Malware Analysis Report

2024-10-19 10:42

Sample ID 241008-zqzmjswamn
Target 2555237f97dee9001c766a3883d7238c_JaffaCakes118
SHA256 209f0dce943a3c800306c8fce83c6a4b2c35404be0e300c2e58b9dca78e39ef4
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

209f0dce943a3c800306c8fce83c6a4b2c35404be0e300c2e58b9dca78e39ef4

Threat Level: Known bad

The file 2555237f97dee9001c766a3883d7238c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2182) files with added filename extension

Renames multiple (2160) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 20:56

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 20:56

Reported

2024-10-09 02:40

Platform

win7-20240903-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2160) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_neutral_23613e3dd9401f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_neutral_8f9a8242d3699a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_neutral_10affee00545fb45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\ExpandRestart.bmp C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45B.GIF C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\500-19.htm C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shimgvw.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_582f7d465d43cd60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 3.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eb865111c7f1afff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0173f7ab204346a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7e524d44b14cc68b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Postage_VideoInset.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c985831dfe63027a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm004.inf_31bf3856ad364e35_6.1.7600.16385_none_50ff82015b97b704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-857_31bf3856ad364e35_6.1.7600.16385_none_2adc8eeeb4e35a81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\bear_formatted_matte2.wmv C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.1.7600.16385_none_72c835d4f94a47fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mmcss.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac422d1943ed658d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d8d0f45abbd18172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-bits-proxy4_31bf3856ad364e35_6.1.7600.16385_none_0d39ccd1226840e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_d527b0a5438b8346\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Penguins.jpg C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_658ad4c6e1804870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile16.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\modern.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7a3b3dbcb8eea10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..t-starter.resources_31bf3856ad364e35_6.1.7601.17514_it-it_3ee06e836ea22780\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dfs-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7240a8c0eb9a8132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_e410f56f6c4ee930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\500-18.htm C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_4431cce4f68cdf99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlangpclient_31bf3856ad364e35_6.1.7600.16385_none_b87b9d5131eccecb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1aaa1ed75ba28928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-gb-component_31bf3856ad364e35_6.1.7601.17514_none_92d51a492ae12096\GB-wp4.jpg C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39efcd50f173b20d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_presentationui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e6d173b5276e3670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_971e1a38c5d1b119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_18f200b26b2644d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f3ccdd13d6997f58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\ClickDownNormal.gif C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6b5a3a798fb698d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-14.htm C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e0ef3f28f794dc24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_be19f9194580ad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-kerberos-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_80f35f3133b4a24b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.17514_none_edc8831ae3260955\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a644d369e42ba650\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5de3c853fb27f8e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ncryptui-dll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e237cdfc0ad364f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_de-de_37678626322bc44d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_es-es_084f776c600a93ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_6.1.7600.16385_none_4dfcd58ab20106d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_6.1.7600.16385_none_58f1c8306ff0d14a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_06d626f19699cea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4408e86c08891fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_de-de_866165959f87dc9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_804ec5b56e60d9f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_6.1.7600.16385_none_eb5d49801545edf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe,0" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru\ = "ROQFLYYPPLMZMSX" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 51e3c93bfb6c20bcc7e8b3dd27595e14
SHA1 f67355913b8bd117abe11c03f1220a5a6fb7fcf5
SHA256 735a06b74083f33c3d23f5a4e7fe1135c87e1bea8b0a23a8e54761eb34b35bc0
SHA512 b6c6fcdc86fc74a69da557c32482a027bbd360aee0d572ced9a20dfbd9c5d5749f7ac527d616545ef40ae51bb05320d044d714e85dab40b6eb9e4c33db2bab80

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 179fc49830d6283f08276d2be49568f3
SHA1 b279806266646b97126f4d332638e265d1bd9188
SHA256 9a5384b8c14a6a4a631c8f15f50a14c3d9c8a38eb18d4bf1106c13f81a5b554b
SHA512 8fafebd6d4f5ba19d30980bec80ed5e02baa1679a591f26a173baa82d3f724160088b4bc00cd91f6cb869325f67b78b5c434d80c4d18bd78f64e1d3ddb1f3adb

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 91a9a7861109fb22c4978ee6f4c367b3
SHA1 2ef8185ce23c6e1f6a2423fa8dedbb81fbc7a60b
SHA256 b14e6c723acb2ca335fb653d1e681957ca02076b53911e74c8b2a8e053112df6
SHA512 aeadca32c4c4e3f154cd7d18f13310c111dad831c15f72056f1de931a3eed78502b0a79a0a7115fe7fee8f16d963a53220e840a0f8c24ed2d112bc9b9d72d204

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 b4bfd918052ba941f285d72f3ef1ed69
SHA1 2d033725bb568f175a299520ef0f18e034b85b8c
SHA256 2034a88456922d50e1c2d627ceeab8e9c5fbeb3ba8c999ddb3039fe7ef84b62f
SHA512 30e48268f1ef21cdc8be03a8f0f353952d9c284245c767172a4aaf1dad4fd093dbcf43cb32e9ba442043c9fa6af919d2aad98cb0c5748e44fef47053b020b6fd

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 3da74baa320ea2809ffd66a356e112bb
SHA1 441db4a4f194deec49e7a955746b3b55de27288f
SHA256 1a469965ab8b33b78631f283e26b87826b98e3e15bec3ea3ceab9ee429e17c21
SHA512 603589f2dfee941d8ee69dd9c71a0e2c518f8ddc1c92d62b3436f21c26995a370c522b7819a050c57e84a80d9c9a9d72bbbfabf0e5e469eefbdca7960e4b63de

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 7bd3e390f1271ad4351a0728417c6bbf
SHA1 5521c1a32ab81b8ae76fe3307241d62c096449c8
SHA256 e9cb95f041820be5f5121b6cb6d5aade6400a76fb69f263124021cc417c52b24
SHA512 37c2dfffc91ffe72968753a35aceb793f9c0ee3de8b93fa1f81bb5bd82b390d72c3893d20b67bc578f670f13d4ab9ce16ce6abf732adb9419a42363987a03044

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 f1e806ce9c9e5ff442e0f744477e7083
SHA1 6ea46f0ccb2609adfff31dea72669dcc7bb98e5a
SHA256 73413851ff14a1c379e05e43ecb3cf29564ebb55b113cbd4397af668db8aa903
SHA512 1ec5f0c9460bb08ce1337e1bc06cfb1f704ff73a5afa1eee19b0d8e2fa9278d06908e031b2455224b940dfc9dd672de0bc820ef3c2f20f96100fa325d63939ca

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 3bc4f0563e9a56c578eb4d071c939da1
SHA1 2903ac715a5c1d7039ffad980a63860cf0a560ac
SHA256 ed220d7ba3aefeb688cdc6abf42cbb7e008af9362b88e1154a80fb0e7b49fa2a
SHA512 6dd9d5f960a89fc3f9e750cdd69b4ffa766dd29195cbfa4d931f6b1e61f379dba1c9c93bff84de1b47c43413cce461bae0ca63442696815a5a94cfc0a7ca99aa

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 dd6bad27f34c515c61be21f4f2321d97
SHA1 4fc7bf981b1f25cc8b6916d0da23ee82ad9d17b9
SHA256 e8defd0e7a3dc29f4770d839b0ed6b16467a67ea71ab824c110b9eb42fbc9103
SHA512 cf44a1c8be4fd84411c93a00dd72d19b0c384a1120141352cb4592abd89b97b3097cb1ed37dfbb7876678bdc5b9be0ae5cf56614ec957264c7f25558c9b1eaa4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 d184b701a5783b415b0e6ced35962333
SHA1 e5c2e21c4516bd2000d3db50ce5182599ef1dffd
SHA256 4b836c51ce2e2da6b1a87e338540cdec03099841b073cecc41969f43affa2e68
SHA512 5d6a79d9760c2fbc01fe112ebd0d408718129cbd183882eeb0e8976a26ff2f343ecea05cc65b371996a4d5872397b7d73ccb62d85de122ab05ded93511835ead

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 aac9744a2847642bdb160f43c36565ce
SHA1 764b4abf23e50f25e84c29f461394acdfabac4b5
SHA256 c793b610dab536e2d7556cc7a5b61ea41650e1ade0232dbcfacbeacc005f8452
SHA512 215697255f0e47890b97357810be285b8c2f9ec0679935536fc6d8d98d43c9b138e153d87f3405a9cfc1431a20255188e32ee85ad64a894abedc59e28adf5301

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 e03f1f14a2e3087e1ea2ef9b99a758ff
SHA1 c65cf7796f22e3adc5bd688d84f24ee62ae7139c
SHA256 2dcac811b3214f152d1e1e0000a94ac4f46afb1cf8c6d9adff447877f8810c90
SHA512 ec6b7a979c95efe34315a79d16315fc1fd5e3fd692a46b05562e71626e5a4ca2ea7218e7feaa543e561acf341c26edc7d365f0db355c1c80d00c319eaa5ccbc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 d7b75d0860de2461537820f570dd7388
SHA1 34cfe37ef590d0c85939e5bf4a15c6c656ea7f52
SHA256 7bb784a0f9b636521085ec8fa46ee72f7b2553d24425343b5f9f06e1b2983113
SHA512 14029d7a96c560c82f2468687e854777c6eceade782cd59cd349337ae74daa5a8a0672fc02fef646900c991c3e8d95d758c34cf2b4df6064ab60fbb6354b2797

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0e862dbaefd55435ee173499e12bb39b
SHA1 f46f0ebbc7be1fb76f6f1a564cc5a6e58b85f558
SHA256 1f1fc7693af1f9f5367b900e42ee719e79d8c3ecb0e466f5349607315d50344a
SHA512 42011dd7c3e3cf8e689836fb8052bca2c7955896ca1649b72fc9ba4a8805a88016e263aadcfb54787a43665f53fa2fb238a7019c942eb6f7d7ed37a69af4d3d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 74c636008a38d835d25856e9dd9e283f
SHA1 232f5009674bd35f8dece6f95dae6f1f77a8f90f
SHA256 6a67c7b5b90413ba952eb4ce053ed17af6b81f77b6a47af4fabd0a0b2af491b8
SHA512 c6b6ad3ed43f75b24738f98d517a3458618f0be56c700d5e611d79ad33af26f00e929b6ee37f8e4025cb00d1a0a04fcfde5fde0e3b757b7740e5df8b99b83a25

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 9ac11693b363fa93f9457945d2f66e60
SHA1 ef91d312026fae9fb6f4f949cfa53d09efc3eb98
SHA256 80ccc7ec148380300135122106eddeabd782128d5418f9952f557440433a9e22
SHA512 4451149ee035ad185bee4698cfef106f6a4338b24f92863ef718e7926edae6a787988fa94099862334c85ece9504f4dffa605d74044340e09a60501f53eea203

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e7acc5f7ed6f29fac6a4a30576c0c372
SHA1 9ffd5509b1e6e2b05455e421f00707c22563cc2c
SHA256 ebc093de9d75ea371bcb5e260211fa0380a0f0982b71f16390e342bddcda464d
SHA512 f7ec542fcb3096cd42095fa9b0abc942c27dc0397cd348e3e276f04a6e7376ad6ac50d0c780ae8216cd263e89e01d26a7641bef85985d752165f7b4a37c97238

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 4bf97efafb0a5fc86bb2d7c026eb3024
SHA1 6e7d0380dba9381a682563853f93925d8096bd22
SHA256 6753b414a7c38090653ea48d80d63fd33bb93b673b03a24e4aeb5194a15b8144
SHA512 146c7b5f384755a0e96e51f346daa613fa682e2345cb51b043a5123fc7f7c99817bda9e9aebb1b01bca2ab300d53fabd9864cd24f91802ea2b0412699bca4ec1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 5d9185bb608eb047d09aad07494518ca
SHA1 cce9d6b0b916764449981b3b7cca1d4b4e8e465b
SHA256 dd8a3566a506b425b0769ba1a9564d63a5d1e7c80d4eef8d3b36d97c39b0795c
SHA512 c3667bdd78f5332284c038573c39ce300dfe43b4f0ae35b666e0c8e347eb474d3e395e3caee3f7439e0e47d806f9280d87eed3fbe03d38e67944b3ac88d0ec66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 6e954b5088d9d997febdab84ade26c03
SHA1 300d32e91c6bceb918f503b5bb0a709750b86261
SHA256 1b1e8eb0aa03c94bb5f43360ea19a0e84a0bb37e69033cc70195723cc882a850
SHA512 76ff58ec294924052385f1f8fc030bebd09d7cecd26de8fb312f8b3a439dbb67ce7d520092956ab4d3f95beb5a97a0a15997d4da2777d4c120c180ae9ce4ccd8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7ddacb42c579952165969bfbcae91f0a
SHA1 9c6b74264ee389f154d088426a1386460fd36891
SHA256 9c24cf8f2e380b50be7c2e615e0a1b928224ddbe4d9f9b2e7a5a5569dcd13806
SHA512 6fc6dae7d15967e50937361484b622c15dec625b686145eca40fe633f996799b981c7e09db4f2334a140367b26177af7d760b5b6808cc60a2d3bca0066e59b2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 b963edcda1a0ed9c4613409a7345d993
SHA1 961d3bbb0d9bfb0431bc326b34fe84f369e3840b
SHA256 a113a730bd67db9f546ee4aa31eb51a1316731d5b9c0dd3fab6ff7d049e1b450
SHA512 cd2b4b13b02a6febcddbb4243abeadd056d15cc8afc138ed57d4e49e19b10a015aec830f894e2dabc20ef8e2710b8d541441e32478fb843fdfa545c8256a39a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 d4d307ec3e48fbc5d760ed95c0ca6280
SHA1 067f55906406be97da44c92335bc01809973bf8e
SHA256 e20d3f796f35cef2d20600870f476b7cdd0e7fa3c91f96e113e6a9a80b34c582
SHA512 bb1c23e4cf4873a8854f432ee07f549e5073a12d98ae029e56b5333706145171b4286cb8c8d3c09f2efcb37f6e5d4fd2c6432c04bc8cf9f49ca3164b742f12c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 8e544b5b43f4f6f3d994f18592aa99ca
SHA1 a4838e73fd4d44583373171e990039027dd1ce14
SHA256 686a2bbe65b00549f0df563256991909a46bcd12a06fcc80ff3cf6aed73dae91
SHA512 0f0e8b9021c65726fb49a877f27aa5a655cc307b167ed46276c9419f133eb3ef81f997eb7d38f863f59d084f29f1a0ac14a3988fdeeda0101811c0794fd1662d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 c326c49e4845f832bdba27511b83a985
SHA1 8446c53383e0017aa672670b1c19794f4b794b8a
SHA256 0edc114f41bf11180814f4452d6c4e975962e41155feed655513e53a7e3ee782
SHA512 ec0b0f4fed5847394638c3a5ed9184205fa13711a37eb58586410d5e38502e23e500a19ef7b8d61543a41f4be299b2b7267050b4e865085f88ae6f430765bc55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 caad05a210502482ce176bcf6c2867e3
SHA1 56f81fda52c72fb4e953aed29956db4d6e74d13e
SHA256 0c67f0cbe2934bdaaee3e4be8bc50fdb7389e788a0e09994f36755b00edeeb5d
SHA512 772966545b2ee12685d193a91d5d071da2487ec14a94be44488f7bf7c060e806c142205b651de55954e0c2f9c8a817066bb7cc2f212a08187399d28e29ef1912

