHA256 b6c93f92383a428426a7527c326d1c04eb1c5ead9e4b1a0358a2384435894010
SHA512 70b5a2e38f2becb58fd54a29420de47faa4c2e06cd70f8f42d0b3aceef1c77d6dd509f6884a5f6abdbfffd6293d21006481bf550ebc425b5f8aef7b7750e364e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe6708820fe59ab0aac4dca9b7cb2c4b
SHA1 60e6febc146a7de0519576b1e872583b56b292af
SHA256 4601a1b1779885ae424302d3c6ddd32bdfdd12c3074b032efd9c145158b3e10a
SHA512 2c16110ae6ea6ffb85d0b9fda1823b23e9925a6691027a8e65b2cf7fe63960a4bc7ac0c0a3e98ee8ae5329989032e32802882ef084ca15f4be65b4554890e1a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 77ef511c7a7cb8b83067d690b41f097f
SHA1 f3139229164a39640d98920c061c1c204f678d32
SHA256 f130d46ea70b70c9311f5b9021ce8b5c1c17094ba1669cb4793d5f24ca917d13
SHA512 3ca0d69101537ff3e98149c1ad18fbce589aadb7a22b0892a6e584d7be906256be698ef942da30495d0856c7ce6a679bf2aaac9683ed6299c2d72ce460056512

memory/2556-9041-0x0000000000400000-0x000000000045A000-memory.dmp

memory/2556-9042-0x0000000000400000-0x000000000045A000-memory.dmp

memory/2556-9043-0x0000000000400000-0x000000000045A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 09:56

Reported

2024-10-08 17:30

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2183) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_12d9f43eb5d02987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_5c153f7ff7d0d00a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8080_36x36x32.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\avatar_128x.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Wide310x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\AddressBook.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-150.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\6445_48x48x32.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-250.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square44x44Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\[email protected] C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework\v3.5\MOF\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..re-multimedia-other_31bf3856ad364e35_10.0.19041.746_none_8898976903b6f3c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..esources-mrmindexer_31bf3856ad364e35_10.0.19041.746_none_46afd7212e24de92\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.153_none_5ed8a2e007374256\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mily-authentication_31bf3856ad364e35_10.0.19041.264_none_95a1c6864140fd72\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04-1 - NetworkStatus.lnk C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..kcontrols.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_379d3ae23b0a51d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ntprint4.inf_31bf3856ad364e35_10.0.19041.746_none_284758abe10778d6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.964_none_b55ac867bdccde4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.19041.1266_none_47b78d89307e7e89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_979e60b8556118b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1202_none_882b1b66b4e3c0cb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ui-xaml-controls_31bf3856ad364e35_10.0.19041.1_none_d622571db1e4d62c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\Boot\EFI\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b9326aae36f27467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..lerevocationmanager_31bf3856ad364e35_10.0.19041.264_none_ffb8f52de12b6487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_2aa975f68f862bfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P39041136#\e4d801060ee6b97fa453ca883d98009b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_10.0.19041.546_none_66a0aaafcc19efa6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\HeadphoneSystemToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_10.0.19041.1_es-es_27e8669311481ae1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_smartsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_1233b1af299adfd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_10.0.19041.1_es-es_55cf4cc191404792\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_10.0.19041.153_none_8d5dc9c2f6fbb12f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_10.0.19041.1_de-de_5ec03b0dfe8a0171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_stornvme.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_39e5721bfd6a0c2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..onfidence.resources_31bf3856ad364e35_10.0.19041.1_de-de_67e161fa2b5f0735\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.managementconsole.resources_31bf3856ad364e35_10.0.19041.1_de-de_b37c45ba45c2a88f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ngc-keyenum_31bf3856ad364e35_10.0.19041.1_none_affe5d00346383ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netavpna.inf_31bf3856ad364e35_10.0.19041.1_none_ab7769f709cb1258\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f58df9e51a5bc36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-stobject.resources_31bf3856ad364e35_10.0.19041.1_de-de_aca17b622f7ad86a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgePDF.targetsize-129.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.84_none_42927ae06bc1dce9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dot3helperclass_31bf3856ad364e35_10.0.19041.746_none_67696347d9aae07c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_32a186b81ec1ac7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\perftools\images\i_open.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_10.0.19041.1_none_d25dd411ed85e6ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_10.0.19041.1_de-de_28ee2f2cf1346efc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_mmcex.resources_31bf3856ad364e35_10.0.19041.1_de-de_323e546ef76deacb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_af63b27bca98ff02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..wmanager-compositor_31bf3856ad364e35_10.0.19041.1288_none_7a49f980f48daa96\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_efd60a3a7801a37c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_fdwnet_31bf3856ad364e35_10.0.19041.746_none_1921f7f1d2e0ffa8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ompat-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4dab0394ee0e4943\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\tlserror.htm C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-client-overrides_31bf3856ad364e35_10.0.19041.1_none_cf8aac6a925f13ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_sv-se_19662c3db83a8157\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_10.0.19041.1_de-de_3db4f9e32e25697b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars48.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncrypt.resources_31bf3856ad364e35_10.0.19041.1_de-de_d6fa380a06f7dc67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-rasmobilitymanager_31bf3856ad364e35_10.0.19041.1_none_e215bd1181370d15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.management.infrastructure_31bf3856ad364e35_10.0.19041.1_none_e95d243bac30b5e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeeula-hololens.html C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_a0ec370576b59bd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iorate.resources_31bf3856ad364e35_10.0.19041.1_it-it_30a23a4be42de565\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_93d6152192280c1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_27faaee495997877\image1.gif C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_tsgenericusbdriver.inf.resources_31bf3856ad364e35_10.0.19041.1151_en-us_c6e66cc23bad454d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe,0" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SYOLECSRBRGHMIH" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SYOLECSRBRGHMIH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\S5hKYdJLhQgBg3u.exe" C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\20edc5b6ec17558d46853bd4bfadc69b_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/3420-0-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 0e823b2192841b7ab657d598c7f8d102
SHA1 39334061db7b29c4ee2b9ba2e665602a57591ec2
SHA256 e9bb09224381f242827be7da5d3af8deb7caf0fad06179f69e9d41efa46191c8
SHA512 b50bd57d06242c68a8549a3885040b3809cb238d7f777392f530ed4569b0cd099831160bd68f9a898f3914b0379f1801f83be97680f70c08d96433e650aabe9d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0881c11a1154327c5d0405545f4fc35f
SHA1 be0b73ff518fc2742bbbbc7b4a63b909837c74cf
SHA256 9ea1598e7dec64d9d1a1121415d88730b17b3425c2f401796af72f9acc2197fd
SHA512 a5db6d3e7768edb21668aa681bdbd9ce7e9a1787d561f3b678b4cf311633047a2a1c2113cee79c79d1591d1407d516bf96aaa6c4bacfda79bb15b0f855f14358

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 f6cd2b82898d70e769e1871a02db1ecd
SHA1 d9c725b9ec9967c727f7e7a3705508e25072cdae
SHA256 e9bf267549829313b69f69fe0c92179b6d6d21fa2c02f216d7ecac94b069d082
SHA512 d082bbc8be16b8e2b52ebe704008255174a7ce70f7f577dfe881a59674b402aa2fd5a2c24deeeab5b1d0731f730934e411c14a6dcdc5a6cd6f9cce4d1351c54f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5ccf1e266ad9862c87dc2242feaf28f3
SHA1 49e818ab419c0c44fae6adc37a215821277ee97c
SHA256 021da554ef56da3afe6349b0a0d72f14c32818edddbba52f2309e4cb5ef54497
SHA512 4ba4e948f2f47be65a308fc669110fae023d0d7acded92d17559c5fd04f2c564fa6ce7021a00548fa8473f0604c05eb15802366fb798b07cc9877084e11f0a5b

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 7a68b95087b66ef7df63802da1642bcb
SHA1 80bc664346a68b2bf26f5dd393283a684172fa89
SHA256 7880de740fc5bc40be950fea1d640fa743bd33ac6ca3f4501146ee6461964013
SHA512 607ccb64acfe2c82ab394453f94d91be408debdd2f7e9f2f91c4bff8996c2551f799b6bed5ae6b40a2d1c1bf7af8634a33c8e3396857424354a151cc92785463

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 9a33e394d94cdccbd962e2138c426445
SHA1 76fc49cd3fd07de24f418fda8a5f30305a4b8509
SHA256 94b0f184f9d5e71d8b59deb3395fbec6d0a3f9278c73fa3ec172924e3253bfc2
SHA512 f4f0656898bd6b5426bdf12fbcc6b34605b82696c8d5a4074aa5e2db99638e122b0fc377d130fdf06689e1d8d08e5058f87776df77b055863413063a3bbb8917

