Malware Analysis Report

2024-10-19 10:43

Sample ID 241009-lqg6lswbjr
Target 2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118
SHA256 f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f

Threat Level: Known bad

The file 2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2183) files with added filename extension

Renames multiple (2195) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-09 09:44

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-09 09:44

Reported

2024-10-09 22:34

Platform

win7-20240903-en

Max time kernel

117s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2195) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kpcehjmmpbeehjjm.bmp" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\gui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\CURRENCY.HTM C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\server\Xusage.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec3f1f5c9198800e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\16to9Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\a94b0e3f1bf00abf7e3630e666aaf10a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bdf0967626a1ad3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-system.messaging_b03f5f7f11d50a3a_6.1.7601.17514_none_b72e2693e84b039a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc_31bf3856ad364e35_6.1.7600.16385_none_1a0b3f4b23047c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9c6283a2a059680e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\69e6acc80dfb71c3ebeac12584ea008c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1e9779aa27da5472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc640b4c1f94494e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6becd7c8227ef44b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_39224f16bcadf7c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_71a556abb87acb26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5633a8dd8910dedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ae9bda912e7a71a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\corner.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fd1ece67619f6bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wnewue.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3fbd9160844b7e42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_289d421b17a6a929\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ation-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd04fe8efe827cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b3bddeef3d584785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6ddfa3bc2153c94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_6.1.7600.16385_en-us_14b2995e1db921c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4540d35fb28dafe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_868e12e5e3585129\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7600.16385_de-de_85149eef14919edf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a99b2e7da01e4f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a9ea056151980da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmelsa.inf_31bf3856ad364e35_6.1.7600.16385_none_59fc54741904bc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4919a91b56dc419\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ab225f359f5f4de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-14.htm C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a69eeaf796a1eec6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c110f4bd66485354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_en-us_392ce9a7ba4fe7e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ce-server.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84763198452af611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.16428_none_981e5b1badd89cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f306baddbc30d70b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8e57778214225c92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\softedges.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..isc-style-videowall_31bf3856ad364e35_6.1.7600.16385_none_f0f97c9a09073b00\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ermodepnp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb2a201373875c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8badd97538530c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-controls.resources_31bf3856ad364e35_8.0.7600.16385_en-us_c879b5409038c19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fa67a8a637f9e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img14.jpg C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_218feb5e558d4d45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_2a863865442ba065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ae2c74d1db5e2e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f6719a27fd39b2db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fc92234d1c61b08a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_37fecb9490b2bc32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DERGDLPLCMSTZSI" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe,0" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bb4e8e17325a1c0f310ef380ac2b89d0
SHA1 7337c25f0e89c3c5e55ea233956cb4f81acfa7d3
SHA256 4185f4949bed6a2b059a1d64aec2ca9d87f0ed1bc5c27f94596e3fa449134ffb
SHA512 87fc497a83f42c54236acecd77cbb561bd8cdfbc1beec5e06b6a196519ddec11691af481fd55861499a47e42398775d2a3b04face0333baceb538b11cdabbb06

memory/812-59-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 753a19577e04eb7b542ddb8e576d583d
SHA1 a3b264d244124dc3d043c8b5f29409d9451d1c6b
SHA256 68301687b846f845130f11764aa9f358737a53e8c2db6e237e1fb5018a18a90d
SHA512 d51941ca49c615389520a7ff6c8ba7913013990fc6d0a5c20aa0bbfc66ff6d79f0ababb0f603d5f8cadf7b5b3d915d6b1dcfeb782d8b34c66d6ad3422fabae0e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 ef0545017be48e3ff5cc7abaa9e47639
SHA1 05c85bbc52c1eca225254ce9662f22fc30619334
SHA256 90c7e34948e24e53966ba453c798a32ada7eb4f1092d8d9864b8fcd5d3b88173
SHA512 f1c081298e1a9340344f5f1685b862bfa85901726ea0495f3f3bd409c25626fb25a04669bca8a3a0b20875074d8702f924eb0ed0c2e07feae1b76066528451c3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 2f11e3860a769a4da8f570e886755d35
SHA1 71a2005c86e8933e23ef4f3e2ed81ca8f1fb424b
SHA256 9670af6ee84d12b7bef68c7d7951684c5756556a6aab82fe1dc71df5699847ca
SHA512 a4a799c05ccbcd7a8353f034bb0fdd58ad7abd853f04612ea5dab8966b07dd38cdaea54e3ed2cb8df5844dcacf450772d567c5673d2d9c7c3a20eed0e251880b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 564879a052c7568047f70b18f717b1dd
SHA1 498d9978cfe78077767b076fb5366121da4da449
SHA256 9b3c53ddedd234333abb8795a60d66d04ba0b1467e9ced63eda734ab2ba038b9
SHA512 f09c81c42c660cf1199a6598385b133ca1ff2786e640d3f93e59e565ec7116a7f1dc12579291167377166591aefdf99aa144d27ceccab651eb0db98e446ec962

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e2bb82ac0953bf82d72a925016f00605
SHA1 f26ac6a45b8d4f4d3a877e8817e76984ada9aab8
SHA256 a2e05d6d315c243c4a55d49a1ed37facb4c102b7083c6c640591875085ffcbc7
SHA512 3d4f011d6de59f1fb5d821ea9643e5188d981cdb8261472cedc4cf8d43ebd0b1af918260f558785f4f7cad877af6f11f35e684122d530cd83798cb25254bf2ac

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 594b6a00bf4eff48bc20bc2b824f722f
SHA1 c2a4dfb69a41f913280bb18410e34427500ae212
SHA256 308b408c9774b129d89f7ae86181efe97037a3c008d3ec2e0cc7dfd0d1cd6c57
SHA512 d58f5404a1932ef15dd7274b09986c5a874becc79a4be7a1085c2a6abdedcaec0f8c644bfa465f6591b93d2d77ddbd1b2a10e7c0e9ec6552f3249bf6942b6ef8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 567e4365bff37497b83b53515c59ce23
SHA1 98b4afefaae8a2aa9207143503d1d010592235c7
SHA256 01818ebf36b2e41286835b528026fa9d4f047739686ef5c8c6c53d1df8a95d0f
SHA512 f99cde832e456144fabda18fac1e7c115abfec5cee43a5d0599e791ec944ccb35ba1796d47586466af56bd586272e61a7e1b9c510361add7830cf6fc0acf78fd

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 f8030907de90062ebc6c821a1cf27ccb
SHA1 9f559f0c7929b1d83b4ff3529b00416722d7e309
SHA256 8405b4bad0367d2df128da9a6b9b8b040c9bf30ed3d7b9c3e1db56663478ed64
SHA512 6bfac99131cf3e1e3e0c0e1d5e7e1e0eb73ea3009c67d7dc14ac8ba17ac47d4f20eea3ebbcb5d2ef4a33fed34f531a1f2470c23ad13dae372ee0bd30e5ebe392

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 929dc906cbc13f6074751f84f81178b7
SHA1 1f0bd52dc86b07f7abd39e152d98b149186cd54b
SHA256 28eb7a46d4594156e5c36b534246567ebab71c0643f1e9e82566ade87bf75478
SHA512 fd86ed0d2bd5940a38bf9308e565aa7d5ad97148a509e957b2c1fb0cd965ac868f2f29508c608010142e279f5d1eff6ffd620fd8423054f02670238f4d592d4f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 564067eba048889fd63dad9864f83b12
SHA1 123f21231046cc875b4f78ba3c54d602f95f940c
SHA256 554aeb1ff2f97e8e7981419cafbfee355be12be23f1a0f5b2ba0d1fcbf201d6c
SHA512 0108737ac98463c931507fdcb1d984cb08e61d529ee365fd2fce07ceea5dc4078e8e967f748e13685dc68a816fa75bf5ea2cdfc18bd55f61f1b1ba46c6693775

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 ce85a1b39754e87e43f4d712e9c9cbdb
SHA1 e0430423f1626039365c2fc370cd027978988dd9
SHA256 49386431619711e31396e3d2481b10a4100e07dd79a3c7b5dfa6263cdfa37406
SHA512 621287e2e7cd1559567d2933d284dad0bddc6638158776ca335eb760cef1df238889e90cdfc8f473f41002719da5d3ebc0020e22598b1e18ff57c030ef861768

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 2932738f904e4767538c7fdafa6950a2
SHA1 efebe5cacfcf0407941fccf1f3f5d59bd6fab831
SHA256 f13a1b23f8c00945f4d10834accf1f9ee6e835c65a6d960d474fde8c541d9d15
SHA512 852c69aa961af841495dce4376ff5433303c20d7d23d20a86653957604359998b74c837ff2789f2a5e2972a44f0ab27c3d9367a861eb1739fe317224b349c24c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 fb33f673847ca40a53d64cd5d0f99a53
SHA1 522bfd85bb757a85d3cf0dd78df8ff484e55de2d
SHA256 9790f8db0e20b6354d036f8a86adaa3a11cd91e3061a15561d7e932da0ca4866
SHA512 6c2d205c415dee4d4d9f7f0a98d41e685181ded6232b73c1b3367e0c54f3634563b1d694ffa779ba89b87221e731d41ac279d12445f4017fb540fcbbfa9c29a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 a4033aad94f0cce2125c49204926dc8d
SHA1 fc0901a06e6be0863383ed61f8063979f51d4ff6
SHA256 3c7a65eff935b1d5e33b341bdc8fec6fdf8fd350f5c2eefba8646b0ff21b8062
SHA512 c85fb8d09af73560cb2df8b5023078b0a98b06fd7ca8c607210fd3f33f5398709a5fb36a02f1732e5ee31a14b61b665ff9ff1b41849b656b9079ed7117fa9496

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 e2fdafff6c73784464b279dc8b5d1d0b
SHA1 28494f9bf972285abe00ab4edbcb02495d9a4a04
SHA256 42493ccfd0412a6efe442a5f36318272214f6ea90e4004225e284f3e6da437d5
SHA512 93bb136ee28c8051fa011db622b9389a90cf8ad7d25350bafcd6efa027e1064b6a37da03571cabfad20cf2b15789b75f40a33b6aa5667880636520cd50c66a5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 007c838b12e3edb701965e6177cc59b5
SHA1 dfc975503a642fa69e62558ce01d4fce02a8d4c7
SHA256 6f94cff4bc2b4cc218fed17171364b2e8e59b72af7ff18920aad5c95d9c28189
SHA512 318e79a4fe16926679ae7677f60f368dd51ed4c551bce71aa257a819b4dee0b04004f3f1706c9b2e8b6b41d25af8b2380f0c36a2f950ada0af72154218987543

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 92cafc0f5263a84ce41e69c6de40081e
SHA1 4a2693154645f7139fa977158a1e1ba87e28db4e
SHA256 3296c793e4ad18299e7f3f6e5e43f35aca09dbaf86e19585d12f6bb63fb53458
SHA512 b76a5c2321bccd23aab0dda05009c39eb57a60a9b5bdb01158d4f3d5189d6a272378f53c9e4f581c384bf740f46907ac18a858522945870ffc6674f8c570f55f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b0800c6425221b4967dbcf2ff4869f4a
SHA1 e484ed751ba2cd289852550aaed03671b0ca939f
SHA256 a52655deb06964bc27183ed6af9d020f132a1ee75193907af600d499cd5a15a8
SHA512 94ff177c50cb52636514b1794344a693826c8304b4aee1cfa6a297ef06d973903d6443bc1b4e317e14fa74646793857fba9fb8ad7fcc48926c3a5c0440318435

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 fa21f9b7dba3e74dd6fdc8a72d8c2e20
SHA1 5fe5ba60ea74011d7a2abf0c84aa7d319eb5d394
SHA256 00d48b90640523a193dbfd75a954756a53378945fa7df142732fdeeb4a5f2b12
SHA512 331ecf03bbcbef6526eb72e9ee5d4dbcf8068f9032092820f09d0c283dc655b154fa268bafd15cc57523d1913604fd5877daef7ac8e1d98f7fcaa84a4a4a5a0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 1e71437118890b4d1979444b209250ff
SHA1 1ac52572061b009305623966202e4ff7763d1c88
SHA256 dd92c1ed6458cefb50c649a8572470b098d0ea7d2406a68c090596554b08841c
SHA512 11e799862706a0b12b9563e7c5ba57382e76fef540d7a3965634b2c014694a405ae40faa7ec0d703f1f9ad78560d05486522d81c8dfd57a8b08400ff223ce7f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7060b4b43a6947b1404a34110b9855ea
SHA1 6015391747b3407a3aa745fdc867b04304da6614
SHA256 0091ced49d857d6f19f73c588a539c9557366f2cf306e66eb31b84ea94365c8a
SHA512 59e59bb12fcee5f8b062a92f8e531e2545b086a361c6efb8a41eeb1ba1d5e2fdc23a0dee3682a8e3705b161460ab676af8e198fc10f537b9a0887f93dddce7dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 dd1977dd78b5e2e656a4941f393e0940
SHA1 4982462ab0f7719be21470ecd1ea65ad8a524634
SHA256 d3de243abbf34bf1a1807429ce50f4ed728e4a69e18cd76359cc0b3ddcdb987b
SHA512 3b4c7f97c212257fc6bc93e524474e203d9a328aaf76e5f18a49f66903815a1886e918997b65ed0b72cf483bbbe797563c5ad2ec36a7d5cba2cd08e7fed36986

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 7c173d367a8c5f929021ee1fc57defa4
SHA1 b1b70faa0c279baa54e3393d7bee71195164046a
SHA256 d2a120ee319a1061c396fec1fd9ebbd7422e5eaa6536e1bb5a64c17724c26ce5
SHA512 f4f87bda3c6136a7eb845a0acab8055bab9b5a6a5542a679f19a7fe42c7da4dac874b5304e346af68b0690e0734b893dabd0e32a8ba82c7e96b9dc0201fcf2db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 17aecc16d6d7ffd5afaed0ba0ab06fc0
SHA1 8e68e3b07d9bf298b0eb65c1a31a0f9a0c8c1bc6
SHA256 4c6fd85dd02298dc60e1da79380ee7be8cad987eed2d34dd8e130525d1cc2ab4
SHA512 e04a9159183d6360f0a0bbb96c8e014dfeca301351f88c26e5c2484acdc3e833d224f70eb7078097c1c50630d1073c9ee9d41f590eb7373a0cfa5794e18c1766

