Malware Analysis Report

2024-10-19 10:43

Sample ID 241008-xrx41avhrr
Target 23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118
SHA256 9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b

Threat Level: Known bad

The file 23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2214) files with added filename extension

Renames multiple (2193) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 19:05

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 19:05

Reported

2024-10-08 23:39

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_a76330a2da8329a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_9be5ff0f15b15eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MoveToFolderToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\refresh_16x16x32.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_40x40x32.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_achievements.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\IDPValueAssets\PCMobileValueProp.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jvisualvm.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Sun.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_ReptileEye.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\PushpinDark.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sun.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\iheart-radio.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-125.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square150x150logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobelightfooterhost.html C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..logonanim.resources_31bf3856ad364e35_10.0.19041.1_es-es_f20cd1241338385d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-icm-base_31bf3856ad364e35_10.0.19041.264_none_0afe35891ca55376\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..s-display.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5e9e6820edd5dd7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..kcontrols.resources_31bf3856ad364e35_10.0.19041.1_en-us_0d940bcb0cef2392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1081_none_07a08c6e805601ea\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_db09942beaf4fdfa\Square150x150Logo.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_db1c43d25c426c58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_10.0.19041.1_de-de_87830d53abc825ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1202_en-us_d882497830128342\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_es-es_1b5efa638ab6e61d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..tion-wmi-powershell_31bf3856ad364e35_10.0.19041.1_none_d8ef3c2dafe96e03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_8_31bf3856ad364e35_10.0.19041.1_none_fc734b41dc885462\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msvideodsp_31bf3856ad364e35_10.0.19041.746_none_ad89793cfc7e4a0b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\apppatch\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_98d56d82cf5cbfdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Configuration.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ks.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_d31c1c02d122101d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_it-it_9c4ac23c6d850126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_10.0.19041.1266_none_ac30c50e935fa5b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\Help\mui\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-of..ne-amcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_68e36a79300f9f09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_58f10c521127c353\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_10.0.19041.264_none_f4672dbb03e8cb07\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\Branding\shellbrd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dc13cf28a1dea4e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ksfilter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_309d3fa4642ae13c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_10.0.19041.1_it-it_ba1e797e5556ad27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..infrastructurewinrt_31bf3856ad364e35_10.0.19041.1_none_5603222270d30223\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dpiscaling.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ea68e2e555de9386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_007e7e3a1bcfd2fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_10.0.19041.964_none_507f3b8f5adc2210\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bthprint.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7a86bee10e280f18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..imulationextensions_31bf3856ad364e35_10.0.19041.1_none_b9335b8a6689e498\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_zh-tw_8b37694f9274b565\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ettingshandlers-gpu_31bf3856ad364e35_10.0.19041.746_none_b8ebd5d675f53161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_10.0.19041.1_de-de_5d20d2c4e2f6443d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\baseTemplate.html C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..d-dialogblockerproc_31bf3856ad364e35_10.0.19041.844_none_0dd643eb35c33ce7\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.746_none_a2b3f28a7d262dfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_10.0.19041.1_none_9f6ec0150224d5a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..aging-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_aa7b6d1512cde5ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e8ed852266361da9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_00af3b80c36cf65a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.tpm.resources_31bf3856ad364e35_10.0.19041.1_it-it_7e4c3b1f1c999520\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df0f6f89afc1a0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..-appextension-winrt_31bf3856ad364e35_10.0.19041.264_none_f1b195690fb4325e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\Splashscreen.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_10.0.19041.1_it-it_3dd04c4c8e6d9302\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1237_none_8960a4121978b743\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.746_none_3f2d4097772e54ff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_522638c63f3c577b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-wifidirect_31bf3856ad364e35_10.0.19041.746_none_7f74465c5404002e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c686be49b344fbc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-clipboard_31bf3856ad364e35_10.0.19041.264_none_9e5b7c0431677364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winrt-windowsgraphics_31bf3856ad364e35_10.0.19041.1151_none_7441c95d25d70905\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_10.0.19041.1_en-us_8418c1b8d2d6375f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-storage-applicationdata-winrt_31bf3856ad364e35_10.0.19041.746_none_ccbed6de69b40136\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VAXLNXVITYMSKUA" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe,0" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/2104-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6b7c80811d5f9e94554765c822625f7c
SHA1 23cac1c9d1e9260d00d86a01f15793546ab32b4b
SHA256 258e1366475a525d8c23c1db0bd40203a5a3affb4a20a0da26bbda2339528446
SHA512 72f5b4a6071a8388d8a08c7109af9d8dedd54b1f686d2f88480597179659878b44084b8e902de3fe6093089047070fd7ffb04d97c12e595720c94a8c311ec26d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 6b6f907f9214f224eefbf9e4bb892c75
SHA1 3e93a169e6b05d04c8aabd32c94ebcedb8b0835a
SHA256 830fa6e2eff7235cf1a48b9421fa8a5ba3f7e234added22bfe10ecf1e3d975e8
SHA512 64d9762e870cbb0b78ba3824e7ba5f91c0ff34dd23cffe789619fbe3fe848c0778646dfd25da6c4ba600b81dc77b3e34c9073e8cb41895f82399b4be65d2b772

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 acbdc5a255c7c4ca6e0919648e1473fa
SHA1 9c22b2aa0bfb82105203a3c421b2c856b2744f1f
SHA256 1bc4c3b853fce3848a1ca056629281c89947d598e13c0963d601f010f1ef421a
SHA512 42a10940c756a47b7ee8586b619e173ca4688d23986c6d09da6046e73d4e21b399c1ca644e59112d3d8dea6ed7b63a4a65bc3c7e4d1d0a337b237a72176478c3

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 7cfa30a383eda26d24b8a12ed7738562
SHA1 14e04f22f54775b3748c0755ddd586e39913e859
SHA256 eb0a8714cb3b617ddd3767fa6ed15a5857d1ec924834cd5aa9da54362f250d5a
SHA512 f882c5a4067541a17975afda5b654200a53562fce6386c5b2728b14ec758cd8a8941fc27dcdb38de1b509bbde9da022f356d24f8fbf5e12c88824735120a3c47

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 29ed9303ad18d992b85545cb4ab53244
SHA1 869f56abd1c4d6c2d96e6772742280bb6efc9675
SHA256 b7e3109fc973595c25f15a83c72925f5db34380779dbd99c602d0dc2d34879be
SHA512 bf8e37caf2df567286804c3cb01bc76b92709ff9afc4b37a7b3bad0bbb035e25ddf729f3783dd1063206df3f8304b8c4e38bf43d550fbf78fb1fbc2346061b44

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 3dd84dedf37f2269182dd1959491e5c6
SHA1 bdd5066dff93cf1a4a759483fe91b968cc67f300
SHA256 5bda27aab748b98b963f0adfb4fd28b6939faa0e1fabb2bb543fc5e68d69935d
SHA512 09c6742cf0cbf346de429aee629b7d006927cbe10c7379244117d2ef774b1986ed87f26da22030ce56a1683ee0445ca784c3d5c820b04b625651417d0ae9165a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 006c33ff31ff1eca0625c486e90982f9
SHA1 a3c669542231b9832f667965c65f097cc5e6f5fc
SHA256 b6072cd2005bca40a487ab60fbfb49dbb678bf421bf7b4e323037e3ac3b0f8a3
SHA512 0aea546338a80aa694f42b2b6ccdd1e13b117bc0b3467ccee6698983165d54b9ba62eab2d0735cf3b6f2e5a2caa154dcff118793b50680c3db4ce9dad3764525

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 1de12a2c83e51e3aab44d01e370bda27
SHA1 a5afac8b2bec61a3aaf42eef5a3f8aa4cfba0e10
SHA256 8c3b623608e918169dbb29f118a5c95707d3456b89485dc75d9451881ea9b2cf
SHA512 e8e1559589723c784468cba714a02338f77a50df9f31103c08c943aca95cf9a15cce630820d8c18a3396b11fa25a9a132b86fee915bac43b8186ec7326796685

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 5de6c02f6b69401cdbd3dac4d4fc2c7a
SHA1 2c47484af640143127fd2e4abbccc2eb75a3955b
SHA256 441cc2793cc1a6672331c47e66be6f7eb1660e8506080f2942347181898faf4d
SHA512 f84ecf0dac66d89aafeea47cf9b673eb52cf2fbda6e51b3fc6d18390c1d965956b069587c960249c2e87a1718ed8916e633bf2fb1598756bcc623eaa5205c3e2

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 43ef89042d7356eaa7f45523576410c1
SHA1 0be867bff81afb638ff8a45e4c56de845ccabde1
SHA256 f20a0f870059b789ed326d9623331bc952f6704ffc6b661c72e9dd7e8f540254
SHA512 c71f97f039c7312461351d37405ab8aedaa445704b3a31aee07dd8e553c793c0d8a14e5bbb0cbef4e11f16bb923641e6b99d86dd0f9e58b9dfabb74fd63d8ff7

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 bc3c93d3ce76525e73965571eac981c3
SHA1 58c72a506612c395186fde0aed85bb0d31b8da15
SHA256 090bc8b77a3681e7b9a33c4c292e4439ea0e39653d8946672d94a18184e157ab
SHA512 181b74bbe9482d4334d7be4cc4bc615f5f97f213d20bf666696b1e35e7e709c92e7fd4184b9cf2c48f4a219de95c2961d6d1cfd9ef6ff0ea531c2c8059ffed55

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 cfcafe9fa75af4dc3cff28fb3ae046d8
SHA1 bce7c7cd8087452a32b8cd02291f33363ea35618
SHA256 f620324fe51ca3f3ecf28154a6df20273cffc071e405a7a1b3b5edc87c88bcc0
SHA512 db9073ad6ac1a4e28dba5224c07aba8b39e5f2e0a4b188a7a43bfbb9b4f2fbf96b814409834076c13214c39663a88c8c07ad0e6f7d73bbc5df2b457cf3d817ad

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 23aa223dc6df26c8e705b8a73654bf17
SHA1 7fc2a6c9b7eb96a4612af9a01f03b6f1ac1fce4a
SHA256 6af7fb29c944bee41ed4ad17a6b9d954c3b5efbcd7aaee9baa746352fd5a4fdc
SHA512 9232a0d76eef034fb79bb253a501de26ebebf8658f12bf584ac762252fb874a6a029bc594e04132ff37dcb5b4c1fa7922c68df2353947be6a55ac96d86147e11

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 43a61e95699bd7272a8a9180305a8ea5
SHA1 8ceaa2a035686b358ce8b5ff6799af6a45e25b88
SHA256 7b3bf087d590ee71dc55cdbbdf4e5deec6bdcd331c693e21d6f6083b0fb3505a
SHA512 1a8da9914b38bd91cc7b777e2bee1dc19d185af6d3d7024992763f758e9e1d435ae30b4c439a970c1e486302ea2db7289ee0e79368863439b5f4a0b22134ba0b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 5b66000236efcce39cb30bc46c92b077
SHA1 bc6d460f2dc75740525a4f7a5f188e2b349e655d
SHA256 aef77b6de10926c914ed0f6720ebf47172724a34af1ef8549a197a41c7198a96
SHA512 416c691f76cb7527eb40e1d691963a560840d2c099a0a231f00e00300f529014cbbc813d524e5750f32f7f663df4e51d26147771753dc09fba392ea674d60a62

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 99211618165cb674d4237792544d594c
SHA1 7e5d70c6fc4614519360f49ee42a7a363cb160db
SHA256 6ff66bdf72df9c05de75da3b3ac9442b8eb04185518538e712d4285de04888eb
SHA512 a1d88537cd83709495f96b51496fcde4d5d5289cd58444d7ca3ad424086505d0038c99b8eb19390c04727001e885052715a1ed17f03b0033414be13a354237a1

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d689a7d4be761ec17da220fa0a2dc86a
SHA1 907084ac84c38fdc6abe7b19ea5affb53e4b018b
SHA256 b7aa096c20bb664f06cc9c6a145186b46e122669baa98f10e04510aff6f60494
SHA512 3c637c96674c435c13ad0f72530149cb581a0502a590bc9363b087c7fcc9e2441dfd936bdbe10b2370191668b46e071442a0340742be520289063c16450ec220

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 942027eac0f27b3de713142c51d6d6bb
SHA1 1674f3aeabb5b37faf0bcb5d041bd5a965198225
SHA256 8dd3387b227983fce0d1177f9e67982a52080e7cf8ded361ebc9ca7f8033e81c
SHA512 e33f4c39b1bb5c8300f23e78a41433ee88066f44f50a93397ac3e23794c942e11f2e8ecd49d998bdb35fe06bd8d6fa331fb7115ac3921e5cdc763fec5758cd0e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 94eeba9f79b72fc0340837f998790fc8
SHA1 18f81e65a1df172cfdd7bd3b0deec3a9ae179073
SHA256 48a21054c932c9fd6a8fa0ce6e0eaf71ebab74cfbeb823503db9eaf3d96e08ad
SHA512 7172d9c6aa9ffa23b8be24aeb7bf9ab365ade37e00d2b871a0a0ac96e49910178d724329e4123c0bbf2cb21327949ac8f0845114a27955c702036b7dd7addc3b

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 3e5f32dd091bb58f5ab59fdd926db620
SHA1 9cb6c175ef6d28dfdbb98b1d3bb9f9dd49b85157
SHA256 ebbf80c049ec08a40ad281dbbd5fd107ad1a093ad1350b79c9c39ba3ecef91b8
SHA512 0c339a656e436e24596900cf966e8ae07fbb96683ec1c7392e7ed3bc6be364614fafb60a6c8eb7459f8861dcdd740b645d9b3fb335d48b3fa9ba5e47ae74e018

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 b34b4754b90de1d075d717e41c2869a0
SHA1 1faa0fcad64e57d7d3bbd830bb83e409de3ed6f9
SHA256 07a5954edd45e2f31a4b3c187ee2a4d8490e3fffcd46756e63e5290ce6101e64
SHA512 bdeb1e1715c4fa72e0f900f8a0ac14197c84f9c0fa5aad1ab98b1803a4848cd92d4cd4b9e31e121499fb2f12e75f7ba8b025cccaa149706d84949fe0fbc5e866

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 7aaae8b53606e65483b2935393e43325
SHA1 216bdedabe31664fb7d140f0d8857bdb5be39234
SHA256 bc286b5510b4beef2be0c0d2908c84d86d6da33858f7c774d56f6fef3c09fcb9
SHA512 e2fc1d07255b128775337a7e14ca4627e1b63ffe673bb4101fe2bf70339ad5574d7eece4e69ed2dfe6cc1a0bce5cd8654d1d510f56844579f7813b1b921b4c45

