Malware Analysis Report

2024-10-19 10:43

Sample ID 241010-syqlaasfqd
Target 309a8303b385958cffe14970238f0ffa_JaffaCakes118
SHA256 20c010a4f163e1548d5654967452effb7ec18b60034077ff7b2ace4d39dfaa94
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20c010a4f163e1548d5654967452effb7ec18b60034077ff7b2ace4d39dfaa94

Threat Level: Known bad

The file 309a8303b385958cffe14970238f0ffa_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2199) files with added filename extension

Renames multiple (2207) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-10 15:32

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-10 15:32

Reported

2024-10-10 15:34

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2207) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\channels\OCUR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Users.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02752U.BMP C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\StartLock.mpeg C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\APPLAUSE.WAV C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR23F.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50B.GIF C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-i..e-trigramdictionary_31bf3856ad364e35_6.1.7600.16385_none_12d6b2e3587e9b12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0abd8371bd7222cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_6.1.7600.16385_it-it_789174f89a833193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\c285072157ebf5c07677e9d813ba45d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1faafdf66e11dfec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9781b899aa9124ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\405.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb21_31bf3856ad364e35_6.1.7601.17514_none_4932617608bd6d30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp5.jpg C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.visualbasic.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_8110cdaecd452f40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\scheduled\Maintenance\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f944bee7e3adc7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7a4140464171c69e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4aab526590e1172b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Work0493292f#\4832d6678c2546727da93ce691bd5066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e4deeb7f0f871d07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dcf1d740ffae84572215588047a59861\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6e74dae546695d07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8864ce2c1a92fc64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiahp001.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9f6c9a5c23953fbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-driverquery.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fcb3f7b623c8d645\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-isoburn.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ff94c8bb53d5e686\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c4ef56a87f55e896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2fc20d555b85e7a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_301b7bfc937afde0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9985d885aff2dafd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Timer\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a6450e5c4cc54f94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_146c699b1d830881\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2931afae849f3457\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c97a20927d25631e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f5b74cc173b606eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-directshow-dmo_31bf3856ad364e35_6.1.7601.17514_none_1c9dab395ceb2d5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\ShadesOfBlue.jpg C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_6.1.7600.16385_none_7bb7a83f5379babe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..cache-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff9496b9f39ca667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00v.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50023c148195c5b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_ja-jp_432be24beb1530dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_aa51ef0ab20d731e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_918b8dcbc793e645\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_de-de_c6fd341bf9045306\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a36c0028ea26ef24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..r-wmerror.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_eaeed70d4440cc25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..entclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f91805a91d12afc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Boot\DVD\PCAT\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_igdlh.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a606c329efdd686d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_transfercable.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1d937da73521876d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\Tulip.jpg C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-17.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fabfcb535054f28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5ad039c4e1fb9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ph3xibc11.inf_31bf3856ad364e35_6.1.7600.16385_none_3bc5d976e6440be5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_4bed837728a94042\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe,0" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ULEPQAWHZVFFULJ" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe"

Network

N/A

Files

memory/2536-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9e9783ffbc9a6de1f0a8375c6aabf453
SHA1 b65c9e7b7eeca453620b880dbeff68f01782cd6b
SHA256 a44faa36146ee2b314d8388f12755bb00d4144d31c17ffa2c6ec544dd1795932
SHA512 3974cd57606d2c0f65d4e2c8069cfbfbb1a185a3ddd83abd8a3be59e10dc93bb77335a7aa6c69c6c12850a778123d66a1e02ea2a0d191824d0692e7358258d0b

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 696ef31438ccd42b2a9bf7f2b0a4b15c
SHA1 a089b0b316f5830bf512774cc0ab8b785bcb947c
SHA256 c85d93ec0d28006237e0d942ee89ef5e1aeb41c80536f62c565f48cc272132dc
SHA512 aca3bab1704a205b452f725313021ba70f766355e14b4c5513f38e0d80732dfbe0dd0252478a70e879c729340cc964b8be7988010f2bd095942776d4827e2b60

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 4b60e8cf2dd7f44f6d021c2915a89cd5
SHA1 168e39448866d0db9f1675a5a946346a867fbadd
SHA256 796275d01230071b09d30b16fc3b8fbeb3aefa2ab704d042482d068e73d454d7
SHA512 ffa738f3a33276354c5090ac86916be519ba934e873c4d16f2a932e79b226e7e599d2970786fec3c62bea9b0108f5e820ee531345fdcfc28a70f21bf7e876075

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 b6df3b1da96888217ed3f4690e25384c
SHA1 9c08bb0e9edbeb2a8118a631ee024ef8e5ca3cef
SHA256 7543af39d72c6a51a3da3cc54fcda9f00655622b3ae53aaf4564940f58fba383
SHA512 4602749331dfa1bdadd37c377512f557d67ada9d1fb4c6d57e33e92e9753da038665b3bb9bb4786ff5e5961e4ecfdcaa16eee7cf8272390d000c55f26f9a58e7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 9eceb65483e0871ed0617ef043e8d2c0
SHA1 9bdaa47a0e9f651096c66ba2fb464e999ef9d46b
SHA256 fdbc442ff9f0e844d2805b58828f56c3f58d3d54e75fdde324e7db77f5b81436
SHA512 7921ac482232a31f9632aebfd1f68cf415aa9fbc7bacd3085672f2c96b75ad8bf6f3f4df7a2dede76f68b36d5c4580b23954c7674165c3a8932c575d9463ab08

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a34c9ad0087300fb5cd9d7dcff493781
SHA1 d078c7d0f694173de3932a2e4142fba037dde4e3
SHA256 22078d092a24edd56d95ea2c6541ef68dd080dc0f99363925592f61d4bdaa260
SHA512 c118d6df2b398f6e19f50720243a3919f6b8a448ecb2fa25fbbdaad1b00156c37a3ccb2127a92da87f8986c43a8ffddeb967c7da2a27bf92edb7e48386e044a9

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 b01636ffc5d392dccce214cfb06ec537
SHA1 7d5c441df95ac2af262e080a0f8dea4b5bd5d50f
SHA256 03ccdb457f72e6e521105a94a7b3372db1b76c847864624638f1294042ae3736
SHA512 46333347e21430ba7648969c2f37147b6dec9d7b9a3d13b98559049c8a4aec3a16d020fe0fd94303315f9012abe34fb7ea12689e52391691499890c23cc755b0

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 b36b1a9fbffd61b249036458e586a14b
SHA1 3571c6a2900cd64095fa7206236fa9962762d655
SHA256 4ac0bd10c4712a2f94c5abedb89a9c6b533b98fbdc377a552b0a8cb2f436a630
SHA512 6977258662cdfc24f7f61229bd5b42f97719ee8a13942bc95f36e62f706a95eea45f303f21e3bdb1960059c13ab84bef19b0d4902a26c324cabbc7647f297fd8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 019e10fbd3d9683c98b385e611894364
SHA1 a50b827b5bdc9ebb8b811cb53ce79dee818bb66a
SHA256 211c09013deb06412210144afe8b9ba1a4778d04fde5dec8eaeddb06d0602bfa
SHA512 cde350c2f604be2a5cb98b81f1f24a650b5c062a28f81fe81e952c660b19ccf850d325013943f4eeb115e647bdb509be5211549a0be4ef16a20af8b88358a003

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 791289e24de1f7027d0075110c04fc40
SHA1 151d59c3083a1b372520d6e1704bdc7c4cc1bcc9
SHA256 9bfffa079a4b6ca10634ed7b6d997ea44aea66dcad8c8257cd83209ac1c290b2
SHA512 ab6b9a56f388fb5cc727c35015b4db01cb527c80269c5c187589b1880da0650d9056a31b4aea14abdd67431b4d0224c891b178b6a0e138bbeaa6f91162242415

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 26643c90ea8a9e97d9ce4a2ebe0a23be
SHA1 3ead52074f9bfb37f2e26bf0f30cf85b383321b8
SHA256 e83af8da6cea04f14dd1d7f1172bb94a392be205b2f74eb44cfd574c080be4a0
SHA512 a7de9875100c0a71a75ecca1425478fe53cb0c189da4e2f2ab8043252e5950f65ae70a7dc53efa53ddd1947f93a6512d6aff4184607832696f0eafb8c2abd134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 966631ffb842334a86c7197fecbcc3b5
SHA1 5b2e0c06f2514156a6ae6a3ebab6a945c2c25c14
SHA256 12895c07049afa6e19fa0b633f46ac1628f42af1ba6d26dca858145abd1ed09c
SHA512 6a454d7582569602210a78cc770dacc6e95868e2b4c9177229b3f6ba9c8a1a7d70227d42b7d44f587631e674425db8c058a9afb580c176b75d129045b1c5fe94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 e52a740f94fa1cb88f2d88a490609ab0
SHA1 ebf58fcdd62d658b7330d3d9756933229b6289cc
SHA256 6b68dda7f4450273691250d9cb293a463dd1f378e9765939c621c920a2a44f89
SHA512 361676a4186100d5ac0d2042418c9be8df1f186906522fbadc7b564b26d6c2905ba380ca2df8d76be461fe51be110f2268cddc1556cb54b4b1e86d937d07757c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 5b0affa0ee520ede4585e9ae96529181
SHA1 5eec33c242fc5e0144bd0bf5f9957e101f636670
SHA256 3337ee053076b36faaf20565e8c232050db8af105350d836f33cda893e6ceb4d
SHA512 c8b7045c5d55074fe566e5406b175c3a455c5a12d3fd43868862e24176362326d9c8b8896334fdb15189979b179be82ef8892a1f976789eed4cefb6b3a32ee89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 55be2e4a1e1bf6cc1c6a083e0c4c88cc
SHA1 604255e8399135f0d328c3feb1407f36cd0bb785
SHA256 7c0a24aeb2dac4914a5896faade14bdd787ef7070f5ac6527d877de8d1ac73e3
SHA512 0ba5d54918608972c9528d7b57276a2a717c261fc932d558cfb493654f0c3bbf63680c6a55a740130e4d75f3a0c3e989b6bb3f64ba03ede39844927955478d10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 beb66d5c9393df44256d38a9640a187d
SHA1 23666d44e772e228e0c821c7de0d6ed9f3cffd18
SHA256 792de146e84209260c2a12fe2940c0da51a462c5a4ce10fa05f50862412d17e0
SHA512 efe54c26360bcd5806fdb98c714c92a8ea7000ef4bbf4e8b7c1564b6b7c0097ec3a9a3d22cf4f5f3fa48cd70c3a0aec1bb3990909e2d0ee0b42df59b6fb17fe6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 395a3429cc5992a7f186ba979337e013
SHA1 dd6b770c140954e306cf992489fa6a8e4b5ce3b3
SHA256 020762971015c9c2409da10404ce7aa76d1392b9f65b3f4795625f0dbe33d9e9
SHA512 d6fc62037dbf83347880a2c0ddd2ec91f3ae56c53e91e3a51682ae7adde9ca1ea11ddc0882b6972afc605b718404e9a438cc7d601184d31147bdbb46f2201ee5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 87096382c7d0121a023e4ba36ca9dc42
SHA1 2965fb9665cc2fae2c27ac1e9c3e20e347372474
SHA256 d9367a716445c443ea8cae463ec6011a0d54c54d6d19b57fe6b9c394b255ef99
SHA512 ad4172aa4cedb63f2c03da8a17081696a2eac07d9934c5fafe9e3d8d4c439b7cf9216534664ba94e3172cae9b0b2a20cf343db50c1dd7bc46f07b0199bd163d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 9bdf2e9a6cd276bba3c6d8c69bb78cfa
SHA1 c914463a00823ddc348475306a9b535c4f06e5a4
SHA256 97ea3b87b5859396e21627d2345d4ccc2d0b152c892c75354c40ec062217ee1c
SHA512 2316c66c36068952461bd253e8d59f1bbaa780ce5e99072e4d3f1078678cef277339de3c3fd8a68814b41d099b68052addf7b1b3f98301c9049eb4f7d6e045ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 9b4c177210a4fa1109768b841f4b3745
SHA1 d0bb578b73542f5539c7f5f552d7e6a4a7156d29
SHA256 444f34d2573dc79aa5a2c4d39ad805583463b5f1e7580dfbecf34fa7d89d66b7
SHA512 13db40aa549198031746e3829272d83a0961396342410709739ee192395857169efc0ade5fbb098eb8630fadca3268cf54250efc711b8dd7b63be2199fcc6ee0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 c34dd31ee8e11f7eaa194d8bdc3176a1
SHA1 cc2ce1088715fb58503c085fbd2d4fb0f7d4117b
SHA256 0a5b6741d01754bf5ed426933ee82e2015626e08a8ec05cf27ad43fd8765c582
SHA512 208a0abccd27d6769b1cd45665fb8163fb5693af1da31df4c81e48093e2e01adb49d871a3a0789cda87b9b9daf8ae006a03743dad5b2dfdd2b1290822ef140ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 bcf839fd5b2c9882e8ba9b29eb743f76
SHA1 3bf006a65062e4e278f354f25ea1039b4fcad381
SHA256 6a0c61cf7473aa823ea7fa243c609a44eeff39555c9639f5cc866ee300bc892b
SHA512 c8c270ea47ca531b25d44d96b70832835045ae35a70b2b68c9765393b0b4401d06b388322c91cf87e39b87b58fdaeaedb0da939a8da0d389a69b6bc5e5091efa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 756a1c1fc44dd3cab69a151c25038918
SHA1 0ca5c4cf15138aab142debae07e0c081f091b77f
SHA256 509c04420ff71c486d50d9e99d942d9441cc270258c481e47fb8ca2a8b699a4c
SHA512 3d8054b41d823f349db08f447c3ab98689251431b8aa8176f61c532b067e9f102123e292f53a1010b572c55c5459c0b46f7bd1ea595441c46b3caadc51cae8a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 455be928d76a1b0c1fa9279dcbd218d1
SHA1 a6e7220ec00aeb61dd5dcaa3f807f6859d3077c9
SHA256 c77afdd9b139d162c5534740629843025dcc81a279b4e9c947a857da43211630
SHA512 f680a2246c4a05641d2c641e973ec9bc291d778a3a86ce1ea0d624378741eb0030eac777fc2b035405c2eff949f3abf761d79d0106311c10e45037579bb741c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f476d86253808572a12056643118c389
SHA1 b91058a00094554679b7f81a7d3088a6a868e0de
SHA256 770b8397b77824fcd549ba1c425ab619a81617de15f9536ca075421b52260252
SHA512 a484c078751e3b261f5da8752727ea32e2623a125f230ec4e8e7b6fde2e00da3ceba81bf3230bccc83d21e986e597ec093f7eeae518f17b4aa693cdbcf8c8ad3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 c36120637f474a582134ffe8fd224f40
SHA1 57ed4f40469178df9406c47f6c9582853c376fea
SHA256 d3b7bec43f1bc3139e0be60687f7318e78795bcd18f913f452d056a2478f3cbd
SHA512 6eae29b97c8e59ed79ea67b772dce0eae257fbcf645838501884b0bc158f4610c8aee5ec0fad747e3ab4dba0bbf14a380ff933c99d1abf8f118339f613d037ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 340a3cc395cbe9b847c5613711177b23
SHA1 1ec52fa6d747498b395e0cfdba91828eea1b569b
SHA256 e3e1d00757e548eb7559fefddd96c06b820bf8bf6b51c02b97403276cbf9fbaf
SHA512 9599cb00873cb365a9a2716953bd82619b78e9208455e936add80fb4806ccea42452a5a07b16deffb403e8f880212ce37577706fd78c1e065e505f5b8735b572