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 85700e87c29be074df5c9bc31247b946
SHA1 0b61caef93306f32ae67eafb717fa63cb57540b5
SHA256 d3677899ef72849c0128e3e027f34f4f036dcc71583c0a76b65f2c1ce533c1e0
SHA512 92c2cb53c0ca7d66b307d12f397f53c954800b06ad0992d94abff2721b65f975450ab80b4332d3d6ea79c9f3368cacbd0a0accdafeeb77dbd1b7df50e6e608fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 f989e468a316697b6f2862a4de220ca9
SHA1 4a8cfc81f58a64a5ad55a3e73eeaafe7c50b9147
SHA256 922f0eaa4c7b0827655fb47619251f62ed623014031f5856bf08293f5108dfc8
SHA512 c52ef24fc6bd4521d979a5462d45da3d69e58f94495fd5153c65c528f98b4fe74c1124cdae0567dd1b71a479afa4895c98276cdf845bda0c2f5c3eb4f4252391

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 af6f0e267f60d108866fa2c4b6453cb3
SHA1 1e228a5ba86b42b3ee8c5dba32b400cc3091e9a7
SHA256 0e5e721bb16a3056655310cc24bef75c616b5b4e8855621a878d37e2a2c20ff2
SHA512 b7d5abfdb01ac8bad3ae4c9f7423c95c68b65e85e1e62f098a9dddbc34deafb94bc2c8f61221d5f06dd15691f46c646e2d9b68817270f4cbe7081b7e2a13f148

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 4d1e5d1ecf083937ed61408116cb463f
SHA1 b13aeb789a674900072168a67b0abe20ea0a8a0b
SHA256 9000b480170e6d1d066d0698c99646bcd51388886b56976f086ccec54c021a17
SHA512 e7df40710f72be3342d7835558485f3842a5cf9b0136a35d949bc26e40c0a4941c53a88595f5607c2c11f9776653dadd1d665847504395ac5f88f78cb4c02d2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 8e2f9ff03058e80ba890259c9df21f44
SHA1 3de72afd8c998c33367aa65a601a7e4afa18679b
SHA256 70f7f294f5e1909454a5d2f0b6f834473a6306efa515e94775a99d3fb54b2a2c
SHA512 c3d27ef8bd3028d9481d4baac6b84ae33b6bb096f504e8149aa418797bc87cc4d9e7573fdb061b609a476b59ab59f9f9119432c047afaf34ec32044d7537349e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 14368763631b93f5943794aa927f81d3
SHA1 8aeef84314189bba778e31f4ccba9b8e30db3267
SHA256 b76dc153a7d0b72b89550a305a60a9da088639992517d8f2e00105fdaca3d4f8
SHA512 072873efbafd34191932ac7b5754e509a8b8dc1f15b542a259f8e89939b5c816aae53523f43ac8e3ea8993cc5ad445aa21fbdd497dd8e849c2a44e555ae164c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 8cd0cadf0289118f2373a9640ff136ff
SHA1 e75d7df9d19ec8da86c4a85d01061a4e5594aac4
SHA256 2a554c20dde450db5cd3cde041fc9131ffd7040b26e8b827079fe617ed40b61e
SHA512 f5389b04676dd2539f0673690b322c1919251b6b350a4556b0c1eaa089d77fefdb9d669359116d4e49ec40e9399b160344a71e87600b80635a66a632a41ed6bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 21d9713d04f98411f7217aa658894efc
SHA1 a566ec6c3e80a7012ba2fb1fd30d75324e8108f3
SHA256 33cc8ffd7c6872670b8bc521b854eb33391209556f67c457b341011ed157db74
SHA512 a6303e6b5129865dd5f9ab0a937260db4f01fae2db346fa24c41f3082d970d67954bbbcf28455e2955a8a017be89fe4e100ebac6197dd7d5126d7dc56642f774

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 e526a365fc78a7e80299ee278321ec6a
SHA1 0c27d3aa7dabde19dd738f7063a54e3b4d1ce33a
SHA256 f4c3936beb4fb5c64c72309901dc39d65584c39580b3d3e489103f9fa28e609b
SHA512 e3e865e88bd2b8ff41780d7c9ac989e763e123fbbc5a854bfa4953c83cb83c57aed9fc19b435291680c12a578542fdf4076e156fac7a78d3993f98d3d8743b6d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 917701a321c61659421980a72d269182
SHA1 a5ac65522fa0f8d40ce4b6e5428b588b6e68449b
SHA256 d077753ae4f2e48d744f99e9787f76dcb374ef55f845cf7730f4812e230bc31e
SHA512 7805b3a4ad374ad68253099f12f64bd12113f666ffe51de24b0385e6170a8d61475b410a595ed8e905da6cb49dfddcff75e235a76698413d8507514884e76a1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 c3b18e4d5f94ea2eb60f26c75aa22c98
SHA1 d9963eff2f5232cd8d67527f2df085f41d44e0c1
SHA256 c5c8a3c23cc6d69b2c72ddd6ae50c25b18d9e77b2dbf97fc462d06e1c2fb391c
SHA512 331386e8b6b6158a6b30a478059af995d88718cf5e8aa681800e6b29e162c0d199cbb41956064730c155f0b74ac5d6824b3c01986661f28c9179f4f6ddc902be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 1d6702f95737c90804fad8438bd0eb95
SHA1 34055bab98a5f2663e9a865c6792ed97183fcf82
SHA256 a956be55e96aabdd81fd7454f85159b1ff388d6a4f4c53c9bec0dc6e9123c678
SHA512 7529fbf24103a9b34bdc01aea194a5346d1ad298ea150c435b75f16defd4fb7245589faadad9a7ac5f4da70babe61d526c6a6132089b040a4101583ba668a785

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 8813d4a838c435841740e38d8afc5e03
SHA1 886ace9dcaf255d815d2dd3dbdbd7d1581bcdfbc
SHA256 d18a466f9340903bb11a05578d8eed2b9d3db809fa0249706ec79b6d93e5d2d7
SHA512 49f448c712e3625874143b66d3efb865fca6eb274a2e876b83217fed10a87facd588dc2a3eb40873d8d439be83de9e9132ec45603493da46fe5e639bc965ca01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 91dc1087154d1280f2dfb92a06f38141
SHA1 923c81a37e134836614f4a4cbc68420efd05c74f
SHA256 c89fa67bba2f0190345ce2012451b666e9020bbe3e14bcd72e26b0eb37595a07
SHA512 f65795d356fe16ca56fc46c2152cf220ce1207e8c89cca6bc8dddf4bb7d8a1abd93e51653f18836c127a2ed447e5cb663a0b82bda295605e52aec8b376f4755e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 a7ff2504e1f735fa9414c0e6e22cb82f
SHA1 bff03e61de8a01f17fbe893815ca125b0472b128
SHA256 aea2d23dc1d68783aac97c6c493357178752794f1d2794dabff84fd867bcb60c
SHA512 a31fe968f602905757a6940890206542ea8972d9b2496177261bef5f3ea702411de29ae05ebb86178f79a1384cae13844412c680db922e402234ac82c459fc2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 17c5e215c09811ed92162225f3f87f63
SHA1 5c8e0a506a27dcb1ea39a10263fe8b818fdf7802
SHA256 f9e25d8f4820f55c76d683eaee5a78a6dc783717e5432c100126d5c9159b53d4
SHA512 7980999667bfa24940c451a4d4d5d8aef10451b67bc15b458aeb47344e8c72c48ea84e99720473f805ebeb921aa7241421cb75fe244b1ba3e28823a3ce25f2a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c9ecc40df4427ddba7a5ed510b615ca3
SHA1 85d73f23fd14bbae0dd4ac631afbefa3560c7777
SHA256 f26116d637048b7a727d05535937d2e2ffee6f6d63df6ad5d4ae20e26ccbdd69
SHA512 5ab011ffca63a5a0531bb7840c279e6e8c0a157d340806da09b63da8cadd56717d2af5379d0e5b6c8ccff8668e977b08c41c7be91eebbcb736c2bc74a0a7b5ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 4e156f839b3d0e8a6bc7adb4348baa6e
SHA1 2805fdde1391399040c112ee7d9e027d7fd28f93
SHA256 a0cff9820192c200786c839ffef697764f174ab15ab8bb1dff626844544ab8c2
SHA512 aabb2e901765296e152bdc66e9cc95645d2b9bf9bdbe233f6ad96d239d293df1a8015599f6d0f73cfd2de44135891232ce5aefc0291d5a42ffb7ccbcfa50f08c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 0e0be9c9ada0bdc1acd7ebd3e10c6021
SHA1 3fd21adb33a893e2cf842f21fa8e92fb361d38db
SHA256 7437874d50fd95b5297a1aba3715221f7f34320522f402929e38f756b4e22a97
SHA512 5947fdd043cdf981c949b2cc1f2a6f842be12bde67455c579dae03673686d19d334fbc520c0e184bdb83401ea19909f6a005b904b62a050ba6f4f90aa5aac223

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 8e2f23755bcec106b3090fee0acb5f10
SHA1 0ebea6c5813feb0b7ebc2bb7e6ca4131583ed5c5
SHA256 fdaea785c778415bbfadede1a0b66acc4bf45a2672e9a4993a1ac620c483ea27
SHA512 b9691c66c69b0c63bfe6234b3970c648852d5b0d17ed23737cf0e42f5707a6c1ed31a25377a5b48b25046823b1b4e8207542a2d765c63232dd99d0525ffc99ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 38a2e10aa325bc65cccf15089ad88521
SHA1 76e5a5b55c90d094c44b4d625d882b8318a171d0
SHA256 c8b4de1d4f9118c9603e3c1774af730e1a31b43c0db7b4cef5af019de42ae5f2
SHA512 ae51f03349bc5be8ee7f3eb99c4a1228fd49bd74300c7a1e1fd82124250774589d911c133e8340b633e8d60ad43ae63e2927b507fb43e7181bd76b59a255d056

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 dddcc8dd03879e79e87bea773c2486b8
SHA1 5300e48a2bc4e9cc2c8e5b59812afcb47e0b9624
SHA256 58d6d47aa77ae680efa8375722065cb44685fd7d1989a0a626b20a0a91001ded
SHA512 2a16e4ec3c000371d625cfcfd9ff1d117972be2aa83a1b9c0987d4645bb6b27aea75cf22c78864cf08a1405e7b2f78249737228aa010803ebbd7f7faefcd7a44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 af6a100a449ecee9c9452f4400791215
SHA1 c1a6662c30854de5d7f31175564e151fd73eef0f
SHA256 72026398e19049696356bfd22fba520ff5c8d099e38304612d73652c82590d9d
SHA512 956e8b36f8dce62af27da26cb9a4b92df6320cad51a92f76eeb8b103e775c7928498752bec3e66f30e129f9693eabbf7da1184cc57cba7077158c1710fc344ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 19a87b75cda118e6cd4bdcb5c049b464
SHA1 c2fab58d844c9057f05c62cd220709166d18424d
SHA256 7f22f1eecb5a24707cc4e44007aa8fd949304a43ecdf8fcdd9117a9149f12a65
SHA512 916ae389b86119c750ff05f63433da8f5b4aa3d77070c0a9a93a6a6da84d465bc72429274afb00b7d6cf406655156220fc7b3c7be801b4e644d50fdcc677ca5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 2c07be126f185dfb9fc6465decc6c562
SHA1 296e393cb281c2822b6c2be8280f7dbffb0e9dde
SHA256 d75a20973d61e952357fca900243e417e1b61fcee33912fba13e309febd73b5e
SHA512 e30f3da2aed305eaa47a864d2d902a1978c4f8779ee883443121ff7633d7447abac5782a7e5b346e314963556b3ce574269e279ac3742a595fb5c5521da65f1f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 ef1d560d85e54744a3ccf839ef27ccea
SHA1 d9930b42addf494978efd0203ba1e7810a8a8dc4
SHA256 6fa603d50c61d89cbcd6236c5b00b6c0a166f64c95fe86851bfd607e1c04d92d
SHA512 dc275dace4e0905265b5789ac065a67a3d3bf386de7dc9c8c02850676c539fb6427c0a83c21dc0bfa6a65a96a7a1c7aaa089a2ed686cb95b28e3a85d3348dd5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 e9586bc43230635ee5c42419f9079455
SHA1 0ca84308419a1fcb3c24393d254f505c4369d0c1
SHA256 46f36d77b47afff938a443597bcd1c0c6e1294e452cc949b39e5dae3a27ba129
SHA512 1cbec4a8053cb104650d19e015dda3e133241fc52090e6021ec73cdc1ea572a5b7af00857500bbb32455311c8a9ed3745d428b5ca3ac2d571d60e0fb9fd9b601