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 ba738db84d781a13d353100294f9aeb8
SHA1 e4cbf6a8d7248710bae6adfa4e9305e2d1b9da1e
SHA256 6adae6c4b2ab81e81b1e2d21ccf5369de6b5df5f3f0ee101b0cd48649b485e1e
SHA512 14ec2253ad83076793b9c0c99b058c28c90bc16ce125a742030c716d3edae5a1d080909de119ff6f87dbb0a96ebe8b2699016f1ca9bddd47f6027d3b82a436ad

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e6807946c0ce250a5e4e94dee1bef03b
SHA1 3e9a80bb3c47a7ca5633de8009a52fd6fc0f8f35
SHA256 6de734773db2c3afea1256ec64e9c786e76556ace6b299b2a8b69f59c906afaa
SHA512 e11e16a4f8c168044097c668e70c74c265f400de63ac75617d3e368c3f6185628542c3054e6eed5ae923ac46c78aa36cdadefc400c9580c8db1bd9f1fbd13e38

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 aee5ed85baca9c7f97b14e7caf47b82a
SHA1 97903dee1321229afb70a1a13f7c5c99585a1fc9
SHA256 80e1f448ad40e6abb711a49451f0989bbdbe00c632a0d91dd489d18f75e003a9
SHA512 dceebfc67877c005ad689a96c03114eaff91bbe558185cd59ab225cda28384126bb6a75446cf1474e3d1500bec2f2df6d6f4b1e096c34974c95edc81c5aa8fa7

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 2903d61fd61100ee7e370276842121a0
SHA1 a61528d02b90cb8749e449c1f3e3dcbeb32805ee
SHA256 79b795cbe1db910c51e84dd5f57c557032aed314fba451690cb74446336251e4
SHA512 7726b34183027d7a0adae731fecc6f2cd1a72fb3ac1066e6fb2db88df1489430a765cb336d28fa592b5213070de940b1206a7e8de6b1f7c52ad5529e3888d40b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 ac396084574c97db413facfea72588a6
SHA1 9c6c64d54654bf0a31b916755c1024e5b4d8fccc
SHA256 0f9aae257fdde751532bb7ae87c0ae3094c10153cafe5e433605dcae79430cc3
SHA512 677a427d5a8cfe3021f8c31865cbb041e7a561f993619d1c68a998ce44754632422e504b25d8c87d1c567de5dc6263771197120fc5f6400881781462bd1cce95

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 062df93afbc74bfed21335b145431ebc
SHA1 9481235213d8649ed0f521297d37e2e9f7676bae
SHA256 2b78b2d1272038f3bccfda323f445cf02a58adad178011a6efc0d643136822e7
SHA512 5822809f019d19b6059a33b1e99049aad463ce3745496080bf1561bf1c5af872c5ba053cb61908f058ff44ff67a5922aa387bedc86cdb8f6925771eb802f5824

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 ad4133fb5d99ca6ae2fe5a80c1facef4
SHA1 ea09e34235acfa7ee22ef20a735015bbf0ac8a34
SHA256 93ef013b8cd45d03929e4b404b29ee88acf6f64119a9daf6c318edcdffdef893
SHA512 0c74aed6e02d78da8dd7706a7aa429dcc1d90ad314d5710ca33a76dc60b0ce3a99a70eba58bee1b4918c40f858e8319ff75c952daeb239577b3525844609018f

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 c617226863fed87bbd20ed9f59b51f5e
SHA1 97fcc99ceff6fd215e55f0fbe612b03aeadde201
SHA256 dd4e9de82979880dc7caf9bfbb60ab2a5b7db99de8f6b11ec744ed8d8648c416
SHA512 31fb4a387145bcddd0ae88025455f2f7aa97573c11152b05abd65731c34eac58833e76f1adf9842023a331dafcf216e4a8b51f8b555ffb880a4e93734ddbd6e2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 782ca40e61b645275fc6d10e50853b60
SHA1 93a891e4ff7f26078310534a95f5090fee13050a
SHA256 ffed73b3b8684001ba093e36a0bf0d66f131bd1ea45bc432fa608edab0aa6d57
SHA512 1c444333271cdf0bb89cdb1529fdf78173f4c1daa2b0940813e5f47a24e1eb53d99f24067a7504bfea9b27c93e2c393de3a21569de7446d3c307e0ef9d3e7a55

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2a7f8ba46f58649db0f8a03519ffff84
SHA1 d451646d55a99b6b44a49be1427a4df45d6ebc34
SHA256 bfd3a47c4eef7d3fb8d7ba5bafd2fe78720f421943dcc7e33d13cfcf40988fc5
SHA512 a1cf4c7b8f91cd30867d7893ff87f705d0020d8c5c451d77721be7db13a3e268a8ce752d31595ecc060e970cdcecaaa3e79c2c187c289887d76a88cfb119fe3a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 ca2f67941cc73ad645e82d5fdb2ffdb7
SHA1 a2d20011069845b2357661c282777183e89b0ce3
SHA256 c641d1b5e38d96c4ee55922db6aaee0eec18939e7f04175910c397c0e1a3695a
SHA512 a95d6b70d00703ca5df7bf670cdc6ce3c527fd91e6eeefabc3479664302a9cc2f988cd91eb426b9df636fbf7918e7033c926ef725f146b82decff4fcc0f942d5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ddef15cd3f991b3e4218f2703cf20896
SHA1 a6aee06249fb64e1cd63e14f116cfd43ed62e1c0
SHA256 ddf84c8d5e5cfe31e06d83f9943cc4f793d86d8b6dc58fd26776a2e43df9e2b1
SHA512 1cdeab54fc76f2ef10c46247c776f23648568badeff88235d69bb747222650b90d70126ddda806c06ef458114dbb16b21cfc49d4cd60a905f1dfde00e75e1788

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 8ef61afc6e9ded083e886f0c16a4c522
SHA1 e8f71be546556813a09e790bdb4b5a6f08b54c6f
SHA256 2c76564760278c6357d7f0f69896f82ed33d4a73035c2ce63ced171a7daf3eb1
SHA512 427299b87f5e711c35292a0ef6307f22f6c0426b8ccb85eba5ea6096d74b4845ba105b2e9727c4dd80f8bcfd9fbd1d2fd4dccce8fecdb16d5cab47c1e77977f6

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 f98a2eef372f62abc308e62bbc21b711
SHA1 df67911793b11c98a8f98a644dd87da183c89f11
SHA256 7adef761285945052972a22c2a1d3afebfb96f97053c8d1c77ebc5bebd215bd9
SHA512 241d253cf9f67318142c1eb5dc9028c837eb53e6420e823e34533367a35f98da1fcfad5a7ecec20f1041ae23a8f4e6efb50ce9f94fb61fc66a4131d277ed62e1

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 eda330f43a24a29f73d7711a92a657a5
SHA1 ac7cf140f485f3e879e596d3f7ea144b54fc0222
SHA256 4225e5da54e0b0da6b44acf4aea080076c553a028e69dde475ad658ae0047471
SHA512 ec9072a15dbe00007a0a6aa7e93fb96d34f752cd41c8c6302ebe1a047d463f8a7d7134b5c01497ea99fee4d1202db48b9af04ad70e8e4f87f01cf56e9d2a6c1f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 251a9b709a12a9d7a6408e8eceee22f8
SHA1 b39d3eaf385b5c6ac809fe09cb988dc006a06184
SHA256 0d95a71ad7f509dadada1618d8d6da1da56432efb0f6dbe418c06879d6fd40fb
SHA512 1c4ca2d3a3277d9d8a8bd58fd9450f4156d29f1e3812dcfc587253e7e0af3bdebdc8abb3dbcd56a15cbbd392121273d639af9528b09d857c65b2de68dea404e5

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7c97b4c9ab54acf812d1cff13ba09783
SHA1 7d95b28776553c5ec7847186604f52a93baceb6c
SHA256 0491d6d8a1e531eade8ff592ff5cd79510e4000fd2cff5c43026a3a23e4155b4
SHA512 67e7f293bb082e53bcc0c18926eda8679707eda5bdbfaacb5e57d5d308e8d0647037621511bdcc5ccf95d1a5502d378b77dfb2f19786754845e75f924c4b654d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 1af9689032901d1393b5df94b26f9592
SHA1 cfa056fe6ba790daaf5ef6e8bd090b75c6b6486d
SHA256 f0fcc0eb0943d5841e80657bcc15a9c794717c533a1e08e698976192962259e8
SHA512 a1cccdc115a674a568577e4c0307d1e6dd7d041d2540000ba2521c3d145098728fcf0a28cec74ab61e087aadd35fdd445c903fd161176e874923cae4d7f5d2f2

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 de8585b15cd2369e28cadeae886fd190
SHA1 117f2df7b6068be48f43c5ace5108241fb849025
SHA256 8b3b33b8295e84f047cd09aa9fe437ee86bceb6ad885d7c7d11b98847fcfcc22
SHA512 af434bb9c9c46236e31c5c65a21efcd8da54ccf736a1576cebbf1f09fcbd0321cdc791f538dba4441f6b946c27424830c10e0fd5e9889e1ccd702046ae3cc656

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4b3bd2f408adba7e611547677b6b95f1
SHA1 d711d66fd34634deac1c782b2694797ef9ee3388
SHA256 1707a65450e2b9f0c985be84f991fb472f353a1bcfeab5356a240834539e6a9b
SHA512 e38498271880b8ae586d34fec597bfc2a9e0d35b7173ce5315b3ac3bd0da70e835642512ffc17551520e8f956dbf4d08fa38c0254ca9ca60f1a3ff074342b3e3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f24ae79b70ffe5dae1f365b46f449d4e
SHA1 b134b1ec811a7fdf87f71e79593377d5ef2adc58
SHA256 fbe3c408107c82db26319f2a0cc6f10a777be35d7266fd359e88c653b15b47b3
SHA512 fdfb207adf146fae3fc066c7a489c5f5ad6bef14ae2c9f2e0ef0b40c6e53fb6e696dad775826b8b9b6241d59b3f7e291595858ef8056e8c881de90960fdfcf42

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 52c8a3e889355fe95f482328a3e2cdca
SHA1 5c789b45db4f9d8d33af14e7a39e1a3971ef4864
SHA256 80d70f03d89e6ade74c41cff9325a292f280675700c6377fea13d02804dae0d5
SHA512 2c4f56dbac56ffc2190117025fe3f32d9402bdf88f1dac01cb6490d2bdb08499a1d324567f877c81a3021001c5ef0c62998f8daa9b1aa8d6e0e358f10cda04f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 144509489142c794d4b05c2a6462856f
SHA1 bdc2126a08a1a22bba8204317ded096d2a605959
SHA256 ba56ccfd046aa5c39b2becf760aa66d09b434c01e4d1b75c77ccda335b89c786
SHA512 5aca57be027ed5666c8808e260c1f498826633cfa2b77bd1cedb58fc9e8d645715de29e87df19962440490c5df17ff3d7fa32215add28057ebc3a46fe8eacf1a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 43bc2ecda3509bd4a18802cfed2fe7a9
SHA1 480cc2d141bd0251632f9fe46808fabcc900842b
SHA256 6d0e391ce99c1052117d9d93784db379559edf3befa36e8fa486fb00ef88ceaa
SHA512 3316ec49ca4ebd845e287e155e89006c494fcabb29dac1c3bd9aa0f092e61ae143859622a66d30f43a689bfed9d91f191de54acd21a2969952cc85e8bcb38b54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 76ee4e88a92e5d034bc05c343c7e816d
SHA1 5298ec66c89d63781f18b633f312152cb429edee
SHA256 e909f0f8f695b42b558be276dca40e251ca144a9e9a61bb684d29a9550751bc7
SHA512 d36ad67ca46fd18127f6a4394e5935fb759615200d3901e0cab34df5a609aac8858abd077e7369ab0b9d39efca9705382788f6b33e5c0b04bbf8698334026e75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 0024af8f542d2920c44bd5f9ca8ccd4e
SHA1 6c329304cd5909985a384846f3915a7c93847375
SHA256 78952869e1a613a21a5c42e9b7e2597a03adbc108195cf5560c73eadd9650cfe
SHA512 15bf1657f8f9e0a89c57e458eeaf08b20dfef434c4010f2753f799462df9e979f09a5ccc577af3b5582178be013fa28e044edfcd958f53710e1cd6751c716a12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 93b3c56f58375f72057aedf0006e0fb6
SHA1 ea5e2ae708a44de65078c9c30121bffc9b20068a
SHA256 ab9eb34c3734a649259418991b474fb3e278c713fe947e62f864fda1334220b4
SHA512 d29bbc6e987155a6d3feb7b1109880b5fbbecfcfd5c2f3b95162da5e8ab75c5d85e63b6cf6fe485fd439e28d281d11c5a11ffc0b659d1a05424dca68a068c5c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 7388cba181974f2cf23af6426fb3c650
SHA1 e9f2784fa23ae898d7b24f85f991661c1a2128ed
SHA256 4a12aef2daf5ec64b374bf5cdc121ba6d6e45045a0895d376ec03f3f67e67394
SHA512 db4af64d3ab96fccbd79271b7b9031529fbeac9cfcda980fef7a36b957e6f33617ce7d599eb9d1286df64c02ac27747b29d1d4e3fffba22a855ed4d7baa44658

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 3d5f7aaeede23e50fc37123ad47667c1
SHA1 67999ba40754e07dc91b4fc7a01aeecbf5eea5db
SHA256 96bb924427194e333e07f51148ada7b766adde80bdb81332cdf54a6e807c6ee9
SHA512 54b053364b9e745c61d2fb238888fd2ae263ef6970496d4ee8736afc15ce161a83198e00f658182e282d6168250ef7794227ee3e9b18dbc0cdc5165fd332b227