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 ab08abbc34b4c50af14f5ac66947c4e8
SHA1 a92dec1baa91468c0831c755b91f6c7466636874
SHA256 ef492d015895ea784d30c0ea866234c706d2365c569f58f37e13e9e7049e73b8
SHA512 3eba2fffe4871ed503d6d574f37f0a6280987d2ceef941aedab01d6ff631cdbb3963a1bb7197bbeb68f37247927b2c13776e6b491cb50c8fbbcba060db71f38f

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 1e52f45a9d6c68e93c941f1818905189
SHA1 1b2d6c70576746202f6ed095900373187a718e25
SHA256 7eae27dfb80c992871d12caa603e70d1c82e7c69d24e87814251c524d9372bba
SHA512 98a290167c5e992f69cae41122169c008416782d550f295a83e6dbc63305d30baf9327aaa1938140c18eeb77ec5221f957b4a987d019805449b8e4a421d9371d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 8d12e9ef2c9cbf1dad5ae01fca862345
SHA1 f3b8b30b0d523784a288aa336850f79ddf831bb8
SHA256 8adac91ac5b3153474aacfd293b2dc27bf858514da5c749a154f6bca4637256b
SHA512 e9e91ac773ea80b38f22d08cec6e0301ed098de823ecbd0aa10e1db3d1001765c30a8edd70931d044c2fab52eb0fdb62aa576cb34e48c2ecd65d3426a0775cba

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 4724165d987ed9d4653999557ab278f3
SHA1 4f5a36f4db1bf38cca672ef039f681e2975f5bde
SHA256 7078d46cbda37e2b5d95833722e94f25a9be80e41d36e5da52d3269fa683cad6
SHA512 6e87f869396daa4bb444e6ab1d4bb4d13116700c0f8e7a5bb6db12700fdd439b55072b381bd9381a1a3eb09cebdb588259f00f56e6b3bf6afaf1c255bad3aa10

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 e2a7d22506020b54011e1800a170052c
SHA1 9f75e2d2173f8532a1684a8b5b9b73d19f1031f0
SHA256 cf622ce7d1f817439c4de75db6307ebe5f0f70410f038fc272a7f19d6b3d18c0
SHA512 94a94cbce3557cd2620d04487f0b6ae043baf61cb8b5c5c53617e7965cc513ef8325af65109a3c999c726517da03b3fdbac014d5488ff70e0849bcb89fad9892

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 08e7a1a0b7015e6a7907dff10e7eabf2
SHA1 c63e5374ab63a7bfaf2fabae08700b53f16c33ae
SHA256 e857419524724341b06315a49d6649817ef28104489a21b7f80be8d8f0b40601
SHA512 0392ea023d720658f0e7c453b759f63f1f5995f5ca31c426aa4d867f419810e886d7bc978d2eb963b6a98d84bda2615bddbed1f833315ecd0260dc02b96ab17d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 950c2fe51041323d034e43f957aeb478
SHA1 e722ad06afb7a930f43f58dc7b67cd977bc4f6b9
SHA256 b27c14b74c464f75fea94a264422b86319b45a5826ce27589ba42018d8172fe8
SHA512 210492319412d3129b26fa55beb9bbc4243f7d6c4f0548ea1d97283a360d8c8efbe7d69a9add8f497014f9d2bb36ebfc776120f120e891c8d2f4073506d14537

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 314a7e444b6d59ed73bce81118db5cc4
SHA1 8702680d41ffa2bbc3c764eca68edd700c8e6c7a
SHA256 5a6897ccad1b7c20a01923cf8c4a738a4d7d18e9087a8a9bfe86d8892308f507
SHA512 264fadf7ef87838fe96f7fa037d65e2e5c907587b0365be66aca033a111698a81a0d91345250c3c6ba88b4b49643c97a26ff00559b1b7d3acf6f956881615e8b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 74050bf22872aebcb15464d1f0c0bea9
SHA1 cdf49e03995d2386c75f4958bd6aab763554c57c
SHA256 09e52c5517ce348a1bbc53251e1e71d197d1ee5af189e4530280f70dbb3c565b
SHA512 9fc9668667fa4f56d93b2b1921909c3a10111177fe14d28757648aea8084cfbb85195176caba6810c4a9d5787f651cbbc856b80c9849f03a4e1327b751e8ffd9

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 5d6d44f1fd2c6fee225d7c815cb250f0
SHA1 8a735d215b307887ba6c288a6ccf685d42bbf84b
SHA256 e995714ce31a4e4a2d73060cd651bbaf928f27fbe9719090f1e318492a920b54
SHA512 5ceff2791f86e144a5b7396140dc333f400309702f68ecd17a91f296f59863297d8eee9e6627d1f209b2c73494b3276b1344d98f5ecbb06e9303cd2e20bb63f5

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 8056ada4540bfb531bf5364d05de1736
SHA1 ec4b355bb0b09f2ab378078aea26598b5c82b935
SHA256 d16dcf0989b83192f7c1f845c87769060db9d483de16564cdccf81eb5da16c59
SHA512 8434dce69b6f4f23fdfb868f37589dc074f0429e8c7d487a4a3b675d52aa4ce042ea89a5328d5d302bbcd92b5aaacde527173ec33b86855bf21d2ba0e67c4bfc

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 2c0186bcf1ac0e0f7316c5a55ee239c9
SHA1 3e20f136806c44f7b6fc584a48097e5953c289c4
SHA256 269997599ad704ba6ea2125fa1e784326eee05f8cae7d2f86bfb2b2fc75c9833
SHA512 0e367d28eb54a27ff05f1e175f1cfe42d5b92fdba5eff8fc309ea968f03555b5d6302046949ae7a3acf96b00165d854b9d391ca910ad72eeaab7683363db19cd

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 35d6d91f1727fff5af0bc50512bb1359
SHA1 e99802d1a40212e192657de60722abe24ee2903e
SHA256 beb003f4449c8adcaa548c9a3a46a731d1e3ebcc7e347ce865c2b275ca2a072c
SHA512 d18c29be20f3225914640088fdcb60bfbee96fda38577f69467513fd5c911f0b3541b88c836f9b2f0e474755ffcd633ee6f7a124d5879146c9ddc1d086a53951

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 bd84d2cfc789c79ab31801fb96d0825d
SHA1 2bc74a77b08b15a46177dac5b5f411717daff9d0
SHA256 37885fabe420f95e8b5679b6e1591257e0e1c1b72f473dcde3000f5091219d47
SHA512 88fd5d78cfeae669749fd27c5a6cd7313c56590ac1b510f0b3355011c0acdf16e73dbd8d1e1c84163f3f4ab2a8d8a20e846afba848819b80b63c6dbefa091db5

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 41b30487e21989c87f7c9445b90cf95f
SHA1 04ddc6cdb9334e0304da33df325b13db157a4e93
SHA256 08adf7ec19d7755e791b77cf37543784c7774b21808870f3552004e867b58ada
SHA512 f3bff0dc46cd752caab293bac9ba73b6739247c017978a88db13dab11049f00745285bf4d06b8c016bc9d1b690fa29eb071d603135efacb208c720404f1d3707

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 effa6baa6a75d1c857fd84b34abc15af
SHA1 5d94a549eef76dc39ab5f1315f8f2cf638757e55
SHA256 653850bd4613310c501c82224f0a7faca0630da8904dc5347fb918b46ab74bea
SHA512 8a7b69e96ed45b012460cd56296a7491c44631c4bcb2fa5b189d7bc69dac04ce6d28c7909647923bcf56229ba5dfa995c4c3383601688ac0fdc0042f98be3a12

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 5daa086927215a100ee6ee95b527c3c3
SHA1 55f755a31af978603cba361cb3b290af20057921
SHA256 e0f8afea579782d1724b2a3f72e8e31eeeee73bffbdf6e06ac79921da56e5613
SHA512 578ccefcf3109ae517a2826fffa55abef4f7722db990b3f58f498a1a46adb5b49c67bcc0f25058391225ddfdd82abc995d593c986df17a8853c9038c3acd5598

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 5df69dd11b398de5cece230ef4a9dfa6
SHA1 07256b1713211a929e27cbf80b2b7528d1eb62be
SHA256 eed37aa22db77fcffe2adce4bdd8c4b812a1babf76230ea8ec4ff167afb2846c
SHA512 df6138253b26f39b3b1ffab5dd653a9c9a8bc2aeadf8a72e2a4fc114b6a58632e2a4c292a28a2a0550896284e4224fd61d88d927b87f5bee69b0e64f319e2c85

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 2c076c0a42afb7ba7724bf5c5b526e1c
SHA1 51eb952f83448a8cee86c0bcb428b29be302efbc
SHA256 d6085aadc88fc537dec48eda39eef1e647fcbe21ca03aa9f6cc58b1f6d593f2d
SHA512 67bb7c72359c20e29fe695bff5db7aef4292f4a8933ea81c6f5f4c56c9b1acf56a7ce8d7bd97165cdc69ddda14ac53d43fdc8969d56c352e40970965d63013b7