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 5a11e4c9e3656d4ffe4ea9db76330d36
SHA1 42bf0088ae93fa4304f5b2b3b9d0d4028a3e95ca
SHA256 2ea963d6ad0765f4e95aaa81474182c67a7d5a0fe534e68d3ea6fbe29a2fcfe4
SHA512 d787d39618ddd295e62e633abb5cb68226a75427341d9c0f5f34b3bc71745a48d67b8747a638582178eb9bf22f3e7e36540f53b49212a279ae74bd839018ed71

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 66ca1d6373e80e0ff96030bb5010b3bb
SHA1 44b0510f83bc71204a2ea5dc3a15b3d6f28f8e10
SHA256 02675a49259f5e6071b879e3d3d53691d29408df825e11c46f3b27abb684ae7a
SHA512 bfe2d9f08230eb538c85cdbae18163fa91f68ef7a1594f508901511bc41000b542884119e310fb79aec5ee54edeab05add766f05da2d74d2bff542048576b260

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 6cd0fb4385a1d2b7693007a1423c2eae
SHA1 f16556025baed7a25cc42f1b8246e7ff7fe00705
SHA256 0757b5f3a16d8bac0ef554291eb79b39ceccce4ae8aad85c2eaa148bf9c1639b
SHA512 2899f2c6515e223d51227a5a5c560b4e5e6aa122b54fbe1e5cb5eb7fc824f221501b07b0899cc8d3646f65a05a90492d9a9b195a14d69afd20a95ac85aea5336

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 354679ab328b630950e9424bc491a628
SHA1 d1b47d71cfdd093de1ec84af34010a04109637a8
SHA256 b2dcc2bab90bf74c899574e2caa638b29f8be0eba3c344d70e3537708e0945dd
SHA512 f66a5d296e6f33413c30c520f06e2dccd90468d51fad8130a6a012523e5a6b651b33b20fb25dce0e20c7227731637237c315990890fd5024cf4eb477e5843c07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 d053fc7ca1373ff5b1b75bfcdca366d8
SHA1 f0cc6abb68a168c7066169bdf90e4d798f4b61c2
SHA256 4aea2256c040a6ac68d5aaf6d661b9b84a8add02dfa6784f798ee31d1a3296d1
SHA512 abaff0bff41f93145cf876101cadc32fe028782aa490ec4d66a651e7a1b0b37258767d2ded41d257baf8f9a6bfab1a707e2eaa9f2dcfb66ef8c7949b135a24a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 56edbc437c55f0da94ed7c4b0710246d
SHA1 795f39649fb4ef6ae58bc73bee7af59866adc7c6
SHA256 470af6ed673f144049204208ed97840cdd395d4d26cb9f01877fb77994c56516
SHA512 be76789fc1f2554f3ad6bde478b1ca4c9927fd3e0e41b234d4592dac1612951a320ed29240fe66f64083cbef858a6988fa78313af426d378b1cd28e99bda3a04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 47ffd85b44e22d6e9039c0dbc781b0e9
SHA1 5caa785c797effbf5dba73c0204c68c148a67881
SHA256 87a5de6af4b57aff588b44be82fff3d0deff8599693078c6a9f3dae99fdaabf6
SHA512 52f30b60543c04ad1709cc5ece988c8080cc191f559a0545c9f69ae2552bf8635c0bd5b36283f6d7d6f60da71c1d7a673e7edb672c1fc73382cbba195b07a76e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 003b55b96a9b688e7116b590c202ec97
SHA1 78070a809f0de49ad204dd259630e1b97d7f8b07
SHA256 4c51bd46be4abba17447aa21bfc4a571bccc32942317a7ecf77fdd0a3e321cdd
SHA512 5f311e53afe14a11d2a10fd35945eab916b2659f29de316ade5514c0345dd7ee4689a7f7bd9488ec74bf04cb865a57e3e34751bf4e697890a4f7174c2bce71fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 be99958fbfc2146f0c2b91043b4c7b74
SHA1 21a63a5f3c6b44dab520f33dd3c9d2bbb44a52e8
SHA256 08cdf0faba7d5ab6d0ed966ca9ad2e4f15e6470a17a0cae5d1dd0a7b09dd4d7d
SHA512 9f4cb7bedc580e61228fbb2f65644c7489d4fa458c9bdb57f402447490072b7b7c3a7fe93e1e35826a01749d34a7efc5a01f4a792d3976b691094aebf4a1797a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 7bb41881027fbd80b7152a7f3a0ac7d4
SHA1 e6aa7adc25b93123691c4682321e468013648bfb
SHA256 a0b3879ba223adbbc8f9fc3d39bde8f7ee9e8c571cb91c33e4e65199497925cb
SHA512 d35af9b035fd356f3eb1124b6fdb03bb2d52fa3d4745f02b3914a9bf8ca3d991cd378f23279375112642f49fe04390640d5703ec8fff8fe9e0a08516043c7a20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 be4c73e04f4cde319804ca1314bfc0f2
SHA1 2bb7aede60e6f54168d1588254375818ec8e1354
SHA256 073e236a0588ce30d65af5115414755f4fa2a9a9529dea2e2cc20354334c7c16
SHA512 7015fdbb51a95e57a594731a9928ba096fe5fbbb19994e92356c77464dff93130114f648506711406a8c3e264c2e49377fb91a197166a79cfcd25126a9c52185

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 838d178c2130ebaff65428d3aabd9202
SHA1 6d8f2e1884d7a4ba382dfe52d991bafb5c0815ed
SHA256 c38b7e54985aa2e0fd2fc5253a2d52cff999272fee573aac93c95a9c70500820
SHA512 c1b9ba233a4219b72443699c099d7f5cda56a9980fd1f471009683843497d8ea6366dc63fe71fc53fdce2d6c22bb5bfd0748b1f4868f971c10c0d7889f37e019

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3c5ffa17fcbddfb3dc7ddfb26ba26daa
SHA1 557beb59422285c8d5c7ca5e4560f291ba7199e8
SHA256 d261557d7ec812373793c4c1648df0e5d79e1ab836532c079e45cf66fb9c1e71
SHA512 2e420f26e6f524e132b442150f73b24ad1a10464a2161470d68f32c82f88238b8793783e2c74b42aa516670727c0d8f2b642de067424cfbbe2ecffb60d2e88ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6e2c8642789e0e5e8b8a9eb239df3530
SHA1 887fa4ba155b2974d6258394073d6f82b16e530f
SHA256 4bbb083f4c5d8504c9a7cb69967a8b2e5f289371239b2ee0d0d08296477670f5
SHA512 7e9ca8e9fd6acc5b9a0f627154faf2bdeffeaaaa493d6b70e997ef83a2151ac0be6e4b817eee6a61f11582bf78f734d16f3689ff78e16f413ed857adacc886fc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 64afe9689608bdd29823cd496a950d81
SHA1 2b5fc0139113ce5ab0ece6d259e0bd1bf57f4016
SHA256 19fda99dd07ffd0d2073b648042f459c8dcef470e60950ccab6560b57fa586f7
SHA512 cad636901fb46028bf788d4245eb20c80386429e2c8594489e62faab5a96ed46b27bc7f566bb8b0f8115fa4d26e6b1cbc195e9f8e33839df48014e54a783e5ff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b9b7beffdcdd48ec2b644d4149fd6a12
SHA1 6015bdbe6436c5407632ce79ebfef63232bdcbdb
SHA256 8b15e75adb194d835194fb1eaf6380d62f1976bc4b9c822217a249589e9e011d
SHA512 f749301b4d6fe454df608535aaf225cacf253be24004d7620009cfc8014674f489fe5a34df11c94f46d5b3af3dc5451d9ca956cfa4debffc67fe89c5ba50b86f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 674df4ff38e7a7ac431da1f8fdd50d04
SHA1 a4f3ca67563b735534a8cb17a20c05267fc48fce
SHA256 6fe7feda96b1450d6feeeb9c159cf32b8bbfe87147ccc7c7d1029e14d772e1d2
SHA512 281aaa6fff413ddf494adf43a38be88322e31a0efd13509edb4a0ba37eaa6f457bb399ee951c7328dfb9e57b04987875919f8867110ba65fd907989fc8428b64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4fa39f94966c61a03f225ad5981a0110
SHA1 d2b38026798ec2338198bd4e4e2902ba88eb0e49
SHA256 bdd4de1b7507f412b1d6012ab06ab411990ffa3a77d44fccebe20b7d8721d5a4
SHA512 8e0bef923d8fee787d5adb4d521c39754e1f239ee9290b1642a84f38ca0582dffbccd8b70532751cd1fc94745e870264631b4cb8ba3fd41ee2404a95b09c9eab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e81e6acee816c253c9f51e5285f95996
SHA1 a39e2c455d7f3914561e4934d84583757f5243ca
SHA256 f28f3a6f20c8a2e86ac96569a2f79c0d445e57f4fd4828d56db8b908724cfcb7
SHA512 3411aa33738b6fe186557e79372b90b0f4cafa5ff82754ba5d83b652efe26b7dcb49922ff490b7ec52bb3bc73af97197d6f95739041d28041ce4a58082842ce4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f863a5647216bf727d29aa64a6f19be1
SHA1 868464397b45e04828f51dde2f12cc78b47edf6d
SHA256 3cb17c45194cac708f6a02c821cca245ef56106230cc22fa76e3cd53e36b232e
SHA512 5dc32786882de589caeecdec54472d5685d8d302488e1702e0f4b51517aca7750513ce91e349fd07e4372a1b4f31cdd951d410f9647feba1072985683bdbd8e8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fbc99e81e079588d922e611e6099868b
SHA1 42a0dea61a2ddd3159d689d47c6bcf3e7a4ced39
SHA256 4e24bdc76e5569fe35bf08876734ffc0fbe51ca8f998af00ac6c6e30437b5e06
SHA512 f60ad74808dbc600fbffd62f3384e46227729df43cd531dc338d31a25747648bc7c6e24f7a1fdbfaabb6e503d0507eee24560ffaf8eade934c829d6501cf7941

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 cfefc7a768eaff92ab2ea29ccebc81c3
SHA1 5b4bbac9944861aeaf90edc4c966cbfeda714844
SHA256 0b6c3e98087fa814f42a314fad637866a6fd02899a28e4f7fc4437d5b7f876f0
SHA512 227a96f424366c870c86049b8403cc53c9734c2ec19c3ea194c28e04914b310f61755d925bf9888e88110be639c28cb3b7b578e33aedceb70ddcf4df9cd33189

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4c4b9fa5e48e23e0930043a3699d3498
SHA1 367866e7339f265c1b7a82b77f7c72caefea30d6
SHA256 9dc566cb9b8171f3037d09fbc6ab065b041dd393fbf69b1f333cf5e6a1e65138
SHA512 a17c03370b6d383006ea89c1539d9d0334ce204adc7b11da856461094072f67b58c725393ddada58834968cfaa2631d112a334f346be8e0c2c8d79eaf0f5df3d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.awpteam.ts6.ru

MD5 30a551ef637517d8598e3fa0e573d1c6
SHA1 25a311a00bb1c4b9f70cfcf3d26dbebba526d81e
SHA256 244c0fcae88f97fe3a2181ab8e059c83db864cad146fd1a1f6d159c06df62f8b
SHA512 b745a1a0e3389daeec6fa321173e67f1cf9dd3c1c5272c5990563e773901768307177799548472e5547becd5dd6c8b72687ce128d20464b47d1725e42fe938a6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf73a3cf99f32b542cec394a51459e97
SHA1 9def0d24f329d7b5a0b8781284d1c5a1215d4fad
SHA256 6979aa86672195648fb3638322e908960117fc646aa807849d5dc073a1af122e
SHA512 86e38fb115b4063d114afa9a92729c94fa422dad79213d3e8843adc826b9730468680cbb4dc85a098c2dee253853dbf0c1a71f159dea5d9124f6d6c085ddc6f4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 36b903c48edc70b4d15c4adc83146a42
SHA1 b5f5868d4ef245a37eef34a5bdb6aa5bff2d13d9
SHA256 015b4555efb02ff483824994527f1413ccbff1fa2885fe3363fc18520ff66327
SHA512 5935f07f97622656b331cb86132a796aa271df10f495fef74bb180d60fe7636f67eae9cb31715fc5e271762ffcde17aa601afce5e0b903ee7e92d74030f08ada

memory/2528-8801-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-8802-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-8978-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-8979-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-08 20:56