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 c7cdad2b9d75e4b5a33672023c2fcff5
SHA1 967c259fe5c2f9f32c4f0a6f2659702c3bc15926
SHA256 113a306ba0ffbcc3431ab3b7de2b6e363255f20ee8aa448b089890e7683410a1
SHA512 f65b6e000968cfd4c82cf0d20ab37c14a3513b645f711ddbabf83bfc0ca5f202bf7b04d4d1335c3a9dff74c09e0e4ae214a1c7e9b5c3abde658a7c86a2eab2da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 717ee9ad41f5321ce754cf3b5cc86b5d
SHA1 56e51e1ea3365811675a6e4a8983dc6dba714347
SHA256 16479f218c9d2aa194e6aad4f090c9765fb0be4baf8131f5fb0da716ad5616b5
SHA512 0260e45ee3ed3cc324ede502b861975280f3b9acd59d7a89131061ebe8ed112395c133c503a5eb3811fc421fa31e5f48c14da12863a538c165abad3d4f6d3012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 72afb0ec03b75668f1d19b42d890249a
SHA1 28d0e590d2c1b12f8835129cb4a5c5d787c5eb0e
SHA256 ee9efb308532bd1dfddfcddb32b014cfebafaeec89ad71d8961760df92b75f9f
SHA512 eaeff45c47d854d699867f0e67ec42c31747e5e0e4e339d5b11e158c4b2473fd42fd10ca0843d4fd2e41da238cd0290f2116872f1da391671f4dcc6e4aee9e37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c522ecced278020a0de1636ad5d88b34
SHA1 1e2942fc34934c2936c14d28174df12e7deea2e8
SHA256 547274e057a572b3cc164054f9234f71492533b33348f48aa07af89eb11a7704
SHA512 8b92b08243f210fa86c286aa4f8448e5d8c3f313ea4688484ed4e81aa82ec1b7bd072e7ef08931d4f952369dee37648fd6a14b25a4753e8fa68913ab5e8ac8a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 b08bd92f07cf87b0810fbb1ad461a111
SHA1 bf6c9637aa8eaa8538504c369377df2b69283857
SHA256 e791bf56e32cf63cc93003bc76beeaf8b5253e7cd9f3cb80d85effc128a6f59a
SHA512 a3def4dc7315222aae8336036d2cff32e0c7dcea558bdf49ede7ef9ac2c8c3cd70ba7307d508d90306cb09b6ab52e1cbeefdc1ae732bc66ce4a286e5c52e7be6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 bb476a61735b299e72b1c3f32160afdd
SHA1 493f3d0d16b1bcc844aee4b15aeab721e49ff910
SHA256 27b6a6f1e60c7807e3159edf886eb4cd0f19d35a880d5b5f4f30c643d792283f
SHA512 924dee3dfa0176c362ae81ced9890e1231740482b9027f46723dbeccb22fe20b11f48d4f090b29cbee17d16ef782908160e69347e8e2a13099e052c5f09a13f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 3dae578171b20c54f011b7a465e40cbc
SHA1 45f5356fd81e62c3d72d90c6e0f2082b40797f3c
SHA256 57c73588d853d83c18baf60d16495e3555e54ef9d4a71916d4bf08a55b4f982a
SHA512 5ca78b3a9263e4244f4ea15fcf3148e09a66939e851a29251929d4daf89ff6bac69c500fb17aaa0d536b33dac38366131646a5065f96b2738972241b8bef9319

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 42cce23972504fbb31f15c790e616ff0
SHA1 d2c4c1dbc9590baf9185f303a56f25432062a83b
SHA256 e5cc004eec788408eff2b109ff0a0c3cf208399857fdd6ec3d2021473959c95c
SHA512 b6bbab7d971663967e88d98a9cb1974019eab4c7a1649a065db7c5406d7e97aebf5cf1594e3eb442b42ef3d22b5b0fbc3ad5fc4187c814e6ea0722e43e709ed5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 b2caaf56492e55820b53130c9cca4399
SHA1 f211f12edebc03d787fcaae08e9097284f961e02
SHA256 879e3db8db06dadcb2f82f0cdd796c2a865346c64b431d202f51a66285a82d0c
SHA512 826ab781c7314ef3f0720c2f40509e7d913c01342eeecb91e6241c8592eb115cbfaa3a49387b45d6d8ba7a88a23cbf409cfc413ccc4979e1704fc0ff3af760de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 571be57804f92063d58730c0f57edce5
SHA1 4e06e83d30294ebf9762f27cf661b66346b43bfd
SHA256 7eecfc6b7f107333afdd3f2293077de75259b48ed2a63526205176a738faa6c8
SHA512 23e585fa0270cc0efa24136e264e82c2a7bc7a49430485731db8c7e5c62d5bb132c3d0b2cf532d17a7651a6567fc1bc559985ab94159d6a1df504cb3bb407ae1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 199345aeae43b144ebc9b0f6e9b4d774
SHA1 fd0be8551fc23a36c21768296e49a1a7b9de6140
SHA256 1dacaf8b367fff15a373a2e6e2afd0381f4ea070cb0bec007f3d1ba26293c606
SHA512 fe33ae634603f880e5a303d5853671812284f8a856e218c1e0361522930febf21d663646f6327a7a5c4d87942816c0a12f7c0718b047447fcc861828f8beea11

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 9b7af48eeee8547310b071f621d72e62
SHA1 52dacec13937746be2e2abe5d549814f87291dde
SHA256 57a9ad1660a5ded149b933e697faa79904dae677b544bfea35935a0d93185ae0
SHA512 4cf0700af0748fea9cff67aacc120257f9d585ec9bb7ae2beb9e88b60234a51f265438960f123d00221ec98fad5f84743b867a24cf0bfe57a785cf6d8f23eed0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3c5066996f5d26a449447e7180b62dff
SHA1 ad2b40b5ed57b50a6943b417a763f2d91c6b381f
SHA256 71a7d06c09a548c4f65339e0bc8f551bc78048a22af3af6c1c616f5643bcc34e
SHA512 77f0c97198b811d28cab4491e67505e9b1292d3927f0cfb8d0031eae4ade05c6f8f2f6a4474aa3951eadc22fb4b5fed8baca7f3350aac76751771548ddd9cf31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 0091548901d34732592da7a326d15f78
SHA1 52f8a225e5547af4d1c3901726fae81ef46ccbbd
SHA256 b3e75cbe526f33263177785997bb956dbc665e1e51421bfe4af4c8b7f2eef047
SHA512 b7d3d8901d91c5043fcc88b719dcef1c8d7343879e024e35f6f4741505ae481ea07fac51e6ced68f440a40cd158069316ac86ccf34550e3bd1a04bfd516cc5ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 b673d2529fdada82cbd0d248f56caa21
SHA1 3ac76b2a9544b67d8b82eeb7215c410da37b4eaa
SHA256 d2fef0b60bb836c1a84b05cc95f8fc117a0455f274e6f235c87cc5043e547eef
SHA512 208ecfd675c03c1eb6477d735b4f74aa3c8b890dcd2d2ad9f89b777601966b7a0ed9d4fb8dcfdc5ba632cd99f7ecb82de835f8a29d40131bf5a2a5e65269a4b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3760f152df0cf6f8e31d4e1605c01691
SHA1 19751dd03eb1840cab217cd3d208a1f5f939d5fc
SHA256 9be5d0335b8589b898d2ba4cc61797d38a9aca7f7dbbe81d1c1ffb35c5e6584e
SHA512 c5652b0e7724d2972bae4c22e83ab298066e22bb137897b481dc491c11c49f0978d602f0a70ee75b9c4fd602730a9f8b23d63d7ef42c521e16294e7f9df91e63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 fcaa25c41daab46e503c559a9964beee
SHA1 683de1668b176ec69d43a2b85c065245e47f067c
SHA256 67ec73252b6b7e1553f10633a657c5a0d695fe6d6ed7439e16ea4077ee4a5304
SHA512 eef3dc3cc6ca135a7bd89f76bf263205bd72b016cdde1b8285b3c4cafbf94e171f87585023bd0ab54706b008cc3a4b205856baf008850e8eb01c02f1bd0acff0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 64e12002d90528cd045bde1f8016297b
SHA1 ef8d78bd4452a9acaa98ce4655d84b56b3ffe21d
SHA256 bda3c12507bf8fa76bd88bfaa8e7c85bc876faa999dab9a866987c4d49937aec
SHA512 05418eb04227a4338a2ba1e1b79175ceabe3404fb5eb44ffe72026c4a9bec12488590c4f4bd90d15e01cd71e5b218ea01a0a0a28a43e18ba989d9993a5a7b378

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 c0f399356a496b819cd4511bb4daa416
SHA1 579e31a988e741e50841ea7a7ad5f6963caef709
SHA256 a20fe47e0c2d5fcb8e795a568a21e763b1d1ed0cd7f8276cabeab2fb513dddfb
SHA512 d4ec435bc197333f205643a553995ab9ffbddc7a6350a4b8fb446993fedba5a044fc358a591c1738f7f748fd4edf1fe4fa8c25a7b5f7092b83a3c78504f68030

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 69e74f77a828cd203e58f3146614ea76
SHA1 4a09a8ab3b92dde07372d18f6cf0a44bd0458eea
SHA256 2d8ef0c6cfc261387021d2ba0abf77d020d30d44405123d47f27e40e70d925b1
SHA512 4d1e482b8be3e7abeaf494c0a91088bc6c549f6f1d88d81e8aafdf872d3ad38fa3d5674dd54e18bf14034977ea678667066a4d514581f4451dab477bdaaeb230

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 9790c47570b440f555d2f1c74bf5315d
SHA1 ef696f0de24aebc84c907f93025a4b2dbe61d6c2
SHA256 d0e8a05945d21dc575cd4f3b1527effbfe03e6058c702103e4563e0a01f64299
SHA512 0b3ffe3b1b6a6c11fd3445bba31ad093156f7422a0b4354522dea04cbe373443fe5d12a55d0e2053cb3012990cbefc57a94d9a306db79b1f8e46cd4fcd584d6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 1a06eadb0bdacb9550f8d228cc51eb25
SHA1 d5930be31fe95903f28edda91e7ecccd7d97a5cd
SHA256 28af9e6cf88e3df0b0abe46fe332c3fae8dc425adeaedab1346d7fa8ace97048
SHA512 c8d08f301ff78c440b2954bdad466b7e8d95c97b65aada1f898daeddb2a37bbd743eddeab84a64f2501a2ead7b9740d46263e5cb4283611eae7f47418bad0695

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 752abc05fe609bfc84da1f5ea1ddf5c4
SHA1 5aa00b03dcd41883604ad11f9779df2577c56afc
SHA256 1518d50f12732f9d04c6523dba3cdd826c6ba66eb727d40955126ff17f4c0937
SHA512 dcdb0c20e5cc3a7de978f1d658f8c8a3bd42e50cdb439325cb2daf527d087295ec021e901f854a31208ccaf6e357f5bd8bf186f827061a311a6768cf2b94ac75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 28f59a76ae3af6383220eb620ca0dcfc
SHA1 5d6b0f821f67a38e3c84731c878c2a72dfc40e48
SHA256 d8ef810f9774a0d1fd06358ff8ec63c6c141f2091d7f4f13d6da3a1361018257
SHA512 e42df4ee71247c2f778a56a05601b58d752196f5f200cffa791a863ed7323da1f441edeba3e762b9e5c470ca8b260eeb6b0606e1ee536dc4c1edf676f867db6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 1a9edd5872bc353398fd7e3e7abeedd4
SHA1 023b568e815f29fe7c10dcf7214b6fd850f75d74
SHA256 9540e1f347f56067788004889660116f1891231a6a2df534bcf8c88f177a3aab
SHA512 03c044bd6375c5df1158aa4e73b3f507fbdb433ffe076df1cd5a1c5600d452c3c7d737e891c15b347c069e8e1efb46665dfeb33bee38972273d68905ea0028f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 2593b2353848b63ef507ab114ec149ef
SHA1 0ef63c34234a9effcd2eab73a9a82d1c2d9e424e
SHA256 d3b5f5eaa78ed9c4514ebca87efa0a666f0a5db94bf251d4f020d16c4744ad37
SHA512 52b3868a925dc54241120a752dd882c9757f546cd3093ea6e9dec5e8cdbdf1214c6091d0441aadb36d1d00825fb4734c9dc4025acd326c8b506e86b495b51a27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 2cdbd4a7f81c0fd6f2d5c3425489cf56
SHA1 c3626709badc6a41e5ef4f3d492d3096623fdd38
SHA256 d2eddf23c708c2c654ca3c9bfb0fbdde6a1afb89108fb9ace0b1d09c09ad8ddf
SHA512 df41b6d84a6c75cfb15681542c00500d9da19fed3cfeaaad8531554698fabba70fe9e9c53f954c578a2824d85d48a0a58eb492000af3081501d7985d321e966c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 09945759c0b772356247296b84dc4621
SHA1 1d892dd23f86ff3c0349db7cd8c1716395914076
SHA256 f00a577b89f5a6171ab912b4feae458f39ea29432efa8fe593ecf1065535c405
SHA512 17565aa67ecf7e7d51633009e280a29b9395c51898393b4c24c3b27be27c64d25c52ba8c8d5fe746eb05b6919f391880a80f5c6b86f6b349f81d8b67f746480c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 7ea8311e503d17d9ddeb19d6bac9c229
SHA1 5475c070e8a7348eb6500e7e360c98c4388fa982
SHA256 cfcd45c2aa3ec4054bc18c1f2ee28b79beea35780ee12ad29fd5d1a7589c61cd
SHA512 49ea3ddd29c362eb902f7522bdeabfdcab8971336381b1d26d29c3ca583ccc972caa120af8b9e671e1ddea0eb72ed0767a078f64d5117bf81ab682a1c01c580f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d84fc85d80849fbfa95a7632c72446fb
SHA1 b79f99dc50047293af9ce5ed202e0ee41cb2bd96
SHA256 a2712dd4b2f9b92285e439215fc97bfcb8b89089e38011992cbbb9fabe4e7859
SHA512 6012c2201b56ea7507211cf00775e9166c1a1f50837dbcbe6fdd519001c9a0505153eeb890e0ce1c70692de1e48f44341ced025b38d8e68aa4867657ef8569f0

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 1a7cf6da3805071c0e7a693a37830e22
SHA1 43d358520239fd655e232585ef8bed3b481ba66f
SHA256 318c3693e17b4c6c0ff633d52f95c50836bd8212366df1e2ff6a4997222cf318
SHA512 07034b2bce0fa00b5982dc2f9f72514f25e51c3f74f8ec6329a1fdeaf555a0fe34ee8fa47bde92225f7fca7c48789c3d9813c8b79edc419e57fcc2e0105d2ad4

memory/2104-5538-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-5543-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 94d322c28a7e5bb4a09d8827448b8cda
SHA1 4947578e9215608abfd6329d048df391cb6ba7d7
SHA256 13af8f130855bc02fcc118e6914cd77bcdcbf21e649504efe50982d497e6a926
SHA512 1a1ccd871a03c748d6c8d6371772ea5e90acaa7468a9bb7e9d2c63ef91153bb22aba509ef9d54541c7d0ecb72a0302b7e9f1fcc1382396a4c171aa5828b8468a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 ab880b052391ffcc73b02440b0657049
SHA1 ae7b3227292f32726c111c655efcfafbb822ee77
SHA256 6e04643193c4332f9f7d2d3a95659c203de8f963eebda6c1923ec9006b8c99f3
SHA512 0308b3a63ea5cac3e162e144812084161e6192bb984221c0255b6ad40559f361db3838ffc6b6ccbfc48c554ada88b6801d5f13769a713be8e28c83d786b64dba