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 62325245bacb5354fbb19ee4bd073c5b
SHA1 f43c461981e1aaede0cfbf3b9793e374d2e3bef0
SHA256 7e6bad98da4126f65856fa4d66acc562a6499e49bbfe78b37e1bc5f4af43036e
SHA512 c02a50d44b4a23c577be773f47177c9978702697bf66d9431d02225d966298461e70c8e53e4c42eab97adea4d9bdcf62bb9b85180bb0a7b9e2bf9fa64b893037

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 bdb57f5c84a92c15b11906d526e87d44
SHA1 42bbe83b107b472dc436cf37f6dadcdf7b2ba792
SHA256 89190ea7e69c601248bb14b9f5c1f45de1b6e71b7ca454f4ffdb80f4c3bb7f83
SHA512 d062a4160d50b9124b6094a2ae44daf97572c3b9553147a6d41cd0555b82cb404369dd83e84fea2e9dc45597532b4a0e1822d0604f6bbe97217fc4515ffdd4c6

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 f7db90fa9c81ba3a323107ca185da2d4
SHA1 3ea6afa5c18cd66d121393dcc26cfbadc1f5e511
SHA256 d8f3c1a4fb64d2625579aa8fefe2b707d2704466038211043910fad887454205
SHA512 30f616cec0a775f711b9ed14a21b9b3c1309dc1ceeac754ce7af69b81d5622236ae4d08a3597d79159f1bab953214d9c7327cc0c1fc25b466f0e0fc1b9b6a7e1

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 50da240cd2fec7f6f18a0fa0516c8df8
SHA1 fb7abccd446d67235ba3f8b70e11b9a3b0180724
SHA256 9696e03b4e95d109706f723c7dd5219cfef583329a6d264e0392b4fd35838252
SHA512 4b76d870ebd9b56de18220ac9379002c80e028d5339dd8003aaf6b7c0faa875cf472f6ed4911511a19cf9e5db8833c5cfca0a5f4e08055fafb18db9351353817

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 4135cc7440217d1dd62965bba15112c2
SHA1 2fa116574414058ebbe6011f0f73b819fdf86979
SHA256 8ae49455ed8d63b01d0cba330209427aa17bdbf742ffb13b3c711fb1e32412a7
SHA512 a40a09293c64a78d3a43c192ca8c54b62f7f0c4fb98eb1e484cd1d1b256a780afc96b5446594ed1c6d15ffe873d98bc4e16bf446ea46ecd7f74adf8cd14da88c

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c76eb47aea7f549a1e2d19d06c2ecc1e
SHA1 36d9bc5e9fbe73229d1ebec54275cdfb5f3afdb5
SHA256 0568665cf887705943ac9aa6d5a68f9f9263d308eb8951c6d504c56e09788345
SHA512 a1b608e127bdd1b17f24b320c94ff6b321dcf091f97a8e7d7e478d511e0102685d1b16420ac82dfd1d36fabbf5dc8f551ecac841224938020c96c7745b39fc2f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 38c9cf8db2d8d09240f8dcbd38eb33b4
SHA1 fd094d2ff0eb10ca752bab45711e3c8831f3c808
SHA256 959acbbae88199d9d049b55861dfc7aa4f7fac65cd6608688943dfdda8b520d3
SHA512 79730f359dcdb2ac9fab1f757e104a723d7ba8656d72f1fddb1a1a44b11f84a5c63f898b4b165617499e19398a00a01ff2ff87f000de80a20ac6a480bbdf6dc1

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b90bfbe27da3cd73b51f73ba6a21eb29
SHA1 5d8bd52452135bbd21d86bb1bcb09b7c98868352
SHA256 b2bdcf774f66568e934444bd120eaaa76608760d746850b9249a62e38ce09443
SHA512 7df8d817839d59578af0e37c516dbbbaf246a3dd66cb3dd9498b902389c464c5d3f0761eddef7960dce0ac70d0c7311ce8fb80980173af5765e6de2f5b720443

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 1dcb70eeadde3d980114ac0ae91ab780
SHA1 c6bb58ada448954dc310581a134177f4690be559
SHA256 c049326d6ad9cb8fc5d7c3f36c4e841dda90adb028fd7a27bed97a00c54742f3
SHA512 2f630de436d49339b5f9fa5d797b1fd9f15651257d85924b697bc7e8d1ee0c8a0d102ca00655b58fd889221cc4dfecc3611483e7bd0abc451181401cd24f6782

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 879bc36071634e33296aaade41c5f509
SHA1 ce0fcfb17d17187560f798823a603ff4e5b99050
SHA256 86772bc02b8df1d0aa20d9586ee9756c1c5d98fabd8bf3a41e2b19e9eb7a3898
SHA512 8a4bbd8eaad0e21e36c9fb8bffb995ae24acf4720383085081012b36dac2e76e3ced7d077bcaf3be4c5a260c81f8859ff0ae0f3bd53451387f7d3214858ff744

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 ed51fe6dc24d294cbba7316544c35146
SHA1 5f69ecf0fe2b533f276f6c49ebf83aba2926d78c
SHA256 607b6f249b8b9a3259da193de9cc599a7a8cfbee4e02e15b061c5cf667df9a12
SHA512 ecf09f2af4b751b6eeb2f363e9eae5a1b515c256769e6ea0d0cd1a52653356d209e8683bbe3f32a8d42344ddde7acdd1527a5ae61edfa011813e78c6e343c12a

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a34dac0031949474d3a5d0f4846fbe58
SHA1 ddb9c2e611b468de465a42a4b3d194c088ab47f3
SHA256 bb988e650ab8c991a43e91e7ce26ecf38124168a364e3570b13ff141403c4f21
SHA512 017881e38ffeda1f17bbcd091c894fbe49ea7b9e3bd210e5a5f98d0eb82a10d82d03bdcb3e7c36d6954e66762311f905ab7a133ccf454abe4d5c8d0473bc27cc

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 88f6d94f9958a86e754be2332d70d066
SHA1 e034e08ce484ca16a203503ee465d693633c2de7
SHA256 ccd5182f2257be78eef22fd6acc7ca1bdbbe778e17f3191913e3e708e1d56be2
SHA512 8293eaaaa7454856d973bc9ff7135e00feb99827f1865641a77d546f0d0630e8e3fd4fca0aaaa99a5d719b1f81322f9c4b0f975bae3be21faecc28e605f54a13

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 4f0be08b7c8cf62394edf48158ef9d21
SHA1 ffbc955881b8ba632e4c02c2cca5a8ff1c7d16cd
SHA256 eb9ef610f7a3cfd17e97e64b30649fff426fac6176ac460e087e5ad009416588
SHA512 40989ff2949a9fc6b2b9e46d81331e2c4754a7c9bbc5cd0bf8ece75e828260c07649373f73bc7429fecc4a32b96f8a1010c3e36c2b7493e66873cc7cefdb535b

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2eee51d0e32f0a4bc9bd7fd12b54028d
SHA1 00b99bc743886c03445a0ab5fa1b50c9e2abdbf6
SHA256 542909d31e9b16e9273a7ac7a8a07a5303c88f4021430d6678719c5242f8d61a
SHA512 c11afc70cb3bca19b87267da5c6ebc8096997280b45efe65d6da0c668c1b48f0e74e0ef9eeb4217416898ad2e81bacc8acc17c36c36ad7346e8d368463be7c54

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 b3bf3e9b776e58f7ce3ee57e5d019767
SHA1 0ac570a3c5662900c075eb1b5a642f0a34145808
SHA256 47f4b816e9adffe95da010f3ae76b7fe5ab0d39fee2453fc588337aa250d72ca
SHA512 53869609389005043da3f0607ec3d08509c0f251d18f28b6f8803d893a9365af2b0c3ee8dbf42b07f0ca47e425146fcaf31c7a2a1fafeb17e421bb5534d3980c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 ffe810cdc0eb8dc31dcf336306ac031d
SHA1 568250a71fbe38a03ca1abbbec9e3c43beae2b3f
SHA256 46e8be5ecf468e2e2352dde596d174a0108e1ac693ae8fc0c438cadfb2a5ac97
SHA512 df36122b42a37aa8b2b87d76bd70a3433a5b9c2fdfe83237e5169007e1d5504334d22caf979d54d5ee1e6ff978f8ec94c7741eb8ff0062735a1e801d2f5e9d4c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 dd60c8b8138d88ed697f6534c27d4bc9
SHA1 b63bfcea742153b1d38e7cd4a1dc8850690949e3
SHA256 eadb94854c0e026b69ffd691598c2aa28be343b3d010954f8db02eb561e5f05c
SHA512 6db4aa7779ecea88afe32959896da10c27cbf58a460a23755b2e5d443722452337dea28ef958e1e8f33e6653120d967e925fe5414d6601369f5953c281d194a6

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bcb3af218ec78505bfaee20f53ae72f5
SHA1 2ec39dc261c8731610688f30f45083d253768202
SHA256 549683b2d956030cfaadd68936a9db602c7e0c0dc316a4bc78536932bd271c4e
SHA512 01a35f8fd171f38362a72ceb37f59e249e668ccb26e37bc29d09f5f8040053edaed3aaf95098f4dcdc9508dcac6e69f563e443beb3973d6817c41adf0a686681