Reported

2024-10-09 02:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2182) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_9af3a8a63d4cb5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pnpprinters.inf_amd64_0c653d53a35b896c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\OneNoteCheckmark.gif C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\MedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-32.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\added.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-250.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsBadge.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-125.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-keyboardfiltercore_31bf3856ad364e35_10.0.19041.1_none_56eb1eba7e7d3a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sxssrv_31bf3856ad364e35_10.0.19041.207_none_3eab5ab615eaf290\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.web.routing_31bf3856ad364e35_10.0.19041.1_none_7223c681aec12a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_es-es_12731fcce0780167\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.19041.1_none_db3463b66241962d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.1266_none_df611733f1f65c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-lights-winrt_31bf3856ad364e35_10.0.19041.264_none_fd8e7e5b1e3eb4b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d588cc6bee78032c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_4a7e8ea9a7968b76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ivesyncprovisioning_31bf3856ad364e35_10.0.19041.264_none_814a9be57f374dff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_proximity.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ffddd23a4d319a46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-mci_31bf3856ad364e35_10.0.19041.1_none_d2fe66a98b958647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_it-it_264142ebc98075d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.906_none_451f9f9f8c8636ec\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.546_none_3f9a019e45575878\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_he-il_cadf785367c26b84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\scheduled\Maintenance\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..s-manager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_79934b9fb9473bc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing-powershell_31bf3856ad364e35_10.0.19041.746_none_349bfa9e0638e409\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_34f1ce58c3039dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-time-tool_31bf3856ad364e35_10.0.19041.1_none_ad4ed32c0facc27c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_cdcd73f1d4aff533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_712b803a8e8506d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-printers-winrt_31bf3856ad364e35_10.0.19041.746_none_d9a8ccfc8fa70f23\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..omponents.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8dd5d8c988f1d845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-antimalware-scan-interface_31bf3856ad364e35_10.0.19041.746_none_3f024f186a43ff17\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_38869341091832be\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a2a3fd470eeae4d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_napinit.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a140752bc67ae18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.746_none_03878c0fc2f4e725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_b817dbd29134ec4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_40e4df6a21c955a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.546_none_60324d60a5ae9b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-locationprovider-adm_31bf3856ad364e35_10.0.19041.1_none_c2c148c44b59d086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93fbb79a851dc53d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_cd8e4e754349d46e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmntt1.inf_31bf3856ad364e35_10.0.19041.1_none_bdb5cef29d5b2a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.1_none_9fbebf8222c20a6d\ResetDriveSquare44x44Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ocr-ja-jp-main_31bf3856ad364e35_10.0.19041.1_none_de3c43dedb6b4e34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..atform-input-ninput_31bf3856ad364e35_10.0.19041.1_none_74ab4b3f5126f808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_es-mx_e63f48588d1537df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.746_none_6fd85971debf998b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo71x71.scale-400.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..er-driver.resources_31bf3856ad364e35_10.0.19041.1_es-es_350331d5ef44995c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.844_none_6f27e9e1e7c4fb87\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_de-de_98f28abf04b228e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.resources.writer_b03f5f7f11d50a3a_4.0.15805.0_none_5aba01d57fdfe808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2bd3f83975569193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_10.0.19041.1_none_dcd885cb7710303b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.0.19041.1_es-es_0c388a97f28a7905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0808e417dacc8ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_28dc2f59fea46cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..imeserver.resources_31bf3856ad364e35_10.0.19041.1_es-es_f4eb993ec8a8d47e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\SplashScreen.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru\ = "ROQFLYYPPLMZMSX" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe,0" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe" C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4928-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 51e3c93bfb6c20bcc7e8b3dd27595e14
SHA1 f67355913b8bd117abe11c03f1220a5a6fb7fcf5
SHA256 735a06b74083f33c3d23f5a4e7fe1135c87e1bea8b0a23a8e54761eb34b35bc0
SHA512 b6c6fcdc86fc74a69da557c32482a027bbd360aee0d572ced9a20dfbd9c5d5749f7ac527d616545ef40ae51bb05320d044d714e85dab40b6eb9e4c33db2bab80

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.awpteam.ts6.ru

MD5 179fc49830d6283f08276d2be49568f3
SHA1 b279806266646b97126f4d332638e265d1bd9188
SHA256 9a5384b8c14a6a4a631c8f15f50a14c3d9c8a38eb18d4bf1106c13f81a5b554b
SHA512 8fafebd6d4f5ba19d30980bec80ed5e02baa1679a591f26a173baa82d3f724160088b4bc00cd91f6cb869325f67b78b5c434d80c4d18bd78f64e1d3ddb1f3adb

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 7de4f29408d41e6cc01d9c10acc69fcc
SHA1 ee1965023ac67dfea9ff1567b1a417f9f0d26488
SHA256 d9a7027cf0c7a97ff19c14870c1e8cf53182c458f0761cafd5c19fe5a658968d
SHA512 53cf1eefcb33e40f447d1e9f1da114fe13d531849a7c43518ed8d422004d28d7491cd4f1d91e605f69387793cc4bd3e7ab391c2e8a152495be5cc22b6f33069f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 18fd714045b12e3e7422a6158b8e0422
SHA1 9c30c33266555f5ef99663eecc8649b1eeaff1a9
SHA256 a7af3dcb2f66f9c590eb463f226f10faf861389def4f7854467d097c4732a63b
SHA512 5a90d01da69a61689e170450f29a518e0d21b8bdb94d6995a426ae3c6d5dd563cd6c7699cb4d17e4c0f67c2163d4ee203d07294ad4ddcb519d858a41c72da9e3

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 da80af3f9f268f224783ea83a9b181ed
SHA1 2f9e99c94cac356483d3f552bc26907ec73a3840
SHA256 c4234391b985b3a917ad146851c7e39123f9c92bcb841a062736fb9998f67b8d
SHA512 0344b009baa5d0e2958f394313b0e0ee7f6a2643d4df5e87d5526a20524d6953b99e73e025526dca60ee9136f613378ac6376cf36b74285ea156bf5ce243dc57

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 229f96b3d85df11c002b2abe64fb6c2d
SHA1 ba6a1bcd92a92cc3ab854bb949afbfd8b1e2d7f5
SHA256 bb989e23cb8a48630956b23d8ee2ae0ee55a93df0e8ff038626f88bfac5f664e
SHA512 0f42b6bcaebf2d24d91c39de29b5f974213113d2bc86af0cccb72eb1aa16a1bcda1e45bb4344f12579d7e1096c802a71fe90c5fd5dca17aab51d3e8e538f1ecc

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 68faf571e1059eaa418bcb2bc41b71f2
SHA1 e6d825c8f85e09940e1cb010ae91eefebbdacbde
SHA256 6de141815c83218ed65ffe5cd17097ab9ce7eb41974fa4a18af6c59a84ea2405
SHA512 213c0a617027fc98b1ffb466aa991598d4fd3047505fabd715fc0326a057ecc61c7b23d73048587bae3089f997a959804e6843a0a31f56b8b6a3303a25485a1c

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6d13b9f23c6a585d7270a44731bfb9f4
SHA1 53831f39b36718b1db977316dc2df57b59848216
SHA256 bda54502dbb4d11deaca77cf61ed093f3cf6522daa76559b29606a98c77f4f0b
SHA512 22043e6acdd03ababad7ddecce91ca06edbfb611d8f2140a56f71bcfb88824db57d8d512a2d2165f6915d62112108b25f5095e6890c09e397f59a4da4567255f

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 c9cde275a7667bea6947abe6dd7c4d72
SHA1 86baf594dfdb18ee0acba2064fae69c76a05fabe
SHA256 58948b990c65e9eb4b42b546cb873119fdc0a2aa89326e85aac961ccb2ec7733
SHA512 017b6dbfd202452cdcd1cd0e4d22e2775367e751986058e3720fd0d48c2ed27274814db528f6c74a2fef39893af17fad9e295f391770dd78f9ca18b70f7a6729

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 b476b8ee7842acc71f9d251e28147665
SHA1 9757e735af1e79c10c82f1e776bbaca8a231d44d
SHA256 1fd294d15163b3bab606eb82120e23c8e1a2ed950abc5ad15b5f897bc58628ac
SHA512 7943aafe59e27b5a830a62b6ef2769a02d7369618644c62ca584fea553d3901e52e4932b0595b7eda47eea069f8aaf3775023066ddf90a8af0c2db02e87d08ee

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 268248a2d3e1f97a12425c5e64fa19d3
SHA1 14ba9d2fe07a7afedd1123abe8bbb0bb626e2c05
SHA256 75a7614a3d041f140af18d4d2ee37c070b69cfe0e84cfca1b5884d1948279435
SHA512 9bc27a241ce3b0e847f62dde3a981f5c4c77274a35c6b2dec6ca6199af890f2f024a41ce0cb21909a08d1ab78b1acd635a3c8b1b22dd345a7d67b89e4c748e7a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 e4a5f6f32381940116f9d2e086224015
SHA1 e2c6a801dd4eea98e66ab389d767b5aa7776660e
SHA256 75932c6d531d78251fe11d64dfe21ecfb4357ad18bc628dba72a572439d9f132
SHA512 07efabb3fc78d100b08376c14ace2125491a3643cb17852287f4a0a739273149fc0a39853cc69f548ac2fb4fb62fe6d5352e4d16f337f5483ec08b73779cad4b

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 a1d2efdfc99f3f5976caa12536f7336c
SHA1 83b41d02b23bc669f2f555a101622c46a1cc1df0
SHA256 d34e6cc8186d3223ed1f648062f1ff66b2bfa535cfbe2489d2fad378cd6b9361
SHA512 84816be0baa17f37e641f099a57b615116202bbbe26b8fe84cf9b9b212411893e1fc90d364a46f08104ee8c50bc7a8eb9478d19451d829945ab3d5760880d7b1

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c690c825d2e7e847bccd6d9d4cbf6be5
SHA1 3b31468a855e09f2ade3c2189d9c84dfcf508cda
SHA256 b408342d56e2e086d7bacacfed5b377858dce4b8b4fb1d54b262011b224f2cba
SHA512 42c175514acec4c3323496458891f0f52676c37f0332ec347cb3da7fc346204b28ff881f4df3e30eaadd7e22c73aaa8bcdf7a3db99073a905783aaa725894da6

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 17c3a2fe1eb186e40fc30801fc0a1343
SHA1 bac681cefe2fa21f68f320eeeca4fff5e665b7ba
SHA256 4227715010d9dea9f2caf3a06b7ba3fe6a8e0741427f7fcb3340f56cb89c7749
SHA512 c1de7b3bc0e8f82f45e8eaa7ae747666cecad97456392b9cc50480c33be2eb41e9e612a6a23bf796740647a070f2d48c02683cc95d9e8a40d33182b7655b8683

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 1cc0701236a9f1f1c001ea0a2afa2dbc
SHA1 6753cdd565b874d53411b54089e8ebd25ee4c8ab
SHA256 3ad19ff89c2e4cbceaead20003138f7672ca5caf842e1f871b3eb26add12dfe3
SHA512 6ff80f2f72f86e86c92a930de13aa877516844d3fb0e8b12694b81f644dea8f906207d38fd2249c0f30f091e5d5af52e25c29b46e37df501ec03040ae2b50128

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 86a18d1a15cb481dc6944b43b70951f5
SHA1 fce0dc95881809bd27de5db597757f317c53d5b2
SHA256 33f1ebb33189ec5e9f68da1456d12c14439fc5b63716e118adfbe4d64f424564
SHA512 83ed2e2507210ea9816e1e0869896ab9a21d4e7d42577ab316d9c176db53ffd9c2007d6897d900cbda36a677a8542d72c97f70dbf66e7cd9777e3c3dd7db209b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 90c9a2c41858168fcb7c3823585817b7
SHA1 9901251e255b82662f247d0ddafc087e1e71ab49
SHA256 00e6202eeac3ff5a06a5538cfbdde313491ecf3a537d92f2bf92ae205edcdec2
SHA512 ca44bf20b02ac3b3c188c77b790176e43a18129859800c741f37adfb9ff8bc830199d44db46e6010a31639c2d452cd90e78708079456073d690b27d583732cf4

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 c4224ae1c54e409e142b109884489cd4
SHA1 28a74a706e763f7953d13741ff0a80431d476c4e
SHA256 00d9b98e36806bde3b60d1f955bad7c6bc234a7402225591942f1dbeede630bc
SHA512 aef8a71a96162c23329e019c2de2c8cf06320b57b52af1b13adc9ff728d2829e62d1a788b04c9ee8f1587fb30a1a8556069650c58ba7ff25b89a9c68acea1264

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 5e8065fb68f8eb8c031e5555654299ca
SHA1 8816057721f1264254ffc50d4b1073abceaf1bf3
SHA256 c6a13a1bf1ebd924f915bd230e57c99ec70794759d04be84d76610997550a716
SHA512 104b608ea09b0555ef18cf58d253bf3f60a4440bccbb863bea72d78d102ab7ff73f232370c212d3c3faccd09c3711aeb617371a5bbafaa4a39ba278b3169f93e

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 4d37b3d54950fa8f934a4fd4ccc72e73
SHA1 37c38a7abfd82547579836daeafe8dc549b77c18
SHA256 953ee31b828dc419476c776d8c555c0056940d2e42b0951f8e6a01925ea60042
SHA512 d6286eba84495f6c6a6968557f2ece9f1a9edee0bfab3fcca6e4935b772444a0433f9274583dd602f8bdf26c5dce2069323c6c983bf9e5ca1417bc548de61dc8

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 acfd032d37bdbda517530b87d508c470
SHA1 f8c9839df7efbd215bd27c715ef911df0b2ea2ba
SHA256 87e4e6f6df1bd51b0350c5ceb3dae3b27f7c063953566f6e3b45ac665744d7fb
SHA512 a877261a9792f8f36a07d3245ff0cedf04fe4b0e0fc4aa8d83560c04aee3130c2c4ebaf26dd0a75a1909fd0b8bfdd0b4c2b2c28831ca36ee6773d1fe72ad58fc