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 7a4879132d8699b216677ab5e2a661c2
SHA1 300315e63bded3fdda0ed87a075b7dd252fd3ae3
SHA256 b59f5b61ffc30e9ecacf8b3bf70712332781d8945a732ca6c5ce3c42fda6817a
SHA512 eac7be80d72ff69805dd35320872549baca9cecd97e8fe40c73404e85902db4b0ea0c752b71bdbe8169cfd9d0ccc12a767145c00eea3879871af44fcea325e8a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 ff3266b8e77c7e39add1a8fc6cbab5b3
SHA1 7a5afb828b75a5d92d8371558e3100ae118ab59d
SHA256 2bd5e04752eb54e97d6e99c8a7d7548ad89c746332af2b82abf0139e8713950e
SHA512 be32bd3ee4182abd6d1b410c8a061c8e0bbce8a8d438fc8f9cccae33eac765906966ed999ae4c13dd66c0c5779f08f472b36fb3ef953b546b054b815a00cebcc

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 a7fc5c97ad34a7134aaa9f5817f8e9ce
SHA1 9de5edae632aaf2dfe45f50f4a8f95a92f31f218
SHA256 c64d5d875ddc120a02f5a1ad4e1f4ee5dd60b83d89a573ec3b4247bf5eb2c5e1
SHA512 ba934f2a47be666260d2f025b382177ce0e31a6dd8869326277a8ae66e7f29148768305e76e700b22f2b78a6993886e08e0ad0568b440df2f8e22f74176fa509

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 afae6dc985b81897e2d65b2a503395c1
SHA1 9e653640ccaffc94078ca66fcceecc1c2ef2d03f
SHA256 7316714f172582fbfd1a912e96b1dd3b9d0bbb569b8d3c9f4c802d747ad261be
SHA512 a2f4c2ab0a812bf97854dabab71c480a847397d2b7a9cadaca6db73d475cff07ea5508168afca0efe3538a0fbe3f0267ec117db2855ac9e10eff539c34de384e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 967d53ca768a8aac82b87ab7df59e8c5
SHA1 3953ed8c63e3d402f66bb9eac33967faa5ada9ac
SHA256 bb05f755355f52c74140317cfd613a3b5e1ae4b84cc3d8198a9b3be283babcf5
SHA512 6249565ce6c283120872b561812c10fd19628b69c4d42b2bf5a4dd3776fe14d4a6626efd99251796f6d0ccbec3c25f4ffaeeef612110a1a8a01e192129fbe01b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 febbb5c2c009377f1faec937e6cd8d25
SHA1 09919bffc6f904d11ed0f395dfa3708f79eac1af
SHA256 b83c7cbba964899477862fc4e22abd1429d386b7a3f0476fa6f88372bcdbc0a8
SHA512 06c21070a60d2de10376e7f7c83f8c779e9c9674c2a6a9412ed4474fc0778eaf4411a9804ee3e174d97b5ab9ee051eeb55c21c9815882885510bc3c8e3a7bd48

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8e26bd95a3b0434a63b79f4c35be4d31
SHA1 4ff0e89c8fd70a65701a1e4ebf933075946163dc
SHA256 e8ca358d18236dfe41e80214e317d8c7340d042a7d1853661d50240d07af0f4b
SHA512 e3527d57a59ed98004425428f3473b36d82349523aa924bd3e2827bea4959fcc435cc2996caee767cb0966682c17db6dbd94383df50cb7ba14a31f27148b32aa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 2c26fa04b0b215c70a00106f363b603a
SHA1 40863009db6024bf54b8023a301740f8c9cb15a5
SHA256 cbc80c9f157300be36cfc072592fa0fe556373f39ae082c6dbfa3760f7c8e832
SHA512 209c57f57c58ac8a84cf7ea150bced9019499f85daf2a642b6916510df409b5255ba4d133821a15226632d459e28b7e3fb38c30f4d02b74d1a193e050596b0e6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f430a9d8ab79da7d2cb924a7a8a61f4b
SHA1 777248464a0f08a070cb8c512d1cc4a12aa0c651
SHA256 29bcf4983e1cfb54268aadb2c8302393160f80a6c752b79eb5395c8d8cdf6a76
SHA512 2a6aa6453e1ed59ded53a5d4120555df459d7d6ba799a20db00dee45fbad0cd50d3067bc525e8e3e2518abdf3b8df8b80dc43ecfc44eaf8810d6e57ef7fa71a1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 dd916963b284650db1f4b289389da1e0
SHA1 06868e911f32c756f3df2dc47d21c5c9d98cf4c4
SHA256 60e2203edc4f69bf0bc62b23ac010def83a201c8e68746b9bc5d5fde7f1f792b
SHA512 36d6ed263c21368f27458334f5ac9567ea0241658679fad71c47e25de44871d96796fe1663746067225a3cf0dd34e6e26adb5abd8f4e915197e55ea96b038e3e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7be0dff662d72f8fec16abd393308198
SHA1 777a4852f7e59246ed273cf5e382e2bf8464f6a0
SHA256 222d5251e99c2660a31275ce9fe153c2ceb225016596f537bdf4d1f67eaaa6e4
SHA512 e8c6494d2dc2cc93977d0e3e658d11e99b4c76d2d32bf64c85406a5f1269fda8b580b785c9aeeab08cabc1a0bf13f5b6f2e83379a35f2b37bb80672a979d77c3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 e2ec8a4496f6db836e2446ca670bb0a9
SHA1 a360ba970248520f02ef1a0de293412eea5da87f
SHA256 66b23aa4dca93702f7b00cf5c4013b81256c958253a21bc3c28ba65d4ba3f2d0
SHA512 e3fdcc35f9bcf4dbb6671efbeea47c355564aaa15e379ab2afb857f21ac450d132ee064c4d50595cd0d1de0c53a5774573368d41d34526c4e08ab6db00191939

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 273aa9ac67bdc7d76253fa5bca587de6
SHA1 b804f7860cb2a8d994bfb3ec1ccdf0a7a2b7662b
SHA256 84caf0349836b9d0a6eff7f2fdc608771850b69bfc6bbc6421940d638e22c58b
SHA512 925a8de2fb62d0f2528cc8eba68bb1fd64045e70340b34d10f4dc6e728d3a57c9b501f8c4683035f839f1d528e58177f83980c17b18241300060ca88a558df18

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5e7600715eb433dc9c286b7b4474c701
SHA1 88b76c1f14a92b5a1068fa94a78f1be82f46839a
SHA256 427cc4b2169870d01ead4bc3cf6ed4477576ef2991be453ceed3aae325d38b85
SHA512 2d43dda45765726db9bc09930901eb181e12d09ab78f4fca953d1b690a348c51ff3b9691fc1513fd48c053cd758f7d24c55c635e462a504cf64d36a625e537b5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 8171a1ba05bc068cc44e9857370b8706
SHA1 9a3949f8ef650526d60f3ac8203fe9ed2c349a2f
SHA256 ecaf3f3cc09223b79623d74e37c268f4fd430423da543169dcf707cf30bac0db
SHA512 20b56efcf4f3594dc2fbb0bca52fc783b2aae8c8086682088a16e2546799c4f70c3afea0069e0cf4b2b9707820593e52bb6583362e88b6ff12b32d30d5adc7e2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 09e10fd026ce4d79b29e16d189430be1
SHA1 b69e6421be87d7e03c5c19fce5b4bd6c10c1a0d5
SHA256 1e0d03f5126a1bc680110c79a4bf21ed98bc153def8c5a410507cb3f0aa9a166
SHA512 bf1ec7914ce37e72f0f868b858e513b747589c7fc8063afe598fdd64a1996584d01fd937de6e73d2ccbab1666921c5cd32fec5d6e57dd506fd41309402725f25

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ae3f6a18eda14e291261e533afe24825
SHA1 8750fdf2eb2bc3aef6522ceacbdfd5f5c59978fe
SHA256 0304c8f2cf8e9b736e03fe67c46af9d3b96d234b7fcfd4da128986a84ce409db
SHA512 e43e3e1e1af492f27e03e6322273261a54813900460212a62e7f03bcf815f5fd66bf6271d1f50094a17e82d0e88577b498b46ca1acf7e89f0d6b205ab4e1e6e4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ea8036850a1599907dbb0ea8ff41a96d
SHA1 696d47b0edfe76da29b5c8fc3f71f50ca00f9e59
SHA256 b3098efa8b167770d49a2b534c3514719e8e037834192757ae6b1b9e4f166297
SHA512 b0c3733fcaf97e5d29e76e162fff2306d298715baf095aa0c72e1d99b2c5322e2d866b48c400f156aa0576fd7e08391e51fec90dd50e9e7dbf12520baf582244

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 389eab711bd4755758fd4fbb1f9a635e
SHA1 393abc0cb3c5e47ac9319b71293664eeed6cc408
SHA256 c5508320f07d5cfd4c453cb92a21b79bb86cd8d00ff80c2e69335ce96aafcb55
SHA512 e82bd0d082a01a886d78cdcc41a0c04281bc85382b2970dfe855e8cb8c9b1d268c8b50ba9a11d8889984d8388f76dce955869c29f0b57c25d46b5b333e9df56a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 d526b96f361218b1b9da738e0a5bcf3b
SHA1 c6a110fe864c8b78163d9fc190fa92956d9c08a5
SHA256 935f4fc13f30e004ec84c9dd30b82028bc27bc1266e76d53b2f111dc32496fad
SHA512 8695fff46dc02149d4f2bde221bcb707b632f0165fcc7fb202feb49cc051c3f7cc729ae3f33e4d218cf2a9e5a608069aafff27ec06e04796398fc3700c0303c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4cd90b74138bb4ba2ca3a2e9cdb5c8e2
SHA1 fc4f9ccd15bbe592adde0671c5c072b8bcb18275
SHA256 095ad1a279f24182ee9421e36e0db7bf9cf46a76ed7502250784b047a3e05f58
SHA512 97d987cb8c1ac74c14dc3c1dcdeef01ac07189d300182b3dc5d33664cecd61d52b45052b7410e99c5f659ee0b302f0afa189d6a17d20a15d4bf67fbddc7ae3c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 620e5014e6a039b240899d536c7601fd
SHA1 6d023a7123b57f07d4d430b4462340b6b3d51e1c
SHA256 545c0f7a6130988e867a0439a11d0331f0e663c58b0a5059af0d3b540d4b7c38
SHA512 1fc132efee95cb95afe5b2ea4c4c412d7152f41dd703a88f52a8424e67a8012d9248dd59ce61176daeb9aaf0eb8b7382c7a153839540113d448417e05ea45848

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 ff531ba553155223b1e943850fbd8237
SHA1 3f9e2c5571749de4d2c9692823970b35cb5f9cb5
SHA256 03788d6ba7adc0bfbab8a35057bc4b52d0888f1c0c93f02347c4faf3177cba0b
SHA512 91da2a4dc15c494000754b5203b273bf4ad944b21ed92378feca51173dc9706527d0fdfc46d59ab8d90de127a4de62fe83a0790cd3083e35e311c23d28f7cb47

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 282f280fdd3d369c34ff81fac32104c3
SHA1 1f15834ff80884ab9f71eac00141c389fb8e2364
SHA256 870bd9f9b5b869079961a21f3b62cfca24dc8122f00bf8e1a3e9541092273f45
SHA512 0856a005a86f0b9165b4754691487cae062674feefff005b35e6582e989709d510798b430d49bd2f8d664ea5f9f6261e741ace50e81767a7aebd32686c93f2da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 b47d6ccdab2f7255ec36d303a856677c
SHA1 9af21380847770c428d4d06f42e716d6cab98035
SHA256 2ab35de4c9524a7393f901f469fa3c50a9ec707f25a75151e96487e2f599f039
SHA512 6505721ecd9f2e8985afce8072b33015d6651a31b3aef4698c39b93a87d15bf4ef3f219d230fde83247b9bb36a3a2ab6a821bd05d1c6e45d0a58121049f4ea0c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ce7edb3a3ce870e86fa238933192fe9c
SHA1 e35914aa62de37a2a543b75ada9709268c0a6e5f
SHA256 df30853c9313b2f603fde94d5362155a205a60fc5ae00f2f78183f1ac2af99e5
SHA512 99e29102d204d57b4ea7d656a590b19ad9796086082a00e78086e70b9dd955c2239f4c09094615d6932f2cad5f789b31cc599598b257d2b1dad57d9ea5c97478

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 54cc15821db5883209f75d1145301d8d
SHA1 d33ea9344b1b810cc8d88809aa4020b627764d92
SHA256 b8d1c9ab210cf34d4c62f063b6396441e7e70d16a1f7693e1d60b652ce49906b
SHA512 e44368171a8579125f564c03238ee38f7de466e4879149607f977b7d9ab45ad5fe5510b5234dddb346bd973fdb3a5ae475aefb6235872cb5d64cf5e2424d502b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 308522e41eb5e4565a6a41c08e4c1a22
SHA1 e3c417bd363a0004189310cdd49d583e0be9e27f
SHA256 e92d6a4ca9688c6b702c7adba4c7397c35b65e55cdde47cee73d3ffe911b987f
SHA512 8e1e5d71f8232fa4101b250f41d43e02a5328f83c7a6a0ffe7d5b0730b227dfd1a50e8d2580941bea814303d675d428df7f706799c4c225c7365f835b030b13d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 49eb47170020193dde4412ae2ad25c8b
SHA1 1661e13e6530ab9660d618452211c5caea810881
SHA256 5e2b365bae1381007273fa5e046b1ba52614a7fbd3f04c67c1b1ed3d1c3de0bf
SHA512 024dd32941c5a7d09592b0f563147d298c73d55c404f2be3ad2ada78cf433fe1b1f2851b72b01763ba3dcdbb293c67b70d8f44b2a9bb1c2e8df07d478a38e854