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 40712c6111287aa1df2f2fb1e426d806
SHA1 f4b7e0cb392866bb867c16eafeaca12b5359e3e6
SHA256 35d72f349f8bad52f91e5dee2ca46639950d222dd53d5b044f7103e7176e748d
SHA512 09a173feb785227e0d93a8cf3b95240c9f065249c541184b2ed2c23b5ee7c41abbe157d20400b4c1079d807ee4a044fe30a6222e429b7f3a080e2eab90520767

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 a76bec52fb14ed69c99b4c0771b6b85f
SHA1 33b4f61c544de61073b2da0f1baa6ad00bf38196
SHA256 f2d22b32ca21800227e72251a472a7e4c4f61289d25dd830823c8b3a04154928
SHA512 493669bfe41f076c726064512a405e808b81a9964b35fae5edbf24bbd92a78dae9cf97543efff7b8d690ee2b43c09a0be3fc5db36fab67ffef646d7cced59c9e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 23b822bb9d8693387fd9de4b0390223e
SHA1 85683f157eced01f190678847aa76e67e2992d52
SHA256 cd263bf047a84d4f8b20a685a3fa2adae256528560fe5408fc1935fcb5dbdf35
SHA512 938d50accb1166cb6223bdbfd07b93e86aed09ea868f82fd675a64d712d9b81ef90d501d620015cb8971a23c678d598f191b3da9ae7004d61ab77f632c427614

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 15bb99170432e2e1f02d24c90e26bf90
SHA1 d94fb9e57401d6ae7905c6ad9e7ee33dbe10d92b
SHA256 5b3cb32d2eb4f1e0c8212117f866d15f3aa77692841b0ebc111908c3d7b4e6f4
SHA512 a55ed4615da3d3f6694254627caa6a6713330e144e895f257d8a300eb8c249a3f524215f3efa90cffa4bd68cf8aa677ddace3a21653aeb2f677a994f4147cfb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8c06866cce7f7ce604a06b37fb2ff4d8
SHA1 19f2febbf305b845a8bccdc587633783a828122e
SHA256 a3d4864d7ac06509d4e519a48ede82416bbd2812dba1367187d9d4848fcfa981
SHA512 46c0dabb0b23592b4ce51eaf313e5d445b283b7e76c1555ca930f40697fece4188afa0cebf3469e993d1599e54abb8b6449d3b656bb31303ab5924e37bc83959

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 aba49f748854ea2231724e37ac8082d7
SHA1 4e55e2931233681664172466bd9956e7e6b59363
SHA256 9889ed1bb26be598e31ff3c89b626b0759e8131b4ad5bfc64e45432338e6a450
SHA512 0b9693db34c5b00d13e738e09b9f6887fb84bf81c2d2da0f168f4bcdde54ed6f52bc1cee6247e0e3e1ff7b7493e13997d3984c52022a4cdb781f718afefbc211

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 1acc0e693791343767174505fcb87fcf
SHA1 af66755efe77c157cbdd7cd76e97c121989b4635
SHA256 a58516c38cfc57d5191ee7fcb9d348170e2759dd5af8bc5e309f933af3c443b5
SHA512 99ae4a8f6553897fe6de45e7424c4445f6f8a15058969c2a9da2926bba49c9dec8876ce5922a0ec75dd04ce1d6debbdefb48f4ffb98bfd91822ab35e8edd943c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 515add38b721881ada4365cfcf77460a
SHA1 1bb03d47bead5ca5952fe69b40dcec105158cfa1
SHA256 659a125f00504d619b71ac25dcf62a70edf48e2ed55601462f267a4232306ff3
SHA512 3626d7ee2fac4def2834983522661e5edec6110bad2b92b98be4226f0f9a6f40549e22d3d90564fe5ea7b688695f86d369e34f59fa47b7fa49c445098635e19e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 3dd42814f3c8a1ab07a2ddd7de7ec284
SHA1 74ba1309b08ff21f0ffdac5f0694533d06fa0a86
SHA256 c873a110c1fef49fffdf01d825c24ce62c3f90806ae69066c101c4782ee94eb5
SHA512 b6bf328461cfa336ddab9821718215031639a29d61f04945eb597bb349148bb0a6aae717d90c3b6c19486ad2f629950177469d6609deb57a9bcac097b64b74f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 79f9b4b8010338ca535cce3a3576359f
SHA1 a693671c6545d9df87b2238d8dcf81014e963719
SHA256 85783345eacb3181a90d66911cf1b5adef1be433aee80ce4ba879f7c26d1b6d1
SHA512 d22462c7e521f827cea09e4a5964528c29ceaab58af6bc3b3822f869a263b437b92af9bb5fd0bb0d450222682ca5174664dc15aa57ab542ff0929a23870301c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 a91f1056c0042d9909fac7b285baa9ae
SHA1 83a4d2f243909bb07aeb1eb6fc48579501c08dae
SHA256 0eeb06801cdd57438d97e16853eecd85f3b2fb57d84249246480f54ddcc23e4a
SHA512 466c42d9b4e61e2bd7e3165ebf58b7dcc40326099e233ef892d4448dcdbad2d9498b00ad8bf8c1bc513f0add0c6c5c949af3f619f1a9cf163e47f21915869dd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 4b20f9c482b6c1039771be6c1d87ceea
SHA1 fe549a8e92523151423d2a2b52eb1ffc670d0656
SHA256 11954f0a3af9cde649af9267a54b6e7d4ed0543553a291cf3242edca8f79284e
SHA512 d2723a0471b34e25f6acc2a3cee2d7989012bb45b1303a69a60f311faa6f2040d51ac94b3a22d04e2caf3b5562410bdbf3ee9a24a879e3b8dbfd498ad3bbc893

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c79b3a7b9c46f3ba68a7aa0f561af022
SHA1 992076b180b7a2aff7193cf18d0377c087c5b0fa
SHA256 08c86e71f6dd5b1aca769bb2236375f31efe515d1825d40d292971f66bd43fff
SHA512 a06ef33ae1ef4c008ee0f9e749a346231f0989ca68b62f845e6cd027876b2fc04f2c4725c85322c88230484639e886388f14cb8e67f9b79494acdb55b35131c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 fdfb590f060084e6b49ed120578fdb8d
SHA1 e2de11348dd973d6f5e6c09dd062f1b06443a970
SHA256 e002040484f92e6ee25834f08308d58baf4cdf26108b2cb63e6799aaac4142d6
SHA512 492acf9d75c572511069148ad21a358d21cd9cd4a13689162c6c11afadebdaae0c6aaa86f65c9b1a51993dfa174034e346ec87d706acb2356ce2889c7906e434

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 95eabb2311efb9cdc65ad17996bff042
SHA1 2fa42c988ac176074475f3ba892f2abcc4978eff
SHA256 077fee1514e4c5abd292344f5869e27df4b97e35a49aecc4fb156c05abcf55f8
SHA512 4551fefccb8cd3f3f56320372b333c960ef8619253b9333ab724417ac352d150d8c01456f97d6ca1349ae0d76f4f5607c79d01dc61adfdde66d13033a5a40244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 e4cddbc2afa131b759f557bf7a4d4106
SHA1 a3bfc71958433dfa369a1daa92f71ea62a4e281a
SHA256 67634a41a8136335f22dc9c7c343085b1c262b576cd9f562b8785ddc3388323e
SHA512 5d1d6cece9a49edbf36db87cff2002faf2aac86731fdb00c92ac5f33cc5918eda11af81537f794becf88f022296e59569c73de13cbecf085bd56ae7b067effb4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 d0330af95e3383c5d1a3755d5013fa4a
SHA1 3eaa9563df56f8247c0401085511bbd9d1ca02c9
SHA256 0538f5736df24ed3ad52e7b73b0502c8ba2058fd91ab06b2eb7f1c39912f0366
SHA512 8bb251854ab9657aff35390f63880af93abf93c6d2812125a655677160e82a65e014ba2da979b7b7b5c34fd3d7b8956b4955312ee25d0cd875990d13a054bb95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 fef1ea514c6ebc0f3d4f6113b1c50a8d
SHA1 2d54256a68c20fd84c8f95c4cc55340316610449
SHA256 f8a199b03cf446ee53d1d267d487891db9e90ec138a305140cf371d42f166aa3
SHA512 40d8d70f43b46915102b50b3e7ff04e899e4654908b85741f913cd5796ed3c76e87091c31a262d44e5023da36dcc7c36c016414b939a9e6227d52da78046cdfb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 6115872daf9194109eae4050f906fde8
SHA1 cf1b905a16f76346bef2000b7f846012407f323f
SHA256 8375126f39ab83eceaf31befaf98a9bfcbc4fa7199949088c776a6dbf98d1779
SHA512 df4d5664539ac1bae09b69f2a9bb75376cf6edc38a4b82c11b90476b6c6aa6f1654c4ce9b71d103ded75777848d14f22166c68a39cd0241ad9343eca9ba98f9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 124f9fd4ee82fd51cd1bd15aaddc97a2
SHA1 5aac486a9533f13b7d3b213569349740671c3a2a
SHA256 f3a63ab3adedc5c5a90f717a243734080311b83116f622ea70624a7e31683134
SHA512 19eb06b6bd5128c134fb681532dd218b8e17815578ee82028211d83e6bcecaa0c666babd720c894095ddd03ea457eadb7387764573622e1b2485ddc7c8a1bd04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 fac6687792fed6ff17219550105344d9
SHA1 593aa9a263011683c4fee9fee5fe4eb7316d5e68
SHA256 c979f5f6d16e09e943b345ec30c0959adad64ce86a63a243da0f859336565359
SHA512 122f66864966d1aee68c441fd9f83ca3194c193f472247d7b59f8df2a548c8de8f62f5b9b25c3e4c68ecff27a43ddbc79b7103f1e3cc0645a67b0e8e5d62394a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 8063bea0cc302f85d5413d3cded31892
SHA1 fd92d6c23ed469e7d754cce1e7adf59bbd46590d
SHA256 4192df2eae2ab3fc99c845f9009d88e40e056dd262fbc2b2d51d51d566e0f30d
SHA512 6ade0a7aa37782eb9cb6966440f73a1b7529bde51cee057425b0d1f31187385c08b630ac337bfbaefbf831dc907871b67ea60f81dd1d64637021af8db14e5b18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 77e9357abca0685ca01a9addc887f374
SHA1 808c4db6ad48599f0bcc5ea6bcfd3dd7ce8ac100
SHA256 d6941ae7fd021b1bd356e02a6608f03ebd1d81db86c48020c4ad66f1922583b0
SHA512 af9984552bb43c07fcd66a690fd999022df27b3f4696106f6f43560cf4b513ea18fc1deff0af2133367b115ab6eba2ccfda01d467f565df3b68bb4a380b5a675