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 3aa513d79d1ce70f155ba3f116667b5a
SHA1 d7ab5c551566544c413f026b8c7be919b6ea30a2
SHA256 9e46a4f7e35d3f6e721ab15407daa62141292bbe86116e787f11b606fc03ccad
SHA512 bd7645235b9c4aae2bac52f72759e5f7f16b2fd5fd4856093c9927c1089253efed8b8358d449a733d82e8565e332c55bc1d03cf014e05a779ecf4c2d9b45f3f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 ed0d8a8974d0b7c6f041634caf18ac15
SHA1 2b2b7a255faf61d6d4fd960a8a5468b7f56e5eb1
SHA256 5b6b034cf21fdb9869a2633232326ba07773f278ae6bd073cba9c136bb2279f3
SHA512 d9f13319b442fe838a16b5acd513bc9a4b30dace35b6caae6c900aa6f436890ee504f5e5f8ce00ffad0383e889474df845ba29ca4655a082983cdf3253ed6b44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 e05b57c9230e0585c3dff84e345a9057
SHA1 041ee45414c86f282d4c601a4c25c8d06e86194c
SHA256 eed14ac474afc3293e9d5e6c35e0cf3835e6ac0307622a141184461644aa92b2
SHA512 9e477f852f1ac0736fa26d5a5516cf4a85001c34b9fe04c010820f5c115a319963a7ec354d7b309975ec655f40fe3edad0703804e3d29c0445c5cf1c0e891bec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 36374ee729cd36644430fb3d665d2be0
SHA1 f035e34339772ba323461874780cd7bce89e5b06
SHA256 6a54f62b8f08d4da6ac633f146b22b0260190321e8d089b0c902c957b343cf0e
SHA512 24bd8f41b9ca7fc2225ad607cf5791cf0a030cdf429b56709d1578d20dbf50af75fa9ce8f1d9a1711c9a95d1274ffa0ea682ae11139e4cf7f33e2fa4c60621cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 455c4a0d23abec3dfd66ec3d2649855d
SHA1 966edc95e780033f4f79ee369fa10b8b979c8c78
SHA256 2d61b7ac78f79e1769bdd943ece3aa14f2f4bb33043a32154702ad7206698103
SHA512 476c7b5e527935f0ab92ca98c3cd89134d956d3c6f07b0ef2d2e08759f1b19a8b7166b5bf6be3f533af21101a672c348aaa725dbcaaddc7929b85ee734deabef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 65b71ee5fe6b7cdd13b2ea5d16752ae9
SHA1 b7a48c746e3bcfcb8d33a6deee9a499172dbcf7c
SHA256 9e9a8a09439440cfe6bc5e2aadeb2150ff18f12f278acc94fd8a18b16de729e0
SHA512 ef4af162300544cce528485010824f80843c616981dac310a9a14f8609413d03dfdfdb84067da9ac897714c8c1cf6ad1a07a3fbed46e0ce681559d052b8c2841

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 d2345859d863a218d32f742f9b1afc7e
SHA1 981f8bb059f61f1d3ff6bd2c1d387e58f2817449
SHA256 4f43fcd5d1884d49252c28f3647cd3f346e64ea3c82c5fa3b06852b84a951119
SHA512 d1b38b8825583e2fd47194557babe962afe5a4739d566c7abeb693539ae9b1277f73089bc35d063a28aaa1112412fa60289f8dccec0740ffd881f5ff48308f32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 f9b8c6b9fdb59bc169593dea23a38e9d
SHA1 d05c5c5fe2a2aed09b555a4c3da4539f8231f2bf
SHA256 f11038342a55215951f85653b7e851e892645b05e52186e0ee7987fded8509a1
SHA512 43fae3682110880b1246e9f3d181a0cb2e9fd8fa05a6c0b74551ee34185eb610ec4651f295d8782b3dd837955a8e2b3e1446c08c722de1f77a64c8fb29e4fe50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 894a1b79113be13ea54b9bf1a59d90e1
SHA1 db4662ccac22d83a795dcfe80885aca4d2daf39e
SHA256 8ccb5bff07dd9d38cda5554335feb59d870a66dfc99a6a7f1294986edef7b7d4
SHA512 9d9a53af0fe2d72f7779c96de722889845cea452a98c74a8037b32bf7f5799e185e651161e077c0f30f83c8152c0af1d70d8ff6393789fd03536db0f9ee12760

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 33840f141b8d7e96b414ab2eef7f6b57
SHA1 9ea9ed15e3d4a734d02ea712d4aab4efa2a67c78
SHA256 f77d2b97b3f1546272040973c350f18adcc03a868d385c91d25f014f137dd52b
SHA512 aa0a8cfdd5b70c6c797b8867dd1d7af24d79e69c4550292d1e33d5dd33b466897a683d2d53c1948ed9dced5e4e2d865a21793902f5f3a17b48d1da4adaeb0dd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 bc4af73f08f814e5d75aed7436d2b244
SHA1 0f6effde7dcdd19b6766dc04ee441e87f18f42b2
SHA256 a4fe37b535cae9fb3312b5beae2cdeac8b4320c433c9898c7a9ced2f29fca280
SHA512 9a02d77defa745f7027902fdbe97f24929b7d967b02eca613dfc2ab82987c92a704c03fe1ee48fcc6785355a0652827868f10da2e05502ef9319b9326691b58d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 40843f96a862fb0fb308fc7629791a4c
SHA1 c9847b255af1c6dce1a8dee9128122547c9b6757
SHA256 b573cabb0670d9eb33bde727819ba7cf441970dd34b9ae5795bd521782f9b421
SHA512 355eed7d12cd270aec8e996b221cb2a52ee756d504c1648669b1f545cbed38ec36272f5b4ce11938a591665204177ee10aa695aa5844ec566b200895393a1fe8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 8dc3149e9e945687901fc27f2d9dca3e
SHA1 4602235b407a1c5a90ef584887af92879b85dd1c
SHA256 217aedf017604d5fd3ad91b65d734862f51777c531bc1c1b5a290de7322e25ae
SHA512 859d4d5eb868589095205adaeac2149a2918a63f2424f4c9028177e4597eb430a3df79938cf78b35b42a3997e4c087018cd1d0becef14b2dadb3b999152c7ff5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 f3d7e3df6576306ca062cca2b05d1891
SHA1 8bb8916b5c8968622227e1025f2d266ea0568149
SHA256 cd2f3cc046d1b9289e499b3eebd28e5259bec1cbc8377d9b167bfd6774b25d44
SHA512 f48e0c6fe0d03c20a9604e10987fa48d502e502e005c0c013cbcfc3175a9207a095f1d3f7d68ffd673ed88bcb28ffb07d8056fd22aa0b7ca9c17f98cd681e272

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 32b6bf3d6e06e7817ef6a526e6a71f9e
SHA1 99b3f96185f2b7ea78c12e2407026745ebf27f1c
SHA256 a57b6581bd78562d9448601abeae09cd244a99b89a1a52f3ddfc7871bb0fe532
SHA512 ea9d360762fea8b14917a479becc15ef22120e63bec141d4cb1a7fd96336c698146f42f5b60d9ebf2aa60322d08def3f37a22a4dd8f83b1088729d9c1660c218

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 fa84c19b6ebf5789394bff1614e3b863
SHA1 01e3f0fbca9605506c93407770bda2869ae0df3a
SHA256 42edef3fc5df815f5dac1884d6f6c6b0da93c4077748d576987133347049e6f5
SHA512 8db73c029a3634242aaee648d1c6bb606863697c9529b88abcefcbe62f8380d7bb86d1a6bf5d1a29b3638c2e183f3a7f5438e14d576d3d6d6472a632198311e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 ecf1a19bdbc945fcae4e035292b15ec3
SHA1 c452d90143ff8f5e37bc78ba9588522bcf45925d
SHA256 b19caed0afe0328ff82ded67ed0fcbb96442ef05ac12705d73f35a8a7bdee08d
SHA512 a074b557ac0347f4636182deb8749694b688a2026efd01b5202a8b2f13ed6b506ac1d40dcf5e276523d3c00f3e08758dca81b7cb4c607e62b8f82953694afb35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 2222f6cf083bb4ad0302034f9651172f
SHA1 8f812ee8382e0858037184b69c5240e7d2fc376d
SHA256 09c3f224e1e517648f9bc9b6798f2ab8094b1722ce21ddbcef88e03379afa754
SHA512 bb5736a1a1c00fe1c16901ba7ec5d9e40641c0e1238b6e153f67bdf3c33326a818421d256502a85bcf19479ee5291309cd0463ffd447826d545c2738fcf6cd44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f17c1e712ffacace84f82931f99d7e19
SHA1 110ad93a77c9ce7e27a4b8ece5a4a6c81d0905ae
SHA256 7a9df28e8b3fb73163c8f5b41b837da9f4eddae1fb7d2a1d2820d246ba6e0a10
SHA512 d0eb812625a5a622c650045225c265892a809b05471df6f8e38a1ae83c183f767ef261a7d66a7c76df04176cf7fa3a1e1c4fa26aba5a41bac3da8fdf64b0d06a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 fd37ece9cdb03c97dccfa087edc7471c
SHA1 4bc1ebcc8f106411c6fef35126b09a856c8beae9
SHA256 b6cc992f33b5e3a33a8d2ea38ce29de200567f3afb2794d1438edc911ba0d782
SHA512 6c8124693774704f3cc08243038d06b57b5ce84fbe21e31e18b7db8df8ef662560be6ad86bce591aa54370498df5e93ba0fa7fea36ea123b22bf29749520a020

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.EnCiPhErEd

MD5 8e8d88d63e95963897f7eef1ce57f825
SHA1 9ab8486ba0a7085400ee3068951ddd85ffbec7ad
SHA256 5ed151dddf0f4897fb61cb43491d1e70b4a724784b0cfe2d0ca42336af5ade1e
SHA512 2cca8540b213750ac01d130eda8afd1fbfdd9acf48fe338896c8486d1255e631c82a1be2c7052de56b8dbd74cdd73d97c45aaf403a80544edb88c9d08e75420d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 e4ffbe1ca8b3e73fb3b5d4f587679c2d
SHA1 a070f31e889d90c5d2e23a6262e6d077c3c1365b
SHA256 700be538b374f160ec004405a2ddbf97a874154c4acca2ea9e85c82436ac03d7
SHA512 275dd115dedae2e72f853fb5082094f9ba4e7439ce3a72c29ce13dd7dde141fe726223628f69ab40128105667f43fd7650b4251cbdcc2344df4954558d1f9dd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 986325e60c0a005fbbfd1de88246567e
SHA1 004639fe4d167ea19005b79d6f1a7ae8acb4d2dd
SHA256 928a193808cabf0ce346b5a8b78946d6f61f05b8473b9608b8ae35fecca6361c
SHA512 a7a3eb80d95e90cdcf8cefd2918eb0d84868a86a45ec18d8326e0edd86c4ea22a9e803379d824d282671dc63b75d24de9acc207ec655c75200443db2099abfeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 52092feddb1d003f7bbce40aa344ac21
SHA1 3b8d1e6ec4dc0123a17f6c0833e8cf7f9605d534
SHA256 47457f30eae6b17a9ec4483cc9141f0300d14c38a3f9a665c87035d9761d01ef
SHA512 f626206d1b610c404dcfe3b32a6505c88436975f68779f9c04da938de118284748a7f07dfd411ca10058267b7cbb0dbb8f97b66a5371f55c5a9c2bb79681636a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 668f38a3afb4800b0e371341b9c3f711
SHA1 58a789073eb0a2ab3f2e80ba71f0daa292621d2d
SHA256 2d63604d71340a7ce6a9570d739a6e7117ea720f17f240eb1b77c6ea5b199d77
SHA512 4f15c8e047db8dcb5044563f26be7deeb760fd942a7a6f397f708b7a598c28f14e5fd11d0696a46ac96d04fda4430efb7337ea3e3f2115007fa3c7d30fb72dc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 b01f75242fee7574ba5c718e3a19cf79
SHA1 3115d1a34df55709a2e7bcb439a896e3d3730162
SHA256 fa6ca094f14b5863e3322170d2d5ce93724d0e382c46e535cae2595268ff986f
SHA512 86779b1b0cbae1bc8b123e983f17b49643cdde4c15eb00f32df06c8ec96a68bc3134c6bd025219698f765f0de28832f78ff7928b6427a63266080aa5ed5f807d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 5fd78a319fc5a80a17b98161f613a4a8
SHA1 07cd05f2d9b63e509607fef732424baebce19b73
SHA256 bc78d09e9fc338507d1ba0dcc0f173293fc35e00d2376862967809b3ccdbd857
SHA512 bd46f30aaae46517c12c94a5387ab9db0433607bdd24fd690cd3b3f947c6853ee5d6be07d5624b2ff15be3faaef4072a527d1090fdf27e02e53377310bbae1a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e52718ea9ef0d8b6137b275f1152f6a6
SHA1 0d7af05359c7566549613a9bb2c8bd98270e57a7
SHA256 e7adf3acefa3fc8c51317e3ea31106bc60b80536ccd4d6aac4f20e25749423c2
SHA512 3c2697fd7966a4329613dcfbabc30b04c4fed1d3560e10a78ede5cca1ff3d82bab0c81171435c2a8a41de4487d2a2cf2559f2123b01c750dbd788f51c540b9d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 62c3664ce5cd287abc67c586bf331694
SHA1 f03a8ff72167a74d34f189e1ac242585f4994014
SHA256 95b5143ea48d08c25b93a4ecdd2ba0f0512b06b47107aeeaaef6b418fbedb32f
SHA512 f205cf31495e12f5da5ac7930bcd80a16970619342c0762bc83a97573bf7da7fafb8c1478948cef672b460a240e0939d9ea60199b0c5c6eac495dcd686addea1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 8acbef1cf9d2763f1f5039d52e9386ae
SHA1 9de54f1a38c5c3d11365310d1a39e1869fcb39a1
SHA256 65b42a6121ed80f4cab9e20c08ba3b6063a79c85ddfa1762bee6186d1e8e0918
SHA512 10741a02b8dba616ec3e592ed422ed279bb536873a57df59ac4f7f7be3dea12bf5f0ecc5a49feecdcf4523b4bd7bfdd348d6f0d19bdc604db2c4753736d1d3d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 405f1cc5b67e624fba4fb43003c17d1b
SHA1 3a0c4908a31e4e3ba208fae2433ab8c7f722d136
SHA256 cdbfbd081c742a55ec14ec40efcdaea2b1a0b35aad0b9b6ab756b301fd8053e1
SHA512 ad02e4d95e2b57c6da27526d07b5134284a0b37bb8de7656a7500fc72e26bc61f44619452e32adffbca37b4a41dab92ca75453bd5e19740e834fa8231023eb99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 81f28ded3d038a4cd9546f5ffe81daf0
SHA1 1546b806af14f7dd27c01da8f4360b83598add17
SHA256 954dd8456110f258ac572e2d980429b0b499daa435af195df723e554d417ff21
SHA512 9d08f9dcb2d17965eb04b5ba3c3e25674814186e320d01103be1ec9bbfb8b9f7c691704b76782cacd716842b9211e9219334ba32e0635bba3eea41c702d23dd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 257e8a5d2fd47b0a25f971b67232594c
SHA1 2a73dd56289a0e31634bcb3c0fcb094b2845605e
SHA256 e19aa51abb2154aa4d0c933928803dd06246b7d15e246561a6105a3ea38e66d7
SHA512 0ff6ec4707811a768520ecd03e817a28791fb7eeeaf122092326b54bc25fa30d3a197898e8f1416342dbf8a44e8fdccb251dae3ef7df2b540d25d4f0a3063b23