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 c6c869eda430ecab3266b679e698a6c3
SHA1 685a5f964fc241894e45d97243aede9e8cac0d12
SHA256 76b80f0c6f41045c9d6dbd9155e43ab044754c5f169b8e53d1951169216a82cd
SHA512 d59eeaba6901ec1c0a2af1b5ca37ab335c8f6b34b1ee92e3a538eddeed500b00d646b292be21d3c202c4c44e630ca20209b662955d25bed7eb49810afeacbe3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 585dd05037adc978250fd9ff61f04864
SHA1 6fe4a28bd045c286add556e766f9d134194340e8
SHA256 d140dfaa4012542788877f8f953a45a70cc4518bf5552e2e6ee126afb0de2818
SHA512 787da32d11733f6b2ea427cde0041a306ca008ae0f608390f168d5f11f9cbb7fee4303641a4dd3931754ab98fbd9586d7d1037ec76574ce6ca73271dc91e054d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f8968b6a54485119f2c9f81fc25f9bb1
SHA1 871a67750a954ae5944e15a3423282db275d2398
SHA256 0fe769e71524dedf521c12371a3e459bb0ae815cd9e479fac1a6910e56bc0bc5
SHA512 58ee8c0b004c454c5ebaa7b6fc9b18437b7e4ca0cec280b25d796fc5c88bf1ea4e8f10463248c2303ad0edb34899f1296cf898bfeb225bf1171b637ac50e1431

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 56aca127e754ffb2344e4ee234167204
SHA1 ac523a5b6c2d7dd96d0496b7df3ecf2fae88493d
SHA256 4323695eff93f3f7c369ed16d096f863bb1e8b7c287a84190b9ebdac0cfe3af4
SHA512 ef6d3bcd87d5fb0feae6168a46aac6cee7a320d317b11da2438a56e2295709385b19aa37fbdc7c0ca485d1d802572ffebb74f36856ac513b5a5705a41da33df2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 22cbcf395ad440b0b49e69787111f793
SHA1 3ccd4c396e6c5214d9e73b598db3c1c0a573e52d
SHA256 6831b2706a31d314de05060f7062554e51502615132ae60c3b8798453b05c04d
SHA512 b9078cda9a9c9f7c7da20c23349cd4d939b6709800bbd7c9e56929f0466c936ec742363743c476400fe0e8e7558cc9260f255e4dbc0c06cabd041315bdf2f3d7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 13850d652688671004cd62cdc8b8d24e
SHA1 aa45061f68b04e7e3be6967abd8da77abad8a764
SHA256 cfe8f22f09792715cbddf164a17dd2b97a620b1a84ff480476e22fac256dc2e4
SHA512 3ac1fe950c021a992cf57b2740016280a9b20c1c57325ace5dfbda5c9fcd40d85ae2c6c7f6e72f28902ed4fd79f74bba4a9ee8a9ce90a8b179137a6846e05a41

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 f263e5542c8e964fe207d3054dfeb5c7
SHA1 fb2ee84c0d19ec6851b83bfdaa52ff7ec9a65d51
SHA256 a6d50333882d085b76bbd694cfa695c7989242963bb8e0a188bc9902e43a7c92
SHA512 5d38797dcb4e57cc86456ec0e86b9f1f1be20468be870cce9b793105eeff85a6d573e886a269b2bcdb7a6add4ae986c31a973d7ad981d79d00f37d02ae6d7509

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 528d03f30a4306a66019a45607c557c7
SHA1 e435284428a2432bdcde6488be6898bfd379b681
SHA256 63b8a0519a39d1850b14cb680a19a9e2aceb0f22a77a90fdfe45b201a7685411
SHA512 49a98ab7086365a1c99e56f358ae6b65218d9507ebd56ddbfdc93e55ef12fd53cacd461bf343c9a2cade3019bdb47e7976b6d301640e5834e89c6cab920dd55d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 9ccb1f3cabbcf99fcbe837aa85fcbd56
SHA1 7d00b5c9271c461e43c8fd35f03b43f8dc66ba85
SHA256 b7449d101bc9ebd0949a85deda2c3eb5423d34bb947bff426478ed639f04c420
SHA512 6d2cc0a22be6a935a5e82864b39b3e6931c6b7c9ff486dc564478695badae71a5a2c72a347d719283da5c88dcae3fbac0fc3b15a9fd8ca03f2d5c0f2b0a2233b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 c9ba0fc8c78e88d81bb9be5d79ad59ec
SHA1 e45bd4570b19dcf438c3df4a0dcaa36ff086ace4
SHA256 2f1010abdd5a5996dd9bf5b49ec2e4a58f0f563ee79cab6503aee58825876886
SHA512 6d725b6d0abc9199319eada3e14d2cdb2088e69d0a2d6bee1dc95c721028bd4de6de3ffd3d5d8f0ade83262e7179361a18fc84537ff5e543f2884ed3536162a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 fb91836ff0b52dcec3e77af368339870
SHA1 a4dc5db1c16099e109c926c7665acbae8aa3c8c3
SHA256 3d8ea7f4dfe0a52443a11abca7b12413d1eb71a87cf3b1108504e2b8f5eab2ef
SHA512 11644db8038cbaa2bb4957a96e922c984f9cee5cddca4e769dc79871c0df6daab02aa4e0740b4fc51c495c051e760a9cbb8cea72890df50702a42218b2bcfb42

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 19b1b231088443b4418e4b1eb6b34404
SHA1 4a41f381fb57dd9654f192141db8343a2817978f
SHA256 0b076541b70084d2acb9618605ca5c7fb2c2b7eacc22a7f69b94eb95bf92c444
SHA512 7c09019a9e7f40594a2361e24333484e6cc8d6af4e822bba2060d96e9a2b1248beec25ec84cb5d1e18c7c0856839a101a360917f9226fd6d80c361a616564d35

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5cc0e5150a084d0cdc844a30e58ae5e8
SHA1 ec47330c166f69cda88c7e95e2454eb226e9354d
SHA256 48085b55835e7cc92b3fb1c1a83388034ed6f7cc0848465f23072402f65dd591
SHA512 60655260a2686f84f303de73b4a60d4e9c2ef563ae8113336830ac5ad78cb877c301ea4befc6f9c2b3fe579bfee85da531cbf74d98018ffb724c1e07367855e6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 49adee2fcd6696743b9f3f524dbb37a0
SHA1 5eb1e63aeeea5e4bb848c19dbae10a3af53e1684
SHA256 a84fc2a10391281e2c895692bc8b9482f5bfbe78c95f71439bca5df43c537b16
SHA512 94b091ee78147396bb410903641e741dd18cb9e2b0ab5a8bd0d8a8fee2bf1991d03fab4427d286f52fd9e6317081d14210512f537ec015d4bb8811e72d823d75

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b1799ab441a1ceb59d52403c9f8dc2d7
SHA1 4d7ec1b9a53a6d8f6c7591808144a4a680722b68
SHA256 3fb67417a6c131092c4b79b32f1346ac18130de06b11ebb2ec0f3b78100c7f95
SHA512 d8f907ad3f663f6a4dcac6ebbb4e9009375ab265fa23de2a9f5bec3e81c7f54a9115811dacfabd4747430c855a0d223b5907352f9aead7bdeca7918ba0d199f8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 85a4f533ba68c1bb2cb9ca57f828bdac
SHA1 ffe75f4c54d4e92a7bf7181adaf4b7eceb0621b9
SHA256 2bc47edb5701bcc2fa6882eb9c8c313383569bfcf9c3a3f5edbb8783fbe34038
SHA512 2a376fc10bd1cb2b614f48014630d56550f9c249a22391f193369a5efb0a596a62218bf028979b059931fd545957ec5ea006e8e46df24ded59567de1095e0b18

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 d82811552320e3f9603991762d0d7197
SHA1 8402f1d86a885375d7715bbfe99cf1423e499259
SHA256 214a1431290cdf68980fe32d51056f2ec3df42bf989b6da62666ab15a825a270
SHA512 ae5f17fd8731db25d6b34b5463247b64278fbfd96d85a468f4b757a02756fc709c668150b0c210e6569814c6e50df6469ddc644b3975a15476ba0d3c30eba174

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 664c531d02a46132c81056581aa7c812
SHA1 841d3ba562eaf4baf9ddcba326f039cd48297ade
SHA256 a04c17a3cf9023e9c1e7ac4abc53368ab0b5e028c2afac36d4175f0a52c22b3e
SHA512 9073351e71d22a4f61c493c2196bf498330facbf211c7b4805a5ab4814646b373f630ac5186994794f2c1d14eb19006bbbc871971477bb4b67941bf9c869fb18

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 a0f15902c6ec20aa26d53418f53a2cfb
SHA1 98299319e3af969001ec3593e5ea4e6b2875240a
SHA256 5ebbb445f87dd5065f47c1e8326bdb0d53a7da82742e1b40e084032353fbc757
SHA512 1e4471c6bfd5d44497af23545793b8689ae33ded3b8c0dd8883f0f16efa05e09e2791163b78e8fd47f40cbff89c0a4b36fb25f5ff99febd7aba8767a878f79ca

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 ac181584500c69c1b7662ad9c5adb28d
SHA1 e34c83bab8c6f0a80b0b48624a086e13a50a93d6
SHA256 43aec30085dbb054a284257daf2415cf5e4cd7b7f20211cbc36f29f8a8099217
SHA512 38b4c2940b907570fd203a448ed19f8e09f0d73a0927648652862b661a6f9ee79fccb1772829679c020a1acce2f3a49aaad00ef23582aedc58adb4f316557afc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 105782720f97cdd58822af80bb107592
SHA1 e8cbc0568c0a2b28e6eaa7b223a3917d97af6432
SHA256 07061e477e4625168cf753d5f37f6662f363d7d1c4f8546fc4848c8eeb5418b9
SHA512 fc36f1a8cd7ddc865ef183d62c1f0ea0806514264a7f08c9d89150d1ebd43bcd2fd33b63f6968d53604aaaca4e6331118f6fe68650f15fe41af5f838328564de

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 f80caeea6c2955d188866e6257927514
SHA1 3c7b79af4f9d9715dd2db0cd4f062e0f902857a9
SHA256 ba7093c9b38390b622e473a286bb7f3e92cf53fa3e6580e80a30f97b4377131c
SHA512 8084d55c2772c9800c56dfa96f5c578700ea8f3f811f02cdcb67d04095f822e46095f7ef6c5e8f1b14ed889fd8940e760832a1288040695b05a8a4c6e780009b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 f862ed4a320caeb0d973aa4660a64451
SHA1 ad00e52324781b9d01ee18550d31201bf757d09c
SHA256 09697316400807f5c275329bce4ce7b85860eb1537e8d61aec8a286fc1045c1e
SHA512 ba65df658fc22bca450e7d5689029f2484d5bacd89a00d09c26cad38a750fb616dfd4572cd0ac92c504c246fd38d16893749b1348921e4c56cc1ad7bc0abcae6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 bfb7a0886e078ff06697324fa8f51ed0
SHA1 d487ea97a895cd6121d9ba001f7eee944adbd42b
SHA256 aeb335a7f9d3014d7f55e88c41e14cea0e65e2faee9333b40ec9e7f9aefec292
SHA512 a6e4a898e7d8ab80aed8841d197d77ee310e7601977c145c11d57aff425b1d683cea77071eba928ccb3ac64b841a36b856a573727c3d26b59066ed281a5f5ddd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ca2d78cb0e4c537adc347a85a7903eea
SHA1 4b074eac78f699a9d52f1b0d7195a87110dc921c
SHA256 195e4af18444bf8ccf3fb3cb6920206217f1028a659e6c062b32f1ea2f2d754c
SHA512 6eda4e6272b7fa8f8541846506634a34fb5465e2c97670a0d97324006424e1e9bdb10099925bc71dbb110022eee5271dbb1522dc8b1fb2f59111f3b671479ecd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 735b0aeb91ccd9d43b7a1eb8d8948c4e
SHA1 69fd89c30decdb04aff536fd787363e00dec2cd5
SHA256 660a9e8806f1f117f6595c124a269929a1e61f0ec2641703ce727df37e8cc0c1
SHA512 a99a9861e7768bbead11f6283e9c9f10845597769cbb7e89c8148cad553f872ad44be8cc1a0f0bfbfc0172f6becdada3c7970be17db44cbde3eeb0910008eefd

memory/2104-9962-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-10989-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 167496bade1033f10109e4a4b805d0d6
SHA1 a8be19d884d5a602bc64f7f487259248745133c5
SHA256 aadc69572e93003b4d69e1598ac60f0353e429914191d657c3fb889436119c1f
SHA512 9c1641988260b82017c03a7d4811b063ef596c642d129464394dd2ce46ee73e671334cc93852f55f5b173bed92e2d2d431587c8bcf264c6946c91ddc5828e396

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0ca3c795e80052cc2d61cc3e4cfbb4d5
SHA1 b5d2642112ae2b550ad970e83a9f8048bfe0e3e3
SHA256 e1daac20873d9e6fa342e3f0683922a3f7448c9f479d6552ad40a9164478ee26
SHA512 db181898d74ae3a2c65f77755d559d57f03eaba19d2af603df9ec7a41ca4a9aa794983441cacebd233cbe2f8ce8ab6b836885035dd6c3ad0a1b28ccf3ce64a38

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0c8df60504b14f9b4821bd8aca3a4f7c
SHA1 3dd6ef652e018fc7bc40bb987fd41000ea0ca849
SHA256 8c5385a90053e82a02902b417f7d379b32b947c90a78414788312fb3a05f5fb0
SHA512 7df06091f42c940c4db7c3f534a8f0ce6d05d5e3c8cad0de4028fe8e29640beb5c4fe65e3b3457538f072cb93d710297f282d451d1ba1b1c0faa07cd8658cb45

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 413291301e1812b483a346f8d06f9d76
SHA1 53abbf518e3e7e00f893dc1cb9a6b7a54e36b580
SHA256 98965bfbc1e220f96c93fc48810ce37c7628d42dd30c365a57333a1ab2f810d4
SHA512 d383376dfe5aa0239754411054f05ff383071040bad928c31d5b9cbf55741b446fdd4c5a5d613fee348f39f57e1e5564ef45320e76145672bf1a69896896e46b

memory/2104-11306-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-11329-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 d0a7e7e2bb900654651f54f38798de73
SHA1 465ab3a506d6747755322797ae94378276456919
SHA256 542cd1dd5ac36b6319035ec04c7ef9dbde0b15aec6cbd9e3b4b0611f72fa408b
SHA512 aaefa7c87eb72c82dbd88d23a86bc1612a3fe242818b36de0fff35de5cc0560fbfbe90acb9ba351509df4bcd69223726143fcebe898f8df86f350428160ea752

memory/2104-11334-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2104-11335-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 19:05