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 b877494b3ce985104912dd48275e8eb8
SHA1 67f661dfff45c8a9fec9073faafd0847cc50181c
SHA256 10f12a332716fb7fddf068ca49b8e6aacfe931c3ddc9504af1fa92ed4a48f66d
SHA512 9290d53e31dc2766af310b39138f181494d6fd54c19a4af1b3e39156f80c3f5ef579069c7f8d09cc62cddffa976e8a29a513273657981e7c3a7650e19a91054b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 d5675406bc76dc2736c25c86f9850428
SHA1 b91638295731598b2ba3125557930105d9f35399
SHA256 7c83f7afd966ded9a532e9c36b4f606a5bf460eab0fa049f490d9d7761de42c9
SHA512 cfc71d307a99015d963a1ba68ef1d4d276d2d457394b8c2910ace84c25bb967be21aab438c2c249d60a53aec29aeb3ad424bec63d1492d09dd73a4d96bb59283

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 6e19edb1ecaa1b4bf18d166b53f92ebf
SHA1 f98c0404f328cf3571c7ee17fd48ce4842c8da0a
SHA256 2932d2ecaa7e007b75e92d72f569c7778cf914a0562776be32d43c8cd2095af6
SHA512 6b9cc559bfab12b396e6ac4a87e6a530a2416300048303ebd38a1b7034d1b1120f5ac2b8ffd0c24a8c799ff0ed944a0d345f48619ee7d4cb933359545b3acf80

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 f70bb1acfd8e08da0e0447364856bf1d
SHA1 cdb1470b4933c68232ad4239a633297061a23a1a
SHA256 3f9b9577aa3451639a3140074438ed598a373c0e81480350e0be8e5e0f8e7a07
SHA512 510e0ca66f26f85dda8d5adf1e3a9ce3d421bc5a7a700bdbd5f9b1d12e9ff9eda55834d3b2067d07eccca41424bfc542a9bebb6bbffbc6966d06d70ed1c822a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 8da138ff1e0bb74b9b7cc32a97ca9146
SHA1 9173dac3c82de423027fdef9c8052256aca6c4d4
SHA256 a2f12bfd464a2265fc281b27177fee70f3d15e05eba8fb3d4fc67e29bb350406
SHA512 9a21b2f728ee23d6d73e56325887b419f45fccec014ff6647cac55879f63d72f194be13f96fa59221d9f69524bf668c67b4c0a4ac40540666f0322734dec76b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 0924e1286f932c5e3f2ed7828250c09a
SHA1 4a95ec4cbbfae0b42382aa13853e85d9e6e63fbf
SHA256 e549f39fb22ad0c95e1b7ae8ec59e1079b1e8940de72327f3af95e4666686717
SHA512 0821979b5c14f2bca71df2a1d7d9f90ba6445a6881a2d9ccbb0140b1af14d1a02aa0f31d288d7113a3c53b3688fe00f76de6ff12d3b426e1dc8ecff79cc99499

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 1e777518191c2973e5ab9de1909ec5b8
SHA1 64df1f77adf131c4d7702f71a55cb95ae8e832a8
SHA256 d27481af9ec1c4b7d689ef874dc8680f42b9b9f0367109a00f5a7899d0006285
SHA512 4acec000d305e10be88efbbd6709abae4e8952e20fd46894263097de361c21bd5bdadac69e88f3e9943ff4c0c77ccdab0c9af19fcc3fd691e4589f7164ba96ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1d1309fd1283e66fef201fd6a8b9bac8
SHA1 832ebe756aa3ed33cb6341ae83e628ae5a848226
SHA256 ccf6b0540c2032ad0acea2408a843d2fc8e9bc636ded03ccaa1751eb32f2df4d
SHA512 dc4ca90206d72afb51b93ff9ae1485360d4984399bbdb0a5abf2718a0220dab5f32125892b891c856716af8814f5120e2f557b43992137b711102e4c2be74cb6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c9b24e5a90c06abf7f6cb03534e2fb06
SHA1 2f3f40e102aef14ea154d98c1fc1301c666bce3a
SHA256 9431493e1d26749cbe20b788f0bb14a4c10a99d61c168787a578c7e6f2eb8b0f
SHA512 4a6745372b71256bdfd7efcea89126b4247833b556a4281da0f3cdc356763771a81e6f4f399ba0b0ead9cc613686313fa06feeaad77eda6a0598c5a75ad43d70

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 e37bbb9a38f5db287d55edb6e2fb569f
SHA1 6cb6c152dff0f58f14d703656d66b135c8c01374
SHA256 13a090799f1d77a44d4bb53950d5b510cd0ecb446857cc6d699c05d3cdbc80fa
SHA512 db07be0ee16eb61502becba90e81c6420321bce090983d9176613a3b22f69e8dbfa43ea3b6b7215ac1d88db7e4a6acd9c20fa8bb0ad6202d56aee7e13f691e5b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 eca948d559cac05cc5efbbdfb9c3197f
SHA1 58a29b5116e2f590761051f86364d9dc6138a25a
SHA256 82aa21eb84e3a787080acfde90a72ccf33e644ebb213089bdf7fd0d2d1cea7df
SHA512 a52bf2c764d525f18e6ef8d1ce5c1030c91b0cdef055771c85e1443b03cd47a9fa5005a1c68c16bdc2f32ed73a2629d429da4839f1e6bbc5c59bf40727682373

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 329d24172d237e8c0175d7b88c9f78cb
SHA1 f0ce796de833004ca154b4c334da598587c91ea4
SHA256 1b4b43f52322c18dc5d03f5f4d0c34fa7559784a7ebf8ac7138c46814c041243
SHA512 866d9a6a08c235a21b78738f6d47ed21da2f962e228eafec026967feab7731945dc342df24eb23020d5366123420435e5002f05ad876766ce4da5987ecf26ef2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 ced9fe4a46e5b6f07536356f361bb67c
SHA1 2d92384668496ae0bab08d173b86b51d1bfab733
SHA256 13b213d34db0ed7ee99c2edb02530e2d8bccd4d68c68feae5936b19845d095e7
SHA512 a70ff62785794258d5def8dfc494e18ee388e3a9b794918867dff4d419cd6b4c1a141ed6d5d55ca9f55fde57fc38a75c62e59ba5ac60c0e1c2aa4bdc958cbeca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9eae4f5058ae8498771cd4b4226c4449
SHA1 b7e6e2ee63bb1cea603895a9bee9f8799320853a
SHA256 4a95da63c1813dce50fc545740aa072d2785cc5c1249a097e0c602b66251631f
SHA512 8e9da4a8771d8ce52f83cc8ea44526c4c4122a29cd0ef7b63d97968edc3ed055f3c30957e55cf0999504b8126b0c11fddc9faed29333a871777d63e2c01f14dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 29657e447e774bcf5808690555c9794e
SHA1 6ebcf6064b60a1d19aff766590214e4f5d44a85d
SHA256 01c1ad51c9e5351eaed5cf0579bc656b6f95ddaaf3bd0b1a408d420ba863d852
SHA512 c7ab84d08d3bae0fea8a8c3340f03aa4416e054eb0f93818b9913c718bd1939ec302d086fa28174219f8b9a566734a0156caf773715b464dd94a0dfb9488b04f