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 00b784731e2c65d64a8d681cddb4067d
SHA1 d4b0ad6b467060091d7f85a324a85bc744a0cf6f
SHA256 7b6687d52ffdfc53d686cca9510d82c0c80e5fee67b379e2dbdf7339edcde95d
SHA512 3a8bbfdbad6f281d295606b94d737a2a8686e24f07312abd61cf941ffa5ad46fd490e2f6e86aef603b7733f7664ad2706823b58441650b152fec05b2a7b0bacc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 4aaf99cd165b8afe1b4e5287e1d8ff88
SHA1 112a9f4c9223b5d1b5d80f5ce34367ca7d4b331d
SHA256 e949e3a1dc45bcaf928c8974461b1571f8c392e37d103efcf514acf27f692ec9
SHA512 b3f99b02098fa58df8d2ed02fe2602cd39e41d6e9718024c8a80993da8afbfb8161b81917171ca2a40891e7a43e70f015ad2f25a7a43973e9e73cc757edba2e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b29cc692c73e56a631287341a405b068
SHA1 0c8bd5549f9416d841aaab44bf8b9535a02f65bb
SHA256 654fa6157ad84f0dfd010276b866675fe0dd13c35fdd30a4195b251cb1683f3c
SHA512 a6b0ccca8c7d1a8bd1dcf899a33d908aa3b141f6db8c39d7daa50ae03a027f3b8f80092889ff4fb70d8fc009812ef14662a399e189b5b114ad0490cb25aa26ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 b5b0fba7058d53f874c497b70b0ebef0
SHA1 ff7e89876a0d191d7d3d10735532d35dacb50954
SHA256 42b8223f02d610c839d6a7eea62292f542d02d6fb0e65a30de0909e69a21afa5
SHA512 825fc6fcbecd09d33e31a8612455dde9ee400acd704ef4751979a5279ced7d9900707ba5d970628a1db4cd4502ac71e86c81d86666abb23ef8fb15319f2c69fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1d9762d06a696b2f52220c4764840030
SHA1 303d64a5fff06df06f88cf0c540dc27643b7e905
SHA256 1a2ff993e58944b5d828bacad1fca5e6816a107294edf2ec92e358d50075949a
SHA512 fe9778995deb9da9778446fb52666bc30a36f56234d2e478015d0358eef740f40b53011995a2dde5bd0042cd0a0a667cd865b748e9d4a5bd81944871308cc67e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 7fa66c3bc4424fa52babd226f9632f5d
SHA1 3444f7c8deb4d898358236d1d6a3dc660ed43cd8
SHA256 8517c6574a6daa494f74f3de4e20c61d09fbc20b36ad3cc224a6caee7ff331fd
SHA512 162b5844a0f68f1166021ef1a48f1e26302fb8faa4536c44ca698c5f339a41de2161e41275e9ffa138fdf6bc0b9fbf80801c61431b097a56b52720ad3acc424b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 e00dbc27131fe5d2deb2c1fbc435b363
SHA1 280b9d33985b8b60e58ddbdb685405c5916f076a
SHA256 7bd7988053c5a4b9ec83c6a9822f287bb2d648e6a8651020c0ed6cc856b03fb1
SHA512 4fd0b85a40071242d4db9cd6e10fcd2e7a6648f1cff766ef1a45c92fbac8e8c9d19f6ce4b9d800de18f575c0487bc588ce46ceb1165129510a8b0b23e226b0b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 862a6459fe90b65b93501f901da8618b
SHA1 ee259737177ffa9761fb0566432f4a4cf863bec6
SHA256 0f5926191d9b4f554e967ee7a998efa8eaa2ca5f75deaf9efcdf680b5dea0cf8
SHA512 593796299420dd52d2772f17a579bc303ba2b09718863cbc35085ee6be5e0aac64bca195bc72aa35c984329d430e6cd329a2b5d59124b9f01c915de0f11073e5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 da132e1657474152becd419e09921720
SHA1 2b9d86d428c0a167614104cca1001c499de2c8c6
SHA256 09910dcf0ae11797308ff49bb461ecbb66d86df10e6500e533831036982622ef
SHA512 ecb276db14522f5f6c4868427f6110a5a5ae98eb364d518ebff808b32962dc3e39da72a3b30fa392ab619495f0c9020ba48948195f2df545ff8c0fa92a18f523

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 08313a7d58dd79abee1a2f57cd47f7a5
SHA1 a388918be0ded59202f5562fe7eb2326e8ba8662
SHA256 abb95ac9f01180a3e69f92497be32b02c8654abf05891c6a20027b941e69dd7a
SHA512 d879525c285cdab15bfd6634dd081aa0ed280a1c85e40e3455c31c2ba3ecf810af059691efc99f72964520787dd2ee38fa61866fd12b190a00d2ab0fb3fd46f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 6b5c1fa40c1bf189d4102a8015f8c489
SHA1 4af9c603515aecada38bc7376e02e83ec0fc321d
SHA256 a1d1f0da4af8ce5425212dd1ee1a6434bdac1c05f25aec51294f5600451f9152
SHA512 d1e9f0801e57797e4b2a7d1a09cb24718384f7255574cb02f6eaf29ba4ecae5ba17d1595d8bd7669877827c33a23cad6a2c7f42106082995b8f03a81c8f78a50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 0d1d3e7e362dcf7a3d84e4887f9bea59
SHA1 8a3a91121e48d00b8b59c3381717655f6052cf4d
SHA256 aa614bcca9a8548ee528d3e08098f4a63d322336787e2168758561dd6f542551
SHA512 254eee8e1dca875df548cfba935382703503925e5efeac636b6d9ff6b2337ca43d41a4ca00a5810f9083dc038053b56ec8514131ae2602d3c997b69df06455a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 1226a7b622f9fc20d9a9c6c1a4c404ad
SHA1 daaab39e5629ca9321200fec5cfc034062f80ffc
SHA256 341652dfd5988593473ae9a7a42ddb7ce642a203d0c4d1a3ddcda0754a638eda
SHA512 5baa070050ecfc20f09175f66be5d661418ff14045b420af62cf5defa0caa2874cc49e91eae8b88b26e681758256d03488a1de3627e998888f019ac947f3e7a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 6625bbb759e5ca38cda51c530d99dee8
SHA1 cc4d64283636721a5cd318d52136671ce705fcca
SHA256 d4bd1526666e31a1f493d8cc7d3fdbb9df5ba7bfe8392fe13a9d8871ac89b75e
SHA512 c8d68c8e91f2f892630d4c043bb4be97197095c9e6f567a2525d7575d8682d5335bd1b4e85ed9de1673a5e5d15390f952b9ce723aa1340c688d544870438ba5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 251e89fff24c394e08a3c9e433aa9eca
SHA1 f56d94e1029e88cf7accd7fcce7e93de0827d2be
SHA256 4c528217bda55ed81a6202ae5f8d3135a87db00ef7e98135f5bb86681a6a1e61
SHA512 3bcc04ae0ece2ddfb563a9febdefa12844a0bcd883afeeaf4379d5e8f5aca6c5c5551db2f9c62d0a2b1789c6d16c835139b2f3d46fa840126eb27c6356b3d2b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 f9c22860b05ed452aa9bd14d4d94d001
SHA1 aa661cb423e8490cae55a8dff000e6e6e04f0438
SHA256 c11e2cc7c6f2d783037790a985f115390b5ecd6beea029da0c36718aa6c19405
SHA512 dbd17e795f9625f619009e7e4644adb48871e0a99e33fac0b94c8a81b69be9b52aeb59712f0674e7c1af5cc2c42ee9ad949212dce2c5a0bb1affb0fb290903f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 95f7d9297e8162b7f10f9929dd99e217
SHA1 ff6de12bd68675063f98585c95bddb80c1336ea4
SHA256 e830b94e6a889cb74433a799052c5d143ec0e48ddbc5483ce5fb0733acfe8d7c
SHA512 f09e2cfdb0d62afae611987e1d551cee869916e134441cd7cd0128b3057422de2bcd8b31de6b267ea789dc3a42416e4c36dc7572697e09be8b15d5232a9a55c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 13f53a5344637fab8063f5b2fe09a763
SHA1 796e98fe8ff64e45be4cba557ddec023b064851a
SHA256 7c279b1304f7d846d4a0ae35a1dfcfd0b08091d27040d5bfbfbee1cf19339711
SHA512 9ae99cd7e0b604435e6da82cd8c168bb469e72d09cf0424dacf5871f7209f1f0bde6238fb7801fbb141334747933f16aababa4f70804e23f6728b65a33f33269