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 879711ca0aa5da18b253b4a9b9c76585
SHA1 2b30b7f488b74e673ca621c46f5d43d8f9c46328
SHA256 54e5d8dea35687b4c50941b7ecf40b8f05970d6c4d19e50a9750940af0b5ad10
SHA512 b2735dc1adbf1538b822f6d301a91971cd237d5724d86cb9f7cf4d5f93faebae20562e28ab84f02da5accb3c62cbf5d95a478a0b6c96c1c6aef5b03dca11ecb2

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2f635b876265c58c93395cc944e9f58f
SHA1 8ee0c4f4cc66bb5fc3de77e0bed88e080ed05bb6
SHA256 36ad0ffb200b1430f1e2fd049e5d174ece6c1eaced6c249efa13ab250eddb109
SHA512 9cba9bcb5b68ef26b045bcfe979e71d8b13a26259542dfe8bed48744aebcb6a49ae751fc1ba68d77c77cee08b49f822591c5bab314b017e8d18af3e252c79919

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 7561093c8bde2927364029c29eb6f466
SHA1 0fc627bbbff21db5ecd42876d7d367a07f603bc2
SHA256 e206bc69d0aa758cb68a7835ed0762e80a4078113396d777fa3f69fa01afe466
SHA512 22fb5d2ba7ec92bfe2f9695100bec4caddc4d2a7ba0c896e9c27661f909396dd787f9ca65409fe4595aae25466ad4f42238fc61328b2dad9a8e8bd392ec3c7f2

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 2131b587e2846d0f33624ec8c4914d31
SHA1 a90dd386003dd00b8266b6611c43615a70d1c73f
SHA256 a2a0918cc3ce4f997544095b3e849c175f9dc4c67a297da1c7e575b196c08c34
SHA512 0c84903cc1c41ba5ae758ec53157a7f56ea1cdaa45c6f5c99e672ecd06b941a17ef22ca77246dcf1dfba0c0a8e3867c706948e919bf0e5f8f364f829c5092a15

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 71a604be765bc49b57edccf5ff7507c4
SHA1 16982abd5f9c73c70693976dd0e612c8f555a2b8
SHA256 33e8415957933c31a85a98bc9451253d231bcb4d5fbbe5f759584e4702e36d04
SHA512 e025b588e25d0db75f16000b7d58ffb4a699949501bec871dbd696a3d5137401f334aff17386e17c23649a4d9756b2e1c92fdcbfeaea787cb1185aa5493bce60

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 ecd95d221f4262bf4c12dd6b0ee5a2d5
SHA1 ee8de451a14247d71477b8f90f81d223631685cc
SHA256 0591cd3392d8e42ccf87c2cdecb21cf492b850f749cbd7b6068436115852a620
SHA512 a994b50ff4677d29f264b74e2baf2b0346ab39ab414a02584c844fed61b4e1b93e92b597f7423d54a1f8c48ff334dc0161493550c0f51872b9878e1b6a1394e2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 bc95acc2e985d7ac90ae99888bbc3e07
SHA1 db775eff748c39de85e01f18a8b866a4c2ec7c49
SHA256 5d2d903a8dd96178f342374b5dff2d09d6f892018fdf643499d64f765c90f738
SHA512 5a2ac670e64d3a2a54229ae50bc850d68764a661a31b2405efe43021e4185b998d4bacd2ad4d8a53378b0788eb2e538248867891193e803b537709530fd98d97

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 7ebadd12b7a000654ace775e78e58900
SHA1 98677c32c27ed9c09f5f9802c1b3af401782ea9c
SHA256 335f01400fc6f861a5d8470f17d2fe89e751bdb0fea0ce29c726fff2d92e5c2c
SHA512 a1ab1cdf15e31de514e9da6fe6ab12d26d615ba4b4cdc6093e58aba1bad7c1bdf1852244edd53e5c80fc55499e5c8d0112874040d83fc24eba32bf828c4a7f49

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 2d1cd1d9402b36f5a2b6a08bde35e5fb
SHA1 7556f26d034b90a24de78f0687203e7545016c41
SHA256 d23a6cd7cf8fbd4919fe6ff7997b281a5b2101882ab849689ecb6ed68bbff209
SHA512 5773052497da1e581a8e32a5d65a8476910a6447c5334e65eed522d1d4c439b4f8fe4dac80967f506a361442d4bf04acb97c4a22610d5d87daf923fb2a049c8d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 e557c45f40723bb51c68b8de92729f7e
SHA1 24d972f831148380cac03c401e1bcb4c1d359bef
SHA256 eeab3689b81f1ccea8388a3d14f9145f7803447ec8068c9f4f1c7adfd27c0218
SHA512 4178f5becc8ddf7dea65aef6c0e49a81cb9c524262ea5bd163c6d033f9271c5368994cca4c5453331cf1750f1b8fbd4f0cb3a47e40e0517289723a161e82460a

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 8121d791c2a7a27322d0080ee6149b3a
SHA1 9b53aa1cc7285adcf27dc90da134cbe0028e4d22
SHA256 b7c0d5d6c97952e738fa9d4746ecc8717f44f2fb140fea8daca94bf15472fb1a
SHA512 0999b6c47b8435a00dd139a8acf6d43afb05dc30abd6da08099ce3b5aa495477375ac5828f501a25e0b20effd9d23470ef58a661084e3c4e7858fe9718c0babe

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 fab47845593aef8bce5f0118fc41756e
SHA1 266cf5943724ac753243927611f08cef73b741d6
SHA256 a9397678fd80a37f545fd27f0ccfdef93ff333ddf03242a2b2321e4c2b666086
SHA512 d77feafdee838641f364b2eba5f3c3b3539f5f382d9b601bfcc77f4bafb74afce5c1c1116e147290ed2aee2829f86248ef55a3bda88f6bc778643b97c7dcec3b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 a512d67dc788febd7133bfea00cc1b9f
SHA1 79c5a9a61766aeade7e1203b03a2d09d594b58bb
SHA256 31df626ac4beb6978c79ec26f82d2ea90cfcb6a454e7dd0bee959a0d17813b0a
SHA512 75ce81d16363def3301ee2a863e53425b15760bbd3b07131918cebefbf83584cad724b3a82623bbd3d190cb9411f0127d8f85d659f8045cd4489f45659bf5abf

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 0c4f516776a4f0ea58e1a6353804ba44
SHA1 809fb7518053a64ccaf343b92de05f684d020b28
SHA256 30e98a2c9153fa47c8f3155c5e5518728cdcbdbc5d91ff8a71d18f50d83ac116
SHA512 217df7f4eb701e15dfb7b6eeb3f0ef1343f67a961c6ef28464f90de5fc12ec4a7a53a1bd86c2f31370180e2fb7cceea770dbc56cebf413c914af39495ba7ffd3

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 99943e04e5efd39f39d14d21a426e09a
SHA1 bd57dc151278e3c1a5a1abc170a5f86f7e0ed2eb
SHA256 f64c4c1570bbb9c885afd9e3da3c53e4483032452af75260525d0b7e8cf01d1e
SHA512 d882049bb5d402c95f4c9e7f9d69a18274e06cbcec96431a9fab2f8534b5f98125f4a0b2b28a9b34203870790f082ae418d36ba2c6faa6911be6d67879843ca3

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 a07f327a893549360de855bb4cf67c54
SHA1 bd7f24d7567795f27d473152c177ce1314fbf72f
SHA256 5a56d1e62c419f603561a0ad776fbb57ad830577fa6b91b19fd7533799b19ac0
SHA512 b420cc887e0ba8e4afd28f825c901fb88d6122532fce2c13d2542ea54ad95c1e347c1670259bca9fd2b91333de4698a0a9fd62c6a74559de7576d18dc6e404f5

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 3cd0027eab9ab43aac6e909a68aecca8
SHA1 13acaaf89eed7e70f504c2826fd3e09e8b8f60eb
SHA256 c6833929a1811f882a504c434e4ad69e3a6ea1fea7dbfdf22c0887d75c09ac48
SHA512 8f8fabc0c6114bae5314bab9e3d8e637db9d29eeaff25ee92aad7f8dbd8e2e299bebebf99f8ac7fed7e8eaf32b59cef35fc650fc821943e0fad7bb803e9f62ef

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 6b8adfb095dd42bc27ffa120900e07ac
SHA1 15a88ba9dfe41e2a7ef91e931a773df54dd4dca2
SHA256 27e32b922c1074875f9a5e8a6ed44144df4a7fbf2e437f7c09b00316679f6862
SHA512 9e982fcdbd4dd82936cf40572bb49688200034fcb8220fb67e48c60aef6c4fe36d97120b45da91841f0c31d7eabf4fc4b3e931a4e497d7fe02058b5daa8ee73c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 636efad185038379b75c0fb113af6568
SHA1 f686d9402b6a2c90708e5e448290d42aa03def2a
SHA256 d5f1f297fe6e738db1ea6d67be202335bbf5124905b1f9c35db6912b322a9d47
SHA512 4e12bed7f75cb157585299b57d24d90cad892cae56d8924eb81fde91c443944d88a68312be4329c8ab5790f0126650b557251f4ad74da008f434899838902cb3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 1d394b2ebc3f6863765686db0f2656f1
SHA1 905aec21b92a1786017f9057dbd4c1550b55b554
SHA256 e620b8fcd09ba51444c44f6308dcb19aa7780d254796a665cba8fc7f6b9b06c6
SHA512 57dc6a8da1b7d5f1cae76854779e65ef09ac1a0535669f9b52156ab8facce1f0299d0bc8367904bb22364d222412f4c92f0558f5b83c2f69c7960be01049c457

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 d789a337d397a14de2ea1aafa241cc68
SHA1 cbe040e81a186947823bf0e449ed3c89a5e3a95b
SHA256 97220dfc5e32c0b5410e5f584a9d2a3a8949f4be44a94ed09b019a924a89690c
SHA512 5b530ed135ef77e882af92da6b2c9ddc980c8dff4e3132012981b953b272a1eec83e3ce54e92d3eb123e8ab7ac13c866e1aa46ee6a062278964f7399b136b30b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 feaac83e74603a122d7565cf5b856c8f
SHA1 d79afc21ba822c5e40dc12ab33df31a0d9b220d2
SHA256 dd802f313d5e935161e187d6846c1b4db6f80223fd53de97053847bf4ff73f88
SHA512 890b81321b6a24e60069d1e3ab1c62b2831b6f0da60fe4b503bcc434f6a5dc6e3c6eaa87693dd610c11ed9ffe5eca15fbed6ffd30ab3ad371f53007b24462fd9

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 3d078aabbbeca37dc85ba6045d0895a3
SHA1 f0c1a336e56ec93b894060afbb5ba1c6d2de4993
SHA256 991dbdba3bd2621e47c8fa201b51b8f28bfc59e01f78411e771f78a86012b676
SHA512 529b6384eaa50a0157e81d6933063dc9e9c4d16ad6bb2a5dce3797c3485ce1ac5be57aa1d454cbeb04a38423735462b9f4a0386e1f61f99498c8f324fccca4c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 e19d10c7a56d10119e28f7a3140d2ab0
SHA1 e60b35d133aa5b33ff1053671b54885639c4421a
SHA256 32cf949776c344f326a67d6c65d65bf93bfb16376a2fca3e7f600411ab55489c
SHA512 e55962d7dc0a793114acc8415da68d92f87e9f270bd19615c04c26432c5590ce53e00abb8c87965f92e0bb9045ca42b9a6cc0011fe9af7753c6de78d83e9fe50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a05b302bc87673fa526f2ffc77597c47
SHA1 8d70c9c50af75b73d53566c84fd9b9fd235b9198
SHA256 90445841c5bdc5874408a876c28f163869cff005ed026c9a64e64582d2b6d778
SHA512 764e322b6e934494093fc130bd17455e304f3c520869a5fe41a59f303ab5f38ef79443e46832703b1e428bc26267d2e48257011b23ba73b15d2afcdbcd762ca9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 1b92043b28956b33c4ef58550ec4eb93
SHA1 af0ca73baef5674250b337cedddf2dbf76eca00e
SHA256 a6ed4d80dba0951645e3bc45d0ec636b2165ae4932078bb2b9a0d13e48c5b1a1
SHA512 f3b8928fbd58347d3bde7198a2d802f4b09f428d44113c0b79df9f22abc836b4e63a4751bb87e6ed67d756ba92dcac93261da085e48525f8ad1ad0ec2a1d3ccb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8f390f072a3bdfe84d1b4413cff5f3a0
SHA1 b7491789b74f7e569d7617cf80927b223e454d6e
SHA256 6410a9cbc1bd8c8bba5aa30a64fd3acb6567c30d4d834caa4c05129df5087981
SHA512 2103c7c900e515861fa7585c52cfe8beb046b49dbe258cea46ef9288798a2fcf74d114b776cd55c9af4723baea0af57138bf4f2615d8d91369783925488951af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 daf4b0204b6e4cbd5bb999a5743f1fb3
SHA1 373b680c74f835e762de98474b6b95443d44eda4
SHA256 f2e10596846fc6c14da174d1cda381548952c300248fb0a8b4a8b4237eb3d9f7
SHA512 c57537f9949b33df2020c029c42f905c402c0e63bae603553ffbcfbc6a5ced1cf2864bce3ab926c775627e75d613c6924009b1a950b27eeef5fc9da0e89ebc0b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 781bb4686d77f2f821123484434f1f53
SHA1 9a85e96d4cb114b8365b8b430020494850e42668
SHA256 dc05aa034050f5f7ffc3975d780680cc73a487e54c56b418e3d53ad312a3a901
SHA512 fd386d292e6f8928a1ae7b20d6ae7dacd46342a2f81104e5680628736bcd1a0488145d25e1593d654635991d31cba106f9822d9012505b355f9adab3e07dc012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 381027063ce07369301ffbfb3d9fc105
SHA1 34776b18167e1a2111d517cd9dec43466a9ffafe
SHA256 ea00c9dc574de48899016e05af76997cc0b808d4e02986743941574f8d474788
SHA512 e890255568b26c344aed38d8fc6c9dc4436c35ffc3fee1290f9784ea904cb49f4a5bcacfa10c1b98eae5881960680bc26e34269b63d71591551c114581f79dcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 0166c8a96ddf663efdb6dda717efb4dd
SHA1 eaefc0b302d14d6b884c915394a62d8ede1df64e
SHA256 fb7cbfe4384845d1c272063d412e553c3770f281f109d320b19ee04b358f46d8
SHA512 6ec63154dccfb79614cb319b7a29f24cbfcfafaa89580b70846f0f90706f01e25aa244921267d31db24309d159b29ffc1bc94a1bce3fa853d52e31c74775c978