memory/3420-4541-0x0000000000400000-0x000000000045A000-memory.dmp

memory/3420-4534-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 631f124514466c1ec7ffc75a4d796ec1
SHA1 b44b2018bc51d318d8b1377e4c2ff08f3c23f53f
SHA256 b22a787209600056799cdac592cd2d2d4491ce8547e46aa8cdd0cb9511465cf7
SHA512 ce07ce122d1ae157d7c3bdcec9157bc9f8ed803f71a6570852c6038d3ec54bc61039b10a3d0df44882c3b4ac8180a4ce2aa8df6342b7b8a8de8067545de3cea0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 5f23d71491be99426475a4bfc0078225
SHA1 bbae8753c8f5fa56aeeef96c77cf5aed6f79ab15
SHA256 d5d0dff814df855c600d6c123621064ee95d7da4ab65f4bec5f5ad45d555570e
SHA512 58b35586cd467d28ed2bab4fc5a4f228dbc100dd27dc64f29ded1822b9bf931ebf5aaa25b34692cf225dfc5cb8fd0d4aca8e287b5dc8549498bfad25bbe9548d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 a505d490d3f38156d93e66136cefcf22
SHA1 4de5ac64e381d94408089c4403b7a267bdd04de6
SHA256 dbc36a469269755c9ac1e90cf898718de80fca7248fd92113b755e9487ee333a
SHA512 3e75cd4c5e6186985bb35e12aee50427a8d739fc628e4993fc0c14c6027cf2fa9158aa6563ddbd8680628004ca99ceec9889cff50f5ce3a1a5c76f249cf8f963

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 f9e5019e1e9ff9df058fe770adcd19c5
SHA1 0131df9420fc2777ca17d6a27bae54c5cb0dbbdb
SHA256 5b4051050f32a5bd7510c188f0bec966c2f4edc8222f47bf0efcec7ea05005ef
SHA512 79ec787487231d74569401c50e94ad74e4e80cd96750d3246508c1c0ebdc675931133af2c2e387db7366e53f3842556421b29aa2c11964cecf30dbfa6e67d310

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 451b16e10c87c1cb796ceaf36f37dfbd
SHA1 ef4c5f7174aff80924adcafd9ec55e9d8b509c78
SHA256 15f982150af1e7916d3d188f1f515b4d3295b10581f3200602ee7202188030ef
SHA512 1b99693fb70dfc353b5e6af3e3359729c7c11bed4e4e4c9d116a103a9811290879d344d38008d90cc3a784e194d25f9e3800be59eec61d2cd794e4365143a6de

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 69dcb1a8fd29382334bc82f6defbf015
SHA1 09cbdcdabae74d7359295b2e191c385f52ce94b0
SHA256 b9a759201b11b2fe8d204946bc8946a8901eb64c7df4d3047ab08b70ee1f8dec
SHA512 8529c86443c110e4d9107b70d18ec69d0655cbddc054c6b604d53e071baa4311822d4ad880418612993ba8a8016361816d352e8cf88e5207a0918c17bf6e62a9

memory/3420-9118-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 c526504658de7e24a19271c235f46ff6
SHA1 c04fbf18e5f65275a401a9a5db93387e5f39333c
SHA256 a56014b1ad47d7addd7e41da62eda392a6bf5b23fcf3f4930283317e4a2949f4
SHA512 6798ce504492d45c4fa3849aa03a6f924938627bfc27386636049a9b0041539a003ccaf43c014504047a2e3736911ff588547fb3a95ebb7182cedddf46f9eb76

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 092611f93f33071c12f4f73faede8bca
SHA1 c46a500d2a25b4ae289d892d8d55e91bce9b6554
SHA256 e6c3231bd51faade0c434c44fefe2cfe93f197df7507dad9a066447b6d0f8a48
SHA512 51d790b214fdff6214f7008f71fbcc64a894486ee60b61352f271a4fc1403e486560ae4d119a3578293c097ba91a9a1458d0865344cf5ed8fa8036bb734177c4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 6d859cea65128b9070a9e0be11007f1c
SHA1 8e37e7e98a748f9be7a8ee48a6c5b71fad8a3faf
SHA256 09c651857ab777c96b76fe33bc27ffd862e0f02a6b57a7e81412e87101cf7728
SHA512 a7ee2038e4cfe4f0e948acc4bae6c847580c7b165121b3c2c3eb66ac774472974fcb52297d70a26f19d7b43991b459dd7c772d16e7293107ac11bfa0fd9ea9ea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7d6ed6e911e0eee74c6c7350634acced
SHA1 9fe563ddcd0fbd916e84ac410a79d92041041fa1
SHA256 f9150896d019cfc401ea13facba47f30e8f7786bc1fc1e66d0bbb47fd0983806
SHA512 a9212dcf31928337dc25ee5c9171cc199835edad558727437ab03432a01c491c58225bfe0ce8c7f0f78834eedfa7c52806891b5bd82d7c7ee1a36635c4f44dba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f4fa8bba95d2f44c238669718eb8cd55
SHA1 0fc1666aef04cfd1180e5fd8a969c7aa5aafadcc
SHA256 7d9ee83efe0791099f1dc46ebf9242790e14ab0b45a03e2180a4fe2b9d173d26
SHA512 6b92e179a829986774bf164e76a30e05248fa4b390fa50b48f3bb64620dfbea6072241c8886e9c464b9de2ebb7c6de09e87b57ff2d57ec16b75f4107bf5219bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e409fb580d91ab0585a2a61ff55d2313
SHA1 206b3fcaca4e8f8362a5be21731caa7797736ace
SHA256 79a6b617c5d440a414e94def10d4acc926d09fcab43990f2141b0c68414f3d74
SHA512 de37a5ce29b334f6b9f0513a619ad26992d8615f9d1ea48a5aedec278bc5ac703403255d098a82cfd3b0c7bac52bf98e160a999f98cff8f8d76e1461c32abf30

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 adbfd48b176b4d391bfb264a1275bda2
SHA1 e3eefcff5c020d07452a660fc1493171e592ef58
SHA256 c88fe07bcb7af0bf08df26b4e00458edf72e03f9a1c8d0f67b09228ff375bbb9
SHA512 35e3a7504fe1f920ec72590754699350ac7229f30cc555b7da65bcfcf517f92c59dbb49f7eda672377bb26a10ac384e806ef0233b4573717350a35b7a579e9c0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 bc0c7bf74dc85b0ea2f633286a2e1711
SHA1 1089690fd87fb04cbcd5b838ac95dd37244ccfc9
SHA256 e752219dd9ef5fb47f8ec2a92486af418fd95877b2586d7a9329b8a3b18710a5
SHA512 bfae19e38a47bf361a6a8d5eb7f278dd6e54c0acb652d99bdcf2def4a257b58ef909ea6b364d03e59c0e5663dfad9df84e78054e88fa53c522d71eaa5dba5288

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b423af9d7700b913375436b6eed00254
SHA1 19d8b3c86ea33ff6a65b8bf121f09ecfa869e435
SHA256 8e797c19b2073e60f4f5b7d62ee2dd314c00212a82f337309a10b9200d52d4b0
SHA512 81a5c9d7ecc7ae767c4750a9c320332cea3369b915dcb58680118fb32383c3ef40f889dbfd77a3ef06532175170907ce70cb41d40249d97d2683d07be1992d82

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 393d1062b4d22a5681fc45a68a9b5746
SHA1 3617b99ff477dd755d33334682d4d7a5d010d921
SHA256 b6c93f92383a428426a7527c326d1c04eb1c5ead9e4b1a0358a2384435894010
SHA512 70b5a2e38f2becb58fd54a29420de47faa4c2e06cd70f8f42d0b3aceef1c77d6dd509f6884a5f6abdbfffd6293d21006481bf550ebc425b5f8aef7b7750e364e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d02b7220ce90d7c8e3ae38ae149598a4
SHA1 df318bf256425ce3bda38b10def747d53191efca
SHA256 6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781
SHA512 7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 fe6708820fe59ab0aac4dca9b7cb2c4b
SHA1 60e6febc146a7de0519576b1e872583b56b292af
SHA256 4601a1b1779885ae424302d3c6ddd32bdfdd12c3074b032efd9c145158b3e10a
SHA512 2c16110ae6ea6ffb85d0b9fda1823b23e9925a6691027a8e65b2cf7fe63960a4bc7ac0c0a3e98ee8ae5329989032e32802882ef084ca15f4be65b4554890e1a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 77ef511c7a7cb8b83067d690b41f097f
SHA1 f3139229164a39640d98920c061c1c204f678d32
SHA256 f130d46ea70b70c9311f5b9021ce8b5c1c17094ba1669cb4793d5f24ca917d13
SHA512 3ca0d69101537ff3e98149c1ad18fbce589aadb7a22b0892a6e584d7be906256be698ef942da30495d0856c7ce6a679bf2aaac9683ed6299c2d72ce460056512