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 c0673f159fb826ff4fdd421de6a86b6a
SHA1 5eeea6a7241510f0d598c2e6f6069c04d3e10880
SHA256 cc52972c2f2910fd1faa8d1a0bc88b66335adc46e1d6862ccf94f6cbb190a96a
SHA512 3ee7fec94bb02c9a8341a5d56f6731fadff951743c6d686d44d1fe8b28db25c54ecb8ebd2ab72b1fb905fcbf3484b40ceac617949aa48b4c666ab5c612703d58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 5f86d37ca8e95d82a23b0eef2d0aee62
SHA1 db186dcf042d8d1145bb37a7d74956f38e3ffa0f
SHA256 918152d9684ba33e7c9a58d6baf783db0a234dc4e627f26abfb900fd072d256a
SHA512 d4bd0b913d343962b5992287f3c5447da5c337339efa4a9e5131862b96bdd4cb8b96edce66a96d36e4134108ca1cb6927bd8030d301266a07d50e239fbbbd269

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 62b10434527beff9f0ead5223425aa4e
SHA1 203ba6a330edaeead976160c41cb7e1670f537fd
SHA256 dc85367c14c651cb15bc9e77df25cf7547a5b736ee15d48f947384d8d6f41f8f
SHA512 fb220103d41b12fdd915bfb793957329a0f01ed9b7553a2662cbd350730d6ec6a65a45b534c118da347430dc7eb0ad29a66d4978fcb2838892ddc86f3909933f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 e1f0c32591f5bf4f1290b2442cb323b1
SHA1 fa1a516d9bd32f474c2fad00ea86a5b368a6c4b6
SHA256 d0aee00e7aa19c3c6402c3ef71755a4570107834204a594a379329680ac23b07
SHA512 45c256ed7069895cdcc2124a7618c9348dec66e0ec3da1a9b3844714b2526a3d9e7479468edebf5cd5cacda622352b3db5e807d8ad26f6e00753e4ac6daa7bff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 77fffe09ae8e9a1534141840708f1566
SHA1 ef9cb06a640a5705086e78cf00f16a141be7fb61
SHA256 d4081ba0269f346d93215caa436f043d165e6e50717c9e0569df8dd42131eb67
SHA512 d0022bc0a2e00082da3c93ba2f339386105de9e695d613a5516a85da97f493b6ae76b938c483ba14343e7f7422220216a30c2ad9c2e53b1c16f45edf9b3be824

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2a0af3d0e0f653f758795e092eb53e6b
SHA1 41c3c3140a38346b95c18071e4795f4296626f2a
SHA256 857629ec00cb0376e40bf1b7d4a3222660ee7a4fbf03455b41d8e0035cacc0d6
SHA512 0306e8785cf78e988a712e7c53ea803c5c4af7d748280c0ab3dce0f222197d6c51dfd4469564e9b8c88287b0c2ea9818391a16e2c721185e1001d81e19315148

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 760d8e5cac64af1104cafbb37e720e9f
SHA1 e7ea40d29cc358501c81a415d3990ec7746ba7ba
SHA256 db49be6ceec2a5416b79515d19dd01686e7230b0b87274e7bcfbea0bdea2fc9d
SHA512 3ad7713877f5a9ff72280b503dcd263a2db91989d7cd95b518851affb3527df997712bcac1346a825b163e1231693b57f5439d782dc8d4ec48744544c24c06ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 b2c8d630b2564db90d51e08fbd81b445
SHA1 ef40a8fe2d844a609d82fecf0b03a7fa04567d57
SHA256 20be2a7f8cd8184f051f1a4085ee873e8c4780c68e6b23bcf8574a13970f57a5
SHA512 ea2bf5a09781461470d453fea4ddcd17539710c106e69bd81db21e18410ed10dafb81c0bdc869b2b9bf1d410ede662cbdae5d6c65485886ab69365f9e6085ee2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 fc3e6cdef10109e4636525d56895c7da
SHA1 419dbd0e8bf5fca57d580fe0fdd19c7650fbc2ca
SHA256 053c98afc0dca90299d115fafd7d5a1548be29e0af5b3a471327a4a6c1baf73c
SHA512 d62abdf5a678a40e81b9a03cad6ea44f57247670313961c1d126df872e4f07896a66ac64a2aae032e98e244716106923de3b5c6cdb2e86aa10b73e8d2b722e01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 3a73504427a5fe352ee52707c186529f
SHA1 c41e4baa9a6beed3279e1c4d89d28a105c9b01c3
SHA256 068b4e50b5f4b543c1ddb8a2a79088fdafd387a21fd93116f0ad6281735f170f
SHA512 f57a0ae9a0bf76bac42ced558dd0b4fdf1be03db1a4b67b39069e0e69424d0a57451e0ba520ed9403d8ee9c1f74fc3def783d85e23380072ddb42148bb69f423

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 1bca486b63ae573394b02b09b652e21d
SHA1 3b798cf5d8117ae9e82d7640747f378988be3e60
SHA256 8cfbc666b15818a06ddec38ec67e03b4c9e999e3395bbe4d822529c2e830aaf1
SHA512 c052fd4f5b620373728e0f28dfafcabfda47741b9de5d7fcdac725ee8d20796d083e7d9417e8ddb08f7bd1496cca7a049267537f50c60f0603472c130dbfff54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 ff5006d161ffd0bb63aeadf45b42f256
SHA1 c60f73c06a0afcf3ff65943663a836bc0bb1d19d
SHA256 9cb2ef1915643aef07430dcda5763eb53271d1c547f8e5cf6e022db9d0f1d22d
SHA512 67c9a88fd50cc9b990e28d86c76bb3d1187ec17728da190312031015a0b0dd9bbeee2a7f935ea1d8f45aee0c3886f4d04d3f705b1ed078babf3b9b909c2ee866

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 76243d72eaa372f9574dfa2de7a4a167
SHA1 f7f0de686a6f31eec6671f5004a288298e59cf77
SHA256 4afae50a08402c09d6f5fa69fae1d52fb269f61850b28b8e38d64e397923ee89
SHA512 bf37628a4ef96cb4b37f89159a0e39d3bf3226f98633abe2167852b237b6fb597530ed18f0cb873a155159cc0145ada52a77c0cf52d49259a3efee9c1973cb30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 d2475b7d146f541ae0ff8d23bd3f6c5b
SHA1 3e08cbb4b1131c2a2ef9dd74a26dd92c5460559c
SHA256 12fcc3e6fe516a9f66d28003ca2074e6862eb4feaebcbdd88bacd6cf2f618cec
SHA512 cbf3005cc4c78f89a549ee41f7b15bba9288e44a822dc00298bfef545270aee48e7f41e8a747e939791cbfcb5a07a41d4f9b78534351dc55ca475f5585b28d79

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 08cc187a5acde7a6fe6629092ad77670
SHA1 841af1391eb2ab65263d73c18e705325606ef90b
SHA256 d2f28ca620b893d4b5ab116f601811b9c4613827b3cf4ef8354677133821c867
SHA512 b9527a6b1b7cd551121c5c25ff74c0453819167bb76a457ca5c3a892c28286d15ce4254ea712c11d4fd139339d016238228eae539c03644204ca0db55148e887

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 5ec9fe8bb58e6651d28b28705ecb10f4
SHA1 d0162a6c08b740ea6700deaded715f2815d0da1d
SHA256 e3c3f31f13113351e6114cc22112d2771566be450aeae76621c7eaa5bca6a192
SHA512 59c9519717a67a6d49cc6cfb4ca4379fe22b7200e21432e7586a6e19e84944471872d56da73ec48ae1d732590b7c1b6f20c0a67b2e1bbf47942d6302ffa107c9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 e7922f79c690b542b750fbd52495d627
SHA1 fcca3564533dad700fc8ad266b5a40c01acf2f01
SHA256 51c9f66eee9cdd2babe922ee9d83125447283ee3df94d5d5753d776230dc2279
SHA512 68f4493aceecfc587303f4a980882652dfe0d7669eaa02f389867a2c0d5d355a214c165b751469e85e7a1c969301650438eecc25333ec992135c37b6863cc18b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 c24a54097d213ba4c57e74c64d5df02f
SHA1 f0f74b94e4cd3ee95854acb0528acb37e6a71418
SHA256 b5b62c9f7be1527e27ed32cd089c8cdd998b8cd6b2bf5e18a7c156d87333631a
SHA512 97a89737469eb29235f52a727f5d11465da4e94064c11b5218cdb8fe04349764aa4e1646b52cc731f6e55e665b44c8f7946c7c1852ee23b2b82d94a26170c549

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 94dfa6dbc4903449541c6436fb9cca3d
SHA1 0937df5ce9a72e8eebd0c23383ebda81492ad522
SHA256 93e428f2b9b040ca37aed93c34232d15dbd7ca53fe6516d0ecd5689344f238fe
SHA512 9b9e444476bdaa393829037ae4a23d70f0a57819708bef49bec02af1f173f7a1788f4e2e850a6f08e84e5d19a5279a82fc759747aa63473876e86177e2136446

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5165278a1a6054bcf59f7d6048955283
SHA1 5660762c8453ec555413552215a349d94fbefee5
SHA256 7fb95988f455f5d97944c13b799b3ada75e336e1a11fdbdb682e9e019ff2c980
SHA512 73b29599cf37375b5699b3bef29b5eef0e1423b9961b2a09a00613470eb4c0ae1af63e3fb684126d4dccc300b923a03b5a38428f00f21bc89f9f1ddea2158981

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 62d1c803150661f010650eabdb095ff2
SHA1 548ba6d7e23857f39ae8ebe14d6a1bbec74ed741
SHA256 c4fe95369cd42dd578cb0e5863a52f7e83fefad66104988126cd21d0a0c2cda5
SHA512 a560c4835183c86ca549277e5e6032e9603eb76074f07ef4c96a56aa480681026eb8c7b064950460d4485322311b7edeecc1ce53b94a2def2c6fd4b3a8102146

memory/2536-8350-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2536-8351-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 4daa3cccb9692cebcdbd71cdc5120bbe
SHA1 441c46957351888bf74576f338334dbe8e6bc152
SHA256 2a54805a3911175a88cd34ee494a6082c4e2a53c930a22adcb4638610db75dcc
SHA512 b9c2d8cf8b1e0686673d78cadb969c5d53a4f46e6d57c88b06d1767df978bb85b71c7c0cd4d503fbd1c728da40fbc62bd843825db00c677b2343d9f3ae52ece5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a87b7bbf98d5a8c1fe66ed0942c7f3e8
SHA1 d1d027ebbf7d3d0d9c8965fa9d02444f9e491c16
SHA256 b5451a7b9e2ec77db8db704b80af757678faa8b2b506193ec1a0ff6fc3e8c94d
SHA512 1e6ddf31cd78a520437835429aa22c7d135782dada25c6876b07db2248c5ff342e8d5d7302d8818ff20e458e946cb977afb77728eb954515c48f1fd6da6c61cc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a1b0126d9a12f3b0a8984e3c3e30c743
SHA1 f1e2b37eaed1bafc90dd2e5ee6e0df1f47e3d047
SHA256 7ff73af6c8a25bf0787e23a0272e82ed98e92d8f891c42c86c60c6d622f2539a
SHA512 b4db44e9eb5f9679ba46ed4c71470512520d91a319bb9ca1dfcb72c7fca425e1087c2c3a8fb1300c0f237cf509cbe5d75e1155a73d8e745cf98f4b19548ae4d3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a9f0c635db736fc248f908d6fc31e721
SHA1 b88b5ebfa76f09bba768d2aa7508a7f6bf3ea73b
SHA256 f58d9ba1ff3c5e7576aae9f07d130a350e3a427b685b30dec234cc653f2ad98e
SHA512 4d927bcc084415b40f5763066a6ec60592ce47c31a10b5939740439a098969c69ff8b56ce25e07312d03da8df6a734ab0a7ba5bddbe588903af07fc48b281a22