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 6adbcc436ce015359f1fc34d95bad35e
SHA1 407e9de7affddfd110db6f8949dfb33d4e8111ae
SHA256 d19b9277d7f84748772f1ccf619cd9d6f74e14174597500cd1dd2d9943e5f518
SHA512 ed4f0552a8b33b725538c47f0c90372c867e86cc2a779a85711139a6cf6521292183a290a13f4fd99f8d6b7223bef64430cb4197951fe3c8b0ba94e7f0871d30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 30da9b810f7bfbb6e6a7edfd3c64b3bc
SHA1 114d5b18728815f465ef629c63dbe793bedaab39
SHA256 5f8fa94953feb8dd14fa274f3225199992414b485b3cbeb2fab7a7f9f45d4820
SHA512 a7b6a985414b31f1cfa6f88ffb5dc683f7ffd9abf9cf635d7d011e63efe39843670b0de7e7f97e47df7288f61124d7a69ecb3b40673b289daf9a03e604b013a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 5a4c7077ba49de2b7a82da893c8b5202
SHA1 5b80dab693f1338ca0c2b1131195b0ece81ffc28
SHA256 604ccfe25b2feb45193b45395fe960658d994f4b2aa1a1634ac70cc168411fa4
SHA512 09e38aa2f84376fc8bd398fb656bdd9d0a1ebbf3a3c29e98f7a0d1303621d6a4a9e198139c90426c07e18a3eb356bf29baa6c393e7342a663916950b12422a9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 57bd9fc9b09ce80828714db6933b20be
SHA1 58abdf11023119a554a5b9c023a37953a5c4165c
SHA256 ba5064f1c4620577c1aea7186b3ba5867d8340b4157060c06e577c2a37ee54a7
SHA512 9c2a186f042b1a3627070c314328a9d7e9cf6a0f433da4dfa86667d6455e2362ded169ea458b7b03f9b501047d387261d7a857a73dc15c4412d9b14b375224fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 513c2bc960757b151af738e416112e2e
SHA1 4970730d02f7b0c391d9417de32cc2457dfe583d
SHA256 a9f95dcde8bc67a12b2b08edaf3f724ad1882e8d62b00d201aa799f69ef343bc
SHA512 6d7735e6c2f1ff4f1034eff4239a3a06ca7df974a3e95ecf9ea5f0a0754cba24c297a89b99349562c64622eb737478d66cb2e224294ffc99bfba137c51958536

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 73a8a3f4cac0494b9610de152ad63cca
SHA1 dd2e73d90ab7870f4888ba82b0e7ec2d13c1e195
SHA256 0922a7225e0c208d65f0dd238eae4dc93ad493d28fbde3a2b65c2567e4be801a
SHA512 6b80a40e5ecaeabc4b595282d088cad4b2974101933aa7ea34da97d7916960065fed6332d5cb8cd5ad467e701206314eab9d71823b7630c8ecd288e745774f3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 94c4555418a304058a3559eb76a361a5
SHA1 c90760217f0b03e8e60a8b7e2c26fd5ee1b188ff
SHA256 2e6b4a5b13bd7cbc5a6ede73c5034973b4251c55cdbaacbf3b643c349fa3a49d
SHA512 7b4fedcecc2b130d39e365477a6ceef3648e348a49d4271ba1f742b2ac8f8acc720beb2dd192c9bf4aefd05efc85138c385142e04760662336b565a5191ddc77

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 eb751e768e9e72711465558b53bdf398
SHA1 e874ce7157942161ac86944fa7e41c7178e38380
SHA256 e9c394cdc3d65ed38019a0b73846a20984e8143b06d560a7fc501b6ffb98d76e
SHA512 9c5a9e5499d1621ed5adc0f4fe7317d40229dfd58c9975d38201fe6ad2879ff626e7e93872d464036cadaf3c367a9fff75652718704c798a535e445b43ab207a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1e4df5d30c98015b8b5bfc530a4a7277
SHA1 998765c9c8808515f3be39a8ad6eaedfa799c85c
SHA256 83b62a7ff8151bca4ace66ac1b24f613d4f707e993195f6e6147186d23ba6d62
SHA512 a0fc1eafc9cff8e79e7035f7cc73d00fc5d019fa09a6016d7c672f53cfd813f4023eb6e3702a517b8260b7f5d359b0117b069039d08e955ce8f557e7a8834696

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8ee85b73b78b928ecb2b9e602403eff9
SHA1 00fd4533dc43318a735adc2cb89e208254958fd4
SHA256 6fa3331386adfea18dfbc4f178b5cc2886f607dde272ab16653650e9c0e9fc00
SHA512 51a57bc409f981534de2ca8aabac6f619c44463aefd9223a40b1cdb5f14cef814c260b96440ec1c943cea06d64a091fa89c5ab20836e9c56a108296877087812

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 864166aef968fed24df64fcbb143b0fc
SHA1 552005a94f0fc19259902087b4b2699b0332d0ac
SHA256 d59a68edb467e4a1b0671891cfe51f8db4ed473c9e947352d1f91789fdee7a87
SHA512 71a372a6910bce459e0c7456d7571c1b18347eb1bce7c87f43a3ed3be8a2a0db1bd07da26158aed3ed6682262c03fab61dadd6e4b9fe1d3566bbe9e6f3eb46b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 1cc4a692bee376828bfbc417e256adfa
SHA1 89019664f33aa686c54d95429e070571d13237f4
SHA256 3a075de500adf1d4c66742d4886564da2ede903b5a87a7975973e07d99a6cf99
SHA512 db553bd049bc573e88bc12767121652f0e9029dd562b30d68b15236b4a065fec296585b3a9fc148eac7e1fd56f38538ba4178cf99296fd554a7c6de6769cf8ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 a5b0a83c5ab533af6575a645f739ca67
SHA1 509c5951d0730cebfe4cedb62308f8b6952cd421
SHA256 c88c7d33789579746eec834f1f514a87f64b2879efcf4be89691ec073233ddff
SHA512 13d54424b5a683dcdfdc24dfa944a30c3de68d448f3309968eef954e2b29fc31c2ac240872a0d5b50c76692e7e9c5173bf63f74a27d74478170237b54621181a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 cb8989835de69e531f62a8b8ada49b10
SHA1 57f49542e59b33b6e79a9e0caca067b544703aac
SHA256 5dd0b1ab6da3a4e0995421488f34dcde6ba9d8bb6244b063ca59321ffb6fe93f
SHA512 d1789bc3befea1f71d49fde0c4c1f1afcef115ad28c833739f9270ac2482275345509caffa7a277b180c07a10d4823b581df15f32a49734a16b4d8c36ffffbc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 8a9ca43d152c647a603e1bd08ec87f77
SHA1 142c2058bab00e386794e46631ffb655dc6ae48b
SHA256 9f3f7f4824a2098a1248811847dd28f0bff88b63ff322e13c7297bea985f4e9e
SHA512 79dc642c77a5c807a95e625bb7d4cc6fe0d9640376099d4cc7316b28dc411d255a57fed564ed22983820a5de85d39788893941b76e9223edd4b00cbde12b3404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 a1029c285c6ed1b141e68b3913276825
SHA1 37243e5d470882a783b8aa704da8e7dd59d586d8
SHA256 507f8adb02383915d38f0d26ce08d705631ddc9df898a418471246756479d0ce
SHA512 0727326860342dfdfe97726a5240be604dd8b027fb10ddeade28d21ec5f72bccb435599014d5117993eba998a75691ba31ac0343278cb3133feb3ffee0eb1390

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 c964bfc9476cb1d72395304715f20aed
SHA1 c31db880a685e9df23ef526722795c3146d0fdf3
SHA256 c990b75715703c6e4b5f81f8ab1d387bfa752685dd873b8756295a5d9ccde32d
SHA512 e63855a1e1300a1f53347ac8e07983277fefc90a90733b317e607498b21cf33b85eef4a81312fc9cc6583c87cc5818979118afe7d8e1fe02fff0dbd71777b38d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 997c86e46255bf7c278bea210e7d717d
SHA1 235b4556f265484f1101ed0d184513011180b7a4
SHA256 a3870148589ae81c0d7cd68e9abe4d3c9005105a47966d4dcec92e24a7fac1f3
SHA512 91e6d72332a4713b99e2ce4dc9515b0c068defa3e3a00fcdfd09f9ab07e568faec35f4fc795811ffddcd395d05d71ced098bdacdcac90b89d48a8fb75084bfe3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f78220cf535d9bc8dcabe79e59be7468
SHA1 f2f27eeb7aaea98c64b25b510a4e9ac136eade83
SHA256 7079ba9a9f5caa45ef920112a18ed7a4896ce41ca20f2fb542b8e6a236bd603e
SHA512 5cc1f8af2fd9519d6b6f837685301d009ce3e54065e91c75ddcc943e40c4daccdfe38d34e95a80243386da8428277b33796290ffc3be20d41be1486e1b939f42

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 a22c12f65be5bd174c911b690e1532c6
SHA1 215b2b45bc5e9067dd17bea28117849ff512520d
SHA256 aebcc401c4e1216cfcb2336c6007c38a44e98d43bfe6103859b8cc71007ee55d
SHA512 62b3620adb62790302acf935dc01b4de3d80702ea88c91fe69476b9327cd25ac3cba37a6c385d6e71809557b659533f6939a2e4496f7a77f22d74410f5ec0025

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 4572307892ec951098dadb52ca1e1b2d
SHA1 55b90b6e4874f49a61cab84a84cc7f8d9542e675
SHA256 382783ca1373c54d0eb44af08a1f46e98a3cddc0138baca033ca74b60cf532ca
SHA512 2be554fafb3d2ed084ae6b35b94cf8906b2caa448cec5741f08166217e612d69c6420fe0f8dc5688ad3ccf9da3f9c25c2b1b98dcfbaef6547287e28ec3a0bc65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 dbee6049104473b4e65e1c1ed4d23045
SHA1 bbf740f2570e2f624a6c332a20002da29d85ac23
SHA256 3494a41980be4577018670dbc3f4444cf2ae244497c7f4dbfc8354347c6bd656
SHA512 845899ae4c83a05a994016970def0cabbcc206c14551a17e6c78af975e659e2a12b72552f203b7a282da4fe6364d6670a0aa30f75645034a18701a3cd8d68b67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 9e04819d54e7299933c893466ba59ed7
SHA1 58a182c55e2ac155255642921e0c53e56ebe2b43
SHA256 55b3705f6c61816e0067d724fc0c9d155de2d931cac6b2c98c4edd98c8ffb2a8
SHA512 f8dc22e7fb37a3eba7dcbbe20c91fb1bb5c8992eb8f2a59f1841902914009f8fe2cb7f2fb870ff31c9a5461fcf970e61c5ebeaa06a4158cc07ea6ec9cb6d73f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 5df07ff7a41d5c39974b7bf9e8b20bd8
SHA1 500efec7ad11b375e1172bfaad032792eec1ac1c
SHA256 ade5406dbfbcb5f6820c0c022492fd5e9417f35e0f9a55574168f70c9d2b404f
SHA512 0292b48881f0eca2646ba6caf8f2dbb4b9e6ad2ffc689faf26074b9a2b319a664a6c15a8da1869f22b86abfb525d21c3514e38d83ffe0e50ea55344b8d8dac40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 fcd19648de4d5db47f200ac4080ca44e
SHA1 3f26e04142e6c0d99c5f43b6328a336627b28fef
SHA256 2a371fbd74bdcbcd6cb0b57f3939af42f634906b47cee37f3b09e3ddd67f2478
SHA512 11c1e958e03ae15967d4198547c93f81100604f46b31ef91bf4332bf2fca182c233d55c6a643704910a5bf74d5352d26eb837be3e9c567eb027ed0ab822bb2c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 fd14e3830083740203204b77f57f5292
SHA1 f07786c357c98f87c662d0dac66f0dbcb8a06560
SHA256 fe86781e288341cadc79b623a004baa928cf56fbc280c8087bebc300aaa44f69
SHA512 b1af6dcdbc57994ed49f2cece5302e238a639edd2dde18e8b4b895f93b5436bf4162ea02944723b0cddad3d1cdcf9844ff843805022dbadaaab71bfdde29ac41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 bb81a44689f794fbbaa297faeea4dc70
SHA1 410a0fdfbef001f40b45be5d12263c4299c1be7b
SHA256 3425a60010f75f053e24c5c5cf8ec5f4b1276a2c311334a5a7e7b050ee0540f1
SHA512 4427a5766aa4753522eea2ff2e6821492e069d97fdf871fb9c87c4f3ba68ccbcc926e262b196d52442c36bba7adb1cbf42f990c6a600382aadaeaa663bd88cb6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 ee61edb6b3fcd254dd9980755e8f722c
SHA1 14e627baf524106bc3244702794c22af46287ff3
SHA256 314df36727474d69df1d9e693a702238965d6a315c677a61594e45ba0866ac04
SHA512 1d82f2d1e5373552e56b2445aba09df6df2bb41356f43cfe9ea7bb1b580a706cad73a1b49b956c6b574daa8307a332b0acdb15ef6e9b1093cc2c27d79a4dcfa4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 2a23a4012ad9e50cee06bea674acb67d
SHA1 b3b61b6bbfc1864eee22b6af976e45c20c67088b
SHA256 58d861428688626ac7b8d6f009fdd477cba9bdab287de795a04af893b81c322f
SHA512 c61a902d5035369d51b5a3811b2c7fdedc338b372e1ed4b28324b73d412c36e6eda806f8eb8f012d12573fa7922206c843e973514b2927a263dad8fe36b3e5f2