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 d9f8b57a7a85089287c42af7880dd8e8
SHA1 bfb14f24342744a46f501efd2dc5015536079b57
SHA256 0bef70e264c9096f3dbdb764b4ac5a9d7f069858d7902d8b88169fecd90f273a
SHA512 6bb75d9d1eecefe205ab4a7d00b58e040570cce9ccfe66bce7de370e4ab8ff3195c22c06b5d297a7d5b323f22fd1a71c3ddf0b3f2f31339f89bb0294aa5957be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 bfe671817090688b05bcdb7911c9c720
SHA1 ac70995d491eedaee37affb22c65be5d962bbf69
SHA256 bf8f2321c71a28078cc3fb1323a1a67b7f5e9885895a4591a388af5edc7f3d80
SHA512 f078233100e61f4fc6ee426976aee2eb5684c8632462510dfb33c86586ccaae920edb4a3220ff5e9d8c00961c56a4bf8523d10632eb3b1be3b9e4b2ec4c06d74

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 f54a85aec19ce2d2fca706361cc40cc3
SHA1 4e58ba3488a41d7fdc9a2c4ca0004e7e03abad22
SHA256 9eb6837cee75e94f8ee822bf7541fd836ccbfd7cb042f0b25cfa8176fb4db9f7
SHA512 72ebeb6e1cf888ad278f31e54e436cf20e51888a5113898957d9990897b4b55c305452fa175e6aac85a3ca6cc3422216bb535f4df278c8b7e1c81f0189f4a922

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 3e37b9a533560208052dcb913755ddc4
SHA1 1d8b814e1023f239e9c7357171858e133432198e
SHA256 c65223c25063bc9ba9c9f7ccad308a34e84e16d1677f4088581be4bf9349f9af
SHA512 352d96514c25fcf6e2fa0d7ff57749767ec5b1837efbe2258b89bb8dbf9b07122398ef42fca58a48796284eacc53e9a4cb66f192c704d407d198aff5d9b6076b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 4f1f42022662b97af01a66135f301d4b
SHA1 ed22e4840724506a6d1090b54c1029f8d8bd6f19
SHA256 ce187131422061700cc67e7c7c94d08caa04fa83e3f1a200f4fcbfa14ddf0392
SHA512 d513405da4e46dc3df28e957a70a34a0108f301f8d847236fce5359aa346945bf0331ac05869c770696b2e8bf84d3594f53def97865bc28c2ea560c3ea8acc27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f0201f56f4e9daeddc3ab3e88256469f
SHA1 d4f88f8a02e566ffeb7ee9e95b70d8416ca0fd0a
SHA256 2caad4c22ffd9acd131eaf8145353bcd1a6c26a8cfbe0a5298dee010871d5fe6
SHA512 1449b105838b3b436dc3918b409202c70a6bb2f0db91ef0fdd2055f4d94c2f6c7407b2a7f66becc5a633cc69b6e8c6b5d4ab69dfe5e3ebd46b53a576aa640b95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 9fa9ee066d50212b5f139f91cc5f571d
SHA1 fc0e191619b6dfe52083fd78076045e873c28537
SHA256 57e38e803ee8a82b82095fbc14e369a156af77931c34e25be43f4a82efe438aa
SHA512 f9f6604c8af9f97f2a10a41792f6375de736233d9d0d494a3e28a9c0ce12e0ffa3ed74b6de2899be8b372e63ca937113ed7fb3cae8993f5209b290883d466fd9

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 9fd9cffdc392a8695401c20a2ef38f5b
SHA1 4d1cdbde8585360bdbe0a9ee2334401551a9486c
SHA256 c1a02041f1e882b79f60694acaf1e91eca60c29e8a71e1c007a3dfefca18d3df
SHA512 981b1b22a30f45f38d92bbc1e3f8eb890a84643ccd4187af7bf3ede90b033919214448fc7942ad316975047c869d5c1b3e8fbd67a71051b423bc19cfffd0f567

memory/812-8525-0x0000000000400000-0x000000000098B000-memory.dmp

memory/812-8526-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 be263d9b2102f3070ed14b6d66896ce3
SHA1 9be960776b2001ce2d3f7d08cb1cc2d58b21ae7c
SHA256 ba2bb35031b78203e760587285eb35d82fe651dcebbc984cf059fbf74e2641a1
SHA512 b6e082eb43640516d855782ec3e66a5037f865f926d91c72738c64537a27bc2f8e97df4c0c0eb535e7bb756cf79104fbc6644b110cbffddc39d2ca7d584a7bc7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 60af4693b4b8f801ded0b22aa3748e0f
SHA1 c2b6e78d42b7c9078845dbd5362546b4d18106f3
SHA256 b62551e546384d20f984297b6063cc8551981a77f9f08c5cb4fcaf84b7b312c3
SHA512 07ed0d9b5f2293ba3805da0f560216e0fd843c2074934f967ad6b769ee4acca214377a705eaa35420244a9e08bdb3dd5dd77373f621a96dd8b5693aa099c414e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 95c0771d5c9a85c23b1398baa5f343bc
SHA1 94cf0fb0873998eff0ff6b840a125226a44847a7
SHA256 4710db84c7cd1122937683b543ca2d1e69efaa6aadbec3354117d67183e46d20
SHA512 e1a494cfa3a828fb9d79add5178ac11e2c8544d1f959887e11bbb075b0b26876b6c8d729fadc7bac376a909af0268c81c8a31c96c75d5d326d2a29d75092e20d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 0415117e0e4466244af29e4c2390bfe2
SHA1 673b648aa17bc573d29164cdbc05e4d119bc6281
SHA256 e691becd1bce7e7083b931dd2dd72de6373d6fef233c955a31ecce98d5f6dd2c
SHA512 1f2fa425a2aa84fd16063a37325d68f614abd621dd27d5be59a1e42288e74c12aebf28564dbc4701ba84b1fd1aca699e14cdf79778d5572b87af40c028a919b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0dfc6bc681f1db8f4e8bcb646ed5b6c4
SHA1 96430cefb1dfa52db36b314dd14edd4840d92efd
SHA256 c6f707a5b1ea10660b51f4245caa59c2e8f001436ea941c1af286dd09f4f057f
SHA512 55904aafd560166df5277a80f61742d1c1ea33e6a1738402b7cd395cbba714ecbab118fab5c357286b59e17cd84f351040e50148691f1ab386642faf0a1b9f24

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e59c19c3c9561589634142353862ffdc
SHA1 e72d2a4dd078cc992f5a2bb906136dbc8fe478b6
SHA256 e5fde3e582dafb08eddd8eb2de7f50b8047ab4f7190d99b04ec47d816bd02de6
SHA512 1e7c9761d1c3599dc0107670c4e576af63dabc925fb3e68a1eca628d3f78104f81b35060af2ed6f2b23e37ee5d504b64d60d58c7dfc5aea45b6f78cfd2bfc44c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 857705bbcdeed32c50bfe1bd4c2cf155
SHA1 e0c05b4018199f052d77244d6c3d45a98d004ecc
SHA256 f85f237c20b73d9abee9f3cea955ac91befd5aad9570253cee0e6d92db00cf0b
SHA512 ed0bf222027639796c0e3f3d110175a68b9239ec480679ec7f0ac21596eb32a2375792bb1e97c10736e924fdfbe204ce53fc71132a1b4d06d6bfb8e57b40ecbe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5dff297f9b70a4f9dda274ad64de4d32
SHA1 1dc71791a407923c4a6a47d5009e9f7d9f7c44c5
SHA256 a4969174107d18d575bc908446c2df15179daabe8583b592d061c6e702354a16
SHA512 91ebb668a806c69e725e9c2a86cc2e7ed5fd461440e7a8705de8aff0428fdddcee3d2ba1d8f5c9d995cbc8ac8d15b3abc393ffade121f3cab6897b053e308291

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a48bee5abbb6b421211cdc7e84939772
SHA1 167aa5f06ba76bb8cdbab83a03ae266916589a56
SHA256 f90ac92a953154eb5057ddba841891ad84b991809825362151340d73d412a2d4
SHA512 8a7a7d98b1f5c235adaef3cd730930befae77cd8b7fb66a08cd99345d763c34bcf579238b89f08779651be4ece188bf7bbf10a02e4554619c4c1f1ec112f3461

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 dfd843ff5eca2780af082806775c42c7
SHA1 4e50c7487e79ed4a85e182bee334040a8b6e599d
SHA256 efc14be3169701a0b3ba76ca5f70a8ea21535d2426cefd67af4f7ee30d1ebb96
SHA512 fe58ad6b46d30093991abd89185adedecf8f462e732149adea13f8202fbc242aa4d79774ad0d3823dd329e4ab5b12ad91f77b5e2604ace28bb89a5ea41fada03

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 86a1fed106b1f2e34ccbfa8a856fc1b8
SHA1 4c702729693f1027e8b7c9d39d77bc720e00e67d
SHA256 69705338f676e8abcfe4f9b0218b8ce6fdd78333e27781abe5baf5e8a18932fd
SHA512 e31c6fe925e1e673b5028c10c0ce31684ff33983d4c0cee714a25376326588312b4754a24ebd12446f45ba69abd2f2e4e04d4a099601a63cf934e786fcb748c1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 9414b0b53dabdd736c5069c3a457eab9
SHA1 b45d04c56453ef1df8486e9ca75cb154a6fe722d
SHA256 607581a9393f392b55da8df1fc55f1ec2c27c82a79db68454803604b03049c2e
SHA512 5a5b3e096ef07b318c6dd4c89554f2d2344c6b9da5543c284465b160972291468153c8234e463c7f847d99656ee0b0c78b7eb72277cca551e17ac703308bf478

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ef775c4895dc1562007ecbdfd2cd6315
SHA1 a85d7b9c88e041c8a96cf63cb7b9b27a30064162
SHA256 b18ed583b33efa2c17fbb8b854b3f2ec5a9433f171f8116cfb66c0b6f6ad3e25
SHA512 5504275602bc229fc96d5105985028472328bddb5c6aa38e245d282d90b2d14c5497ca69fb7e9e3c6cb69219d94d86b1b7f29bda8964ec7bc4016f5534b50ef1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 abb312e498a16a3538b18d241d1d8e15
SHA1 b71a8f36372435f589a4128781e089b8a4b57dd5
SHA256 5438c70522cd8befecaf22225d63497274d1812da5d4bc5c1cc9c201caa58069
SHA512 a57e2dddf381c104736e8a4ce8aff0ee250e525c085e18d9619dd4d4b1da7e8e0667a39ab850ac31453adc463f6b162a20530ce269aca5938192dc85ee8d36b6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f87b9a27cb52489038eca0b0bb0fe6c0
SHA1 3f611f349d671270be9612ffbc78baad09db25cb
SHA256 26374217784a32595b4e80fd9bcc433966bfdfb794e3a461b38b10e88d2c8e43
SHA512 a8dd3fefbab6e3d9d259f52a2b0d6928dc91bbe834d9113dec2a15fe1703d069aea2a4d9d066b25eb75ba1bf2ef6d775dfeca804475f76cd3f790d1f650595c7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 400cf7d1ae1d86a9dae456f979efba14
SHA1 8413f91b5190585c7aba95b698608576b4b69ba6
SHA256 cb971406619c23d4a79c963c7c69c549317f7cd54e3de4b1d8d5a88346bd34a5
SHA512 a5df4915edfaff45b27650a96c7e6945a7d4c47687a8763892f0dc625cbaa92f05ffd409751854d55f786b20ac7e03ca2a31e78933d4caf89c7f81b5939ea853

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b507e9fdfdf39a59270f279e0aeb816a
SHA1 f102c7c49f23f2403b4f07574c1752c839147328
SHA256 80a33aa8126a69dc6b175de84939bb4e0d1fdcf79a8122f59df9ddb415ab3384
SHA512 64e341da50d35f10c7f93ccdb8e3c7d092d80b9f8eed83d3f651805c87caab6f924741f2e43cddd733e23451aff0bbb2a53408083ce682cd2853905ce25e2502

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a52365c250eeecc76fe498e41ec5ef0f
SHA1 66b8e6f9328548e191afa75b8e94e884f5d7b8e1
SHA256 25681fd73efa05b0a71fc3be15a821e0c65dc80a9171013d7b1f26254a0ed3fb
SHA512 3fb55056aed16a2a1192208fd29b13cf95ced88c00e544148cd811b7dd89f856edf15c2c95af8a4493099811edc978f1ee0b9cc74d97a7edd034eb68e59ef770

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 06ab12a239537bd82957e315624a999a
SHA1 51d2f694261f7bfa68e7f35628727b3bdfe73dac
SHA256 56a74a1452e2221ca445deba76fcdabd8b36a3d3a4c4873f96c0e4b7c53e08c3
SHA512 0def44f20abba4cc9ba68a67e7637889cc6e2b8a79b90469da6c4fef96807cc0bd367057f5655eef12638bf54c30c2021b84988bbda4202eb88ed6ccfca9404e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 049b3a9bd5252eb759d6c11cdae14a5c
SHA1 248b6cc1487c18779a63c07ce3740ab901904778
SHA256 e3b31d033419dbae20563da8560b2543f7788dad602e471b8981df71b18469cb
SHA512 01dee542cf63eba9b9ade62c933218e0899b690901c57273d75589bf21ed1b374eff58ff45f43461fb55ccdc98f82e5e69db8ffaad8f2e97ec44d737761fb4d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg.EnCiPhErEd

MD5 925f665cec0b819229a5ad996758ce4d
SHA1 db810dbba2b148e7178fe5d584e913b70db4ebee
SHA256 863452fcdd9b6088b8c5bd723cf94e66748d1a7113f0c2304ca2ce8478019460
SHA512 00adfa32328678f4f6cb41948c5269cc82899ba32de3523f1f0af492d91ccab8b99b8447995cd0b56bdfe5c28aea37cb94f53e1e9dc65e1bf93e18b34946baf6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 6f48028b39a042345823490c4cb97751
SHA1 64bdf5bd2ea1319371d2c2d707fc290dfd026571
SHA256 6aca63441fd8978a2f2ff28a4fdc0aeff6d6815d7015587a47f10eb07cc6f1c7
SHA512 241abb1540fa8df6c3780ef578b0adbcbfbaa8b177ae5c57faefbfae05724ee535c6128b09f9e7611ef5904086e8962fc5913209800541b7696cec1929dee186

memory/812-9157-0x0000000000400000-0x000000000098B000-memory.dmp

memory/812-9158-0x0000000000400000-0x000000000098B000-memory.dmp

memory/812-9161-0x0000000000400000-0x000000000098B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-09 09:44