Reported

2024-10-08 23:40

Platform

win7-20240903-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR24F.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DisableUndo.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_wiaca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f55e1530d42f5d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_efd12d677fabca7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5921be8c08d1bf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.1.7601.17514_none_a98a0efe27a75944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cf55796d9de5582d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..collector.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9d9754c209da150a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-legapp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8259ff12427daa54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ba57accaf17aa08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3a394bdd55075554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00d.inf_31bf3856ad364e35_6.1.7600.16385_none_62689a3eadfe9b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.1.7601.17514_none_6e6c95d9ae65f958\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\WindowsUpdate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmnttte.inf_31bf3856ad364e35_6.1.7600.16385_none_01231bbe5f4a51a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-activ.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2a2e13768aa7e762\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b039d8914a98caf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4613c32c9fd7aa95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.perfmon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e619c0081a16967b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c97a20927d25631e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e4aa467e1dc39248\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.7600.16385_en-us_8effe3e3ea5c3179\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9d255ffbb923bb4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_de-de_029d071c4e13a2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a754e80125cd76ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1974dc1c0e53e24b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-tlbref_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_edeba22efbbb32f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f4a964847e8dd5ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-regctrl_31bf3856ad364e35_6.1.7600.16385_none_6c56bad999e82b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..r-tlntsvr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50bfdec5a4bd0a53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_092ece045890650d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_8.0.7600.16385_it-it_b423d20ba5eda168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1fb099f56053fd1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mail-adm_31bf3856ad364e35_6.1.7600.16385_none_481b38cb6cb9af7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_c081339cf850430b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sisraid4.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d18ca73d6791bcfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_f26f9855a3b74b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ce9950e8870ce4ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-whitebox.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a0c3775fc1e561c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4384d5fefaafb524\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2bf23e2dc45491b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c11c083c2c64217\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea3d5c58a2cba55f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eccc1389986bccf5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_de-de_99ec7fb2532247fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_12aa611e8a576b93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_6.1.7601.17514_none_afe5eac6921f1c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_669be3779426a702\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_637403dec128023c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6784b2843e57efa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscorpjt_dll_31bf3856ad364e35_6.1.7600.16385_none_d77af9a299d44999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-t..pc-mathinputcontrol_31bf3856ad364e35_6.1.7600.16385_none_e8a704ebfa319de9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d5f9dd368ae58372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-docprop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_be3fbfa99c9fb6c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ff6934859444b77e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e76176d2f9145bc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe,0" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VAXLNXVITYMSKUA" C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"

Network

N/A

Files

memory/2644-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6b7c80811d5f9e94554765c822625f7c
SHA1 23cac1c9d1e9260d00d86a01f15793546ab32b4b
SHA256 258e1366475a525d8c23c1db0bd40203a5a3affb4a20a0da26bbda2339528446
SHA512 72f5b4a6071a8388d8a08c7109af9d8dedd54b1f686d2f88480597179659878b44084b8e902de3fe6093089047070fd7ffb04d97c12e595720c94a8c311ec26d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 1359d9112ad03974272c307d358dcfd2
SHA1 8a416e938d473871d8e0b5de05c6a1fea4573697
SHA256 9f45228bf0900be70587cf61e79d01352096b5ff428776ba2e3ac63f0a5df1fb
SHA512 62e79dfceb4c40f3c93e3ac3757437fd34030e6694fb824b7de160fffc541b3748b1cf4acc5236996b95df9653e6252c2dab7c7c1b854dd785eb1cad8ec2a40c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 3487f1614d48a76d1aa5bd4aaebb82a8
SHA1 9c8240aa8cb858b3671e065555a83ddcbc3825bf
SHA256 c67eb04136c7568815edaae8bf1e0ba421f18c13da763176c75d9be440ad6d39
SHA512 1ec5676ac7e7015b653332e89d4746e7c29ad3435b411d06510f8f200ab6fae5fcb9c2ccd10c41c38ee49b8da4b70bc78f97698d03941bd689fb36989dcad101

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 a5e0cadc26a239df96ebc970f4c4c7f5
SHA1 ee3e837c838f9db0b16fea6ab2e5c70cd6aa7e9b
SHA256 7fab69e09a5593688b40eb5683ad5ef3fefa923f6cc99c9d46ff4d7bdc2de165
SHA512 141a505fc378a7f5cdf90a5f85dee050bdbe219bc03dcb49782ff48d8877f164a4a57690b0d4e353097dffaf667408a5b4a64fdcc7e8551ace19d846b08c0e7f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9cd523b9585b1949fb35ff5b7845fe34
SHA1 6e22dc705ca60406026dfedd26c4ff4ea450930a
SHA256 982d106ba42e16d717b39d05d72b6750e6be26d6516841391eab398639c3cc42
SHA512 ef3afa905bcc7b90c86afdaa35a6d96d0f4d8bcc2ee945d25b399cbf60188fc7399e43b03c228a9c92f0b5861098b1bd16f90772a9f94d96b2cf47f793b3eecc

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 3ae55d7f0ed79dacc8362c7a2a841bf3
SHA1 de2aa06a43f76fa15d0202c8088c9abd4c31b9d0
SHA256 18f5084e5f2df05635900d9ea190caf1d3b9f43542bef0eeb28a2de539df3de3
SHA512 4c2cc2ab2520da4ae0e5c8c18bb3ab6a3c55c22b04aead333860459ab652d1bfaf48d56556cf0fbb74655372365bfb0612087f30f618f59eca133d4490e71080

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 5923cb930e0360b0efccbbe976b912a0
SHA1 ea7d24a11ef5aeaf7277c9b1716afceba8bd0280
SHA256 a3fcbe7539ddb20fdd704a3f9eb25b06ab82a3541a3dbbf3a19efd1ecd97f483
SHA512 4b3669aed765ccacd80af12a362302b3be3fcad48fdeb67811662a061818956022c4200f8d9821f3135b1256ef29c934478cfca10e3107dc39dc93d304720da5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 7522afd97da1adfe70fba0a24c85289e
SHA1 cbbee8980587d341aa06b936d7e045720f46a0c6
SHA256 8b3399399fa957ac96cb0c821209a4711c50568400f08f34fdc8c8502ce283fc
SHA512 f24b563134a33281f0de38a4591e4c12244c671bf6fdc0767cd4898223b0ca72ff26cc8b6c45aa24c7f08471416479daebd2add5221761b262e2064af89a2abc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 3dff38b425fdb84ecd5ce1ea806e9aa7
SHA1 c687bb4f5c0ad16a4b327ffe05ff765ca2ecbb4b
SHA256 77a42f8e1ffd5895eac0b101490f32fc1d723f543a7e8eb9815257d4d5b6c930
SHA512 9e4b3b4d1fbf8c4bb62408a0bbbfbb579fa4dcb883412d51d1a8da472f5defabd67f4af580809ff4949095216ae665a8678e9d44723072ec400682be3a48c931

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 b6e7e1ea320e9d1e6b114e553349ea9b
SHA1 0d346a406010708acdaeb29f6130ea68d935393f
SHA256 c191a90702be4f66aac2226cda7abf2f9b62c5ca7524213e29d59c4903ee58ef
SHA512 8cd8bb456fe1f5779f7005b7961b218095544219819c391d10fec897aa339d62488f6f4b6c54c0a12f3134652a67a0a7bee07a5370e27c08f40f03ec16abfb2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 8e39cba9f33ee27fa54ca5c84afef530
SHA1 49f3b8dd118b49c7a623180bd5f146c60bb2f89b
SHA256 0a6e5713ebe989e0b5c468b3bee8c1beb9e0ab72c21bcb6523d554bcc157c5db
SHA512 d9a981a100de0ffaa475e4e715a59734f952abdb48d5fe289d9528425173a9043282150651212985d901be54d5f59c6a23b96f2436f3e5c5f5126099da22110c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 9a22e952afac5fb62cd48d534183ea30
SHA1 b1d65a5ec4cd2877a30a09a4d52228710464108c
SHA256 d3708e360b83694d4bf2988daaf8593fc4266563eb6553bcecd7cc06e95a7e21
SHA512 05fe645a4f2db8c4769d70702f6beab98c41bc8786b4bbbd787d7c5514509ed2f0ac3d3d5aed0ae7baa454fee3f79154808ceabe31f74e8ce1729067970988f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 b264caf68c357817b90853acb8ae0c9d
SHA1 8d706eb2729a70b33091d9ac50f44b160761c444
SHA256 2d549a9a39405fc444d6e3ce075b3505efc15e7ed6041d519b124849331b3cf9
SHA512 ad8548f0a0c006e5b0100366513bb890dad322fb49cf0171f312aa65125b4b084a541f96606f140e97fc9eea7224759b65e24b18ba466cc69d7e7f32a9ddc1f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 8b21b993aaacd693a1bb66a5660607c0
SHA1 e336a8feabf22b85960ba3a13db48ebd4d387675
SHA256 a65b27f471ae4061a3259f259b541322f149f150bbcd98d483c1b9f307fb71fc
SHA512 54f585cfa1c1638292722d33705642d47dc7b624a2afb08838e07a1602499c691cdf7665ab1a50efcf8f7a9495111676a944731174efec4dbe87a05933b2f155

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 d979217b1ce4438e7da8863f8add4f16
SHA1 742599b2956dfeea78028338bb83231e00c7ee21
SHA256 d5474703250eb221d80d21e2c1b681a5cfbcd0939caab1697db6edd454521299
SHA512 7b545bc4c72776d66ff47764f8bdadd84669d545f4e8c301e63101620939fb49b1bb49f25ad963dd49d8a9e15743dfc6c841c90121bf472b3b78a6ffbc0528d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 52b5fb17343488188f7cdf81a4e35f73
SHA1 3c7399234e35fe350ef3035c2e539062f920a577
SHA256 cf7307a8d854de23ffa5b0af6c663275098819da241948ebb983768ed6180045
SHA512 f6e1b3da61ed6eb0c6d24d0a0e0c373036b78f1bf042b4d7a8a21475d311c6dda22d8bfafb32037bbf90be313870603da3f172bc2b8310de22084115ae801322

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 a00eda1926c87a01b982550476161210
SHA1 5d78900432acd8ddef53e72753e9807b856a5d4d
SHA256 e3a6b218207b6d5c7c234e7f39e18e5c6785f8a2c8010633e1ead9f95d798081
SHA512 c2fb19d7d062557387357e326a723672ba720d154221a98c8c66fed0e0cfe5a084ff2b451657076d70a7b3e85f4acd87d72465025f51e6abfff24940e4d3ea9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 be3dc8ee08d451768a2c6dcc8abe4150
SHA1 2253aed4104bad7310badb96ea29432d5dcfd2d9
SHA256 3b465930ebef136e53f0141338766b5cb2b1b138db1d27037e58ac4fc291aa10
SHA512 1ebbeaf94acd5dfa2bb2d1e33c251fe7e9fce6f8456196c6e6b1be4e15ef430427a06132f58431f4bd24639a7c4b9c8a07059340ccfda6e639138e3747481b98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 608f45d894106eaaf989a24fcb12fe50
SHA1 997cb228fe85bfd3c974a9dba59ba346c136988e
SHA256 21c92a587cf44eaa48a5667976293c3318c695e6fa6b0c113ee0e29b5e2eb9f8
SHA512 80a6114044b6bfbdd250137bc227ecf82e8ffce79dc857640dc7eba5f07503bc0426e7f5176b9b9b8408741f6079083bfbe8487b465cada6cd337e7361969622

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 365fc3661fdacac25d7f7cdf4f8aef92
SHA1 06f789ce65e1354501c457a13aeb2612a4b1bf5d
SHA256 ac747d91650b6bb5f7ac11c756581e8359350e08ba4e289656f50884d11f9fce
SHA512 0d7de6d9efd45165e21ed85e6937feebf11054ed31140aba33a1c3d796591b365c87c26a0247a09fcdef6d3dbec80df084ff653e19c044d11dad48b3661cc478