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 9f1ded1c62c63aaa807f37b96bee30ab
SHA1 99648281050b3fbf14f5535a687487798d872081
SHA256 a827ee7bc5b06a559c5501e1d8577700fee6990a3724a3ac2752780b4c9fdcac
SHA512 c4a0b21824f3c4a8a69a33c934adcc9bbe315ed59ab23988fe8221f866037c8a14762dd20d694824c39b5708644439037dd351d27a8324522ca76b75712d8662

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 76b5a6a8ad1fde890f38fb18723e1360
SHA1 14f01d369d7e12da200eb17f9393d50a37610bc7
SHA256 a967f62034b69e234cf2a2f3653ea7c2aa1fe1172e66b00fef279e5195dc4997
SHA512 14e5ae87289b12bc6c655b44b7b452221b0e7f280da1f0d5a397b5e328ad8da8d5e703f4785dc2b3c27f9e872a02c31539bf9c390a9db9026baead3ef3119a90

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 275c7fbbcf8a1c3bc38c1cb9587aca7f
SHA1 f591970bb70b2b94d29e30ad613986a977b09907
SHA256 5b4cab00eb49b5b5643c9c9e7c38261aa08d232aae8c7fb6d9ce09aefdceefb5
SHA512 6e8436e7a714f8a34da82ab62168408daf8fdf61e66f7be2fb33faed07463793ab7baab9e37ac0af685d24a0c4be069fb463b37b12975107898e3e34ff637c56

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 2ab075be554c0d2fe1d2d761ff6ca894
SHA1 e171728d7dde750356b51970d074f57bdf25a2a7
SHA256 52ffad81b552847a001712a180500d0fa0c705761619784273b13e227c15a6e6
SHA512 4ca12936de35b2cf0cc2b9444a08174d5da04f19385677eea35031173a60527ca01e913d3d3d3f08f0cb94278d846cd5924a6744131f0f6a256d509d33b4037e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b954ec81ca0cb0b7496a779381bc5dea
SHA1 0aaa4512716dfdeb903b97d99f8f813737e7f581
SHA256 68c2a79c333352432133b96a41d036427639f5cd7895ce52661268945ba03045
SHA512 6687a4d68c757c86be4fe0b4bfd3774061a3dbb065022024c6377c6aa3bd4791de7b7a544a8f6025b76c5dfd529e9bc7ddac428343faf22f245904b1454e1e74

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d908b26931c2de5aa527638aaf859e4c
SHA1 1f0b523c5f721c8bf23c731764694839b5bd1f83
SHA256 f1410a948ac984335f4e693d37b6411a958fa182abf73eb262cfbbef5e7f7555
SHA512 400d6d05993174cfcceaf4efdb1c0f2f2040cd11ba54bcf05e3358d6147f1c1698e98d51a9641e9877fd3e41d76c9bad5eb10ac1ab6eaee82a73d37129a93ed9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f84dc35d23103f200b7a329b5bc3d48e
SHA1 db5725c94742c6060d17b253aa04bee83c90d1e7
SHA256 8a585507d19b4338f2b7adca3cb665f1e00a899c27e5b1e1ddb1b6d4b1e1536e
SHA512 a7aa21060d5758b3f0e3430a0084d512568ed207128ffd2cfa25d224f6b8b548e16d8796e1e611876dbd0963171994460204a32b1cc7a09607f88bb16c6c9cfa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0a37f1e89840e7909f42451cd84219f9
SHA1 cce144e5b66fa07bc5d4d9d0055cdf453af48591
SHA256 5ec228f7e333777c7db15baf1c96e3c32950305d08d5fef8a1aee91682c53449
SHA512 87abf1ce356ad6e29716eac9104589f7404f9c1d3e40969438be14ecca9b0dbe4cdfe43d12c0853e8cefed53d6dd0d50a0e0db9126c4387b37c3dd9ce0142669

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 025ca584b2a7d41d2c4a81f9d1bd45d7
SHA1 5aa0df95effefb618e2534b26ebb117c3d56bcf9
SHA256 8361286cee9486321a28e9c9a0248f915c4f07540edb7ed374d9f098376bc556
SHA512 5b42944b9ca42452479efbf4ac9f5ff3abbf3b7448a1184e7f5637e40880867cafd235a4da33274243d4291a764400ed3d2dd4c5395b5773cac21d581a4d8cfb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3eb34d3a25acdcf7c6f534db38b03060
SHA1 b6832c2c7a8470d2c49ddf768bfb235124d75bb6
SHA256 4dcd2d2b28b4257684248e78cb26bf3f6731322811fb79b4dff5c50c6d2e1c9b
SHA512 96aa1b92cda10f34895b7060fad606a8326534eaecb051302a73886bf9b6a7d49fc62c3117ee2b9387c26c668cf5a007b3fdc67e3e2fb9dd4f09b6f1cd75d055

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1c48ada56bb0b949a64e85f12d587ab1
SHA1 0419263ff835058632cd39cc48e2469b96a91833
SHA256 96d99bd31e6c4c26ccfe71db7c76503418ba0ee47d595b63b74131691057007e
SHA512 ad2019ddabad397ef8a994ea1ea1fb76b39cfaf0f8a4944cd581071a7871ac7890348044f33a88fa64f62cafaebb30895c3f865575e4bae301191e41b4c19751

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 958f67b53dda20abfef1a1040ca472e2
SHA1 b4adff05b07ee5595a6374641e4438d524f56bb8
SHA256 2832b71b78b5e1efb99d7ffe2669d1b5ad68866464b3467847c13b103b8eb408
SHA512 0fddd03afb51197930a841b3f74c476bb9ac3efb33507850ec526c03f9aea55a4e7529ad3b80c9e36483912e916887c461a8e87a801d7453a0241077e55d272a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 242d080458a50ed8693bbbb28570eef9
SHA1 f660fe7cd8b34725b3f6d27a7aabb0bffdf97399
SHA256 90c8f0b1001777500860f9d116a68b1c7f7380e1e65ebe0a89ec2cfe0464c44c
SHA512 34140c392ba8c2c93f750678ec001687995f0b70267dda5ba75e99b56148fb9144418631846249b91f533638444f8cc738a2d1fa8e0a7febe862ce2a08c5cd29

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 40c09a67b6dce8bb51a0cf425944a35b
SHA1 08771fa66f51cb873eb98af7e16443cf1d8205f3
SHA256 93ccbbc5e3c94181349cf8d27bd029ec2bb5349a21d609f111abb8ec93cb7e7f
SHA512 9141ac091491cde1bb17042df70cb65293699407f350e2e606a4e62fa5b134e1a474454b4e9c0acc524df8d48e288444ed66ec3d5e00db32e6fefec481ea6e71

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1efaef84b3e42d09047d56b316e7fe92
SHA1 fd2dc03b3d85a825402aa9e5eaebd4072253f0a1
SHA256 cc5664bbe5abe043f53b3406c3007874ad38cb516cd1665059a481c1ba3660a2
SHA512 31a7505c6a9fbb3e5bb2804be5f4204323218f058fa8ecafae9ad8b52c34b6c69a0a09b80333908741dd170fc481a26dc9affb97f66d1f443d60bed9c35666e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0a2e24e93635b867aa51886a3895139e
SHA1 5b88f4fb9a1c4e96684f54e52b190749ff38aca0
SHA256 fdaa4ecf243f7472205b2c629a07527b81c604009ade298c252d3d39a78ad8cb
SHA512 308297db36e337f9734e945fabe283ca41c6d0053745989d1f3065c8dca01914531c3c8812c013f17a837489bbbca2aa6b3fd8c7f77a6e9241bde974fe1255d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 8beaf3e476b815427f1e9e74b832a5cc
SHA1 2fe362683847dbc7ab44b89d1748f91741ea5fae
SHA256 06d421e3d5733d3d3a0d7a94aa96ab4c8106f19f26b58b55aac27d6ba0ac8ff8
SHA512 76781eac93b4ae22a04585c3f82bba0276b40c351821d6eea6b042c00137cf6d67116fb91d5a6deb885c6c9fb867fa334ef01fbfb8b6a33c28235289b6dde0ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5a9a0a21bc8c4eb99000971ab1156720
SHA1 bc96e776cf1574f069652344a14fbfe37c5702fc
SHA256 b5c229ce098a7be4596fcd0872dd2cd5c365f36da89dffd65f40020db21a75d1
SHA512 ee9cb5f10f713e719d741e9303317ea63f184e11dd6d6afdd13109baf6c375e2255c7fcd8c7a27485de0d2d65b7ae6f0dc4be9ce044fba95cf8ecca8088e7135

memory/2536-9179-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2536-9180-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2536-9181-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-10 15:32

Reported

2024-10-10 15:34

Platform

win10v2004-20241007-en

Max time kernel

100s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2199) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\VideoFrameExtractor\Views\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-300.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\dark.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int.gif C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square44x44Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\150.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rotection.resources_31bf3856ad364e35_10.0.19041.1_de-de_cc9e299c408167c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_550a59db0f5621b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_10.0.19041.1_es-es_1392da55382b3ddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-system-diagnostics_31bf3856ad364e35_10.0.19041.264_none_fc0e64de64f61543\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..sreadline.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a3d97b0cc1909fa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.hostcompute.powershell.cmdlets_31bf3856ad364e35_10.0.19041.1_none_60b66e93316b657a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_storfwupdate.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_dfa8189646f6034b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_de-de_0ce936dc00103a66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_915cf6e0c6649f87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_it-it_13b9914b9f8e664f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-desktop-playtomenu_31bf3856ad364e35_10.0.19041.1_none_6e3adab92823614b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ApplicationGuard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ies-spanish-fluency_31bf3856ad364e35_10.0.19041.1_none_d863d8db7140ca3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1151_none_b36f7f02e0310842\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..rience-api-internal_31bf3856ad364e35_10.0.19041.117_none_defd8fc69e1c1647\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1266_none_1833f07ce0c90b68\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.routing.resources_31bf3856ad364e35_4.0.15805.0_it-it_a7193fafe12cd5f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b7d90acf8a700c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-openfiles.resources_31bf3856ad364e35_10.0.19041.1_de-de_8653e0ac29c993ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_704e2533c1332e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpf-globalsansserifcf_31bf3856ad364e35_10.0.19041.1_none_043c873f9adcc058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_es-es_9f049662ba12107e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-trustlet_31bf3856ad364e35_10.0.19041.84_none_dd81fb99bc3b1e53\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4ac1ff374138d7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..enhancementoverride_31bf3856ad364e35_10.0.19041.906_none_18cdae449d3e3521\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\v4.0_1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\header.html C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..grams-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5663f592b8dab4d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Outlook.Theme-Light_Scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_devicepairingproxy.resources_31bf3856ad364e35_10.0.19041.1_en-us_36c84d17b4f5be1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_de-de_bb9bb35a9dc2a102\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_urssynopsys.inf_31bf3856ad364e35_10.0.19041.1_none_c25c085f7763a4cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-id-connecte..provider-msauserext_31bf3856ad364e35_10.0.19041.423_none_bd04f33490fda539\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_ab42eccabc09ccc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9be9f99dd86458fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_10.0.19041.1_none_ff3f122f126e89bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.207_none_71e36689b4f98543\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.0.19041.1_none_9db2fd18131e032c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeprovisioningstatus-main.html C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo310x310.scale-400.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_10.0.19041.546_none_bad936652ad03072\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_10.0.19041.1_de-de_3ad0a502c682285d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-directx-database-fod_31bf3856ad364e35_10.0.19041.1_none_b7ea10a2240a7af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_10.0.19041.1_none_875a9d43042f06ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-18.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-themecpl_31bf3856ad364e35_10.0.19041.423_none_d4d939a96536838d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ndowmanager-effects_31bf3856ad364e35_10.0.19041.546_none_d951a72ad1ee4c8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmsynthnic_31bf3856ad364e35_10.0.19041.1_none_652871dfcc054ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-l..languageoverlayutil_31bf3856ad364e35_10.0.19041.1_none_7e3faeefdba561cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8e9e696a3f31534b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-80_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..almanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_3a284eb159a75e73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ell-serviceprovider_31bf3856ad364e35_10.0.19041.1151_none_35d6d88b94afbd30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\Assets\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-17.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\PhishSite_Iframe.htm C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-skype-ortc_31bf3856ad364e35_10.0.19041.153_none_c7e282bdad806bdc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe,0" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ULEPQAWHZVFFULJ" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/2800-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9e9783ffbc9a6de1f0a8375c6aabf453
SHA1 b65c9e7b7eeca453620b880dbeff68f01782cd6b
SHA256 a44faa36146ee2b314d8388f12755bb00d4144d31c17ffa2c6ec544dd1795932
SHA512 3974cd57606d2c0f65d4e2c8069cfbfbb1a185a3ddd83abd8a3be59e10dc93bb77335a7aa6c69c6c12850a778123d66a1e02ea2a0d191824d0692e7358258d0b