Reported

2024-10-09 22:34

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2183) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_b98e2b928f71a2b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mppblnaadfiilnaa.bmp" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\core_icons.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare44x44Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\video_offline_demo_page2.jpg C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\Mixer_logo_half-White_RGB.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\cloud_icon.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-150.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-down.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-36_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\credit-illustration.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square310x310Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..userpredictionmodel_31bf3856ad364e35_10.0.19041.1_none_42c9bed4b6bd2e16\SBCModel.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bc045463bc0ee8a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net.Http\82c3e57819b51d2f1356fb07c91dc768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f6652d0ae0453bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_103d7413f2fe0492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_10.0.19041.746_none_5ef1cc16910f181f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_eaime-traceproviders_31bf3856ad364e35_10.0.19041.1_none_a103fd6595542607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-aphostres_31bf3856ad364e35_10.0.19041.1_none_8950b7e527b7b17d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networkicon.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cf820f327252ac5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_it-it_ac991dc48f7da1c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlans.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_424d19777fa7cf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ctivities.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d2c815be3200cfdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..skmanager.resources_31bf3856ad364e35_10.0.19041.1202_en-us_8094312a5bd679ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-m..imedia-broadcastdvr_31bf3856ad364e35_10.0.19041.746_none_6d6bda420a63ee68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanradiomanager_31bf3856ad364e35_10.0.19041.746_none_1e05069df0a0b9fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shwebsvc_31bf3856ad364e35_10.0.19041.746_none_ee6266809d40fdc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.keydistributionservice.cmdlets_31bf3856ad364e35_10.0.19041.84_none_9dfecb817d61576e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..hlpclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c353171418dee815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_10.0.19041.1_en-us_86ff07d1f74796b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0dab9281c425d8fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfmkvsrcsnk_31bf3856ad364e35_10.0.19041.207_none_2f6aab86254052e1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\ComputerToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mshidumdf_31bf3856ad364e35_10.0.19041.1_none_f66c6e10108730b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.19041.1_none_8f5ecbcceed0f1b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..mmability.resources_31bf3856ad364e35_10.0.19041.1_es-es_ad8c06f0ce4b1c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..sprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_cac6020c75ccdf74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\HealthSystemToastIcon.contrast-white.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_networking-mpssvc-ui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_caff96b1df49c935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_en-us_611015c30d377e2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b65e99e944619c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-syncsettings.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dfa657cacce503e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_megasas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c705ef7f26fe9ca0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobenetworklossaversion-main.html C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_d115a8fc33b9432a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_10.0.19041.1_none_ee35eb611ccf40f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.19041.746_none_d27ff5d28ffba55c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Utility.Activities\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-shell_31bf3856ad364e35_10.0.19041.264_none_ffe9a2827f7e0375\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.dashboard.addintabs_31bf3856ad364e35_10.0.19041.1_none_bbfa3a737efc9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasplap_31bf3856ad364e35_10.0.19041.867_none_fa6fcca80af19c9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ivebackup.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0c60d872f1e4810b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..r-process.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_71534b8b237a64d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1202_none_3d6170bef2b21a0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.906_none_d7310d900b63df71\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_isymwrapper_b03f5f7f11d50a3a_4.0.15805.0_none_ab0e406012c5ce3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmsynthnic.resources_31bf3856ad364e35_10.0.19041.1_it-it_8fc1a9a94edec5e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tasks_31bf3856ad364e35_10.0.19041.1_none_3bfa70ebf87c4377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_10.0.19041.1_de-de_232036f0f7255c29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_de-de_32948cb987c8f5a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_10.0.19041.264_none_33eed25981c6dfd1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_82aa44a90a28a867\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..one-updater-service_31bf3856ad364e35_10.0.19041.906_none_9fd6af8cc4b46e3f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1023_en-us_396b3db5c659bb05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\http_gen.htm C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars36.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7e43dea81b00614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_86a2ff2b3472a3b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-imapiv2-base_31bf3856ad364e35_10.0.19041.746_none_ab586504a5d1bf2c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_bthmtpenum.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_fbc41e40c93d2041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_10.0.19041.1_none_5a2930ddc7290f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-switcherdatamodel_31bf3856ad364e35_10.0.19041.746_none_38fc188849f7d1dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DERGDLPLCMSTZSI" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe,0" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe" C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 110.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/4452-0-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 bb4e8e17325a1c0f310ef380ac2b89d0
SHA1 7337c25f0e89c3c5e55ea233956cb4f81acfa7d3
SHA256 4185f4949bed6a2b059a1d64aec2ca9d87f0ed1bc5c27f94596e3fa449134ffb
SHA512 87fc497a83f42c54236acecd77cbb561bd8cdfbc1beec5e06b6a196519ddec11691af481fd55861499a47e42398775d2a3b04face0333baceb538b11cdabbb06

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 753a19577e04eb7b542ddb8e576d583d
SHA1 a3b264d244124dc3d043c8b5f29409d9451d1c6b
SHA256 68301687b846f845130f11764aa9f358737a53e8c2db6e237e1fb5018a18a90d
SHA512 d51941ca49c615389520a7ff6c8ba7913013990fc6d0a5c20aa0bbfc66ff6d79f0ababb0f603d5f8cadf7b5b3d915d6b1dcfeb782d8b34c66d6ad3422fabae0e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 a73b4d9fea8c0890f355cb4cb6aa0768
SHA1 2df6b32de9d966dd3d429653d84f439cb07a12dd
SHA256 dceeb953143961b3a64cbc7b2fffff60d0d1ed5bf29848f3b46b0db8849380e7
SHA512 59c3057728a47a7d56d0f04c59f829351dd22d11e8eee2bbe19382563acc2a5ebf6923680fdcae0365d6749d4e7e11f9efc4aa09a7e890790f83e4041d14fa2b

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 a6a8e2129700c67b44c272605ea8f381
SHA1 728f1de9631ad03179baee4a1c88885cd1752eae
SHA256 9e99eb818c1d6bb2989f49a0d5301d1e18bde463b98924941175218eb8c8ddfd
SHA512 e490537b1da3bf14442f43298cfda91987e32fa71b450380b93ebf62d83bcb305ec4b17da890e4e9969a397e89ef48653b01734be414c6d34e4764c65072e252

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5b23fdbcacdb7c3ddfa6b3a95acfce9e
SHA1 1bdba7cf54f5ba6719d3577b999f8f1e6657b1a9
SHA256 22970515a886b1aa71adb5954576cde5c8fab367f54703c0476a5c2f95a7cd8d
SHA512 12d93026ac697aba58787826b4fc9cc3c668dc75f39c8f9724a78f2288565421e8acad94750a8cb274b76dcf99cd02ed8d352f79014a4aadf1fbdfb22856cb8f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 0e0fbd9085754f82357da0909742ca9f
SHA1 a7c73c19343271d2011730daf7fc3889e0eeeaf0
SHA256 6a5ace0e74f1c98769e4aab7771af4d6d14f811ae7c5844f96da43c266f13049
SHA512 a45b1c8b735573d29341c4e7eaeba6ce5cab534e978933453ebe14c1ef3184b1f2cb7b02eb11d879c41348cadbd407396aa9f1a3039119adb8c3160995618357

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 9cb05b0223adf191cebd610000539957
SHA1 c5b38d2af59c7f6e6ad924c14927113b2e4dd575
SHA256 b1c3d1593652997539b11bf29f97c7bf8218ed8cf683ac4310c47e98fce3427f
SHA512 0f5b381adb85dc77f3a4848d153ab2dca6f8f3db3d6abb9853b930eda9e22e5dfb032558481904a2f3f4e667e166b8671a1bded4f516ff3799c12fff17f2702c

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 d94f7cc4ffe157d3325ea2bec7ffd65c
SHA1 943aefea5dfb5f59891d0fb2074ff436e7c21026
SHA256 0bba9236df76b2d85222206149404eae8b7be59cc3a987abb3b4729bf03a4212
SHA512 4ffd3d29b4a766f1a30c7791e5205ad79cb0569d558b0a8eaa5502e5109efa62a8a9ae827dd0da17cf985bfac0f7b7f9f1c9d2462b9c4473530aae39ff44eb57

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 bcb9409f48c104fff7e521851813b249
SHA1 190b7824b366e83751e502f64a4495054cfb65a6
SHA256 2ec63220549e0f8186882321ad2fb0ffc4dd55333ac74594da85684dda6ebc9a
SHA512 3f26915998edbe5e0308fa3919c4eb13fc10c8bdd4c36ec40dc8beb1ca08a1aaf650fdf3e3ae9c4c56c1c87d341a469f8334a17d702bf399e7a77e7bbabf251b

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 c312cf892c4cbb3af75aa9e70b61bd8d
SHA1 badb4d2de5f206a7408ee76c3bb64ae81142bb15
SHA256 d9f7ce237ee5dab939a610713b22f9bca63d21a7158d38b3995544f5b6d5e607
SHA512 5e430c0eb11532db91a9b4843f201d7774a411b773ec468158a0e13a3266932542f7b254b2e1127858780485563cc5158d9ea5690617cf35cbe534c6f616cd94

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 e9b88fcbe5d4f137581d0796c3d68452
SHA1 8d51f53c90c5bc198f9600efad57a5b6385dafd9
SHA256 19ba228d1d374597763d2a9340ad97300f79ecd3304e8ae081ec74f51396189c
SHA512 c6c31a4a804e240d34ad5d5dcd30a9c56978b55876a43ab8f47b0532ebfe62fb0394fdf0ee1409594e3ba750be50e9fd9d9ccd912e34f368409ef5855d2a970b

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e7e3793de608e0e66926f5d835a22253
SHA1 84405b8f899dadca9659f72a64a3e4b2f83e8788
SHA256 17554d01710b8f898ce0bb5ccc5fbd7e948a57963daa09e5f4fa8245d9aea9d1
SHA512 b0d45ce4fbe8f5f326d884bfa43435a96f1ed836b70fb8e63d10d60a1387bb0265fac0b06cbd1e674c013e8aeab624154982c9da60e52d7922ef299281065ed0

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 4bd732d7ee16fc792539995ed0e123e5
SHA1 c932bce1d265529c9c830bdc11c23a4a7db639d2
SHA256 aa4a0b938f477fdb8612bd22a975efdaf40e85da64087f3a1c311eae0913052f
SHA512 a68c03d36d7b1c989747a06b0ba17e7971736926d31eed3004e6176bfdb9df40083f310bcf3a19762bcbfec3f767aabe946d1c7c0b23a73b17c181f181fd3039

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 77eacd268afdafc6fe6ad4a35411602d
SHA1 78c6797c3c8a252611efc4fce2acbd065f8281a7
SHA256 ee4cf8ebe474fc0e4a58896f4f267e35411760cc0d65d2c640a96f3c3adcd5da
SHA512 1d43ca2a4f742e587036e39dacfa0ff473ff8bc2c24bcc0eb0d449d7938318df7e138bf6219fb1913ddb1b36c417d8cd6c8c1490bee4384973dc4c13a4d11dda

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 01235609b5655d44a6d38e051026d110
SHA1 7975f020477abaaa0bcb8bce847ab646fc1834f0
SHA256 dd09445a1fae5681aea3e9a2f80bf093cd0a7855a0aa9d7deaf9af8bc96853fe
SHA512 107e503e245a32b22538db2bb746b8e0474992a2f2c207f19f34a7579114dc115d38a6ac06ed44dfa2e8b0fce4c6aa441be780b19d21f8be70373f228573a60a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 c61683aad90215d37c7fcce222192ffb
SHA1 929dcfc4b7194c1a01507c3ae1e92e60ea276b19
SHA256 f1f82c60eda038f374f1977135db1a5587bf1fe5fea9cc05aedc36960a0d20d5
SHA512 2a736cbaeb7727e17c4ea13d712e1681467a87ae88c0e9593db5e89739676f7a3d51b8997a48d201e166a75ad3bafc4ed881322c9919b1ddf5a093f99e1098d8

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 bac29db4d0eceae36d205aee85269e4d
SHA1 5ac28ba85ef216badb43525918587c2925130d81
SHA256 8dc1f8fed15c562d683cec55ace5e10fc4d91d2d18720a5145c846457e8dc308
SHA512 8e00969e1b462776a849ea8a6f97e36ceba1085269d7b59ce62f491047c5b8478ba9102c11d425a19e9acc72de62d4bbca48f064311c328062969bef649c0a59

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 42769800f10bfdd8327a60e38a120029
SHA1 5a942e87348c23643fcb9ddea2fd41220ec15722
SHA256 9055b53f700b9fdc2ce55abc85ab99c489d6378e9183b09dcfdb28f1767eef96
SHA512 99c722ea902acf939fd90ab400744ffe8f5f4c36a385eb8ffae40102ec44928e1a298752a0cf566170b66167dd1108588375acf3d675568283f9daf2c23dc5d3

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d549be2d390196bce9aa2405d0aa219b
SHA1 32eaf2f56b6ce9420ff4e389d473e61861dfdea5
SHA256 5d5a5e9a3c672f7c5e286b5cea00141912c01a011eaf4733b70025bdcbad44aa
SHA512 a8f7a17425ed2932f6b0a727021201abec9b58478013c6ac8cf8d589552c14b551d7da66bdffc793908aa44f05558d37ef1094cc20960d3e220406aa9597e04d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 fbd551e5c53f8bfbca821ab5711d926d
SHA1 6a288f21b0f85d2937328973a93de05c8dbcefa6
SHA256 621002bf416cd196fe93b0f78e1eed0891336f550a70bba126a009216396e364
SHA512 09214630af395fb00bed3151367a381103c24a7218e04786db92713a5924810b763ce93aeb67be8f2e92e4d753da265805bc5d4884afd92c16b98ac753e758ce

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 c417a9cb776145e5c2913f388fbbaa1a
SHA1 112b13f70624395e78c06f83a9688c3aab25fcff
SHA256 31151adb4246d64f77f75039128e32018c4b09e7a2c11ccac7229f819b3c3f06
SHA512 47bd46f38e72d527047b2e9186557ea311dc8ddd0aaabf0f3264a2d2e67b7f48c6d6e0613166c04ee7527a0547580234ab158039d4a38d0c28b5c149ee0b1086

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 fbc8a60166d2949b6ec32c0700a855c8
SHA1 ed3459c620782c8496ac583bd48cf852b7a329c5
SHA256 3e6e7b51d2d3efdf20fb721a8fc8c52efed105fbacd64323f7311f4732cad343
SHA512 8dde10b6fead7e620b6eee83f8d4aa01c77712aa9ac0f7ba8343a14cde319fdd4d0fb28b3353dbdd7f20086403baa5cc5c15df8657137cee709b3982d9092a66