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 8ad5595b71affebd427fbdc0d2de6a86
SHA1 d745a1bc61278e6f5f248ee9dc312af5d537a3a6
SHA256 edd5526ccc1e9c66f460cf2932d214c44d456e690665a55c44537e5702cd5dfd
SHA512 f863c4a333d729caf2fea09977e0f15e8babcae1eb3b9ce0d920c1ef6ad9b921b733690d68355271ac47d463abab87d73c1107fcf9466b38c88d4cb91d25274d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 9de7330a8a79de09f534f734e7aa427e
SHA1 358da8b3b890c31bd5e6140ffed98ff2c74be402
SHA256 88b40cc0adc9639ed58cb84f1aebf2e691b57db8cc4910f407c92879665b46dc
SHA512 89d94cf84c1a5ce38c74b8a5f62656d6ce2ce6c6249841bf355a5fa522edd7d811ef8a7222d28e2cb1e06128da5b223ba9bcb93225d49b49757455a1b85583fb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 35a0b5e86e4fdb6c3d748bd2cb7b5f79
SHA1 7531d0e9f33194a7c59895f2ea2c6f9351286dd7
SHA256 fe6a3de515f84f5b29d8ecb8352be215b172e44e94927245e2ecd66bd59bf799
SHA512 6edbfd6d3ea015231fff6a93c9d2c5f86907617dfb12e3f24644d20ffd52e76592b8aba372d0bda4c38e6f75b968c22546835475bd304e4fbcdfb8f8dc8cc365

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 1ab4d9af4023da004ae14069e9c8fa88
SHA1 3c83d1159b5361726b63a359cdc55ad576e448d5
SHA256 c2081b423b0b79a5e110d3c84eae1baefc59c7192f04dbb141441a2acfe6d413
SHA512 f969815c5c5caffe5c1f8fef5e59aa5cdf0d2bba8dec24cce39601510f8cb3320e15da4466c3145218472a1bf3434e799a9731a7f1421838144be8024739c158

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5893f08f717ec573e319e38b0c9f547c
SHA1 132eaf52729ecd0097dc6d0fdd292d7bbed48635
SHA256 1a855dca084c5864ef80e2ac3aae630a317663a4190d76aa2007a6c053615f21
SHA512 a92e27a26266cf4160467642a1b324cb7f7328edd7a297213dba2e78c9d6fa88df72af499dca65c8bf54469b9cb3f4a225d372f5c27f8fec4cf6b297cad0f043

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 46c48ecf51134d95e55fa8a2c1c3da2b
SHA1 c9b3a00c5478fd5c0f3646f0f0e83601a7fab323
SHA256 9de5851824b4cceee1beef69ecf35c93262d04f8ae02fe92037b9bf93c8ff64a
SHA512 1801d175cf321327a5415e00136ccd828457d0de2080e0f210ad5b7304a023bd9c0bd95b83afaac9fee9d974d8e91693b913366cdf70292d754c4b6e55e28aea

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 71e00bdd575b7d5c73746152c03af402
SHA1 b212e64b4c0282a27f5c751081a4ba10035d71fd
SHA256 c9296d02229605ce18da09f0f7e2bab8d78024a33e5e0175f9b5f84c85517179
SHA512 8291f34586df066a6f24ca0a7224bdd22fa9e24e4fd04353d583df3e103922948bbab22df01fcd5a04ebd0c3d704698df92f1b5079959210a1b51a6ac32fdef3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 d9369e7345af11a14d702b9e9aca9123
SHA1 366b2cf4cdc2e751a8578e2fe5a8dd7926a4be35
SHA256 bfb55155bf31581f7c67941b1391f5ab89c18af911f1a2ca43804fa5f9ed7aeb
SHA512 e37f47c246c5e15853e83b95ddb0828bb1199318043177243eae8dd332ee602a58b7319617e408ca68b965b211cf6e7e0fa0ec0e75b5bdb9a61ecea0afe9598e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 aa67dd8dfb6cdcb89586d0b8fb4c4773
SHA1 ce0fb43a19c64ea39d86210a679c89fcd89e0d1b
SHA256 9c9fdd3071381c8b5a86f0b974e68d7d0ab8e1a1cf054e0301e7cb19a4d733ed
SHA512 1be333cfbed7b0ff2214d182326d375b13c9917a5b471df4c31d8513efe431f57ba91a1da0920d902ab6407665f2c86e89df6e19f17ba5518529c447e9b4999b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 1dc1fe1b90a831c7e3621e5952dd12ef
SHA1 f8e2eef2c41e3fee103cb8fcb93dad5b8a214a70
SHA256 52ac197ecee844b4cfab8ee703b698c35dbf9226fa1b55591f43ece03a9325b4
SHA512 2e82a8f4df09cff6d03c863164a25a1213355b18bdfd7abc2c8c755806fc30ce582b86412bd3e2928f32456515aaa6a42daaea731bb07c595c8cf090eb1adcf2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 51ce0cca5105afdd55383d0e907937fe
SHA1 5a1eeb96b93bb809a668fcd8d519e75cdff2e8a2
SHA256 f6ba7b07c8ca8f1d5547470a7280e7534ecc5bb4f062b3dcc7d02cdae8e0a4dc
SHA512 ac872da637e6b7f8523a43c5bd32de232b644ba92af47e40cea39661823492d2780350d64d811c33e122d7bf66ea4b4280d1163265a6f215c8d93731d334141c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 a7c27ee1df532436cde3f30cccc9d115
SHA1 f172cbc4a403e35984c9dcad93aa73942c1c2ccb
SHA256 b3c861841a772c60cb6488572a2d40e554bbcaeadf3df2f997313efdd6e17253
SHA512 335e38d34ea0444f54a1949c4df634b84e11d3e4e44593e07a7bdbe920064140e5f3fd808d93f84e229eeae2310062ee3f1755be8e637baf2d24aab740f318aa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 0abd5c406141fe253f8b32fee9cfcac0
SHA1 15cd18471477e709ea100cfb632960608dcc92bf
SHA256 ae2a79bbdb8337289734a239e003cd03bf84d4c5d8ae184777918e4be6210d44
SHA512 3da78d7f01693e11f37633b0bfed7e7b851fd8fb17d7f869731824aa15f33536fbd5698d4375d080c1a21e9af339a5bc021192753f0e83ec4ec370f583ee7c31

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 90653c8923dec1d1af24ccc8ee0e5582
SHA1 942cf0993f1a4c7b141a8fb0e7b79f58bec1f485
SHA256 a88c99f6b56eb81f5b9576a872e1f11773adeff28b0ffd292bf4f47aa2c19669
SHA512 2cffeeec3d3372a58cb0d53b40f748b29b03bac8dae798052bff8d084862d568417bdbbad0156a1a972b905810e1879c6d138dab402b1d2beae6ddc6efe287a5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 af9b5f413535cbd02121323131166341
SHA1 f7ac57c69c17bf85ef6b7145c36048a8341854b2
SHA256 d72ddbb436ef04fd2a432723e5bc3b9f93a62bda9b2a8b682789cbc7fb721430
SHA512 71b112686f96a15df330c60f5dcf3ebad62cfb19bc1b9ff9c824bddbeede6e2ecafd4cbdf9772d6529783d14b7eb889b21d495ff7b1072df22c612f4ee638908

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 18120e1739c4bd5f220e4dcef7ded676
SHA1 045c8d52f54302a9c308c2924693288f82dfa8d2
SHA256 547f081df8000cf39182998b724c9da1d0e5f2115902ddd9921c1bb24728d07c
SHA512 b1c5427d32d80c07047f29fcb465b95ecb96e7385f4c2d7f7717033764ce85817bf60c03b62e0a61dfc41b85fbe4a10dd476b3f8eaa8774c030722a2e34f1950

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 c6a6195066522010d53ced63f71c0393
SHA1 f29c500314c21133314821d2efbf6efa9df1e433
SHA256 c189d16d72c4a13e3c04f1d103cf052807897b36668e0c25a97c7aeeaed8571b
SHA512 2348a24abbd776014cdfb85e2dca13403882a7e2b7f60639755421d7db7d1b7400a36b19d28b2e46da164b10d17c91168d528f5dc9d67feeb9e890110762d0ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 a1cb683dbc59e6ab1bfe2b3dbf8cbb63
SHA1 70535e4d827a36dc83a63d3cf74d3ab3873b5293
SHA256 af0b336f95ba99f8fb39ac16a85eaf8196fd1aa1a8f23314cd88f80ee54085bd
SHA512 4df6c1f0a22a81a9ba0228146295011900bbb2a6c43e9fcc72208a629e35b9c9ecc220e81c84a64de66171d007ee40fa7396f86d5f6340f8926ec574624d5ada