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 696ef31438ccd42b2a9bf7f2b0a4b15c
SHA1 a089b0b316f5830bf512774cc0ab8b785bcb947c
SHA256 c85d93ec0d28006237e0d942ee89ef5e1aeb41c80536f62c565f48cc272132dc
SHA512 aca3bab1704a205b452f725313021ba70f766355e14b4c5513f38e0d80732dfbe0dd0252478a70e879c729340cc964b8be7988010f2bd095942776d4827e2b60

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 119cef4f3c1b0dba85c51617db935127
SHA1 d012b9358532872d34b91cb6c9caeea93f4e9bb0
SHA256 a93efd266d00e2aff518659d150a95a2a370d98c304742763121234c18f2cf0d
SHA512 dfd261ef29d99d649ec901652162c37a93f435e53e012dbddd5ef95de33fff1bcde36258eb7bbfac9525c8e2d9e516faa470c8938bad74086789a1a177dbe368

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 629be9ca02bd0eef272ef26d4ff60f0d
SHA1 5feedf1392a1e578a684a7f6145da3bf5c99b1cf
SHA256 6177b723b282304fd26d9c8d4965a129ed5e290f8f2eb3920f538f3bceef152f
SHA512 bf2faea1bff3b56717b58688f6555fcdac7506a4defc206687169eeefbd0e01b094f19348a5b4502e79f04c35ec8741f5cca70dca5f08a94d170822345a94b1d

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 a9932f8eb346b25cfb89ef7b57575d08
SHA1 d58b44cf80a863786843a075708746bd4520d693
SHA256 b92d62bdf27e814582d11c21ec9816f8117d0663093785e9a1600886ca8a56a6
SHA512 cb070c313a1cae4fe49d9959826fab700d6d82e6f0e240aab0cb100e7431e82515c7a588df96cff2fb4e15f8669273365174cf645dc8ee58f3fa14f42a49cb33

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 fd149ac926ac7a837d709c32965cacb5
SHA1 6c531b7080e78c35b70ddd5502c5b20d3d931251
SHA256 7a2c8156955ef4de379b081db03aa695269fd222fe590ae2cf76563efc25e4b4
SHA512 939a486e6c743cf61352b0ff86ffdbe5d5a415191c11207d29170c45d471f8fb1424f4fcf397ccee43eda38f7e6c098d89e07442cc4c6c40a4c3a785dfee68ae

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 ea1ca24aa319f1150e758cada9d36007
SHA1 11b5c98574fc9344c477b2b9bcbe4d0052594713
SHA256 ec6cde40ecd56561bc5d04d0d42ea2f3163661d4161e239bd83c9df67edae79b
SHA512 e8d08852efa6e865291b939be9fb697eb02e41f7a58548704b882d32c3b5f35e2ccc9a8367ff8ec4f94f0e274e32cc6462c67f625bf243981f7217c5f1ef0183

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 7dff002fed1c1ae120ab351535f765ec
SHA1 0beec3e5f5b430bc746f547e5892f504af06aa90
SHA256 8d3448abe62d7774447ecdcde198e242e3be575844b3573fd93c9def6d8bbbe3
SHA512 30e1fd28bc0193e53bdbf98c4a3ffe89f8a34bdbe5104109ad6cc760153abc2425e915a70defb603cfe795838bfd48b34025e18e40105d35af67df804d672b50

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 4126359a506bdb6bf549e0bde9acad90
SHA1 419535ff269c2e3c46f82a7b20928448588b3f98
SHA256 c90b5003d944ee8964d4e9edc709f1d00ebe6d73a846d5e9f3582c0a29b0d15e
SHA512 f82b9244d978e19873720c6fda0a1670293a952e3a4411c56ae6ad37faceccf264f7b4e0b795f68b16eae5435be6764a07f2574f858b9012197e07b8596429ae

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 664de033c4a95d95e3fe51f45af61fa3
SHA1 f2639ec1ed9520e6ed130f4361aa9f95ef4614d6
SHA256 b9dc1c83ed1b4f15600522295ee13d9eb3b5e8eb9c78a606c395010d3de5b773
SHA512 0e2e84f416fa4d145298658570acec53350c02103ff3dc088fbb145b24a3ab393daeba38bbddc47922dc257ec7fd257d45bd42aa59201f42b9003c263d69001b

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 2c7fe289366bee88a6249717044a92c3
SHA1 4e426d6d38777f52a477119fb2d329669816a211
SHA256 389ac1f394b14079219fcd3ac7b88f3ab83e75579db69a1e1069dbdf3e1e8432
SHA512 8421daaf16df5787fea2c667c4497f1a86cf6f9caf31d5a6b5a3b63630197ae786a6f8782debbc1fb1f33d00530f9cc2accc9d5b5c4a2109a108d4ed9c3de082

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 25d590a565c01156071ce558a745ffea
SHA1 304b76404402f6630098e55d15429b8d9885231e
SHA256 ef9c24ec57a3d373ee2ac31cfb283b833056dd3dc6166e4ed9fb97311cea7f96
SHA512 48105dd10d1b4e82e9f9dcb16b51227e92236410113ebb7d6f9ceb8646d737ae336598904cbbe93ef3a0acb7be3fa4875fd877af74a84e10d733e03b5fa4ed20

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3491d824bf45ca767ab99f50530043a5
SHA1 42257184e49fccff11baa9df87615e17bc636ba5
SHA256 9eb636b0b4e8ce2b09e86a4fb69c101d69424fd065dc859bb5305ec3d59bbbf0
SHA512 d7b054887aec863153ae5ecff80e6505c699ba1440fbb6110224d5086801087cdf2a341b52f72575a5eb2c85d554a1c3e51bad87f559ba84964be8a219bf0e4b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 e32e623569c542997ea993111b3a26c7
SHA1 f8406ad06e277a5bd1eb1b2ea13f0c5c88e34784
SHA256 03daf1fae772ea14a247495d16cd0f48996c87d7d5db7549d3afe8cef9e030fd
SHA512 e1b4a6ca77f361720dc767d3aa64af9c6bd1f5a7efd30622a30076b8643a4eef0680e97d8c8253796324a1273b8ca799a8af443ec63b445fda7a3e2d609f1bbf

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 090e3df160e432ae71be3d71e886321d
SHA1 78e5f0cd7cd52b9bb0e11bb4c4544cb178716beb
SHA256 8edf1b2a524198e8c9666523dc09813bf741b23d4a81bc99b614d21b7eb9dd79
SHA512 5edb5c0999ba596197cf88327794524044f14ec7c66b2cf1186c278ec6067ca6d71f14d8174948939e2c7dbbc1ddfce2355b682f6058e3075f4de51a9d385c4f

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 8ee49c5ac2a4fd90deeee713593f62a4
SHA1 363085c13bd69989b177dcd7f3918ecf425b9478
SHA256 f209dc56572dad8aad05379aefa0e26856eb11c59d2108680c529b48660293bb
SHA512 28ea16dda907d56acc692300c5f9bebb4e1821d982cbc8c885e8769fcfd3b1505bee4050675601a8c9ef392e98ba9b10a86618b7920fdaf008a8bf154e85674e

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 6834d2c398dec6012071199a89fb1e08
SHA1 a4729b576b3255625077034acfb36187696ef1ba
SHA256 432281ea651c9f49d20ee0d2d04f8cdd5ea0d0d330405f6b3cfde936fafc9427
SHA512 42f19062f25a308b629ed24f8ec6034566073c85dfab301cd9c9960cb71dbcd647953d4ae9b33e86ef4411bfb2b27e058ee56fd9ff4d305d28ce632dc954e7ed

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 3f081c6d2aef02ef5ba545836f3d7dcc
SHA1 ffd3b10b763b744a4368a1e33bf96285cdae46ab
SHA256 297c6e3223d12a242cc18e8ce1cd01fe2ef5eadd362ee3182572614ccce10cec
SHA512 041ce3a7d2ef04c0d28d3f7bdc3030a09f1468fccd6f7dba43147d36057ee64e34a966b396f6404e94d148deec8a34fbd6d9b6ac7d6fc0663a47a962deb0ab70

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 988ff52f7e60963426bf68b00afeb6b1
SHA1 a31b5c86f3418553c92186804f9a1b07dc29bb72
SHA256 bb90edcad58a3ff69e262d22f26cb57372c8ebe212ad78bd979585a7262e9aae
SHA512 bfc1ed98360f179518c0502340f3e09f239c4f90542c6efec148c07c178633ff15510a17a5a7c7f959c727a4774ac3c4853ccde70447e91bd97af4c84ddaca80

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 09061d39aee18ea2b0fe296b487acc19
SHA1 f07bb27e26aa2cabfca4a9157fcb911bbd02432d
SHA256 e202de29a5f4fb33d51666776532cd8af8d63fe5c8fffd1bcfcc5673b2560e49
SHA512 e29de1378f23accfae566b567aa548eafb29de638a271295a013072c454b4ddb61b38952a27ade13e3ff53606c83f2d4685742702a406e068a1eb75a20c3f071

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 536b92961714f28ec6208d542d21d464
SHA1 19c150792bfed0d77a6ca85f82d71100da9b101a
SHA256 d0406bcdc2ac2817fdf3ff679c681599a856b415761f63b4fce0d5cb8967b75f
SHA512 5b62bb3f227a905c026a342ab902cf83bfcbcc9df45551a506b0b8c619b33feae4e317345418381182a41771d6d6250d66d598e85357a15439a676544b4d75b2

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e8a82af39ea97439ab04712058ef77c9
SHA1 8f9f7f9e9f78b9c82a7cd468a724ae5ea32b1f35
SHA256 87ac9bf3e320ffe421d0523d8ea2b72eda3e59562633e53237d641112b0905f0
SHA512 2428e49277fb67e256857fa414736b0b63ef3bdaebef44be460da1ce981b5daca77e1a674fe34c65dc5082cff6e3bc7aaffd2556024dba58ca1c7e3b8c02c1ea

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 0e5e3cc93ea3fce86bf5569176d317e6
SHA1 86b93cbc3a09ea1bda8bf8972b5f3cc1f1596051
SHA256 385c007c90d5b55aaff7a90e79819d47c2b87289d213376b0a64ca8dff29c8dd
SHA512 85e6f8e69389c3500f4de5e9f567fa7c3a837a66e79630333b7315ede9201bf9d670fda5b4c79e69e2b446114c183c7528a7f6cd9ed60241576815f06b1c6320

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 d8894218c3c82f728a101177e6ab9663
SHA1 b24a3fc92aa71acfb0ea6f1bc741b0741295460c
SHA256 44f0071821999c5fdfd7d5e51f1fe7bbbed0e9490a3dccc85713f1e165274612
SHA512 e8cd8826823bee4b792df8b44354a2797b554ed49876951faa985b743e20487d06f85bac1b110241c3d9b1a77ddf3722ca5c5d3fcaa7d4a6571b8ac71de5804b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 776f35c52bdbe55da1123e680d97c86a
SHA1 1a5f9b60310b6eca6b14e8c0cb807a7504164917
SHA256 3f8369b7fe4d17bb25548b2c8ca8dc3d34422fa79d23a7f35140096f1bd05d9f
SHA512 2ff25aedfd31cefaa43c40042b7eca3412f5d1e66495532d4d1a6dc39a10310679b0cc8efbbfd79437bc0564179a3c9608afdf5059bd2bb384441a29dcae7d5c