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 5fc98c03424fd0c4b95529355186182e
SHA1 3128ddb5c5ffff272587908b89052e32aab0d61f
SHA256 e409892619c8e049e0f2cd3fe3741b86142f11d4dbbe156f4f6d6a44a00f2187
SHA512 f4ded83737189ae1e0008ab566846c2a92901453dd200c8b228fd5e98a695c181915164fd7a37b7d8dcb950a8359ff28b6abe0f39859b379ed0e8013dea75cfc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

MD5 80cbf3c691e535f15bdc279def3d4465
SHA1 a1918d264fdf5eb801ad25bb4f265b9a5e6aab47
SHA256 1f14a106f0df6fb0c3823db3a0d94f23a869e42e3b734f916e060c80c2b46f5e
SHA512 087327c60eb636dc964d187e9ca84fbb42565cabb2903df50c899a559521255d0a244365ac73ea9cd159708b92fca1746f714731dcb8e584c0a9b2ddff7333ea

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

MD5 85685bb244e0ebb4ee93ef1ddf8b05bc
SHA1 8d1721a7d37f0d271faecb47b788d3b2276425b1
SHA256 d5e59aa01ba7241ac1e15a005e4376ccbf08ea394d26ea91e290095c30b894ae
SHA512 d658910c2da5fb2daea888cc8fbd97b0281934f33773b6ae2732f6956266b7282bf43a7a5fcd99752f88cce2a8103e7c06d9868c9adb8e33df10a62893293456

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 8a70fbb4253b1a214159c72483cf4dc9
SHA1 2281bf196653a59126786d2aea66875da41ad49a
SHA256 00947c3b1325967918d31e73d7833b4cdcc6834558a20c47b70ebc0dcb0d9f9a
SHA512 f758458fd54d483421b372929fdc8ca4e3d60c7394d4eab534aa5df4559e27ec01831872b46cda8d2e7fdb891b9f175176fc5936c013288fa49999cbcd739c87

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

MD5 18dee0f9ea8e38783d7ed45fc4d146b6
SHA1 014a5d3b5d7e93521ac5ed195c96f14f24f1fd34
SHA256 2af7ba37266ef179dd7ce82aa1092419aab4dec373d6478a7a3fd94d79902343
SHA512 806df443249f2e8d1cae4e6a754489c69b64d9755e424fed3a6a7da48cd66d69768344d3bc1a8c3a825c39387d45e7f85f9ddb0c3035ccf1e84dd8b27a578ddc

memory/4928-6351-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-6350-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 43544e4203ad4ad6443b1692bcd775ec
SHA1 dabfa095b89700ff2e1d59e096dee991110e1560
SHA256 1b45978c5cfd996437bf7b2f39cc7260d5de95affcb71a753e7ae7bc00a90ea7
SHA512 04ad23ceb25e8d9bfdd963112f0a2f86d924e08e5dd61507ec1f0e301a35eeb8c6137f11e9cb76a4ba5ca92c7183e7c48bcd8fe6b9f4b0470c57dc8201e63429

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 3c5ffa17fcbddfb3dc7ddfb26ba26daa
SHA1 557beb59422285c8d5c7ca5e4560f291ba7199e8
SHA256 d261557d7ec812373793c4c1648df0e5d79e1ab836532c079e45cf66fb9c1e71
SHA512 2e420f26e6f524e132b442150f73b24ad1a10464a2161470d68f32c82f88238b8793783e2c74b42aa516670727c0d8f2b642de067424cfbbe2ecffb60d2e88ba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 6e2c8642789e0e5e8b8a9eb239df3530
SHA1 887fa4ba155b2974d6258394073d6f82b16e530f
SHA256 4bbb083f4c5d8504c9a7cb69967a8b2e5f289371239b2ee0d0d08296477670f5
SHA512 7e9ca8e9fd6acc5b9a0f627154faf2bdeffeaaaa493d6b70e997ef83a2151ac0be6e4b817eee6a61f11582bf78f734d16f3689ff78e16f413ed857adacc886fc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 64afe9689608bdd29823cd496a950d81
SHA1 2b5fc0139113ce5ab0ece6d259e0bd1bf57f4016
SHA256 19fda99dd07ffd0d2073b648042f459c8dcef470e60950ccab6560b57fa586f7
SHA512 cad636901fb46028bf788d4245eb20c80386429e2c8594489e62faab5a96ed46b27bc7f566bb8b0f8115fa4d26e6b1cbc195e9f8e33839df48014e54a783e5ff

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b9b7beffdcdd48ec2b644d4149fd6a12
SHA1 6015bdbe6436c5407632ce79ebfef63232bdcbdb
SHA256 8b15e75adb194d835194fb1eaf6380d62f1976bc4b9c822217a249589e9e011d
SHA512 f749301b4d6fe454df608535aaf225cacf253be24004d7620009cfc8014674f489fe5a34df11c94f46d5b3af3dc5451d9ca956cfa4debffc67fe89c5ba50b86f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 674df4ff38e7a7ac431da1f8fdd50d04
SHA1 a4f3ca67563b735534a8cb17a20c05267fc48fce
SHA256 6fe7feda96b1450d6feeeb9c159cf32b8bbfe87147ccc7c7d1029e14d772e1d2
SHA512 281aaa6fff413ddf494adf43a38be88322e31a0efd13509edb4a0ba37eaa6f457bb399ee951c7328dfb9e57b04987875919f8867110ba65fd907989fc8428b64

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4fa39f94966c61a03f225ad5981a0110
SHA1 d2b38026798ec2338198bd4e4e2902ba88eb0e49
SHA256 bdd4de1b7507f412b1d6012ab06ab411990ffa3a77d44fccebe20b7d8721d5a4
SHA512 8e0bef923d8fee787d5adb4d521c39754e1f239ee9290b1642a84f38ca0582dffbccd8b70532751cd1fc94745e870264631b4cb8ba3fd41ee2404a95b09c9eab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 cfefc7a768eaff92ab2ea29ccebc81c3
SHA1 5b4bbac9944861aeaf90edc4c966cbfeda714844
SHA256 0b6c3e98087fa814f42a314fad637866a6fd02899a28e4f7fc4437d5b7f876f0
SHA512 227a96f424366c870c86049b8403cc53c9734c2ec19c3ea194c28e04914b310f61755d925bf9888e88110be639c28cb3b7b578e33aedceb70ddcf4df9cd33189

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fbc99e81e079588d922e611e6099868b
SHA1 42a0dea61a2ddd3159d689d47c6bcf3e7a4ced39
SHA256 4e24bdc76e5569fe35bf08876734ffc0fbe51ca8f998af00ac6c6e30437b5e06
SHA512 f60ad74808dbc600fbffd62f3384e46227729df43cd531dc338d31a25747648bc7c6e24f7a1fdbfaabb6e503d0507eee24560ffaf8eade934c829d6501cf7941

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f863a5647216bf727d29aa64a6f19be1
SHA1 868464397b45e04828f51dde2f12cc78b47edf6d
SHA256 3cb17c45194cac708f6a02c821cca245ef56106230cc22fa76e3cd53e36b232e
SHA512 5dc32786882de589caeecdec54472d5685d8d302488e1702e0f4b51517aca7750513ce91e349fd07e4372a1b4f31cdd951d410f9647feba1072985683bdbd8e8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 e81e6acee816c253c9f51e5285f95996
SHA1 a39e2c455d7f3914561e4934d84583757f5243ca
SHA256 f28f3a6f20c8a2e86ac96569a2f79c0d445e57f4fd4828d56db8b908724cfcb7
SHA512 3411aa33738b6fe186557e79372b90b0f4cafa5ff82754ba5d83b652efe26b7dcb49922ff490b7ec52bb3bc73af97197d6f95739041d28041ce4a58082842ce4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 30a551ef637517d8598e3fa0e573d1c6
SHA1 25a311a00bb1c4b9f70cfcf3d26dbebba526d81e
SHA256 244c0fcae88f97fe3a2181ab8e059c83db864cad146fd1a1f6d159c06df62f8b
SHA512 b745a1a0e3389daeec6fa321173e67f1cf9dd3c1c5272c5990563e773901768307177799548472e5547becd5dd6c8b72687ce128d20464b47d1725e42fe938a6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4c4b9fa5e48e23e0930043a3699d3498
SHA1 367866e7339f265c1b7a82b77f7c72caefea30d6
SHA256 9dc566cb9b8171f3037d09fbc6ab065b041dd393fbf69b1f333cf5e6a1e65138
SHA512 a17c03370b6d383006ea89c1539d9d0334ce204adc7b11da856461094072f67b58c725393ddada58834968cfaa2631d112a334f346be8e0c2c8d79eaf0f5df3d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf73a3cf99f32b542cec394a51459e97
SHA1 9def0d24f329d7b5a0b8781284d1c5a1215d4fad
SHA256 6979aa86672195648fb3638322e908960117fc646aa807849d5dc073a1af122e
SHA512 86e38fb115b4063d114afa9a92729c94fa422dad79213d3e8843adc826b9730468680cbb4dc85a098c2dee253853dbf0c1a71f159dea5d9124f6d6c085ddc6f4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 36b903c48edc70b4d15c4adc83146a42
SHA1 b5f5868d4ef245a37eef34a5bdb6aa5bff2d13d9
SHA256 015b4555efb02ff483824994527f1413ccbff1fa2885fe3363fc18520ff66327
SHA512 5935f07f97622656b331cb86132a796aa271df10f495fef74bb180d60fe7636f67eae9cb31715fc5e271762ffcde17aa601afce5e0b903ee7e92d74030f08ada

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 7aead87a195d1dcf7a0a3022d6741b7a
SHA1 0a133e6650d91db93c0005a3bd3422b8d577f581
SHA256 6e885466ceff05d87427a24e523aa258e3d9b73c55bfbc47ce9c9e3328b9d953
SHA512 5c0695a59614d43e45f9faddcbe58ae7a71a4c17a46363d1d2046496d7b0ea1f5193a9b98e14bebf73cbeb796a95c2c8e3a79532409017e30020e7d6e6041ff8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 08a1078763bf764962b6a429cd979e09
SHA1 ab3749b3709caaeff48b4731c9f7479b3bdeb472
SHA256 33eca464228b4ef806ffbfd37b2f6de93f24ebdb8889ab17f22884d32eb751d6
SHA512 be512aec9e21f8b86cfa303e5c3186941d4a8051f99e2aa422220a9a98cc7fc61ccbab109cb25a15fec7f9dfc18c1ea3760d242e9ea89c6adac31241d149b2d1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 c75e6aab275519b923b1010e72f5edfc
SHA1 0b826132b7b9974963e6c68a9d7db2c626195c5a
SHA256 707c2bc68b1b29b1a4cb8d041bece258abc2b1441d455c54b211523e11447d00
SHA512 d27c91784b0b5f6cf25e782d74ff2a26d1ab7388e486a5ae597fdb4bccf4d8fc7bd1ce2191f66d738d0b69260f8c8834c96b54d313d3af7b696200d13da3c261

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 259fba915f9bca2af1e037aca7e47174
SHA1 96bc59349f7e10f913ab1f7e508c52ff966245a6
SHA256 c4562823bf0259aca3361d00b6199d9134d718391a6ebf9cd5f4153f2b963977
SHA512 7e74e585d2f82cf8141654dbe7ce3cee75fcf43e81a67769e28c2e59bc36c29328293fd853ab9e4cbc39c93ef19df1b5498a3c84b0d119ab24b59c52dfab9651

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 9c2f1c5ac5deca451ca2b37251f314c7
SHA1 d9f26d6b3031dee2966b1961abc71710a85c6d06
SHA256 f4eb34b6d3192e0cd7923aee9c6e8d3c4cd418055530c541aee19637cec93255
SHA512 ab13fb3cf995e9592128aba531727b0ef3516d085a64eab4df8e9de0c9a7aa1eb04970e4ea6770011630c1af0a70d3b70f7657e204f1d18fe04cdfb3584d7f70

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 4685ee4c9b6ef519b210e7d10be6697e
SHA1 994d639bae5e4faf1d381f0f9d9bb30b01101fd9
SHA256 d3014b6547a15c9e66bfbfb2c60b1b2b52f8a8990cf322f890ae3d9b0070b8a1
SHA512 7aab85f12690a7f824f77c7aba66007cfd99ef1072eecf5c76300b80a233185e85fe20187cf3abd9259e821aa1a0dfb04e134cc74e433f0f919377806e9c10bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 22112f9cbdf00cf6e434c71b2afd7fbb
SHA1 b7b30c7eebd392635e47e8da63ef434ac6e832cb
SHA256 c634298088a9b9f377a6b390f3660bea12d6b7f0f7244130610a90dc21c5f6f6
SHA512 086c4bc4f2db44308d77919260cf5ca69c6167c1747c8ddb342b5493fb2f638da84264eb45765ea8ee9493fdceaab6e234c1b438798a80320373a39e5770989c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 6b1e91908de37cec62d8a667f7cbbf0c
SHA1 103a37ea105b7614d409c2fa04755ebad1ff49bb
SHA256 0b79cc9c075be9584193b04821f0dcfd2fcbd7ba06cd4d51ede7b0b73dbc43e3
SHA512 1a4b09ec355c1bd1ce521f5fd929668ff3796b1336bfffaea638eb9a24999b8d86b86c6489f4b85348d330bd24e3cffbf8da6928eb597ccc25cd10e5933c7197