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 d2dd692c89c01f674ad8673a29182199
SHA1 b4744aa79b73d449305b7d38802819497e27d76e
SHA256 ac82b529a67c8f43275e2912f0aaba3fd8bd8cb63cf3644753614565a43929e8
SHA512 c40304c47d33a33a69aa06bbf7aede5d972e258b4c31f77f324e12334e65de27164bbc745e3a049203b4c6af376e68e70aecb09f52c0f44d9504c145eb7c5da4

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 b018e87a248d3120a84773039864a824
SHA1 2d2f7c3107e1343c5f8377f2f844d7b8f46be862
SHA256 01e9b5bca2a69eadbdeff44932ee2b121c70a5b8cef1fad1ff3ead33c7dbe9f6
SHA512 b5292de7e3ffe00c462bbd6825b41c556ce55c9cf1cbb2c14196e3235a1688f722298d149aa90acd926f3f18c5fe8e49448ae64bdcdde3065e2a5cf05b01c9ae

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 0bd33fb1d8c3c747574a37e4e07944b5
SHA1 670c9868b00c48cb5c189a2858c448d8d177087b
SHA256 bc571c6080730c95a1f115fdb954b8a2dd3d3c8c65926a30d071ecb79e17445e
SHA512 8795dcc248086912cfe3f0780f65c63e9ec3e477dd55cda4852182fbb8a6f9e6fb8236443f5ee3d653f7ae49ef1f7da30a3d48a422d22ce79c8d1ce9699b919b

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 1a901a92d7a070b7bfafae637d8ea1f9
SHA1 267042247a08f08b1c5262c107c32bb03862582d
SHA256 82b0a8986fc0d2c59ce3bc1ea535d71278f467a7109a84380a8e7d17d858be04
SHA512 b05122e96663a6476f0b31196ed3239f88747beae17b34266a39df183732d791becae0e554baa41881d32f014c496d67056d34fb9ff200db2e545f6059187357

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 eb37943178402512f7b465e2e1a44f86
SHA1 433bdad9c35682dceb4e4fc9a634be83de5e140c
SHA256 cd586388cb420b595ca45e498063d01dde5511da8b556777b64466a0729158a1
SHA512 51dcdd669d5466eb08a543450ef169aa65acbff29f9cc9dfc71c77c664441e2f36b5a09b70d4eb192e57c513d00eed5e5f7759a8c787f7ac7e469014889e1c99

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 107be71fb91e32212ec27377004529f5
SHA1 7982a1602bdb657fe9628fb85f2ee059cf6998ea
SHA256 71de3551bffa8df5efa623c56f387034b785c2e3284dbfeb608b5de5e54957bf
SHA512 5275bc1d2390bcf45d9a5a2c274ffd5da3f3b27a44f2bffe82523a973a4189930a9d4f8f9f2a6866d6d89d8e2069db323ff7c1ecfdabb26fdb1fbbfaee1ffb89

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 45cf5a27556e8bc25a81854328901f2b
SHA1 eddc6b8196612116233a79b833772be963295965
SHA256 7793d45e8c0e59069ab5a5a0d537b2b3b24ab57883a66bfde1df0fbee96a8c6a
SHA512 449e848ad3ad663c991cb741c2bb1ed69f79a6254f71a8761dfc1e0b6aacd0c239d0f183e38caed67e599cfdf7a3182d21446b36860cb5ca4cdfbbe8ab039427

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 b7a2ef7d30d7915e385cb51329bc1a31
SHA1 ab4080e3e838e8c0cb94179023c6df0baed62a27
SHA256 0626cfec5b4d00616166456eba08b94ce4153d69200411f1757ab36beef32360
SHA512 2a2719ee7aadb071c2326a474adc4b0d1160b7a97fa960fe3ad8015a403ef5f37c8b5324f01e9877d006b0d8e96596a2582b750637ac22b038dafc2abebe8c56

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 2e6091513ad2bab954a7c06e13ececbf
SHA1 238097467f262fd756680933a8d044dc0039ea79
SHA256 66bcf1b4137a0a9ad05fe8bcc4a0c31101eb38aea20313664ed2bae8584aaf31
SHA512 d335ea64a9788d829b9212fd156fb169c9208d32bb0f742f8f843b612cf4d950370dd890d0272304b699f19ba69dbc520e37cedf73e68ea550afb7bdad5529e2

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 ab045af86906f1b1782a2521eef55c48
SHA1 762d6fcee867f6230151a544e1d8792dfcfb0e7f
SHA256 b5da7923f8553dce40dcfe701ae9fc26d64e091130ab75f37b2b366b55b6d4f4
SHA512 3ab7e6306787a180ab81ea666f6668fb745b1e891408eddb734ce81b1729c9ea8cff1739faae93d1410c8286f927408301c819598a138bc636b54493df276acc

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 f40de1c02f31779c73e43301db0a424e
SHA1 12277fb31b788a3030c38fd6246c824d3080bf28
SHA256 468d4da195c29eb021dec906b4886c28a8056384aab50c24a6ad17c4e5c18d08
SHA512 90bba5180bf5a4c0a5ee293c8b12856cde2fd65002fbf16c772502c5e50891a8eaa650da73d315e6c9be3575616681a7dccd4efdbb8e377716f146c546b7d2a7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 175a6fb19035b6303d689f2e989bc604
SHA1 ce3156b2db12f8d2537b0e50f501361841c68585
SHA256 73a9251ff3eccd5cd061faf69e11b3fb999b99c3b8844310dd66732b06dd07be
SHA512 1cdbad582a8d05434c5de8264ebe8d4ca713b21fe31c83d8274f98da88f595c613bad8d39d2e50d18b4ea6f2f2566b46413a754596f5e2fe3bde54e3f43a9615

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 c9832728bae1c0a728129639223c97c6
SHA1 6532ec0e30387211767ff2424cf56004221c0c75
SHA256 b8b95f81522db1e194f8673c9d3847cd7d1d2f1c1bf9a6b83c5d8756cefe1bc2
SHA512 e7b109597488e1ed38a5215a96ff02b258d99642b54b07c6ac5e9c42277f04be87b453c3a24b1f41b5b0f07585346768bfcd26cf9900579cecc9784ffc7088c4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 e1ffdc201f48993e41957bb335e4aa7d
SHA1 d4a082df169a1b77ffa692e8852b5ea37b742b19
SHA256 e8d66c6858cb8ee72836afcd29a8f3823a3cd712d3caa3699e452c57f8bbc9ba
SHA512 ee3dc55e4577a33674afaa6c0f1020953e9c2cd756026a285fa2ad46e4ee6a20710fafb8b9253423264cb86be023e64e127917dc708660ca5585c4c0a6b46291

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 dbcfe345f50b464bf552f2f1bda28cfe
SHA1 4c1ad26da7c00f92be92f393537c1d00f93b6d53
SHA256 31b15bb59dc1bccc02c9194125d05dfee8578e2658aa16f2a56ae723bec07918
SHA512 43d950594e17c9d05f4b58b4017610655ca34e2c230f05be34577f4fd1f5028c9daa6cf35226f85bc039d0e7debaca36e4c5101ede575def2e860e41d757f775

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 96ab32d2e7e9c3c3be1408ec54c9611e
SHA1 2946effa1e31ea0aef966526d74714f14d4549cd
SHA256 111774be5595cd2a05ff5f55bcdb2d0cf4e24973fb82345cb69e7d8bae210b61
SHA512 1dc644735a7487337191a01a6c9f69be9db9e27179e7cbb58b5c6f46c510fe57dcb88cc496e004ccbed13844a80ac9c5587a4d71fc5607a797dba241016cfdad

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.EnCiPhErEd

MD5 c46baf797ddc33927f43557cfcb878ee
SHA1 22f54e3202c03344f6b5368ff80c9429316bdc65
SHA256 0b43a0ba9ac8ef0f4f7f5d2c1bfeeaea234b15c22f88e25556bfcdd3ef7af344
SHA512 66d9cbf141bb1541c3f93367910b7f4acbe70c18bef208a7373404755945981f60b0b18b6c9245064c812d5443f5b0fdb40ea5ae30f059c964fab1905605a86b

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 7a96138502eb3b72dc4d31d75de9645f
SHA1 78aae60f68f35173b4bbf159f11c01292a68edd3
SHA256 7de486a566570bb742c2ad03d75213c5f116568b0fefa2ea85abe4be5a725cbd
SHA512 db6f934ed8b594026f924f37d57faa25b1c3d803536c8061fa2060a5d7c294c6692b30391b986ffdd5693adcc30bd288a2fa5bf7afe79d557439713405b884fa

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 8ed6fb0e94f785c00f1ee6f2e9ba3313
SHA1 6c9d2686b52f5572d06a92b50431a1caa289bf98
SHA256 4a81135038e3a3f8f15bb864cadbcf93d5ca0f4c9595cdfc82c6006fb55883fd
SHA512 cfea76918163e08a0d79605f6a2a2248fa0486221fd533bfa678e3e72f304c7371f1948b4929d42783094ef5d7bdd9d4180e168e255eaf659a5417aa61960b1a

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 3e4bbd2288b5e70a8a837409c40fea09
SHA1 bcd540eea622dc62fc78c461bf1a53a979ad4777
SHA256 0c2ce866c2ed3bf81d3e3e829722f9d39313dc3bfb1ab8a26bea883db6fc2bce
SHA512 6dbf3af41300e52c004f426c2cd90909e761158bed9c1c3783c8ace544c889c65a91485322700a92834aea414318f2ca6a81b95fabecd9d5f11035c63e862f37

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 bd393f819bd839ec9d6510cad1cf3cde
SHA1 8e4280397c4fbe6241c7add78a123acb34f71302
SHA256 e03381a7ce681f6032d3ac0c57924baf216e6273f0979ee0bbd8339132243525
SHA512 b9496e38c14073a2f65d9b5d0f57829346c87f2a6bd272f22dd880d26e8602603287ba9f6373d7b6e0c4f30eb094bbeb80f1eb0d01b682d4d088b9c6ff799a8e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bf1ce38f66d19864822d5c7e3e52654d
SHA1 eb10905124a805243c49675d5eb474a3c070effa
SHA256 6b0e9704b3805ff5e3bbad96610db461ba4b1d7fe45bf34b40f9458ce97ad552
SHA512 355818a12e09dbbdd0fae5490b5e21fc0d5bfca86f1415c1cfc824fec2b5d32a6e131e4b13e73277ecd30a60929b075a17a573137d63919d0a00d5b2272ab428

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 750fb24fdc188cea600bb2a7568bb518
SHA1 4e4bbec7df3a90e31d387dd599d291b000ad8cb1
SHA256 8c76fab86abc00ed2c2b32984b6e209403fcd996a181cd142656de8aec6fbe41
SHA512 d36a04759e7e10ad8205afd3dde0e83173f2f42f4b8da245b02ab612748f134f9b4c75a3675d4e104ecfa291b6dc337d61feb5258c62a5db0060d2dfbace5fd5

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 42d85339ac8148a10234777d32e29885
SHA1 ff2fe58225786a6bbaeeed75895d58e534179cff
SHA256 f53bbec66882f188d833aef48181d58eb9b3900ecf417775ceffe10e5bb9c568
SHA512 1e1c9f6537e1cde106ef6a6e3f53472408472f019b298d1c76824f956d16afa620528eac61692e11c4c18a1c4befa213f8b2a371f80239e439d6ee76e77835a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 101cc37081714daf22d405541aeff374
SHA1 2578cebcb2440790e87deebd4395f2318feb2fd2
SHA256 cce7ca479c4c850ce4dcfcfa297b4ad5d1bbd04cc431e0da4e9d8ad1cd4babf3
SHA512 e095035cc5ab849ebca9dfa18144071f95d0a5f2aa260388265a9b15b7cc645e178dd78e1d7f93d44030583a408482e8dae96064fdf3f386f763f6eb9fae3748

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 3f57ae9c362264804e453e502593f7a4
SHA1 7ebad898e24a9b16d3a3d70cca626516c44ec282
SHA256 d27c392a1a100f4dc8240c7965545ac854df2435189ebf1c350fd48972e02b72
SHA512 2e42164a7a8ae6899c54a5cbc0a89b0b6ecbf58264ab2b082903ce3d2c9bd9b721b0ea4febd1b5ad3df4372db2adc70fd9204b68d6d7509670a1d37ed51cb198

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 ab9caa7b5fcf21780517c22ba854ddc5
SHA1 355889b52a4007764b2ec09bff70b7a90346b3bb
SHA256 40f7ed0d6d9b97d130994cef433a84014ed68d16f18b0efe851aff9aacbbc6a6
SHA512 9ec7450108c47175b0cec88e2912442ccf1ff348b1fbd5b617338a9bc9b79813f61dad045f64dbdef4c06086e65cb2e71824ec32097932b52d695b61d9127159

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 4d97245ee18fe79dc8f912d60ce9e133
SHA1 fc4418288d06cbe7759fe2522b93847103fc24a2
SHA256 9d6716d22f8db400af8f2d45788986b8ffe51ef22dc818a20eede2757dc9ec8e
SHA512 5284ff74e52548c03c48f910deec5a60c29ed75cfbbc8528d41e7204f0e15786e0419cfe9a22fd7364bfd46cd0855785e5f59667db8fe67e406deee3ebd7ac0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ba504ce257341bfb281ba8a0cd5e7140
SHA1 eebd8c517e9ad930ec2c6715f7291c8851b9d7d3
SHA256 d989a82437c304a71cc20adba3627bb999d10b016223e08af358566763202733
SHA512 1e60d5507f7bfa5f51ccde4c3f5b09a503b69d1b78a363dcdc8411d22db22efee7d5378b22efb47dee828a91d424f5a3336d437eb402a907b3a53e0f1f23ed4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 015d126e10a5716a5dec62c4b2199d95
SHA1 21468ec7e9202b01501cdc19cc85bb7b85eab702
SHA256 cc13682a16e728324614a971b348bce5cc4ca70faeb47f989bd5f295ab8b208f
SHA512 2ad5031379d0b3a680567819e30f10f151a3233248e85896e920c768ba8260f4b75f11c016a1fa8eafe51d086a5868ccd3ddba52e32863dd43a067132edf0179