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 11d471335bdb90d149ed7068f755f651
SHA1 044fbaf978dc7a81df49a135f5e0dba0021242c2
SHA256 c367c08637f65bc68c02cc10b43c9c0e883fcc8dd5f14ecca47fdcac6d4f0752
SHA512 fa6c3512bf3e0bc67892565bc53b60bfea83edd3e99751fc7619e02a367f3aba6370bc78ecf7bc01c37f258530cace9063dde05293a421f5857727f5fb0be69c

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 4bd078af690ac68814f79c0f6de61fa1
SHA1 caf4536811e7d13f3a1733e3d60f0c491379abbe
SHA256 b2083078f5a7aca7427822d1b290ae738cc1c378a75a51ad3226961fc37f65c3
SHA512 c43d693fe216722f886a5a952ba55ee034ed20a11c12595c5d8ada72bb1e3778ba7dbcb7ba8da89fa578f577bdd308a4a51b85791a0124422edddf6e83aece68

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 40a34f390e979b24139f8ef065c6f983
SHA1 89e106d4094dc64a9e5acd45a5518fe05915cb47
SHA256 fe34e79b075d3d3d1a4d23239838666b90dc9d5e28856c2e76550c88dd515fdd
SHA512 91152e36e893a60d297da95d1958341fcde1c4d59236b49fe44bd1d6df641294b603b957acc8b748c652e79a74fe8eb7f2a83a9c6599980d4844a9444d7f1ed0

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 5d7af7949228bd49999525ba21d0a63f
SHA1 ea964d04df590c62c2990c863a8aa20acdf7ac0f
SHA256 76249e94ce2d089fc4a2e52965c6ae73ee7cc86c06f583a36d1b57148931e4a2
SHA512 2c274a8002cc0709e313568bfc6fc1572683ae395c566d97f1b8c661ee6801a2a02b2e745495562372d69e00ade6e4251ccb699de5371cb4b013b1b878691fcf

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 f56f997608e9af9ffa344fa36fb375b9
SHA1 4dea1cf9cc7292dd7dde11212b5c5bc3aa3f5a6a
SHA256 188ff0310443a5f6ff0d8fcaf2cb2bbba213e8c3c4a1ef07d92030552a294617
SHA512 f7d79d7b7bc7636aa5975a8e165a7c342d595a7abc5e611ade564d48c227a9e754101cf46222dedecd303aa47501656ba6896fe58eee9c3e2f255b0afc5dcbe3

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 c09526ed4a687cf2c4d37e437fb27236
SHA1 1d526cf17c5a6d5e6b2f4776bb4947b1db30f086
SHA256 c27494a3667289564364aee67a82819602d832e37a0acc755063f3c1e6c42c49
SHA512 4e6b1698b1e7633b8f132998879128db67ad07d2c2f98b7d63ef9728e75eb109867ab2aa05549cab53fbdaea81edacabe75cb5d2e874aa33664d6f7f0cb5b43a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2a14b38ee472c85fb4b2dde88274bfa7
SHA1 4ea8d6863180c4f94481a863bbc592c7ce3dadb7
SHA256 7c47774ff7be4594db2ef223c6389e01282049acf67d4fb9b1252cb3c99006c3
SHA512 0b19e7f5fb687d0801612bda120368fd0148826e12ace13f96fd16d303a3825f5513e5e8c511eb088bfcf360df2d9b9c2b353dfe3e3287356b38ac069d9728e3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 f1e93502126783a980e346fcb532065d
SHA1 0298afee385624b88375c76a00bd0b7ce23876ab
SHA256 e2f7d5e4d95ce0e2e2f8fa4f640c087dc99015f294cc680a9d5b582f7da55d28
SHA512 25dd71fef4003589105520445b57bdf2c25fce2cbe4f7f2d3519249895ead2dfba153780e698289c402bfd2345c16852ba89a42daacafb499bf8884338ceee2c

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 352d80f4b0dae770776b76379c16853b
SHA1 9aad00ee369ff69176fde38b1a85292a5fd115b1
SHA256 d03d17b4105fb2ae6a106949b8db7487746370627879848995cd16251bc06762
SHA512 33ac5f3673309beb561217f1e0bfa5bcda836320f404cf285bc16794526420e2d280ea829c6274ba5da2a723fb3894f8a6aef73210dc28e139bce3216a2123b3

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 ffcb4ca8d377dce6f53b1821975d0805
SHA1 6b60c381d981c662114f5799af862add8c2e608d
SHA256 129d1fd4116c91ca643f6f5ca28c552df406e581f331545c96730462e4fa00c4
SHA512 af1026c81298d38140269b042eaa98342d72ad940009589acc4e94dc81ba81f64b9ba60ade2d3982de3f3a1367fcc256115accafa9e9c1226675903d4af67efd

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 3dd15b5d5d3041c323171a84f73cf7f1
SHA1 f59a6c4164cae799a82c1e95dc179f229dd7da97
SHA256 f74a5a0a9569bb8d867b02051b09a3b0ad241722acd3e68f7a2d3364edb058de
SHA512 01cd37ea8aee5286f4cd4d01e24c03fe0b3499081397bdd2f13836cbb43863930df041e825ce4d8943ebe0a446e11f652dda203201be90e07d2181ace98b8879

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 9d809be76fa4205ecbef5807ed2bc4fd
SHA1 d0663bfa3723ffd6c4a19d47e0d6dbbf6e4660f9
SHA256 35bd87aeff738191bdaab04999573d393ef8e8b1baed466f543a63397bdc8920
SHA512 22281fd9c2603e66727d5112e6ca7da489c02bda78f8189d238b6cd6c9c50d57f2593ebb54fef97a7027c0a61ccd75cf790280d13f9d99c8264eac85f473d714

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 0f589cb7005ffae3d16d42954f66b9d5
SHA1 7c7aa7f9b24f9164a88dd1326fb10d163d6a0dae
SHA256 f5c4cadad865e4574275f71c438a9553f2f7ca42fb1d91122f241c0774ce3d3a
SHA512 dd01a522e8200342c550ff27f406712febe28399ecbb10334eecdaf2d79f506035ff93bab900ecb02b7abaac4aa7b27f3940fa2873e1f4d7556ad1f6f159b13c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 a0fcf26f3dbd28c0cc14a1b83de460e4
SHA1 5ea79dfa43af82c15070c3ac2c4029c7aaa7d7c5
SHA256 431a874ae5db02fcab1be94734825802ba897324b86cbe389d50a3191d5deaf1
SHA512 187dd2d7197489dabf1b347a2315c6e33cea937d296c78aa2d30516d23c72fe7a2ff76ee56c0b049eb8cbb97bf13f8c86de847589138b606ce3c78c08f3bca7a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 12ce1cbb4c8f56b15f8879f8a329abf5
SHA1 271efb96e4c3ff97d41f96b88e53aeaf59e3412f
SHA256 90635da0709c97848693383aa29246400aeeb16a51d5de28b9d57615fd946289
SHA512 7932a0c3976d7f88473c4a30d539841ec940db8ae7a689166b2504f542118dc7f6ac8cb74a436eb246295f251b971e0c72209ea65f300ecaa15ca18c0bacb2b8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c05b6d32e367f9f85330f9a427648703
SHA1 1b60f11cce1940cab73b800fcdc185b13d13a630
SHA256 3991d1121429192ca0e51a751a85a956258f310645c6968292175f591b601873
SHA512 7847813e2486c4a750b04d0e1c64dae57f1377d437ef92b557b4972dd313bc1ca90bdc8d940526f41150142d016c85a6e7dcdf0f727aa5d2b3f8d9b302896601

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f7b5bb49d222eea17199b1573337b73c
SHA1 3fbe5815f6e9c0389393fde1f8548282edb6754b
SHA256 b150402616e94fa48f826a9b862c57048d804be9bcf60a0b7b34d0de76be3ef1
SHA512 c9eeb7ca3d18cfc8b551cbd512ddd1ce6c02f815d00d4a30e66b57e1550568f4a93ce20b3e4aab1f21462ff8a68598b2c8c6c82055f41a00ac23dbe3e0b9cdd6

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 b539126fba7838ef87bd245134cf26c5
SHA1 79c0d2b35c7140837c7788484b0920935a285a06
SHA256 51806033ee02e3d5477ce04c4d849153974e8881c3f791496481b933d67ecbf6
SHA512 514098bc4774370fa8222ccdfe2c2555e2316a21a5e305c95ed0dbe18a531cc061e56f3009528bd585c7a7d92a672dc6b827fb1a4623d8dbe9e3123e5b5309fa

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 970dd9222250ead018814d3271bf3a13
SHA1 75e3b12ec79498d6e881ff69f9ad4118b85f510f
SHA256 acb74e69390a86287c60a33e169bc14cdfc057006c844c2fe5f8946baa55a0c8
SHA512 095906f06a55e791e9ca4de0010c266b7329f3db7cc979635ae60c0b04cd1efc2790bbb5be86e5d560a31e5bbc98449230ee05eb59b07724ee797086f07097ba

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.EnCiPhErEd

MD5 398a2e264f5020b58ccdbe0626b1cd9e
SHA1 5cdbba071cf727483ddae85fabef3238b2921694
SHA256 1b50db97e0ea66ae244ea2ecef7343f233922e27670735f778d7328a2ad7f358
SHA512 0cff9c98697822dcc18ea91a77394bed3aae524f302cefe8b4aecdf9911a48dd0cfdd3cb276dd82078cf47e6befdfcea900ca47575c4de5465d4b5e3a3c9a9e5

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 ac154d8a3b1315e61e5905fc6fcf547d
SHA1 a50f49738881b22bf11638420bba2b73b2c2368c
SHA256 07fb57b9dd876615fed4efcd8a0f138e69c935e952b87ff2f4115125e06a88ad
SHA512 8a31afa3dc49ff3979c1c2b5b46aa56e4dd2edea918d520c4f414839e6d9bb852430de0c18962480e17b3748bcf7f2c7b0d2f593d70e33be11366fc099acfe0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 30df42721a8f98736509202d5fb00569
SHA1 9c63addbf10a8fa0e9a7e2c624f38e4d438be2bc
SHA256 606708e978146b28186d66971b9411d98f64346fa66811badb3478733ad240b7
SHA512 83ab32308b10973addd9da78f9f326169ab7d6b63aa15ac2710ced515689fd45ecf3269b4bd2efafb6e32d0501af87c7feaa44b819fe4d276aedc31514d5ca22

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 019f5e2f95a45768be6fa7f1f95991a7
SHA1 4dcd79ae1fecbfa0c632574817a1373e999f0264
SHA256 0d7b707070e2b1916586ade711210b9edfd64e589f4519ba2d95c63a91e60b77
SHA512 3eeaa1d9f2884ebd32082a054108c48e58687657b0a2a0273adfc1cf35457c36da0d3bab8fcd108af824315f79fda418b70cf72f74619ec0a076d7a794a9dee9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 c08aa57aacc75979b2a7eccfbe4b55e7
SHA1 9c0e9e10ea2068baa612e7497f38808485e3770a
SHA256 0d7d2efedf4b3a234d9b79b14fcf1bb8560be624543078446bc4aa68066508f9
SHA512 ac4a78f244e882da512ce73b99c7f1e9a6394275790f420302294af8329ac33acb9fa9c2d98b003f5081010099df6df2eaa162da871d356fdf58a50a13c1e05a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 05c8aa7112e0964c0fe375f31c60391d
SHA1 587009374a7c35a778ef0ccd7f5e7cb7c62c06f3
SHA256 7aa747b0c8747b68749eca404e15afc9d59bd15cc7de4cd82776bb4c651206cb
SHA512 65e0eb22bafcccb418b5b1cda421e1a35786186263f31a12ce730abdffa19ccc2a33447d04b14c2486e200b2d8e668181e73cbd22cb1839983c74fe857545450