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 13f75925b604fdac57efa31ea42da3ef
SHA1 d22fe6a908d1fa129eaa7fbdb7b6fcb85112908e
SHA256 6df97a7e8318517f8169d4d1eac52f111bcc438e8a17b0ceaaa50b11e9e936bb
SHA512 865f2340c255eca3254c6ab7445fcd09c7a8169b82b1f789a320afe98565b5a02ad9d60751d357d2f8eed75efb5ce6591fd7623b9ffbec4606fddf57c0d39260

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 560b08f472d8279d25e03e482de150cf
SHA1 abbfeb54df08dc6b2630fba0fd798e42c6dfe5a9
SHA256 8d70a0ddd20434f24cc428d670534b1258e22941305b31e8b7a80df9719016d2
SHA512 9cdcd58045dbf9c4a782789e4a6240091a543920d7708cff8a920732d91c22e9bdfbc079110fd1c6823e4be26c101794f4ad95c0f0ab2afb2e32d56278711d8b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 10012e7e1472e0b10071fe6cc3806a8b
SHA1 35cc7dd26f87264fccd112bddcb1bc0ae0b34ea1
SHA256 2209461fbe276d4dbad041287691d9c8b849301ed9e052531bdac9d1e7a7b72a
SHA512 4e42713c1f95ffd5d8b4245e9e1a840f30fb04db1139b0bae39ab020a31150eb9196ad5e4768cd75427623584aeec815d57f113c046edf036034f270d784b7bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 f2177f22a82d632182be92133cb352df
SHA1 05c45db8edc4a3cd73cd30f7bac2a5da72991241
SHA256 adc956bba484ab2e52e24a36e754947d79af0e22a919221ce2f30c8c54d97522
SHA512 26545f0f9afb41bcc73f1e2214ae12e8f8dbcec0c10a54f27b769944089704b9a4e2efac0e4c4a83a363b3f3c769100bf5a629bf218d487c7e5000785ecdf22f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 4be8d80bec8d706d81442ddf6d8618c9
SHA1 047df9034bab05891f62d06d22e1ce40e9adca8a
SHA256 bbeed49553414d9eb77f8f75f124ca2cc15528f5dbc524247cea2ecaa1391d31
SHA512 29e49d54a3a1dad452ddb65d660112be5fb05c7d0e20ef8fa54918708005b7fb09a70fa10c4386e924e7d048b5c9cb5f3bb50e767b351015aa92b9bd64f68c90

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 5ae775e0f801787b46c941019aa80f2c
SHA1 5a03009265754b8f3e3b878bf38917adbc49559a
SHA256 8bf367e6374a1cc5cc6eafd0e3e8771ad5e7d66fbfeaca22bf1eb17207c74fbc
SHA512 492fb0e3fb8b5efa7cabe103f1b4f376cdbda813770c0aae44b9d0d9d358c97017e2e0b58390afd59727b1570d52b4c4198dbc26f4bca90c70adfcf736195679

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 4546715baa71f8d28c9ef4538b79fb54
SHA1 bb44c22c8e11873b8f82cead07f41115a6798c3b
SHA256 9f6314fde588ed2274dbb7b9c117d09988f1db5917a9e8893d77055d3bc0a62d
SHA512 afd87ab6b749a62c150d1305bfe4717c1c0dfd4d90a825bbd2864ec5c8ec99f791f660386849b419e7774ea0cc5deb0bec386fd6c8d652316d38b9e9e377c9c8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 912d206993477c6d72611f6ebf09eea0
SHA1 830de39f30e51357f4f08899dfe47ba3a60545e2
SHA256 ab39cac830f34694bb1e7236d575e1668d670aa90a20b4e80687d0952316127f
SHA512 2a4fe2c9466451723004eb555797362da50cdda79900d79832ef953b67e08c61777cc3ed5d2dc55f3a6d7e67dec60c53acb80580e6734476db793f823ad8c60b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 4a0e6d46ae395980e475270a055f2d00
SHA1 acbdbd8526c49d54bf171b57a40062afdd2f4198
SHA256 2b65655314dd8170424d67ad209627ccd46cbaa73f9c34859b459df0d3875ed6
SHA512 f1d4f450118d1000c8f36ff54c8cd150f8c0e9ee628d496f746cb08b7ecc5a5c0e42b73c4635c4ab6227d34ba78b6551975a1d3196e23952e78f87234be80e36

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 29a7376e0f524e75ae2c547b13b6618b
SHA1 dcae9c83cca2707e775ce3831f9e36727a60fa1b
SHA256 89562e6577efa74919077ee3118384147368a9d2411f01e0e070b897410b1b68
SHA512 2e305ec1cea132a7322145501cb230ce8bef8d2b9030f2b159fc4083846740a172ede09271bc3696fc0934e766a47869bcb60075ef2b3a8967e592ddef36d549

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 97eed5d9dd904bfe11b720a440e407fb
SHA1 3910cd9a736610b85dfe07f0cc49c7993097e24b
SHA256 5453a533a8bbdf27b05992db37421ba982e43b03af46332f3a799fa9bed97321
SHA512 48a56d4ffb8d9c588b14cb8929943b20fee891ad599559a5286d44827685027f87b6ec1a42d2ffd8c40fecf7e5f24c16a79ce60e0da2f7b5d9feb9ef604d3417

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 30c1b8b03b8cff1f29380ab7bc76f486
SHA1 63c40a4d5e757cb69be24f16d45b58a13c3c9388
SHA256 0367b90b0dabdb386b607ef4e2cd67391f574e85c814f41758b07025a4c4d18f
SHA512 ef71b3ee64c7cf2f95f4fd6a86aa666c823f984566bc923d6396feec91fb9a7ba47861c1907b1b9f2d3644ac38819f21c134e3e8546079dd3eb47af10f898642

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 b04a3ba6093fe82a32168f360ea09613
SHA1 fab36d61dce59e23173bd74db4365a6ad344d98b
SHA256 03b745805821978316bd69e7bd26b8aa802385c8ad7ac110e6915e664894325a
SHA512 44d54cb8b587c132e7af6db5c125814be5d6309c935fafca0c72a920d9c70c802ee1d17ac8d37357738495c055a33ec55e0a4b404817f22e4add56b5c6c847ec

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 ee0d9ac1ce9af8ad95c3215e9addc41e
SHA1 73ee3ba82d3c70733826e06bb91cfcf84872642a
SHA256 dfd5bf119edb389841c85234f69a0852860a37bba165a09a78ef603fcb4038c5
SHA512 18364303d0c24eefeaa7eab7ceeb50947dc6d58baa494b745eb7ffb5d7cc65f41fd736d614a244fc80f4c13b77fcf116c99972941b2c24af25638d7ff1cf86ea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 d5689210f9127535389f449d919ab038
SHA1 ab21650227daa547cc50853ba8a2993d18be888b
SHA256 e0376d72cfd7a7457bd93bd419bd7ce8ce0374b316a70613b853c15e39adfad9
SHA512 5594dd964bf88f06de548cd26252a904e7d7153af62fa1a68cb34f93670c0f8430bcfff9921acb3d358a4f8d7de60f2f5d2753f313b778e9ded95425b8ae29b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 0fd74eab0e7092c5511c36ee3693e736
SHA1 b481e137a94200a4650f59e67f9962d35b922308
SHA256 3e24a9c8695aa204c97b89e2d53e905ff9fca14b8073902b518c5c430028cea8
SHA512 932056fd028d34b13fd3803f90ffe1a072933b63ebd8e3d9379d07ba585b2758a4197f55689a6341ddb4df7faff1cd94906fa4fd9e08f0e1424a144333f437f4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 22e8c89c459d2ea9aabc533cba762294
SHA1 6d823cc9490f4a64308424a6cee85456a3221e3e
SHA256 34097f57c4de381abe559ae7596182d1a475216003c32b3b5971d7561b2c41d1
SHA512 05a6cba794f23327daea45d03ab539af42fc74522bb026f81169ab5c25627f84dfbf2f10b8bbd958412311de4b067d304fe7300f6f181e3741c56aff894b10c9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 123c52fe432d57bdb25ffa77c1a86124
SHA1 f2b2d62754adf231d878c6ee6656d36bca77ab8e
SHA256 a5ac9b28a5da283bfc36ae8c46eae81206a007051a5f4397e630537395812d0c
SHA512 c30830bd950925bedceb77571dd9052e9862cdbf3d67f946868f115a49449babb26937f99d0460d2f0dddc5d2dd4096338366d98dd310e3dff94754f4a2eab04

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 d3fe826b6df1a5d5fbbeb7c22db2dd5e
SHA1 ea70f1db842fcef73774cbfe917e6d3a6faaa768
SHA256 72f889817c2c499e5f5c8f8163b9aa14cf319e5cc11272589c1407aa5c5d56c7
SHA512 2ac50a305ba4caf29505ec450bd8625748a3fd87227b50461fa6382ef3a5a186bd2ca5dea4adbd85f8249c96d242bde4f06bb2a5a26315d082cd1693845a3fd7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 54275628c4c61b9200604e2672708d19
SHA1 83df4c7c0e50bf6c8fc112a317babef64f829e54
SHA256 df5a84440f716ac01b586adb1c1293bb35a0eca7f8ea785c3dbf875e64bb2b60
SHA512 94bc58083ca25b9bb1be8730427e9aa6dc48cd23eb6f4dc0c0546e3e294022d395636dc4e5c0de5617cd9155b17e0988333fdc2e55c4467d67f388e6294d6281

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 a750698afc7829bce754c46238523935
SHA1 3257f909601b2320c41c8327f41f1922f96267d7
SHA256 0f1f1cb4d94ea57b7512fc0cec1cde72d16be6de868b2e4eaa04025c9ec9b574
SHA512 e0e59285638e37dc93abff131838352178845904375de5d31bfe014e9449c16939ad866efc5f9705a0ebdb2360db36c1176f8c9dce810b960f50f38c092ac815

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 a4acde767fb02e127906afe281aafd01
SHA1 1129d04e0d361190cd5e4ea5e097ad88e3b45b41
SHA256 752f1d0819dbf0fff2007fc21802b1d1e4badee5909e502283645e47a755fe78
SHA512 e150728113ba7b3bdbea8291a2d5c24972c31fcaeaafe311e5d673934e7bed67822d65c187d3630218c2a298cae1c1e8fd8e81cd5b530204a2cc51d47c9fb32a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 bd371873f0e1ef1ef99da1cb4ff3351b
SHA1 a8404be5a636cd0df3670c606a53da4c48a52b9a
SHA256 eaf2b15e85b4ca12b442b45c99b66542225a667e750fac12cb53ed050c0b3b45
SHA512 c7b5ffff692c986742c6dc3b17b0da6897c0d44fba146ddc4969c3544270aececbfebd7af114a9edbbc4dcbdda69444de502928ceca0f26ca3b290d03409e522

memory/4928-10706-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-10879-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 6d43f24689cafbbd1a1f2a4d6367ec91
SHA1 b4cf719b7fef4501baf909b372af0570cdc564a0
SHA256 e40bca1e8cfdea28d495f593915f9451d04d7d1375b09f1749118b2a8901484f
SHA512 fb983e876b95156080b6467716295a3e77b4d7fd93e492db9509f33f6c37d0847f1777465f138cc8976ff5a915953cd978051cbc956994758954e044a51b2c30

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3ea8bf0b3751829ea75f4dac5b396a6c
SHA1 eb4ad1441216b40c04b631c505087f2cc0af7e4f
SHA256 c5f08521bec3c1fdb27fdecf3d463b7c54eea34126c6fd9b959403b6697806eb
SHA512 e2b286ca43bcb9fd0aa4217d348e7e9c0218089537875d14147cc60743f9632e5a15f265a7bd09a41e2ea476006010a1e5fe576ee6a4cf930212ee92a5c3d5f9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 77017d1e97c6fc80658566e30744605e
SHA1 9e0e008385fcf56bcf522b00d25e20d9710ddbb7
SHA256 f2693d6108e70564f1e8b33755fbbe0600a93405a5c9d77f6172c915b61fb6ff
SHA512 0dfb3235259f48646e347330bede90bb17159a312d4d5efca01a2c25396f4288d05fa5b647c4090695b90754d0f207c09435d810a997b4d936f2a8ea8ac12102

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 f5ee8305210b5bc5819779e0b5a81343
SHA1 8954d79bf719cce049899753bc5b41892fd84404
SHA256 a8fb24db1f354a4d2099bfd042e5f2b93ade1e66a7b4fb9d34f615aef731be72
SHA512 b1ee0666e8ece40536b5c5273434d7f6655add67a70ea917e8992298bb72e7963f0cb48147678708d7e25213afe6d09ef5eb6c4e23f6377d64e72fa7a0ce1a5b

memory/4928-11186-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 9f5cb7d0acfb5616cc0ff1b0a1587709
SHA1 519fe1e6924552d49baee08679e2e68451c3f992
SHA256 91ee44af91661d79654c92c52bcf2e0642ac63896f44a243a860368b950cf2a4
SHA512 a8b23e5a4ee4c46dc7f89f2bdd6e89e46206214cebf1752a7c74a7991ed05109b74b5910dc9cb19c7b54f05be78193fa055a1c4d6cb46931f5a9deb562211c85

memory/4928-11191-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4928-11192-0x0000000000400000-0x000000000040C000-memory.dmp