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 be9f605e391672233f1c4dcc93c673a8
SHA1 46d12349028e1f4a1a82f879274c8d7ae8f74c41
SHA256 d4ea1c5273fd683d9aff1e8826d216d7f52fd5a12446e3676e04ce6bdc63886d
SHA512 bfd289b06011165e11e78c2151e5cf96c0041345fb25716a8174deb53e44bb5a878fa9b26b7c0b3a3deb8ae898f14490e8595f992e2583e2ca471204383c2ef3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 6c3f3e0ced6148c1589909ba577ae8c1
SHA1 7eef056eebab80b58d6344b46c9547cc34b1074d
SHA256 6d90c8f03bcc17f7527c9bfbba8309aa288d38e63f490a434fa9399a5d29a779
SHA512 0c9c6617665a46e737faefd657bcec4e9280d4bb41aa08a329ddfd4d3b2dcab55b195eb97313c7732bc43a07b22811cd2a642ed70df8586b3d9c8c201fb24fab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 67dae5ef1f3bcdb4b350a887723c4d00
SHA1 3ca2fbd8941b00834e03b1c69509252219e2817a
SHA256 19abe963d7225caabaa5b6c8197cacf766563edcc5ac095301842a0ff833b5eb
SHA512 c7d7bf5f3c5ff5c6499b204426cb8ded4cb233bc8174caff72b59944dfd3af4fe9e01d8c7330892f40fbb614bc3c358e65c225cac42852e833dfa0bcef0a7c3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 c6505d6b1b5bbf4b8cbb464d934efbbb
SHA1 62d86568cfb092a717ff2206ce6b9a952f6b0161
SHA256 5591b5f6f57014b6ceea932bdee4d24e0a8d19fd702d659ab59a88c043155c4e
SHA512 52077d8114bb3b7b67f3f7309fc2d798137a18d5939aa8d0908f311d3f7eab9262f4372631694342a768686e9ef06a944ee5fe7e692164d1674c6f02861d9492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 b849f416869142b59a8f624da871c6d6
SHA1 d0d9884fc7fa2338b323e6c5c3822814d18295a5
SHA256 13bb8226258c9763ed99d5f75b89eca2b59bb418a2202aa855ebd90c43331743
SHA512 6cc1413b14687f46005ecaad84b5a1aaf86db8d05bb9458f5691e934752b919057be2f63eb84ca9e587f31dcc6599c7f07a7d6c117ef84b36d2ee0eae51a3566

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 24cdbb1afa2619b172a1f87fba0dca85
SHA1 b48a882f3cac82efbed493a99593d38e9b0a54d1
SHA256 fc4bfe7082da1bff0f7c71bbd051d283a76c591892a71f455e56488c7f4f84aa
SHA512 5923e5c97f7057370833210a5a577c085d8d860cae7e049ad257b49a3c5401f332a0b80ff23e117c8fb5b1251c1d2403b72b1c340583555c8648bff9f77935b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 3376e0fe8fb787f9ed8d70300d8670c4
SHA1 33f9e67bd0000fd5cd5f1a8d406ee5406570508d
SHA256 5dc29f69ac0bc7a766938c6a960704421f0206d76c00d1e402778fb0dd740b92
SHA512 1b62cff2118171eadb32b59df5492faa88027b6b940d7be231e0b682748b4159a1bb36cf3b5068cc821dae98c2fb554111f18e3e33d150fff3a46dee3faa5df5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 2053214523cd4ea1645926f76d5e0b2b
SHA1 b5cae1810b10a2046e7b1aea37bbbc9acdcf42a3
SHA256 74aec655fcdbc3b1c75248240ea56db0b6f02a2e6f98ffbd1c293396251b07c3
SHA512 7de51bfa9ae2332651fd316984ec2811cb350fc9d740b7e7af9e0d48f2ad94ceef835176bfc3bc0931c28615d1f03f20aada9b320fd9d70e7ce191c17fefdf86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 948545b63321c7db46cc14f20f42fb13
SHA1 6b15f0e8c4ffa914c1335b55da35af2eaf66678c
SHA256 f630853b61238486064a1fb30dac6726ca7cdda80f4a86c14350eb0583184703
SHA512 05eb2de93db37c921dd083c38a744e2e429fa0d66ef8027aa66ef51a733f5f182103291b95416f46b1c0d108f6608dac0a6ddfda3ec473ca25a8bb953b539b75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 d27e45cbc92d9b546038fa7990ca77e9
SHA1 f9a6f8f4d574f6855e775059f7e537de2507b8b1
SHA256 e5b80259d1fa02a7b2a5b6847836f9477f445551b772d2e7e22bd7d80db69e63
SHA512 263266b4e85229c75a2c3fdf285b5dcd62c30c3b793cc0a38c1d3af0da13ec87b5dc088a1cf6a66339cb518214868784de31bb209cb49a0f25415c3280a25d3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 e1e50a622e06228de16a27ecfac298b2
SHA1 8d944dfb12f9ad588aa41949276ce7063338abc6
SHA256 f9fbe9362eca112af47537a9f9ba0599fb70bc074f837a106fc4b48bf3804774
SHA512 13c698d90f43de9e9b6c29960105539a80e02da3aee67dc573beafb47f0a7cf76657e026e2e5ad1b2915d5bff0d5a8e3b38134711a3a59cee4f3eea791bc0fa5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 f213b578cdde18db1edab2570447046a
SHA1 20048c6c7d9853627e263e988c5210a7b0124550
SHA256 0d57f19c2072915f2f4851d480386d0329271ac72e5528ba1eb7c6fd24969815
SHA512 0b7679bd4e710bdbcba182a8044c0c80702cedf12e2694357fe29c7c67e743444aa120775e2be9c2ec496b15ec8b81d044b0cf0c0dd9093e836bbbc4f22a0d5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 d31f2537f5c6e2b71620cd99069d9621
SHA1 b866780a3ab6cf20b35ab7bc3577f04ab09f4157
SHA256 04ca558ad577ed0a3913069ce9137fe5dee319c34fddcc43f88ff027798b6f3d
SHA512 4a359148cea6e4809dbdd1f203aea98149f7b2c3e4e119b83714eac89049634723196d5401f5883bf7152b658f80175b7cdc9e506f4215be831e214f3db75fe0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 d5cb695d795b0fdcf4c787d5886eec22
SHA1 659264d232b50355d95c5a356dcca628b38ad172
SHA256 36035947eef39afda70031d891ae0b05e4f809bf919ea03e67ef50701a5ca6ee
SHA512 c44ad06dc52b26a183ac74ee8184ca0fbf98b8be30a59ce4b059886920c8c97ac3bb712165e008ec30735ffb9c9b38874d440098cf5cf8f09ee8fbd507743835

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 c5b631bfb206061239fbd047382f915f
SHA1 f9d2af3da0e9d635b25326e5e1166dd31cd60009
SHA256 32dceba2565723859ebc79a332b2a55554601af87c31c9e33264250d2c2fe6fd
SHA512 7e64df3a7b9279a3fe7ab8220c4c9d53fda8b4481c01acd1cde8a40b0918ae88a13b7018e222bfa3e6d03811eb317f980e2a618249972e0f38cdbd89f80762aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 71cc2cee7ce967aa92d4b841ec31749f
SHA1 bd59f338901f243e63bd7e8c41b1feb9aa26858b
SHA256 95a47ff435bd33e0a41a6f393fcfb622fbba83aa41dd494abd3632f87de5eec1
SHA512 04a378bb5a508e0ceb3684d4536d5e7398f6fa06d92ccf510289c9e13e480266b62c02755b0180f9f0e0333bd9897853eb4fd22f19db48c810515416aaad9a03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 86ab855748ad99eab27a64f77066f3ad
SHA1 bbc161e2187095309d9f2b79d76c725202b32b7a
SHA256 57df724131e25e89ccdac1a8f33b6e5b0b8a55a656d186efa6753fb84e018581
SHA512 a5b237d2aff5a14c0373ac13b051d89e6b928acc0d6bd28a9b4165c185af7948b688065048fbe4914f671d8dec9e99b9148b27746ee581d69ce9ca8c793022e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 6a593bdca5e4b409f2d4c04b1b305748
SHA1 1da3f64238bfae2cd6c5a84b01f0984e072d7f2a
SHA256 dab302860e057b0c28af19c2c967448bb0507a3481fe1b34d2e3534140502121
SHA512 32ae444599536a8ed0a9684f9ce1d4b693bfbb847f910c7375886cf5b34e84cd1cc335aec597a848020be101ef4a41abfbe0c2aaf998fb8fd0efd934b2b6adb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 8c0fa1b485e7077e789ff7a9ac0e14bd
SHA1 f3aa9ec06ba461798f392a10dd0ad1bc7bb087dd
SHA256 c7ca5dfb4d28bce60e181630614aff38c99e97efa259d2502081d29c453752e5
SHA512 7823ca4335fa3e8a24c8f917188fbbea752ec874718760180cd11e2d388b7e3d52cc277282b249f3319743969b47a4dc27d6f90b393c7f193d1ef632e81be0cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 a4277fa865e5bbf38a4201977c502ef0
SHA1 ddd03429dc27b3c1029dba8dd929968128ace34c
SHA256 ddeb51cdd54b3c653aac3bca27e78a9d0b8f6a4416f2a5500526056a233b4853
SHA512 d249d8b097bf612757e6f4daf3be71a69771af2d85e9a58e93e7a9889c89d79c6acc9e73aa772731b613f25db88c2847102e43b61f1e0a65bebdc53b36123a39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 54c7944408aead9ecfcff770bc9fe257
SHA1 fe8c57d0a56e3ea4a8edc02f9eb17718432b45b7
SHA256 62c05d073f55c3834005e7ccff3b1379ccc92d5f137dcf258fca4d3849473a2b
SHA512 cd6fe1662ac2b217ee4319fdc8ba7dcacb2f6c293ecc589eecbc99525f1a43b0d52dbd16a9a729cbea393dcc6b0c7d865692fa3a91792f31df8585f69ad5112e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 2d6a015060c8192c57d374a12469862f
SHA1 8baa52c780276dcf8d23a2ce53e04652492d40cc
SHA256 744ae7dffefb824b16e9dc38f9aa83a26f5e3364a8d79b9181dfe0456a64caf2
SHA512 8f6698b438ef416c764a9026538a5b12e598e18f6d00d19c8fba0e714bf6395b05d030dedd7c3cdc5c9f003380e24e85dab1065e8251bfbd859d378923721af8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 47d98089cbe5b51bd2322a86667b7e9d
SHA1 595cc36345fa68daca62f5b473587eedc661382d
SHA256 bb07ec10a0f5221e6be26a1a0c98a50499de21e730b32729cd7a93e5ebdf568e
SHA512 57a8c623c47bb99b09c2701df5e8c300e27aee2fdbe5afee63168f27cb45139ad4ccadd0fc50f314d518968e123fd29a87214511a8568a092b78835569d0c67e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 48bc025335a97c69b23a0050e43bd1bd
SHA1 0cea1734577144aded9f51f30ca2e8c584ac18c1
SHA256 e63e17b5fa49c73db9008f79c8c6c05c6c69a6b2048f8308dd3e81bf3c7c2562
SHA512 0cc10cafd421c88b61486e7e73cc339f78d6ac70891bf6999c5de2e97c059b67c1d92f3d1e8cf2e11f9388e5b87c13b4af3c7da8bfb5a3230b46e0e9db2398bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 90cc5dccd80926a04a8e30a9642cd532
SHA1 0cd209bd7f4b5fcc774f19c44817b30fc79f59d8
SHA256 bb3695283deac29181bb44f8f4a1bb7fd3f297a7392b7417d8dd073adaaf1ff4
SHA512 6b4fde72032431f7d0f4c847a9d3895c7fa599d890d0bec702a4834658a2644f41d9a86f4355b5fcffd5f3faf41660aa99c2217fb9c50762e7da1faa0ddb5f5d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 df8c6e904dcc12e1b4ea25981a8a656a
SHA1 202c2d70f7d5442ba162cb3faa75080b9da86de1
SHA256 a221ae431757d7a0fe9f5f071cb8072b33c508fcb39496bdcd9feea9e3caed19
SHA512 30a3ebaa0dad478a3279a51f6b451d64a79719e1968c3a6532b104d5adf21a3cabb2765d1c79e6e382be5dd1f98b72a56147113e38be61b1f4e63e725bf8c460

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 7f50b35864acbb4d4cca96ccd4cf7496
SHA1 aab60c98ad4699184247fe9788d2704445664ed6
SHA256 61205cfd8ec2f58ad7888fe6f26c6218f89f3c6b898b0e4fe9ae16ae6f48c668
SHA512 17c77a8c0501a4ad10babe27a544e3945970d91474c5103589c5780ff767ecb607f3d0334e4a45ff60e8ec518b91751418d44ad93ce6d3874b2c326a3e331f74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 b2a4f7731527b56350410111a08314ec
SHA1 91aa06703bc2abf84f213deadfb973e71a77ab0d
SHA256 7ebcb6071e1466a9a9e95056a3245b1048d9be95eaf1a9f11e0b87ec3ed37bf4
SHA512 9111ced45a6c4fc9d804e652bf06eb12fbe9b6d78eb95754be5c1343913d45b00d40fca23eb9ca561304c7b305f806882e08d5cdf9412d1ea2b26f51a8cc6e3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 6bd9b4df6fc114a74aedfe27991518c2
SHA1 be7d1af0c9e6ec7044d318db88770ff980f01f4d
SHA256 a68d404f3082289aa8892906cfff2c962dd0361d9b3374a8463d49e1d22635be
SHA512 421317b0dd3a15f1cad8d90cccd4d66b8d8d7aa8ef2500b6ecafc7a3c2f46728c6ee20fb544e4fa2043f2971a750925ded4504da4f8e41b8227088c342528022

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a03ea0cd1722286a98c9315bed14001f
SHA1 83a7230ddad1fc37c66f8f37bbc955762abf923f
SHA256 51bca6849a472d663dc6090a8dca710c45ba6bfe1d8a5244c3fd8e963d5043ae
SHA512 e973df4292462f8337c38488445bb500d814f7e61d9401139d4a3ca40af8d1cae45405279d61c42b0d27afbda50d7a23a538a4f725d71e7a1701f6da13a8dc9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 2e759782a9d0043e1e092715627ef330
SHA1 686749dca12ca2f3f33291ce574354ef11defea4
SHA256 0019d2aac258e2eee82f5563273eac9d228b2f085a4905caadde0b394f27f4e9
SHA512 9269e6c7ccb603f052d9b1931985eeb1de800eeb091f4fb68057be3cfda7adde01724c3f3f4de2950bda40c29e22fadf75b9695f578ea50ca1d1ac2adde27d94

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 2468d73c746e4bacfc6c20c20514a87e
SHA1 94bc9f84e0dd727a65bf63737674c076840250df
SHA256 ec160d0a67a429c42ad36dd8ef0eeb32843391a77bf2a108cccaff8d09afe40a
SHA512 0f06d16b16da93f80925d5cf83a4a8b8c5a68d1dc1cde94fc6ecb7865812dab5f3527530941b33e276ab52296c5af07492c7691d1f78e2c98f54250c04e8c255