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 d427e9c5679bdbb58f347232a39ed9a7
SHA1 1772f55d6ac5c4b215516bbb9c8871ff9a6af15e
SHA256 99860bf855b545f3ac7b8e2677ce05a9e5f2c0a07f26234741053455ec6a19c1
SHA512 c1c63527054807646a1fbd9b790b1ab87f2faaec5bd3867ea013de356ea958ee8221b58fb8a5e07114bc0461ca215040b02fae4199c6ad90c8f9091d10ceb2af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 465f2f7dd49478938cf3d6dfe2865faa
SHA1 db1582ca6a11bb905d0771c619b28bc42f86f435
SHA256 14994b42759224aaed4aa77413dcb1dcba22c4076b7fe817c9e9069b7ef40871
SHA512 f90533cd7e353801ff437c1b01eab35ac2896e11c501700650ecda5762f09975165a7e19588a34a2b0205f09c738d349d39c0cab612beefb4eef3fba0b95b3f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 dc78119d6403fb5b131cbe96534b890f
SHA1 d4a70e0ed149bcbdec9904a4ae0fa50697e6f171
SHA256 c6b739b992b74bfc5711309dcdf0c6a3f68fde7e664c0aff97a9ffd8b8762505
SHA512 ffd932be06499fa59a1d80024d3692fab32007a165df5ee25bccf7425b856b6f8ec9d0c23c725120f7e704188c8187bb6a279af2332310ad19d3e5a5c7212cda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 d843e0afa1a777b63d30980278b89f77
SHA1 762dc6317d9d9a2beb0634a389f3b23dcac82249
SHA256 208613292ebe406c049e2c0010731f6bfc2419147e99dfec4970857803276bab
SHA512 f184fad788b9cdb80b5d2ad5fbe932ee00b1f34ad585da8caf0f72e0c7297688b28ef6f21e1dfd2ac8ef4d93b4aad34133a15abdd243825dfd898c0d512b4ea9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 5d37bfcf806c8fcfad54428e8cff6aec
SHA1 dffcc0fa19199a4154a2356be7bebc10f5cda22e
SHA256 c645a5482506fca37d8bc2ebdbca4b83a25982cefdd2ffe24de3139770513542
SHA512 39188c8d190612562d1ebc230e4d9af3c5dda477ce4c80419a9eaaec5364383e026c90fc1bb5cf22a4a3056815b3e11075aaa59e479c3a1c9f75973749dc9c7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 8048c6dcccf5006ffbe9681fb48432b9
SHA1 56582c9d5ad67a9508b3b9cd1a6b8d02bf597313
SHA256 e66163271c201090f37112e31f0b6c571a9318fa22ee4938a0dca8297c8c9457
SHA512 5dbe59333826ede620f1055051199b1dc93df1ceac5bb7b97f9b0360fb0a2afe865931082a9f7d298d0f8c482429ab88e37adf6c528f03db9dd42c1d890a25e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 ab5f6d5077c3fb31c3859b61de62e590
SHA1 698d8fcf3200d82050a38e5b66ba8a8d1f5d270b
SHA256 411333ff48208fbcdfa852294bdf7d4b8e6e58e5570b3b8e02df49c64ab18e4b
SHA512 4a16794f9dcaf9ffbffdfa3d1044e35400ee3ef14df89d5015b0b3e5d9703d96a1a6022d2f6f8e66380d9e0077618c6ce8214c022a30351d3b8280cd8aa09d99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c22337b92cb62528da7fa802a5c051cd
SHA1 1837d223bce606066548489ee496205b779a8cd8
SHA256 4b00f10c4bf0f8a597c510f192988d2611ede5f1a784f17075cb6e2cf728e458
SHA512 01736465a154d2d481ea9beefaa7cd871cfd8b5ec230bb4bb667cb14331181fc985fedcce16c069a00d70e7d53e5094c3f32ec7cf1ec4b67ff76a14bb18cd46f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 7382e422b0bd2896a6ffd6691db9c932
SHA1 596a71cff59b15814d1dd17d567f5a03a1e032dc
SHA256 028cc9e4070ecb693dbe6d9aba12e30173ba1891494c2af29a3d0132bed855f3
SHA512 a3e7f87edd3ebc4e1283fcfe577950a3cf37ff3571f06af927f942c8b96421fac0c6963bb58c96bf7db8be9e0dc3a98c1d740e851be7501df4f7b8de3f6f7afa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 e80f2bd698664f508e8eb3507f971a7e
SHA1 c33dd01d10ef32a20536628e8038e1ec51521721
SHA256 21c0bec6874f6c2f6ac66e67d27f09c967ec793ec9812375516d2075b827434c
SHA512 234b881ce490274c42fa042a833db25d6ebcb538f75d515ac4e98b23593e6137efa9a55b2e75cf165013b676d1f2f16202ab58a064bdc27269810bf377d429a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 fdf7a866def82fc4366a7ed41cfc6d50
SHA1 ead3cbc247390d83251e12a4955d4c1ff6647beb
SHA256 0ebbab0246e20463d248ad7868ef2be8cfcdf3d87a5422c2cf1f440a0606f263
SHA512 dfd5d15c527d3b411292cbe3fde777d2abdefc174135d3e29e29828226d03477daba6d345b7053cdbeb7c00f11731da5d332f3453e6e685f8e9d53eec1849b73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8cefc7dac7cfaa9c5c36db8dbd872af2
SHA1 e668b9d709cb9343bd671ec795a39a5d908d92f7
SHA256 b4069a72e2e0e7ff1da26a4b5f0da9a46d556880dd0e1d18f91f8bf40cc4537b
SHA512 826a4ed71e2b8075396407ec871dc52bb1a87e62b1d3410725a1f6ffbb655ccf480855455e84f2394dabcf7861040958eecb542df3f03befbe906c7479b4dd6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 13584f879dd6670b42d8d9e67123fb39
SHA1 8e7dde131f5126711567576ff0ce53dc8fb7718c
SHA256 e7a11131d50c86c456caa2a9351027e611ed809d700cb1267d4180430a48164c
SHA512 419a7cf85810f01779e7c2a23a36f16f0de7fb6feb50bb592b485690e727c11c4981bac0529f14723bbaa3c1421d503de7f9e656769e7fa0d6f8d98597347ade

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 269ed8be407a7064a1d1f2cd23af332c
SHA1 0908d9dff424822f4e2645e3fc306b99bc571c73
SHA256 c4f514ab7c11e938ec76bad4167a082360711a2459ecbac8839be3024cb8386e
SHA512 77febb304c28d59e2e4e86eb35c9d8a92a65fc5bce4abb4103b2b65f7814e36b40c8c0f9ea6f5cb99fde6cd36a85acd46c44fc901d455383e8e2e8921593fa73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 76ce348fcf436f1076df30d4ac896098
SHA1 bd088cb119faae920809abcbdcb0f94c53dde708
SHA256 f4fe3539d45c77fc3c1401cbd896031778a999c099baacdce75172ecd5e2fbc5
SHA512 5be6cedbd0b94d80dc2c71b1f1a6bf1393481faa39997b0aaefbe547c2d2f3f5121f5b64ab0d2997276dfc4ac61daa12c3539def49885c3fbf7c2f68022d1275

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 bf396f965951e3919c9fb6c3148f8f03
SHA1 b87e970eca1a7f4be63062e47f15baf1eeb6d8c5
SHA256 aee23e2bdf32bde0c0bda76c9775b0786dc1963722d540e0976f21cf288e6737
SHA512 cb22da2474cbfab95b5ad5d13422abe5dc508170b8625df129405c05b2c4e781c46fe02b45b354ae5f950575357884a786c63d374f7ea43bbc8eb7d6aae452fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 62232b9c12ad49683150b283762f234d
SHA1 48539d2811708f60908cb08ff0d240265931664a
SHA256 266cdc012ba8e6e2c134623e61ad69f58b917191318190ea54b42f7ca0087334
SHA512 625981359c2b791664326722e0522e6d2e9e55dcfb9dfa3ccefba108ca71c2ccb70b6e15e9be9df84ec70831d5ed6d3ef494d4c1f975082cd36df580cfb4caab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 cb49dd7714e5d876513f3e7d90116050
SHA1 f5a6af4ec7d415653cb48100026db43f7f7740a4
SHA256 8786ea6165cf5889b96773328f22be1f077499465844cf69753076c37b5348c4
SHA512 14d8551635846fd2313441acb0c023b558888dc87533f0ae0b80a943699ff27c4e6fa68aee064e99a531f2b6987fa146b0026e758c7c1e325054edd905995bb9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 e511210a35c6f0900f1e01dc969b2975
SHA1 bbaa52b3200639ad155d68cba06fc7b4035030bf
SHA256 d4d5f289c88b6f8a0aaac6831a251b18d6fcfe7eecccc8d58ea37db4edcabf2b
SHA512 dcf8533043c8bdc0688faeacf2026adb77b5d7fa44c3d056543904f62e0c34b85d0373b31597471d36def2b5e9c69a5b354180e8813b1eefd6aa3030e083a079

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 63edf2ac60222d0dee0e6b5549c7beab
SHA1 4f1d0550a667d8121a7b1d8735bbd2fcf3f829d0
SHA256 a304e1857dece1880d734e4fe657a3eca69079d362638e4a4f92947799b242a0
SHA512 7ad55dbcd3e9c0094fa5d4d11d099e1c5c66ac8485a5a4c14893d5556f734e81c0033783e3dc568e394dc3334095b91ab8a21a2124624ae0ebd8b43954034dcf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 bca6af2da25dd05a8d99bfe116566c1a
SHA1 918413d7313c6b29925828d16a2155ebe61ff90d
SHA256 6071bcc49a185060ad74e0a38ff5a6830e7d27b2595cf21666c824a95ad70cc3
SHA512 2eb8e10209128966b4442cab45489ec80b8463696b7d3ea53558f5164a38ce35472c1bac827aa66b6fe595c720067af5a935e3f998efbf18cdc20e93eaa078a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 b61f64920c3106b6c920495591f751e6
SHA1 b73baf77ebf5dca5baf6448b5b75b2bf464b0334
SHA256 a2b73a9dd810f8f024bf5487543479aeb312421e68786ff894432f6ebb127fea
SHA512 67baae05723d9e808e58ff89e65393300744baa2c38175632ba6ce2fb8d76546b70d69ddea7d827df89961e752d19ea5338f97c5d9f089748d31423243122209

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c124c1bd74eff1f9aa84ca53a03c9749
SHA1 b87339275e900f695a5aba14038f4794bb3902b3
SHA256 f5bfe2767f5f744413536ae74d1d7abd5e8c3e4d52b11aeebc060759c61ce619
SHA512 771e12cf568c8558f96b361c16584ef7cf7916760ec5ccf421540e5891349fe6f32288482e32da1388efb2da087e7d8dea00930448bf15cca7d3463889680782

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 92bdbf36be2667306b87554be02bc780
SHA1 faad251e7f1b69d713e959566d59aa288406de43
SHA256 8030d390b0d70a2e8f692a67c840d26e172c432c4521690fd4d4d28e07fa19df
SHA512 96f00dbcaeeda4a8a25749bd42e90a22587b20b4319cf91864d0adf54a4a71713eda1656049c9c94b4830c31dc0b0bd9203f7a828d4eef4617177b46a96755cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e42155fa64569d72bdb1624d5d653c47
SHA1 64266a48545ddbffcfc1fc024dfbbed91ba64bf9
SHA256 6661ae0e47671d2cb089bf284f24cbdfbd92faac78e0457c0d3699c3466abfe5
SHA512 5505b3eb0a31734e88ad6bc103c330be5531213ead475cc1522b71bc62695cf2da4aa1cbf552e7071f813fa7ca29f2b7c21a5541e99ccf026381aea6594233d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 a8d2c788316aeaf45b11aa181dce8e3d
SHA1 37d399b97d195754d66de8602905fb5e3bda2829
SHA256 11f2a32e6d2cf80a03cffdfc0b49798c6057b7b558c13d0f30c469a5acd74d0a
SHA512 182038ff0ced1af10ad7fb6b4a6c81d59fc3ec5a0ef684450706517031ac4451059ce5488af33a5bb36249564393a03b1df804242ad1f9ae5d423adaaae4fad8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 92d8733703315f68cc4647a936daece8
SHA1 9bc6dc853c61a71a007c39a98a73803db8a92b51
SHA256 7aba5c8395388f288a7b9b6e5fe89a13243efae39dd0b470d7c2ecbb9aa041b8
SHA512 7dc840f5b4451e3efbc10844e436b51e6e003e038f72fa20be0d40d5ff51c4abea35a41c1ad9b566702d42601916e823fc392b69bc3d000140a3f67021071bdd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 76d6fc19671b3948d769136ea45c1662
SHA1 d62c852dea6dfea5479ed3f485cfa9c61d1b9ad6
SHA256 3f91408c9ec1fb6d96c629c031568e938fad7f4cef5d641e9b587333256985e3
SHA512 9cd6c700175fb382b4b1e598b54fa8d6c802096a81c31c01b03aa9b3b8882b4874a6ecc06047fb36dc4a9b6f50912f3db59d25152d837b42536fc3a64e53381e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 2c4a3711caccc36778522643deed5bb3
SHA1 ccaa894abe4723fdb341400e05083ff75064b036
SHA256 19551593cf5d5fa976bc97585253b152d6c8f1e0cbbeda4fc1aa7e4cf5b2638c
SHA512 ec2040234b2aac2fb7fca915e54358f1ae40da41628a31c9461e7b1e5722b7125caa0c49fa7b6d59754161047a4c36c6140bc85db25982c34dee3207e2f1507b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 5e66ad820e7bd73a4957f92f9e822ae7
SHA1 eb5c06b12bc17c6bdfcf33633738ffa4881a61f8
SHA256 5d22e4a20be309ea9a0a76450cf625d11c9c7ddb0fa7e6170023b7da445c6633
SHA512 9f55256d6db638fd18827d7ca98e8eb89bffefbfb9786cfd65454e15b234c69896d09c416b34f95c006642a1fcd5bbfec611eacc22207e0667557f986f556f2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 58c46b30fe9daa93cebfed8ac79c13ff
SHA1 fadda20169f4adecd2f75d8f1d70b0baa1f68bf3
SHA256 d46509a8ec16703d372f1a5eddf71cbe9a2900e95ad665f9f7ae99e250a7824e
SHA512 8a21778a3b7cbbce55f066b551e66484015e4281fdc0433b0e64e7b1d49ede4f0c48969040498c393fdb505c79fa28988d8d3a3e7034be71ec1d28eba1a6b65c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 327c767f6d89e29e72af80103e453d25
SHA1 6cd9a91e63fa6a084fd776dd87a13fb5ecd84adf
SHA256 d48a92ec8b29b953a485d2995ed7c7ed93097a9c2e6bc5817e125d979b2bd560
SHA512 2d4270eafd8ff70652a8100e8ee0d8969fdf025d5f52531b267a42cb960c370b7141d6f8c9067a668efcef58bcb2ae7116918686e01fe47cded8943395e0a8ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 74d7fabb4dd70aa395a0b47d033be483
SHA1 4b51b69d3aa7bc85eaa865edcc8bde686f6de9fe
SHA256 0142d5aa68c11705ec42f98d341bc58dbed25f83dd9df291d7e17119a854e7cf
SHA512 6f4fa90087d4fe175889c363ef68d851b18191b4281dbd89d88267f39d054f9060c6e6766ccc8b42e2742e2e063758fad56f71e838625e6671440f44991c9abe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 4c0858577975726367c75e6946f73068
SHA1 2da55167042622820e08bdca29341c901fb283ab
SHA256 ebf838a25bc701f23ac73f8cc1654cf5c79dd6aa1b2b7684eaba725f0fe029b2
SHA512 247a72a2d56e8a1453897852fd2bdf0e6045e8701504754bec66a9ed1be24c2429bf96f5e26da904c1d445c5483b84fb3e21cec52559837f59c0d7bedca74f07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 a38ee2b15c9cb116627caf3f4424aa7c
SHA1 90fd07b6b58dda939e3bc58710814b6fa9660761
SHA256 d32f4a910cf36f969cb6f64c2344e60eb9c06d81e6237b08de16c85e01b06145
SHA512 cbaeba2544e5061f9ff2cd25470ab632618a99cff50a84c32458526507561ab50a0d7690d6688bbf29981c00607d951d6638cd40527a170e8962fc3b59cea3cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 68bd2c42df7510cf9e2dee0f52ce9575
SHA1 052f33f162629744e1bbd7f7c849dea8f816c888
SHA256 f12173d4afa75ef344445b45a6fb63d771d61e397529e753d5eb9d809f268fbe
SHA512 8c4da54b03b24a74ec86b82f416ad46340b10fffa82b7d435852210776c35ac2f5695d6b352b123b797852d3d491e931a7f15794cf7a07f303363f19703b13ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 14129948fccebb4b78a6b164ba7bb716
SHA1 6084eac80bd66b2764f79a95afc22a42b4c9646d
SHA256 e58b84ed8d3f18de31b25cdb3d29d6997dee3ac4fbd16b9fc5dafd619bd8892a
SHA512 c7f78714200dd14f91143656b5d4fdb50407866caa9aaf47dad22b6ce3dcbcb58fa0b61b23acb5688b32ce98751f509fb46049cb35ce480d8402ab6b8a9f5383