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 80f6f56983dea567a3528e2befde7f5f
SHA1 20e80998720cfac753655efc06b25ae96cd3c802
SHA256 17065d0e6bedeb114dc654860c27e7c91987a6204394a8ba3da47fb90e25d3f5
SHA512 cf56a2c51887811b4b77e8d2074e6faf246cd99fda932694ba270f4236677d0da0c8ddebf96dd1dfe2d29a60892a4893b5562cb7bbeae2a52dafb8fc5c562eb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 ac51da2b393018fc0b9bd517e9773381
SHA1 c897edaf08586ac4ca8c37e542f1ce98bc8c6f61
SHA256 a394434f430c39edc8653597bc6505b08cbe4ac2dce2c290a1ade53933747401
SHA512 78a8d69927fa81121106729bd4d6ad7e86941fcda8b8bd76bbaedde7ec0eb4e1359058e9206df6c163f180705e7392d1a6eabab46a23489dc8467b441ef6c010

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 cb2729017a340a1716a36337833f3281
SHA1 16799214cadeb9cd08acc82e43e7227cfb31fd69
SHA256 c219419c92f7a0662e210d2c3bb309f442dab52f8b68697ec98f76bfe7c9c74b
SHA512 eb357b9c6806f20b29141a5f55a8486acc97c8f90733b6898bdf3e254a822a5dbd92314c3045ff4ba5843e28a6350f31bafcfd6977e5749d32fe564f3cd6ce27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 762c51a625a6ebef5b97ab54045b16e9
SHA1 74f073037c534dcb5a3c3d5580e66f006ea3ea29
SHA256 80c526071ccd34b9c9e63221f69341375e4837ce2a02bdf0adba210a4b1bc5ca
SHA512 53a7db5d7f0b362cb3d4007b2b0971420fd3578761e23a91be01d12ec3de0af81c106d0c4e2ff8dcca6c6183d7d79c9ef6d8cca40d8faab64ddcb25d19d8922e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 5368df92a66e67da9ae87445e39dcdcd
SHA1 0a73723d13cf74893feba88c3f5bc8ba79f5ee91
SHA256 cd934cf5c1891fd40500e6aec6b4294528241753df80df3cdc4bc4cbde5ce877
SHA512 f30c6d01f2910b66a2f3350f50f39bc8dd1aa2dd3e6f35da9f574908f815e0a7b48e78e8a3607c3d6d35b17c4be0aeb6a655d8aa58dad45208c02f774a8fcdd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1386147dbcacf47f17f2da280595145c
SHA1 cfcffd7eff3127e7cd6748b5da8f57c349e1d637
SHA256 b0bd4dfdf7c99a6eb340e98c6eeacf4059da33bf5e67e2a5ef6d936924be5623
SHA512 68099b636fe06e3b7794829876a2de0d96ca3d6dd65747e5647afd93b1268408261f16f7b8f8694c9395fc8b6683940ab77d1aa20a08138ca2aed6fac8499189

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 1d29f810abe25e30ab5fd61a644530fd
SHA1 d4b3034366f97b616fc5508118c99849c9328392
SHA256 e77efbac98e17bee2979b2640608319b954a6af5c386ff5d350a3736d89de7eb
SHA512 431f5965488eab1560b523f0b09f440d351023fd76ea3e4693a5fff80b7d0d9c12ae667c792503559fd1d978e8966f21a9317fe97f1a5917252d759e4d259651

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b49f20cdcc604a9118f0400f52102b4f
SHA1 c980e339237687b86915b159db60ed9f4cdd6238
SHA256 3453d1cc0d2ea30f1b477cf8362709f9d844551ac0757c2ff5f6dd724c200c81
SHA512 ecc5e7b5c51b5cefb6f8b853158cf4b26972b9eb08a87fa964cfe4765d4224c7c95ee5f7be01bd468358441dccb90ddd57d317d6d410860761cbfdb54ade2f85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 f427c8e83dadb0198afefadb79d5b2ce
SHA1 31ac49a0fb6b5079c19c51aac02fbd3f0877f60c
SHA256 a24c23138fa087655539137c21f8c0ab6b801b809c1c15edc838f538adb228da
SHA512 563da5537e46b5797cd4794ad1c8019bdccbfa2586ac8cc9e75ad0c618b6dbc14dd7b5154e2aa107966d407565b849c7ece9fc403d9863f65824e4486ce4ac5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 1c7b98022dac3647d2c2854ea9a26012
SHA1 abbf2f11e77f5bb576661f16551ad74d7fc4a834
SHA256 b7919d37f35a2a03988eca591c6f5089ac54759e1950184c9c2e83a4e44c9c30
SHA512 b4033e731205b1f1555d7c83ce5e38227f35dd2ee39aadbffd76482dc8321cd7a7031da6e1d031bd7dfeeb33d7c8df76b0a4aa2864c3d1e6d68392090d6fbece

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 0fba249e3a592024ff0c0d9ed015f7a5
SHA1 01a77ed1c178621ac6f57d7fde0e00e260ebed13
SHA256 2d95dd51c166a89115d46a710867ea6b4df774126d1972ef1257d5f7c6f225b0
SHA512 fc243ee87bf43b192d93846df855ac4c5c03a0748d2ff5cf48d305cc33454cba7633b6ecf97b898f74aa72a8b194e2bf35178b715f50cb46170c1e4bcffb0eba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 009cb7a7d911fa03b17d895f24582bf9
SHA1 8b86865f3ff89cb6e16016613456a7ba9aee8f92
SHA256 bffa9181240021d9b5d572a09816700c1974c19ea455864ab4db0a10f809e2a2
SHA512 d016e84c90d9fd47f5170bc0f5875c9b754d2237d1e7b43c334d49495807a8871922697fc3688bef0dea75de1606b652becc90015962efcf4de3ad62bdad2bc2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 cd64c294b26ca2d6333b7d224b24ab92
SHA1 e31f482afc1d05382d86f0e3ede9d58006696fe2
SHA256 5e211401f846eb19726ff76447d16a85ccbd9a9ff761313ff68790f66af34c11
SHA512 669079bd122fb3815ca8964e602c23a209a0be4d2325c97abe05b7ec8020b89ba918f3853b89a6a2fd3ff5079a0cfbedf3cc8991b5c6af8dedbffdff5d3c39e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 b1d29a8c8020e009375b664553474744
SHA1 05b249c7e97ea905acc0d7f01ac906e4c6f04936
SHA256 0dd48fc7e1454386719e8d6c8aa9ff5e671512413a83e6e76c2f0aa5e9473b8d
SHA512 b4838d11907e5fcd1886f14a16256039f2c459f2c930de84a0610f8f2bf62974b33bd468c1f1aaa6292adc71d4eea0da136e8e1aef71a8247b4dd60f802aa91c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1acca0c2efc96a4036a9ded0f016fa7b
SHA1 33ae22bbd9adf65d5643126deff40f82fd286507
SHA256 76a49cb717c45ded834e775c06ebbd8ae4dae2d24dfb41aef5013b16b0096ffc
SHA512 2fd8b845dedcc766861d13dd46ed48abd2750e7e8ce44151fe0a7e2adf3a8176f29cff88d772b534a2b24bfc0d81ceca5576aca7660e3d6e1b6b015eeba4ca2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 a1f7c1c909980faa4f64db304ada771e
SHA1 78c581a763a2e72932167027c85649904237ce11
SHA256 d282adcc785aca26991a2e632677131446653952b5902884af4155d906a757d7
SHA512 f2f312181374c32140ebf519d1450d0959d5248de55714f6edfb8e38f46aaa7af7ffb104642f45beb2b5d04fec6bc4b7cb09b1354604b119f87e2714589fc7f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 6d1506239431ab3237377955142dae1b
SHA1 4f4f0c2667bc67f1b7f5984b61f2c572c54e2d12
SHA256 398e356c9d9d6163ee056ba00010b8d657e0059ed960f2c6dc6570270411fce9
SHA512 3850188d20d5c6e631d295b46bfc17943e5a93d5f505b2a11361bdc9ee5c1ad002d0eae423f6046e4c9579277f28c16bb61b47f70e89f2255cbed6600c543c2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 01aba1368289745e937b57f771885673
SHA1 c1c47d63ade873992d546686ecf7de7c7dff2889
SHA256 ab5475439b0220248cea0a74600b990d504d5c36d0179a1aaf47864ae9903087
SHA512 9b00796e2bafaa2d6bd7c18481370d6305105970118aa1fa5b6351ee71b25356f0e972fc8d64c3e8ea665b5b79c66b7f8d40a726e071c14339d7c47a2b31e782

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 522ffd639e3f61a20f3ccc0dfda13b70
SHA1 f345a55a2ea7e3e45fb94dccd1770a76ba398b9b
SHA256 ba40edbf82a4f885e7ceae0a4c66fa19977b511e711399d12156689a8d8a6620
SHA512 9f6db7f760bc57f790ea519d484e532dda188542260ab9de16621f172524524b50b3fddc0a444a9b2db15c67e49c7b4cea0d69f025ebfe1e9639ca009494561c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 790670c7573a034ed59a7fdfa1c44738
SHA1 8fbc71e2c1dc1bf9781fbe4191c142838312e41c
SHA256 338523067f8b6d86e2e1078e00b1246aed55cb259939235a8c0090f6cd0532b2
SHA512 c04bc3a114f083369af544baec87d15b0a343cd2e6a6b5908a4c0ee39578b05405875997678bd409ce37e4600e8a0f364b48995a073dea1c5198841a39bf7236

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 0854bb2160c6d49d1770bbf39f14e739
SHA1 98d0d3a6c7c95c6d795a01a761df2b2426a872f3
SHA256 e16e34ef445fd90b048790f08225a4dfa5e41e128d1c1849d1f13281f153187d
SHA512 cc4c2b059745ec847700d52311808b5dac429d070c026b195e4158f7551a453f67bc05f967a7465d6e5096ec78f0186e7f37d733d57f66cc46c0cd47efe875fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1c76be33a7325d34a16f1cbee373776a
SHA1 f35359fccab7fafe24f58248e2e663e454ac60b8
SHA256 ad0ad4f3246f4aaae6ec3109426dfd57ded03f7cb2bfd99382cfce36b0f8a4bc
SHA512 e38bbdcfb2752b43da86001adbbb0e690f2cded005ca119ddde76b4200f385ce434729aee6082e5452e4573d7bf1e28ecd64493b7d8b3b2ab3dc7d450b858fe6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 8be6ed99a8d1639330b3a2f0e102dcbb
SHA1 3dee048c1a24377dddeeb562bb363e932e62b08f
SHA256 a68e06ae84c96707e8d001a2b3e4d0f77611a299ec1503a3eed4b360575c0b1a
SHA512 e4cdaf66ad92452880dad90e17e515e552ce1910028582c3d49fbbe91adcf6a48c682bd2f28af25a75273f5a3645ae3ae4ad43447e0d7cab5009c578c8f8023c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 17429a1416d0ce3a7443bbfb66165e19
SHA1 fc68b6ba7cc2168d064270282420fb59cc2bca94
SHA256 49afe2928d180b7cbf1b4bf9d04384ef75b316e56264045cfe7b9afb7264f9ea
SHA512 fc8774286b1ddedc95fd6f0d84a0a8726784a1c114fb99dff2109e01ef60af1f518b8a3e6ea59a8974b4927cec2b0a949e94c0e8e9d0b23c0fea2dc3771246bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 537cbdfdb89c23c2a7fed616add40b67
SHA1 b4df5d93f45650bd582fdd9e5d8a7e6b529a5aba
SHA256 bca1595f0c517cb37011a4d7ae286cbdbcd6cb2a57976864283b9c2fb0b07497
SHA512 6d8a74ecf2fd45b36275206e62b82b68035dd5172869911b553a40c7a2ed2608a3b446ad38820aa7f33e7bca171f648e1a29e47aa26bcb122813ff89de56e1e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 3a0760d7156c886512216693c01a7cd6
SHA1 ce174d4833e4a7b52c7d8fece299e5a580924779
SHA256 4ad65bf74fb4910d171cd9ed0cca2353c84f54c49cdd07cc123ce6f903f5d896
SHA512 999c9e2fc45711006c0ee98c40bf933360dd4dc8b0c82b5b62484eb4c1042e242ff4a52952c8d44835ce593bd9212d1d114ef8fa7bcc2e48e3fc0bf5f03857c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 cbcf3455e5be1b1ba60a319555e73e14
SHA1 2f9bd30d765f53c6d965c2a24dc2f6d25508e176
SHA256 03c6e4b93cf49da8b554b3374a9df1213f5d7eb290b7b718e1dead29ab7832d4
SHA512 80de39c091135d97f14568a062e40c231cafd90aa03fe5cdd82e1cb0547f83f42b1841d3c1dd92e3cdb0f66471b04846def3353ad8681f73fa2dc3c8dbb007d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 fe95570fa82c5951c936d4e594992452
SHA1 32c477bfd0c89298f54ecff0aac4065d8fa1d1b0
SHA256 22aaea92e2f1a189d25737a7217984a74b5ad11049d408eb7e5bc6d245954504
SHA512 d2442eef00d99b76496a70ad3420bc08b84b7659de0d680fba4b05510609d45aac4e5d2f1433ed74a781af87c86f5ec334f5e04bea1e92ccbab0473953e0934e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 e94a10ce3197f343f68770d487edb5b2
SHA1 02195093891d8518ed27c5297c32fd42aabb38c7
SHA256 d6bab4c8172bb5b3e798f85ba22eac35fa34dd2ea5ddb2b48ec694fb723c58c9
SHA512 76bc6a27f4c13540887151e9736248c3f3f3a739881fb7c73c0d09f54c288f7fd151e63ed49e499d0b273f148974665b17db0d4df60c66c351fd1675de21d0f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 bc72f03c970f02d2e8db2612b6cbbd71
SHA1 a7b1d4fc2307faa8f9be1c133adf3664a06aef70
SHA256 1563a2701a8746cc55a08e62f60e3f6958732f7f3eb20b321129642e67611a57
SHA512 70cf4fa64353b99899ad233dc9e4daee1f0842c7cfbb6254487b0c952ca274d1a4b276d3a7e5a1bca0847d703bae895a05e9e4823b053106f523cc4e42e026da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 696764c2ce6d1874a89b1c37da170046
SHA1 aad715ab3c66763146e46c6e2862e3b001972b38
SHA256 ff97a7d28ef6b216f442a02000ed5242cdb699ca871c732925857766686058d5
SHA512 df657c9f2de91933c88fa1dd1e6e1c9303105618f1075c6ad5db11a2f853ba5538e117d2efc0db7c5b71efa479fa0b4f119573d82f98019c90ebfc41b6546c78