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

MD5 b516c9cf82447d92a2f70b4ebfb3141c
SHA1 7516fc0b69d74df5b5e1643a2ae3cd55bdf9adab
SHA256 d24f8eaf915ba26247587c9d4fccb016ebacfd6b38d5b112dbb7de2e4d1f5db5
SHA512 f26c50b8ac34ad54396132e485fae02402b0fdbc09df1cd6687c08769accf47f888e9edf81ff956c1e4bccd677a7650e15fb9658b9f9da58d122fb39ef417f2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 512c618db8b52888f23bedd0e163e479
SHA1 f8e86e5154788dfea27fee78a20dc166550870be
SHA256 6b8f7957090091c7d610d70930d46f73fca6308669c32162b1b5b9cb30c6e465
SHA512 c99fa434859061020461112e03568c5ae2dfb15e74b08e52e11372807b334de65a90014dea6d3a23d0b284ab6addd32b13c7b7264d7e0ba3b8516cc17809d99a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 504d5be6c2ca582933b7e66b4ca3d001
SHA1 72726a3c1833fce57e42dc5d26dd3d9494a8b712
SHA256 e3a99e4116ef946053eedd426dc7dcd50943c6d4cf3b52b08c1993cb7bb03eb0
SHA512 fbf38ee5e99988dc9a99f4f76228e3be2a3b0f98a91d9894e70882c20cdc4da90405c342317645dbdb31d5ed7ce3fc1352a3b2eb9ea4bb6188b8854f3af9be53

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 29fc40a87565ed42dcf3a7873d22c21b
SHA1 e6426bddf006ffb97763511f0040e9a4707c944b
SHA256 e670dd370b7961e36abfb4ca23d02dae1b639d3c1d64b5e57a77e333a682177a
SHA512 93c813f82e04b236c58f0a687530a29d9bb60bbbc9652b2cd6a3af9484b75dbe617cc5c0490427d6feff523e2cee4b923d65e9f8f2cd5092404b765aa40240bb

memory/4452-6465-0x0000000000400000-0x000000000098B000-memory.dmp

memory/4452-6468-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 a31ab37a36a8c8c2d5c02aca289640ba
SHA1 77ed23104ebe2a306d97aabb0d7e3d57b7103659
SHA256 1f70e95cf445f681fa76410477e38092a8e8034df1ce6add626750370fc5a42e
SHA512 014f35be97b0abd0fef0d7fede57dd4a9c69961bfce93697da1f12196e3eace3e27a864541319a04c5f6032979dd934f81361bade0effd441c2bfafc8cca0d97

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 be263d9b2102f3070ed14b6d66896ce3
SHA1 9be960776b2001ce2d3f7d08cb1cc2d58b21ae7c
SHA256 ba2bb35031b78203e760587285eb35d82fe651dcebbc984cf059fbf74e2641a1
SHA512 b6e082eb43640516d855782ec3e66a5037f865f926d91c72738c64537a27bc2f8e97df4c0c0eb535e7bb756cf79104fbc6644b110cbffddc39d2ca7d584a7bc7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 60af4693b4b8f801ded0b22aa3748e0f
SHA1 c2b6e78d42b7c9078845dbd5362546b4d18106f3
SHA256 b62551e546384d20f984297b6063cc8551981a77f9f08c5cb4fcaf84b7b312c3
SHA512 07ed0d9b5f2293ba3805da0f560216e0fd843c2074934f967ad6b769ee4acca214377a705eaa35420244a9e08bdb3dd5dd77373f621a96dd8b5693aa099c414e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 86a1fed106b1f2e34ccbfa8a856fc1b8
SHA1 4c702729693f1027e8b7c9d39d77bc720e00e67d
SHA256 69705338f676e8abcfe4f9b0218b8ce6fdd78333e27781abe5baf5e8a18932fd
SHA512 e31c6fe925e1e673b5028c10c0ce31684ff33983d4c0cee714a25376326588312b4754a24ebd12446f45ba69abd2f2e4e04d4a099601a63cf934e786fcb748c1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 a48bee5abbb6b421211cdc7e84939772
SHA1 167aa5f06ba76bb8cdbab83a03ae266916589a56
SHA256 f90ac92a953154eb5057ddba841891ad84b991809825362151340d73d412a2d4
SHA512 8a7a7d98b1f5c235adaef3cd730930befae77cd8b7fb66a08cd99345d763c34bcf579238b89f08779651be4ece188bf7bbf10a02e4554619c4c1f1ec112f3461

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 dfd843ff5eca2780af082806775c42c7
SHA1 4e50c7487e79ed4a85e182bee334040a8b6e599d
SHA256 efc14be3169701a0b3ba76ca5f70a8ea21535d2426cefd67af4f7ee30d1ebb96
SHA512 fe58ad6b46d30093991abd89185adedecf8f462e732149adea13f8202fbc242aa4d79774ad0d3823dd329e4ab5b12ad91f77b5e2604ace28bb89a5ea41fada03

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e59c19c3c9561589634142353862ffdc
SHA1 e72d2a4dd078cc992f5a2bb906136dbc8fe478b6
SHA256 e5fde3e582dafb08eddd8eb2de7f50b8047ab4f7190d99b04ec47d816bd02de6
SHA512 1e7c9761d1c3599dc0107670c4e576af63dabc925fb3e68a1eca628d3f78104f81b35060af2ed6f2b23e37ee5d504b64d60d58c7dfc5aea45b6f78cfd2bfc44c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 857705bbcdeed32c50bfe1bd4c2cf155
SHA1 e0c05b4018199f052d77244d6c3d45a98d004ecc
SHA256 f85f237c20b73d9abee9f3cea955ac91befd5aad9570253cee0e6d92db00cf0b
SHA512 ed0bf222027639796c0e3f3d110175a68b9239ec480679ec7f0ac21596eb32a2375792bb1e97c10736e924fdfbe204ce53fc71132a1b4d06d6bfb8e57b40ecbe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 0dfc6bc681f1db8f4e8bcb646ed5b6c4
SHA1 96430cefb1dfa52db36b314dd14edd4840d92efd
SHA256 c6f707a5b1ea10660b51f4245caa59c2e8f001436ea941c1af286dd09f4f057f
SHA512 55904aafd560166df5277a80f61742d1c1ea33e6a1738402b7cd395cbba714ecbab118fab5c357286b59e17cd84f351040e50148691f1ab386642faf0a1b9f24

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 0415117e0e4466244af29e4c2390bfe2
SHA1 673b648aa17bc573d29164cdbc05e4d119bc6281
SHA256 e691becd1bce7e7083b931dd2dd72de6373d6fef233c955a31ecce98d5f6dd2c
SHA512 1f2fa425a2aa84fd16063a37325d68f614abd621dd27d5be59a1e42288e74c12aebf28564dbc4701ba84b1fd1aca699e14cdf79778d5572b87af40c028a919b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 95c0771d5c9a85c23b1398baa5f343bc
SHA1 94cf0fb0873998eff0ff6b840a125226a44847a7
SHA256 4710db84c7cd1122937683b543ca2d1e69efaa6aadbec3354117d67183e46d20
SHA512 e1a494cfa3a828fb9d79add5178ac11e2c8544d1f959887e11bbb075b0b26876b6c8d729fadc7bac376a909af0268c81c8a31c96c75d5d326d2a29d75092e20d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5dff297f9b70a4f9dda274ad64de4d32
SHA1 1dc71791a407923c4a6a47d5009e9f7d9f7c44c5
SHA256 a4969174107d18d575bc908446c2df15179daabe8583b592d061c6e702354a16
SHA512 91ebb668a806c69e725e9c2a86cc2e7ed5fd461440e7a8705de8aff0428fdddcee3d2ba1d8f5c9d995cbc8ac8d15b3abc393ffade121f3cab6897b053e308291

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 925f665cec0b819229a5ad996758ce4d
SHA1 db810dbba2b148e7178fe5d584e913b70db4ebee
SHA256 863452fcdd9b6088b8c5bd723cf94e66748d1a7113f0c2304ca2ce8478019460
SHA512 00adfa32328678f4f6cb41948c5269cc82899ba32de3523f1f0af492d91ccab8b99b8447995cd0b56bdfe5c28aea37cb94f53e1e9dc65e1bf93e18b34946baf6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 049b3a9bd5252eb759d6c11cdae14a5c
SHA1 248b6cc1487c18779a63c07ce3740ab901904778
SHA256 e3b31d033419dbae20563da8560b2543f7788dad602e471b8981df71b18469cb
SHA512 01dee542cf63eba9b9ade62c933218e0899b690901c57273d75589bf21ed1b374eff58ff45f43461fb55ccdc98f82e5e69db8ffaad8f2e97ec44d737761fb4d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 9414b0b53dabdd736c5069c3a457eab9
SHA1 b45d04c56453ef1df8486e9ca75cb154a6fe722d
SHA256 607581a9393f392b55da8df1fc55f1ec2c27c82a79db68454803604b03049c2e
SHA512 5a5b3e096ef07b318c6dd4c89554f2d2344c6b9da5543c284465b160972291468153c8234e463c7f847d99656ee0b0c78b7eb72277cca551e17ac703308bf478

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 abb312e498a16a3538b18d241d1d8e15
SHA1 b71a8f36372435f589a4128781e089b8a4b57dd5
SHA256 5438c70522cd8befecaf22225d63497274d1812da5d4bc5c1cc9c201caa58069
SHA512 a57e2dddf381c104736e8a4ce8aff0ee250e525c085e18d9619dd4d4b1da7e8e0667a39ab850ac31453adc463f6b162a20530ce269aca5938192dc85ee8d36b6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ef775c4895dc1562007ecbdfd2cd6315
SHA1 a85d7b9c88e041c8a96cf63cb7b9b27a30064162
SHA256 b18ed583b33efa2c17fbb8b854b3f2ec5a9433f171f8116cfb66c0b6f6ad3e25
SHA512 5504275602bc229fc96d5105985028472328bddb5c6aa38e245d282d90b2d14c5497ca69fb7e9e3c6cb69219d94d86b1b7f29bda8964ec7bc4016f5534b50ef1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 400cf7d1ae1d86a9dae456f979efba14
SHA1 8413f91b5190585c7aba95b698608576b4b69ba6
SHA256 cb971406619c23d4a79c963c7c69c549317f7cd54e3de4b1d8d5a88346bd34a5
SHA512 a5df4915edfaff45b27650a96c7e6945a7d4c47687a8763892f0dc625cbaa92f05ffd409751854d55f786b20ac7e03ca2a31e78933d4caf89c7f81b5939ea853

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 f87b9a27cb52489038eca0b0bb0fe6c0
SHA1 3f611f349d671270be9612ffbc78baad09db25cb
SHA256 26374217784a32595b4e80fd9bcc433966bfdfb794e3a461b38b10e88d2c8e43
SHA512 a8dd3fefbab6e3d9d259f52a2b0d6928dc91bbe834d9113dec2a15fe1703d069aea2a4d9d066b25eb75ba1bf2ef6d775dfeca804475f76cd3f790d1f650595c7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 a52365c250eeecc76fe498e41ec5ef0f
SHA1 66b8e6f9328548e191afa75b8e94e884f5d7b8e1
SHA256 25681fd73efa05b0a71fc3be15a821e0c65dc80a9171013d7b1f26254a0ed3fb
SHA512 3fb55056aed16a2a1192208fd29b13cf95ced88c00e544148cd811b7dd89f856edf15c2c95af8a4493099811edc978f1ee0b9cc74d97a7edd034eb68e59ef770

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b507e9fdfdf39a59270f279e0aeb816a
SHA1 f102c7c49f23f2403b4f07574c1752c839147328
SHA256 80a33aa8126a69dc6b175de84939bb4e0d1fdcf79a8122f59df9ddb415ab3384
SHA512 64e341da50d35f10c7f93ccdb8e3c7d092d80b9f8eed83d3f651805c87caab6f924741f2e43cddd733e23451aff0bbb2a53408083ce682cd2853905ce25e2502

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 06ab12a239537bd82957e315624a999a
SHA1 51d2f694261f7bfa68e7f35628727b3bdfe73dac
SHA256 56a74a1452e2221ca445deba76fcdabd8b36a3d3a4c4873f96c0e4b7c53e08c3
SHA512 0def44f20abba4cc9ba68a67e7637889cc6e2b8a79b90469da6c4fef96807cc0bd367057f5655eef12638bf54c30c2021b84988bbda4202eb88ed6ccfca9404e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 6f48028b39a042345823490c4cb97751
SHA1 64bdf5bd2ea1319371d2c2d707fc290dfd026571
SHA256 6aca63441fd8978a2f2ff28a4fdc0aeff6d6815d7015587a47f10eb07cc6f1c7
SHA512 241abb1540fa8df6c3780ef578b0adbcbfbaa8b177ae5c57faefbfae05724ee535c6128b09f9e7611ef5904086e8962fc5913209800541b7696cec1929dee186

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 2e1cf55b210f0be9b9bee079c0b66bd8
SHA1 23ee7b3ae6938752fb4c6fadd518307809b70380
SHA256 7568c5c9f0625550e17b31510f9194f5ad14d976d4417d8eaa0556dec5c2511c
SHA512 91fd46d15318f229e326ed7f951c352e556ad1207580b308cf3771df5940f7511b92d5bf980fb50ae29014189ba173af8804455249ebf34ac17e4fbe60ff8894

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 b85942e423e5244abb33c8ff14805b90
SHA1 1a8f7045d7f9d375d85bfed41f7c4b5cead791cd
SHA256 c42a8416fa7eb00a67185f1296a550cdccefbf406ba9282dfa9ecf0cc0c317eb
SHA512 f05aae4d49c99450a4ee751320669766005e92b545072e1a0b0009c433e738e2c98319adcfe1a8ffb2ed612792a843df89eadfc6ebaf6fa5771598dc3c4bc7b3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 861b8ecfce182b979cb22ed96cbe1a0b
SHA1 b32e6f80846ebb5f3ade304d43e84c4daaffc006
SHA256 9b76d8399cb05d821a2504d76f087b0ad4d0aa768e34361290bc292a4a2b14bc
SHA512 810a22292170979f3ce12ac4bae0518ba6f061917662341bc4b7c2d798361e69921bfbdd725a560a9b5fd4c82b1cf2f94f61842673baca1d046bf964ba6fe6de

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4757716aa9b3ca87cd873665e847fc47
SHA1 531a59120cbc3166a2834a8792afc5f025edf397
SHA256 bf6bcfb5321905df160b3199960aef235fa90bfe4cb8f87a4ea3ea7890bb5ef0
SHA512 714673baa8c3c68c1ae5029ffac2fae03e5419902551b6e0a479e0329c26854ca1b6019a072faa76a28ab290f895eb0d98b86200f56de6d164b8d2d09c379e9f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 95d6cfce153a17ae5a5ea26351158947
SHA1 e8de7f31bc63ec94c53d7a9c060ec7c1c763b5c1
SHA256 cbf6765087aca2800995d7fd0fcaa7eb6a42c51a94b16972575777178fb0c34d
SHA512 7ec8dfb931cf4e709f3f86020f237401e50d7c0acf18f37a5eb6f7f2d1b49a25b7b31cd1bb85b85793f176f416d32ae37e964949c0a5736f07bbbfdfc8c3e0e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 7719c95e0e2674f4761f3bdebe26e59c
SHA1 c3db7e022157c689f911b5732e87f5f64e7b177e
SHA256 19b1a353ec94ec798b5d8907160a980c4ac1f102c102d2dd0f2afd8cd7ced8a8
SHA512 79cefaa81c9e647ddde2018d339aa2ead397777c050cf681c7cf4115a4076c6f27547b8daa6169b67bd12642e27b2599ade7ded092aac586af2853e90bb33522