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 935fb8e654cee264097f9721db0ac547
SHA1 ab9d7ebc591187ae68916b7a640df37eda869a7e
SHA256 eacbe261853b3603d258b7b41074644d073a210a3b8383d28e121d5309816a1f
SHA512 1a89c472f0f0e4603784cfd994cbc3322ffd0a4891e112123734e95fabb51f343f3d23a22226d6328e4f7c2fda72b94fee5a0f1e1f557e94b51b7adf5b1d9624

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 adfba0b6be31ad1553907a0b6bdda399
SHA1 d6c06b85b92abb79ba4118eeb98ed8cea5aa64b4
SHA256 0847c76c35b5c843ea90478dcf50499338ee38f21b27d5ca4c7ccc9c68e05692
SHA512 8f1a3bbf4d8899e4fea251f96ce5ff6dc77b5c9e69265bf144edfe06e7ea714697dd0233b859d719d17fa93e7ed7dcb08a987e71c56cf101e4238fe556adf8be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 a329e6aeca9e9d5fd78600b2910a41de
SHA1 45394db3b1faebac5d872bc198fa9d7ebd0601ee
SHA256 8e28221092334bd10a8e892d5c86d21dbc59d041cae11f9bd8a46919f2978075
SHA512 e61894cd152d9a09cbc7a7bd3a8eb2913db772631243c68d80dcd3bf577f2f0f7b1dbf3c5479a81a94cf1750eb4177de4b77b8dd65db7e1c3bc0a73e73ade450

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 79767a9dde59627840975de5422f205d
SHA1 9723f202b8739fa0b55c7ad6d4cd08c82558cdd1
SHA256 6fec4023b4ed6fa6ac961eb9be2fa7ffdd7e05676222b1fd508fc2fa5e7134d9
SHA512 2887c214d0bfc5b1e86369ab15f0a1dcea8c9c7bdd5864df2ce53235a14eb8f7eaa581778af83680f26f9f9b8e7fe0accf5841faf7f3ea5f1ef265d847477980

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 7c2f44218ec070e7173fa331ea6c180b
SHA1 cd1fa1a3f1bbc16805d2ea0c90b43d0b0795292d
SHA256 8f2556e309ff32a23d431b078d51bc04274f7b6a0df473ad4696e2339642aff9
SHA512 4cb6207bc116dc82e492495615c3ce9d3297258876f5a324100a54cfda6270f8bfccc71ebe6f9f5fb145c36fca74d22ddb1b02c75c691afe704858cd4d4fadc8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a1cc9a6c02af453b756a8e2006ca6f3b
SHA1 d01081c5beb68181a594af529fbe93de5a243afa
SHA256 bf7bf010718b5c0242cdeea77e27b6cfd920c23ad20bfdce52cb32e28f64536a
SHA512 f1d6ef197a2e6bae83c0adaa75cf11373832ad61e847450c66ac1f3c83a0b59f92ca8fa7858519a37337a5570048209b3ce1c670084abc089df78c7e052efd8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 c8c7eb806b0c1d187d790e3eeb5aa2f5
SHA1 ba7398a1131d301905e6aa7adfde2d6dc1a6bd57
SHA256 747d79e2fc3a602671dafb2307056959936819a30707e793f805700071da5cfb
SHA512 7a6b53a273fa436dae8bce1c97e8348b779c1a11b5e0d1fde1dd681d8650fb37601bbb55c6219a75755a19e5e97466cd476f9f465a9610f91cbf48a7ccff702e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 c1a01b78c9499f1ec3a88a99a709b283
SHA1 8088960c049c6f8c0e5bf840357be47bfca775b9
SHA256 20e3197382cb7a59c970ef49be4abb08657faaadc5386f45cfc4b819651c8147
SHA512 7d84983079544545d05b4a2afc7e4e417c6f752c998818f46bf22855dcd289e205e33dfc0ba544ee49781a1ae4b17c0e80e37c1a02422804c75606852f39a22a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 febbb5c2c009377f1faec937e6cd8d25
SHA1 09919bffc6f904d11ed0f395dfa3708f79eac1af
SHA256 b83c7cbba964899477862fc4e22abd1429d386b7a3f0476fa6f88372bcdbc0a8
SHA512 06c21070a60d2de10376e7f7c83f8c779e9c9674c2a6a9412ed4474fc0778eaf4411a9804ee3e174d97b5ab9ee051eeb55c21c9815882885510bc3c8e3a7bd48

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 967d53ca768a8aac82b87ab7df59e8c5
SHA1 3953ed8c63e3d402f66bb9eac33967faa5ada9ac
SHA256 bb05f755355f52c74140317cfd613a3b5e1ae4b84cc3d8198a9b3be283babcf5
SHA512 6249565ce6c283120872b561812c10fd19628b69c4d42b2bf5a4dd3776fe14d4a6626efd99251796f6d0ccbec3c25f4ffaeeef612110a1a8a01e192129fbe01b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 afae6dc985b81897e2d65b2a503395c1
SHA1 9e653640ccaffc94078ca66fcceecc1c2ef2d03f
SHA256 7316714f172582fbfd1a912e96b1dd3b9d0bbb569b8d3c9f4c802d747ad261be
SHA512 a2f4c2ab0a812bf97854dabab71c480a847397d2b7a9cadaca6db73d475cff07ea5508168afca0efe3538a0fbe3f0267ec117db2855ac9e10eff539c34de384e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8e26bd95a3b0434a63b79f4c35be4d31
SHA1 4ff0e89c8fd70a65701a1e4ebf933075946163dc
SHA256 e8ca358d18236dfe41e80214e317d8c7340d042a7d1853661d50240d07af0f4b
SHA512 e3527d57a59ed98004425428f3473b36d82349523aa924bd3e2827bea4959fcc435cc2996caee767cb0966682c17db6dbd94383df50cb7ba14a31f27148b32aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f430a9d8ab79da7d2cb924a7a8a61f4b
SHA1 777248464a0f08a070cb8c512d1cc4a12aa0c651
SHA256 29bcf4983e1cfb54268aadb2c8302393160f80a6c752b79eb5395c8d8cdf6a76
SHA512 2a6aa6453e1ed59ded53a5d4120555df459d7d6ba799a20db00dee45fbad0cd50d3067bc525e8e3e2518abdf3b8df8b80dc43ecfc44eaf8810d6e57ef7fa71a1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 2c26fa04b0b215c70a00106f363b603a
SHA1 40863009db6024bf54b8023a301740f8c9cb15a5
SHA256 cbc80c9f157300be36cfc072592fa0fe556373f39ae082c6dbfa3760f7c8e832
SHA512 209c57f57c58ac8a84cf7ea150bced9019499f85daf2a642b6916510df409b5255ba4d133821a15226632d459e28b7e3fb38c30f4d02b74d1a193e050596b0e6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5e7600715eb433dc9c286b7b4474c701
SHA1 88b76c1f14a92b5a1068fa94a78f1be82f46839a
SHA256 427cc4b2169870d01ead4bc3cf6ed4477576ef2991be453ceed3aae325d38b85
SHA512 2d43dda45765726db9bc09930901eb181e12d09ab78f4fca953d1b690a348c51ff3b9691fc1513fd48c053cd758f7d24c55c635e462a504cf64d36a625e537b5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 273aa9ac67bdc7d76253fa5bca587de6
SHA1 b804f7860cb2a8d994bfb3ec1ccdf0a7a2b7662b
SHA256 84caf0349836b9d0a6eff7f2fdc608771850b69bfc6bbc6421940d638e22c58b
SHA512 925a8de2fb62d0f2528cc8eba68bb1fd64045e70340b34d10f4dc6e728d3a57c9b501f8c4683035f839f1d528e58177f83980c17b18241300060ca88a558df18

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 e2ec8a4496f6db836e2446ca670bb0a9
SHA1 a360ba970248520f02ef1a0de293412eea5da87f
SHA256 66b23aa4dca93702f7b00cf5c4013b81256c958253a21bc3c28ba65d4ba3f2d0
SHA512 e3fdcc35f9bcf4dbb6671efbeea47c355564aaa15e379ab2afb857f21ac450d132ee064c4d50595cd0d1de0c53a5774573368d41d34526c4e08ab6db00191939

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 7be0dff662d72f8fec16abd393308198
SHA1 777a4852f7e59246ed273cf5e382e2bf8464f6a0
SHA256 222d5251e99c2660a31275ce9fe153c2ceb225016596f537bdf4d1f67eaaa6e4
SHA512 e8c6494d2dc2cc93977d0e3e658d11e99b4c76d2d32bf64c85406a5f1269fda8b580b785c9aeeab08cabc1a0bf13f5b6f2e83379a35f2b37bb80672a979d77c3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 dd916963b284650db1f4b289389da1e0
SHA1 06868e911f32c756f3df2dc47d21c5c9d98cf4c4
SHA256 60e2203edc4f69bf0bc62b23ac010def83a201c8e68746b9bc5d5fde7f1f792b
SHA512 36d6ed263c21368f27458334f5ac9567ea0241658679fad71c47e25de44871d96796fe1663746067225a3cf0dd34e6e26adb5abd8f4e915197e55ea96b038e3e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 09e10fd026ce4d79b29e16d189430be1
SHA1 b69e6421be87d7e03c5c19fce5b4bd6c10c1a0d5
SHA256 1e0d03f5126a1bc680110c79a4bf21ed98bc153def8c5a410507cb3f0aa9a166
SHA512 bf1ec7914ce37e72f0f868b858e513b747589c7fc8063afe598fdd64a1996584d01fd937de6e73d2ccbab1666921c5cd32fec5d6e57dd506fd41309402725f25

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 8171a1ba05bc068cc44e9857370b8706
SHA1 9a3949f8ef650526d60f3ac8203fe9ed2c349a2f
SHA256 ecaf3f3cc09223b79623d74e37c268f4fd430423da543169dcf707cf30bac0db
SHA512 20b56efcf4f3594dc2fbb0bca52fc783b2aae8c8086682088a16e2546799c4f70c3afea0069e0cf4b2b9707820593e52bb6583362e88b6ff12b32d30d5adc7e2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 d526b96f361218b1b9da738e0a5bcf3b
SHA1 c6a110fe864c8b78163d9fc190fa92956d9c08a5
SHA256 935f4fc13f30e004ec84c9dd30b82028bc27bc1266e76d53b2f111dc32496fad
SHA512 8695fff46dc02149d4f2bde221bcb707b632f0165fcc7fb202feb49cc051c3f7cc729ae3f33e4d218cf2a9e5a608069aafff27ec06e04796398fc3700c0303c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 389eab711bd4755758fd4fbb1f9a635e
SHA1 393abc0cb3c5e47ac9319b71293664eeed6cc408
SHA256 c5508320f07d5cfd4c453cb92a21b79bb86cd8d00ff80c2e69335ce96aafcb55
SHA512 e82bd0d082a01a886d78cdcc41a0c04281bc85382b2970dfe855e8cb8c9b1d268c8b50ba9a11d8889984d8388f76dce955869c29f0b57c25d46b5b333e9df56a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ea8036850a1599907dbb0ea8ff41a96d
SHA1 696d47b0edfe76da29b5c8fc3f71f50ca00f9e59
SHA256 b3098efa8b167770d49a2b534c3514719e8e037834192757ae6b1b9e4f166297
SHA512 b0c3733fcaf97e5d29e76e162fff2306d298715baf095aa0c72e1d99b2c5322e2d866b48c400f156aa0576fd7e08391e51fec90dd50e9e7dbf12520baf582244

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ae3f6a18eda14e291261e533afe24825
SHA1 8750fdf2eb2bc3aef6522ceacbdfd5f5c59978fe
SHA256 0304c8f2cf8e9b736e03fe67c46af9d3b96d234b7fcfd4da128986a84ce409db
SHA512 e43e3e1e1af492f27e03e6322273261a54813900460212a62e7f03bcf815f5fd66bf6271d1f50094a17e82d0e88577b498b46ca1acf7e89f0d6b205ab4e1e6e4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 ff531ba553155223b1e943850fbd8237
SHA1 3f9e2c5571749de4d2c9692823970b35cb5f9cb5
SHA256 03788d6ba7adc0bfbab8a35057bc4b52d0888f1c0c93f02347c4faf3177cba0b
SHA512 91da2a4dc15c494000754b5203b273bf4ad944b21ed92378feca51173dc9706527d0fdfc46d59ab8d90de127a4de62fe83a0790cd3083e35e311c23d28f7cb47

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 620e5014e6a039b240899d536c7601fd
SHA1 6d023a7123b57f07d4d430b4462340b6b3d51e1c
SHA256 545c0f7a6130988e867a0439a11d0331f0e663c58b0a5059af0d3b540d4b7c38
SHA512 1fc132efee95cb95afe5b2ea4c4c412d7152f41dd703a88f52a8424e67a8012d9248dd59ce61176daeb9aaf0eb8b7382c7a153839540113d448417e05ea45848

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 4cd90b74138bb4ba2ca3a2e9cdb5c8e2
SHA1 fc4f9ccd15bbe592adde0671c5c072b8bcb18275
SHA256 095ad1a279f24182ee9421e36e0db7bf9cf46a76ed7502250784b047a3e05f58
SHA512 97d987cb8c1ac74c14dc3c1dcdeef01ac07189d300182b3dc5d33664cecd61d52b45052b7410e99c5f659ee0b302f0afa189d6a17d20a15d4bf67fbddc7ae3c6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 282f280fdd3d369c34ff81fac32104c3
SHA1 1f15834ff80884ab9f71eac00141c389fb8e2364
SHA256 870bd9f9b5b869079961a21f3b62cfca24dc8122f00bf8e1a3e9541092273f45
SHA512 0856a005a86f0b9165b4754691487cae062674feefff005b35e6582e989709d510798b430d49bd2f8d664ea5f9f6261e741ace50e81767a7aebd32686c93f2da

memory/2644-8932-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2644-8933-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2644-9179-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2644-9181-0x0000000000400000-0x000000000040C000-memory.dmp