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 56482f53b78da9ed107adb7b8cc65133
SHA1 5337980216ec82c0483db3f37c5caf6e32044481
SHA256 879502e7ff09e4941750930297772b3e43f24386c746310e32493a9c427205f2
SHA512 d66fbe8197b02454344c45a2c51c3b65f0753458a8b13261be5d66707a58e8bf60f18c95da6fc18cb801cbe8671444b395a5006edb9d9032e34de79172f46059

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 4e74839310d150bb098194e490706f7c
SHA1 2983c8c0dfe3cc46485f831861690c2cd20511d1
SHA256 82f5e9423621f99396a8d8854559e77d405e737af3ba8e5845d8e16d80678847
SHA512 a5988bdb92428bbcf5ca8934a55566d923143e8ea3e86d99ccf7e9bce6ebd910e18580bae893adb5428b3e3a3aa2cb2cafbf6b9d1610189d8a99f7434012cb3a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 4d77395c1dd6143b235d288795f13268
SHA1 c6b508c775eee9de1d9c98fd1a1f9d09e345a892
SHA256 9f6f5a16b382c00e38e25d1c58367e278d64655095f54ce4de91b5a25d5f52b3
SHA512 7df1cc763d29cd059dc4b2ce4948a1f521c7893aa9a75b233fdb1e6a675832e8becdbd98cbc28f53ac0848b248747dbda0e8a8345b957b4bb0fff4cc4ea72a97

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 2fa304cead774cfbac04a70f8e13a318
SHA1 508e4aa572a0dcf42cd134f42c3e250ab9cd3050
SHA256 73f15a69820683f2dc80f6032ab99a5f050aadd69a1fac493b1b72d463c491da
SHA512 810d30af6b6468b6dd77968fad54e7e69009fb77f8c165c133a32fd380b14cd0e3afc3289e60c38e99df46095926e49f90fed89b4668829ddb48825d3164b386

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 221d2169f5365016d12370ec6810c87e
SHA1 547905b372ad1b2206165b2ebfc424954e9e144f
SHA256 6309c298314ea2b4e810de5cdbfb284a19c1f3c4ea5fb6cd79f3f85a568c4257
SHA512 50c49f486064b4733c411dfc3d0a3cc6ac0fa224dacb110235aef4ec5790aaceb5efe38d6bd3885de80cb30f05f24ef7e3ad432c5fea1afcd93e69207e5830c2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 ce26b507ee1f5d53c755fdedb34692f2
SHA1 e174491c80c38c77869eb3f11001e96805865f34
SHA256 173375ca67ae0593798ed51e1fe835b8c3ee8df9d18c8cb57c1c8f03afd98ca7
SHA512 55154493323d6e0f5825bfeb291108e5948cbf559ccc36fb9e7fca7c59bba2c01169456858ab5c37fd652b7595b1e0d5fea34afe3fef773a597c04851e1b8e06

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 bb9515baf5eb4e403f692ac83525f94f
SHA1 9226a8fec4fb2c1bc8258c057ab3ae3cf062ab2f
SHA256 1e3d634cf395dc05053ffe97b60ca39a9f07eb71497d9da5eea2e0187cf95b8d
SHA512 01c5b5998fb97f4863f1c1c3d85cb3c07b7260772b4b2098b3cf9292eac32fba6176458719f3ca525b00651c481cb077aff86199751db7bb3d2bf51b377563b2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 0a62342854670fc893800423619cfc49
SHA1 bbd5c2f712dc39374041563533c0db97d93962ba
SHA256 d3d4aeb65e8e1169a2511bcd3046871371d67b9393416b9b06f4e4309302877d
SHA512 c634d4b0eb31d82ec4ede82ec3660e8f820acd650080efaed97d81640c80c0e3899aa561b77816e3890e4a81283a640ec9741584701bb667b829d9a8738d86af

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 f6224d044f3e87bea40aa1e57cae52e8
SHA1 1c72a0a42844adc10866e39bb96a0710b05da61d
SHA256 df1bee86b534448ac6d11215d15b53707099ee2b1c1a13837d008da94fa17b16
SHA512 4abbac471874288b24f0d6c43e9eb36312e897c18f49afdaaac87d9d654247495194049c3bdf2819dee745bee7bcebe0274e03debfc965370df91726e9435adc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c4da211446df3a0e26a3d7554b61a52d
SHA1 da817c9c7df9fdf0b148f0403eda8f23f1c1fef7
SHA256 a3776af1cff128202ec33557e8ca13d6202897e8b69cd29278e156035c27bb0e
SHA512 6615d0bc03ad58976a247c0b343fe367a4880eaa7b866d452a1fedf0be6f2446255d86922ad33c9cf89132be02e53f01f2ef1a0576a7896a1823165efb18ea89

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 d55160d78ec1550e22987edeac5b0426
SHA1 ef30035c6d1d8adc02cbe13354ea53047904d619
SHA256 4df3c58897b6741ebbec099452b17e70e17d7dbbd6853f1b48b88fb95a3df2cc
SHA512 e5dc746a87bb53608bd8edecce291c32d1577430e41c162abad40485706cf0a77fef5ecf2bb8387c81c7b9a451ba4e44e69e56324994094f737730b6de7fb4d0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5d68d3e56dc0d5a8c70086f3268ab39b
SHA1 5c6a546acab248682caef089849bd5dfbaea5248
SHA256 7eddf28723b12cf075258a2375c7cd21bbc6e2488c4c6f7c881593241d20aa5d
SHA512 b77f7679ab632c7257b9ccfe9eafe85164e3f41f6e79ad6001989cc17edddb1e1c6ae02d1b7508881702388b5a0cf89c2b3e34cc5d3f8d89ede00e8c6de9ea75

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 a145354ff56108af97b157a584f40a6a
SHA1 e0d6f14cb223d787eb35ea8adb7fc83e204ff370
SHA256 9d38e71736c629aede74435f75c8907f9338f79f1e604fd39138ebfe54788134
SHA512 ed9aac9d54ba1196043bf66ea23257ee3d5cb5316e3adc2b620ebedf154b84d23cf8d88d0dbc89a94e1fb3e425673037f89990f9a79bcf986ab2e790a823d944

memory/3420-10748-0x0000000000400000-0x000000000045A000-memory.dmp

memory/3420-10859-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 eff913d09aea91db148fa0fb1210d09e
SHA1 dfb76d7198c93f7040c07c935de9fdeac5e32655
SHA256 291cfd8c6fd50b00cbb15c7f73700a43e8f82db60dcbb66af4abffe5c1315da7
SHA512 aeddd5f0532752a83ee14dacaca5ee729bcca2e99fd87df853926fcf121161168cf07b028be965d9a1abf919faa564d2c26b460618f212ce99f86902fe4f759e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0ebe05749300c73c8eeb6251b590e510
SHA1 f055d73f0137fb98a77bfdfdcee3d5b6ca57623a
SHA256 bbdfb985bf916c4ee4fed65169920e66906dfd15c8d4de25955adc99826ad34f
SHA512 a4b416b31595ab608bab8d591977cb3cef5ea51dc81fadc324db16665aad584ec62a98733b4022d0c5862a6c7eaaaed66834f1536e47026e456c67df9e28446e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3bfdbf6c8a4cf4c58d3d81a3037e3bb1
SHA1 7c502712afade3da7e3409f46008b4848e74a297
SHA256 c54f54bd4dddbccb1e238ef60ca9fdbfb5075a624b3e70886922f6fe84196014
SHA512 db1b3c7a25ceb153cbd6eea37891c29be39d01fb84d3f1fc53e068624d6724c624ac7cb86e443f90eff7a7b542d38d626d25fc651b78e2d59d20f49a080ab132

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 1cdb0aa46472d72b815ef00746713a8b
SHA1 a3749ee128fbfd1bdd57f1f1b6621d77ebfdbcb3
SHA256 3215f08fa1874184ae22557c767d2a0db2001a7e9dc162f22a96487a93890888
SHA512 f3b29ccad3f9214136f5e55ad3e53186568ea323a913195cce108ab0306c7db6eff7021f703ebb6477d085aaadd1bafc50a09d13001ce2cd097a41c7d8b607ba

memory/3420-11166-0x0000000000400000-0x000000000045A000-memory.dmp

memory/3420-11167-0x0000000000400000-0x000000000045A000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 3956cb767cca1290181444c88c43b53e
SHA1 d2bfc60d507e12315f07ff80528e6eb4b4dfe3aa
SHA256 5003cf7aff6067120734c35cb69fdab98e41f2b9945a192ea6365d29c4187601
SHA512 de0b3ed52f7ce09e8ebee94020ace62275080edea51cd3f2d18cfcd433085abb5643d8dd2a37347d54a3369b7975ddbdc8e003463e3406bc6bccf72821cc71c1

memory/3420-11172-0x0000000000400000-0x000000000045A000-memory.dmp