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 c2a8b50a3974f1acb7e1ac14e23cb1a4
SHA1 966a79dc17f4aaebf13936c9ad7f20098ec3516f
SHA256 b834279f6ab41dfe939d6504314d6bd65777ebd4aaa985ff7ed881cb67317fc6
SHA512 8f1af7dfd1a8d6694e2cf946bc6781da72ce35a8ed47bfbfc2a8989a75c5094cf7d6cd6d07657d15e92329b07f515ab2f0514b18425511d25ad497f6af406a80

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 9d2b818b072e1e41d9151b6ba338b56b
SHA1 03a207ea104fd7ba0e91e86684106cc0453365e5
SHA256 5af7cde37d06f6b16fe27d1f5c84c8960c08f3e87f82e7a18ba6af8a05202656
SHA512 867ad111a8611bf6f5f8e90022f0e40d238ca9117c263c0e30a5160c033b86b8e6ddd61ec61319ab50b154638762b8c941b6685a66497aa542f49478ddb9035a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 8e563aaa159a52aecc16a5b846a9b329
SHA1 870baad9815394beaefb9b3f8387893faea56f55
SHA256 97ea961a51c218e9f5ecd5d2fe97b46cf0945897526e37e48184bd9e6cf57fa2
SHA512 0c18cf7196f3b3c07c5381d843134f5d673345843b6d233fe78ca5cf8bf17fb8514aabb5cfa7dfc282363b2cd67aa7644d35b612bb31b45c7cbe4c9059e81462

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 208440d01259dc71df2ef02b5432e23c
SHA1 991407d557da4315b5b39b9e5ae2b136e9521be8
SHA256 bffa8f11067888376947ae6242d50c6b2e8c0471c5831ad4d5bb6a4c75d36707
SHA512 2943acc381c9b14f3146476c15f67f204e73210ccad5624fb69929c5b11a6e4dc8d7abdc3aa247f32badf3e1259698c3d256bea6e0ae00bc31a3cdcca68ee26a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 5694a3654d0359bbb3c505fdfbcc7eec
SHA1 487d66d03acb0630fcc95c1a7b5abf2407515a4d
SHA256 9b32286868161df22b418b7c153ea0b3869684661827743ca0c90a3ee98be236
SHA512 125b16cd55885a1f967bbaf600a2efa4704c6b593476228b98519b15872bfd1d3e62f3fa34050357573851a886fa97a14f2f05f3d82abfc0769721cbae4163a8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 07102701d05951b82e148179ba54dcd4
SHA1 ea397902f07cf74ce4e10fea7cc4ef06b5078888
SHA256 f262acef0573311ac2d8cce977760943c6db0684f903344ce2429726d601f01a
SHA512 08cbb5947c29e6b8d43677302f426eed438093c1b3124aefced39dc7a84dd04abe289fbf67736e2a4d7e95c1fa6eb9370faa9d2f4ca740fb8f37297d5e5bdc1a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 07f725ff68941772dc7719142fe32311
SHA1 23dd7add1c2c5cd423080dfa433952b311f93668
SHA256 ef3bd1503863e4f9ec8a4caf4ce526b410cb7479a2676844c79d7dbe850a4ecc
SHA512 0b278c1f0c72efc9dbd47525ce5ed627d875984737191cadaf9e8fa16b92e65d55af702f41b085e58ed3c88ad6a163f762d1ec98331e3e78ce05daa910a1f019

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 0b7a16a5076a7e2b861d5810c154fa1b
SHA1 2f2b65947009ebac8cc58be5e4e5b8778183fc77
SHA256 5aeee6c8830f95125d225bc91b53385484b26012cd5d66bcb1a8da777b09eb4d
SHA512 7366168cc3a94304b3817c7237b77181c48d293ef7bdbaf8b7599e9e463b873dbb2378da899d1f41695cdf21b6cc48308310bdd1e0732416936c89648115b99f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 1711de656de7c522e68deec38cc80cf3
SHA1 0a83c3532ae690bbeda20f2f9f6c2760b1db8924
SHA256 7d523bde63a77552f4cba662beecf5cbf29bce591497df3d1f1c04de39d6ce5f
SHA512 c712f7f6bce7ee2352fd8e104276d5db83a4cf4e1d495351361409d5ee06f3bf31ec7bc486bd27bd22ef6e53a8df7865877f8bcd8ee72abd6bcd4c420c96169f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 1a33e42f9d26e2c8c7cefc4e3f5d4d04
SHA1 bb467a13078135e63179c551d9134b5145e4a824
SHA256 9f881334d835678509473dcec42c49c4287ecaca1d8b0ad0c5a9742a5929b028
SHA512 450089f5d4538427a29193d0effed983b46999d6b6a97f8fd8d3a059e0cd4afcb64aeba5e2862721ba6d1b42e17ed7de4a19daa8461195dd124c8b8268f5e88d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 6225dba43010f0a566b91c6a9f7a9106
SHA1 517aaa8e0eaefda9e4e8779404c5d06572439a76
SHA256 2d11d311f121908fac6752cd7cb2cc92f88b3365466d6ae343467d94c414c333
SHA512 329cc3200ed0e41cb5d79e3577eb6e040aee942182f88775f2c9c4233bc63ffd2544c5bd49235eb2c6c63e09b16b8e6df85b1787462437336acf873932f0409e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 5a9d471527ed3d06e6053055f1e3e05b
SHA1 973ed65cccd4e46e9f62776da5149817975b2f17
SHA256 8b38f84d71e72fc8a3772f6bc60d61be7d53f3379f5f4c76f5863cabffb12f73
SHA512 dc2701edd8f72bec4e022ca898444948512f641107b603faf256ab5fcc6489d6fbae6f1148383067f0e47ad3b9a0a809f5c85311cc70155c7960fc2454324b25

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 4879422b744ee9b7622abd82a268ac8f
SHA1 1189f1738875f47cca4e2a8b10742cd83641b74c
SHA256 9981a40f9afc39945aaeebf42ffcd513d8c6898b5da67e28b96305c3f98ca9d2
SHA512 93908e16d58c7c9695cace32b157c4a936493fe93282c6c31d6be13608d6a636dc02cac38fa4057e18e9beecf60a327c287bcefa6f80be192c01736a8f830afe

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b6fe1e1b9ccffe7efc6c6b0fb1ae72cc
SHA1 9e7f93980c1d75782b91782a08bcd0dd26110a79
SHA256 544754878a82cca813e977ebb8317be8a7850c0a6be21af8a70e5fcec565987e
SHA512 0ce333400554ed319b1674ba998cad1b6805cd0fd72a01e5e7186feae12d12dd681c51ff7cab62c6abc7034217d38ed8a87bd3928d5d1a2ebb0fd719f6ac5c78

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 419037c78c566236f822c3a6dc153011
SHA1 f0e1615db57abc6d3c2e79550fc8a90dec78df30
SHA256 90bc89bad46538f9d5166ca20ec25e9db9dbf8773a157925da9b5d72a734d595
SHA512 53a447cb430d8f09a9fc9862315dcb9729eb3fe617eccf55c8b4437e7904669a04b23e8b80b7c9984a1926a20d109b8f2827dded74fd2d1801a6f24139490465

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 b3525dc207fccb46a9af764c0f9d9e21
SHA1 121902bb14217c126fa7f89765b957345a1292f0
SHA256 d36264df58f52f079024a0490a3a0ebe64735abfbca03a83a8bf426a8de14859
SHA512 64156372da8fae61294a533d23b2d679e9b1555897fc4c9cc397301051060254763df59153cb222bcd2391722a5060f5426899f00cb59a07d864d6f3728f8515

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b94b8e82afc02710193bba2d28df8213
SHA1 099f00fed5db48e7947af69c0f737e76402128d6
SHA256 97ae66cc9ffca1932446c2015b8739c16ca93c13eae1db86c53aa6ef6338305d
SHA512 1d58250a9baa8f7480c1f4beab450b0645b3276ab996191731a43ec78040a81e35a6bb0036002091de8286ca124507e9883cedac49beb7b6b57b19308b89fb70

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 69b0d991045d7f0471d3ae4ea0c54ce8
SHA1 f66be3a728c512921871c9822e8dddd5f69fa4aa
SHA256 79c15b6d8262db6a3844e4a83253432a00b7e270bd78402d8d82f42ac001be04
SHA512 58fc6f9c7d1154cbc44bcab097547628c89d1c6ae9057687ba194ce190d4c82bc5d5c94b48b3fdbc8df2939a5327b8e3903b9de275c0a1ffeb055129692bd139

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 ca773c2ae33f1ce3611920c8f8349233
SHA1 131a1300a607ae1ae3ffdf02edda763a983f6c8c
SHA256 58e0506630e660c27b52a858e0e38d3598f83b3a28f8df78cec88b7b00ba49b1
SHA512 785882936c584cc07b58cc6a04e0f4bd8d57af43a5a677abaa27284a0d385dbe7f0900d70b12ce815114572906526de15fe81879ee4776d3a583b3abba3e73c6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 2c875511b9879be9ae246d496391761b
SHA1 5b20c0d4a41822073274bc1e8d5464b49fcf98ae
SHA256 29d1cb2175ebef6177d9025a7ff84d8e72e58b3310fa68d483e58e40499b220c
SHA512 f9f5b150202831377cda2887cdc0fdaa666d991d568fc01a5b26d55b597295eb232863c947b415fff6699d8acaee0bc657585bb90ad508d5359d6a708dbdebfc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 f20ec9eca0fe2b970ef0f0149481b6c8
SHA1 f17933244976e9bcf9630f3738b2317447f53272
SHA256 93231c43d3b02dc878508ecf835a072e31792f3061c3942ab5101d3e121fc9b4
SHA512 7441672971f9dd6bc2508463db913c102105d35df2a325ee0c6f25ab3cca2bcd16d24d438d5e4e806eb9ad24f100129c4252b680699d5b5e3286ed7a53b706ca

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 3e67f37cd5ce5c88122999a12da73144
SHA1 bbbcc090d5ae13020d6e32eb27b5a8a7635d27be
SHA256 3e33d1cbefb50ac454e3c1317d46b9d93023bd665f22968c8d54d7e651d0805a
SHA512 08b48f78e1bf85b0e5e2e88a61496c00582a8d1fb8c78373084070be41336c93e70fb2e34f513506c18fb23d045b00e4ded975c7e34483df9551b8ee899520c6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 c54afecdbd85c3ed328d6fdc8be79112
SHA1 695fc1811f7a659615872445dc8c02917bf67ea0
SHA256 f55b186bf49f0b0a74bf102d121390071da5f3ae91face2f93e5d47d6799cd0d
SHA512 0ae9098ba264a3ac232356d82414af9ac422171cc46e359501725fede6f1545824009ff9f6bf478b83bd9e9d5856f4e92ee57e3ba8cf059d3b68240e54cd6774

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 8e8527f8315f98460c04cd0ec7ee8c5d
SHA1 6eab285c992967c02508c27aafb3d2ca46b8ee54
SHA256 35846a3e50dea5f2dd4f5bf57ef4d04e1071015263a48b377a5df1207536787b
SHA512 9ee2ae01d40ba11828592ed8770e8ddd9d6b66ecec36a5834edac75629f1fa3d969d734dea4027cc50c24a33b00f7efce7bb9a67b00e35a9c49b7b6d541b9a87

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 f7abd19c974e72d8b1ea1d2c4ad9761f
SHA1 4c5ced368bfed396ff7bf62efece82e4fef66bf6
SHA256 c81306405d27f0b8a2045d216b6db077c7ca291b2f3494140c12e4fd3a2f64d6
SHA512 2690fc2c9653cd2d8db4fb489de23e1446ddb9e936717d71c65b82bb708223516001baf30c98885f0c5636bdb7f13229b6fb5402bf2285b8c417f11cdbd40a1b

memory/4452-10891-0x0000000000400000-0x000000000098B000-memory.dmp

memory/4452-11008-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5c35c22b514d4924420b9067b6b164a1
SHA1 a775421e9abcfb95550d0efed2d8697de816bc44
SHA256 34b3afb74b01e413e61596ba8dc24e05af2964bff16b11c649d65089fa1c80f7
SHA512 6961106b8ea7abc4d06094eccbf7b76ffb8afce886ba435cb59f72f167d42db0202d95ae9eb565a55d7882caa597f41bf4d5fd16ec65545e80bece1d7e9b0189

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 73094494e1b42c5665bffc65f9ab109b
SHA1 bd9dab16c5a5fa05035899719434a7f901d784fa
SHA256 d7f45360744903b0d10ca05ce30e91e734ff0de9b651528b3fdc35ed1cc434a5
SHA512 76a6df2c610e6bcad923318f794dc81e2fc51735ff92f47920ee7dbbfc81a67d22d48e7805a538ec0987e4afe8c79ff58bfbc3a89aa032f7db271b5c702b6a4c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 cf2568bb33fd28afef28b70f4042a3f4
SHA1 4084b60ae97fd60ada993fc0e6dc4e1c2378d2d1
SHA256 88ecb7e2e5a6355b45b31fbe68a904ec79d86f756915de650a68f75d5d022e51
SHA512 9c567cfca9887ad2d3e0b2b2c9f2b782db535229e4c76e80b0507bae0487fff280bcb8079e54a437234fb1c7627e8f5d9168fdf022339a36aa199d63ecbef0e5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 033670f6acd536abbcb571077fb04953
SHA1 10d36b56ba210c6e9940f3ddb8536a9e0bab39a0
SHA256 727944f9522e9e97e8fd61726bd7b06787da2933271b14b66b267266ac9741f0
SHA512 766fd820e27f8b144a6b85b84ed061ccb031b091fe93ce1c7d3f7e582985fd4bf32afc53c8693e57110aa60229119a5dd4270a7306b6d7f515103e1a465fa1e0

memory/4452-11319-0x0000000000400000-0x000000000098B000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 edcecb7f4177337ad8055a95de183c5c
SHA1 1984a17f905ef1079182ac837110a6d6c04ba147
SHA256 2d7beace4278da912235e8332253cd24d1acb6e123c46101a668c9373ac728d6
SHA512 844b80cda608b0b68ecd36bff27bf2cd665013b7c0de07abad6eebf5b84a97fd02dc58e798d5ae0bb4e1d6a4bcc1fd63e7d906ebf55938ddf5d6bbe3d46fcaf5

memory/4452-11324-0x0000000000400000-0x000000000098B000-memory.dmp

memory/4452-11326-0x0000000000400000-0x000000000098B000-memory.dmp