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 c7a4063f7e4af211b3c2e100ed04b7a8
SHA1 eb79984016aa078c145d7fef20561ec771e9a105
SHA256 7f19106e602f6165c5034bca1ccceec4e78e5d9098be1ab1bde8de28dccaa62b
SHA512 9d797ccc25e655ad3ffbbbdf430af418c56d7129bb96d03e1f46d4450fd7c03d66afe8740c108c3e00d6ddf0a3b5a98bb57d9eb33bff4500187eb002200f48ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 140f1adb93285bf4b6d8689efe9b7c97
SHA1 e9569a5ee00d474e49650a91bfa9bd8b0e0d142f
SHA256 4b5101d50bcf9a88f639a27f1257562f181de95e313ab3dc63166887d5c287ac
SHA512 7dcf81d4088192e8bf4a660ec98e9b28fa5c1182a246b1b426f73bc55d4e86498a6dc0345ce857489271f08a836f61b9e5b5d2694ccba73af93ec85fa1790876

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 7817f01c59a502d8698db363b855e733
SHA1 0fa62c34f7b944f3b643391fc428db4662e639e9
SHA256 4411de0118cf65ecdb50f47e216e969df2498375f15a2d02ab015ba314afbc9b
SHA512 3dd7976858aff0846ec878ce7dc0f24327555be51c205c586aef88adb234ae9e38d3e26494dbc1cab9e27a4241b3f05ae7f85895376219dda7ac1b7a35ad331f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 6235c360c3f979bc2106333c49127cc5
SHA1 9a997479af16ffb62310751a9f9353c1a4ae8f45
SHA256 dc9d7635ffa83b084d10f3e1a450aa60486b55987f1957a09d9528e021ecf52e
SHA512 7b4848df5c74de0fee4222b5b0858f51fab20ff93d45bd865d1322ac43010fc9e693ffe1c29f54ae257aa6220b5b9ae75919c750042e57e18fa4cf115ece9e88

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 5711a26e03e3035bb025c7b93664060f
SHA1 d254b8bfdd7ded06114b6ba346094310c4dfc68a
SHA256 67e9f8beae5a28760c311d5d7876e39f413a31d1bf731296d8f864996983595e
SHA512 8000a76608704a722e9d031b00d8168715ab3a216117c0ac1f2473d4679d3383b9254815f7d1dfd3818125dc2432e5fd019510b541e15e61dfc221d95754ca6a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 13d5577968abf08158c4d6e26ea76d3e
SHA1 41f6c13cea36761331df22bb659b825ecfe4ee2d
SHA256 e54e878af86e055d282a9d3e382ce27728a0cc98fb9824f5502299bda7dd9237
SHA512 0624eb76d971e0e0a276e62b22229c0ae38126fe8a4a24c50bfaa5c77a3acbb5b12e61dbce5b13f6455e7827fc8de0659035e4a95d0fa92929513b4ece170aae

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 6baf58a2a101cd3781f537a36b2f087c
SHA1 5858b9b43c5d6d1d46ab311ac0bf2229cc01b465
SHA256 28c69b73c1874006c22307f44c795d223ec484027dedac3b4204e481968f676f
SHA512 cff403bfdd899bcb6cd47927d3d1e41ec64ce5f0bb2460dfc7d244e92e3c53429a6063b1182bbff8df3dbb143d4526bf22baa3a962703afa59f3d936987954cd

memory/2800-6423-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2800-6422-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 98b662a779ced073153d0dab9e7d32b8
SHA1 0acabaa1b70cfeb6eeafb706738d3cd148dca83c
SHA256 0ca95d1b5466fb211d0e6d65e2a213db2f738e493da9c84733abf3fb809917a7
SHA512 a28cd49cbe4fdd6e7beaf942589886d5b40b51d5f10678a034c9f15ae9443e4c811756e3612802a2bb5d11a3ea13924331597b3c87ea91cc98115a5121fe168d

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 4daa3cccb9692cebcdbd71cdc5120bbe
SHA1 441c46957351888bf74576f338334dbe8e6bc152
SHA256 2a54805a3911175a88cd34ee494a6082c4e2a53c930a22adcb4638610db75dcc
SHA512 b9c2d8cf8b1e0686673d78cadb969c5d53a4f46e6d57c88b06d1767df978bb85b71c7c0cd4d503fbd1c728da40fbc62bd843825db00c677b2343d9f3ae52ece5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a87b7bbf98d5a8c1fe66ed0942c7f3e8
SHA1 d1d027ebbf7d3d0d9c8965fa9d02444f9e491c16
SHA256 b5451a7b9e2ec77db8db704b80af757678faa8b2b506193ec1a0ff6fc3e8c94d
SHA512 1e6ddf31cd78a520437835429aa22c7d135782dada25c6876b07db2248c5ff342e8d5d7302d8818ff20e458e946cb977afb77728eb954515c48f1fd6da6c61cc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 a1b0126d9a12f3b0a8984e3c3e30c743
SHA1 f1e2b37eaed1bafc90dd2e5ee6e0df1f47e3d047
SHA256 7ff73af6c8a25bf0787e23a0272e82ed98e92d8f891c42c86c60c6d622f2539a
SHA512 b4db44e9eb5f9679ba46ed4c71470512520d91a319bb9ca1dfcb72c7fca425e1087c2c3a8fb1300c0f237cf509cbe5d75e1155a73d8e745cf98f4b19548ae4d3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 9f1ded1c62c63aaa807f37b96bee30ab
SHA1 99648281050b3fbf14f5535a687487798d872081
SHA256 a827ee7bc5b06a559c5501e1d8577700fee6990a3724a3ac2752780b4c9fdcac
SHA512 c4a0b21824f3c4a8a69a33c934adcc9bbe315ed59ab23988fe8221f866037c8a14762dd20d694824c39b5708644439037dd351d27a8324522ca76b75712d8662

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 242d080458a50ed8693bbbb28570eef9
SHA1 f660fe7cd8b34725b3f6d27a7aabb0bffdf97399
SHA256 90c8f0b1001777500860f9d116a68b1c7f7380e1e65ebe0a89ec2cfe0464c44c
SHA512 34140c392ba8c2c93f750678ec001687995f0b70267dda5ba75e99b56148fb9144418631846249b91f533638444f8cc738a2d1fa8e0a7febe862ce2a08c5cd29

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 958f67b53dda20abfef1a1040ca472e2
SHA1 b4adff05b07ee5595a6374641e4438d524f56bb8
SHA256 2832b71b78b5e1efb99d7ffe2669d1b5ad68866464b3467847c13b103b8eb408
SHA512 0fddd03afb51197930a841b3f74c476bb9ac3efb33507850ec526c03f9aea55a4e7529ad3b80c9e36483912e916887c461a8e87a801d7453a0241077e55d272a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 f84dc35d23103f200b7a329b5bc3d48e
SHA1 db5725c94742c6060d17b253aa04bee83c90d1e7
SHA256 8a585507d19b4338f2b7adca3cb665f1e00a899c27e5b1e1ddb1b6d4b1e1536e
SHA512 a7aa21060d5758b3f0e3430a0084d512568ed207128ffd2cfa25d224f6b8b548e16d8796e1e611876dbd0963171994460204a32b1cc7a09607f88bb16c6c9cfa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b954ec81ca0cb0b7496a779381bc5dea
SHA1 0aaa4512716dfdeb903b97d99f8f813737e7f581
SHA256 68c2a79c333352432133b96a41d036427639f5cd7895ce52661268945ba03045
SHA512 6687a4d68c757c86be4fe0b4bfd3774061a3dbb065022024c6377c6aa3bd4791de7b7a544a8f6025b76c5dfd529e9bc7ddac428343faf22f245904b1454e1e74

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 2ab075be554c0d2fe1d2d761ff6ca894
SHA1 e171728d7dde750356b51970d074f57bdf25a2a7
SHA256 52ffad81b552847a001712a180500d0fa0c705761619784273b13e227c15a6e6
SHA512 4ca12936de35b2cf0cc2b9444a08174d5da04f19385677eea35031173a60527ca01e913d3d3d3f08f0cb94278d846cd5924a6744131f0f6a256d509d33b4037e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 76b5a6a8ad1fde890f38fb18723e1360
SHA1 14f01d369d7e12da200eb17f9393d50a37610bc7
SHA256 a967f62034b69e234cf2a2f3653ea7c2aa1fe1172e66b00fef279e5195dc4997
SHA512 14e5ae87289b12bc6c655b44b7b452221b0e7f280da1f0d5a397b5e328ad8da8d5e703f4785dc2b3c27f9e872a02c31539bf9c390a9db9026baead3ef3119a90

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1c48ada56bb0b949a64e85f12d587ab1
SHA1 0419263ff835058632cd39cc48e2469b96a91833
SHA256 96d99bd31e6c4c26ccfe71db7c76503418ba0ee47d595b63b74131691057007e
SHA512 ad2019ddabad397ef8a994ea1ea1fb76b39cfaf0f8a4944cd581071a7871ac7890348044f33a88fa64f62cafaebb30895c3f865575e4bae301191e41b4c19751

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 275c7fbbcf8a1c3bc38c1cb9587aca7f
SHA1 f591970bb70b2b94d29e30ad613986a977b09907
SHA256 5b4cab00eb49b5b5643c9c9e7c38261aa08d232aae8c7fb6d9ce09aefdceefb5
SHA512 6e8436e7a714f8a34da82ab62168408daf8fdf61e66f7be2fb33faed07463793ab7baab9e37ac0af685d24a0c4be069fb463b37b12975107898e3e34ff637c56

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 d908b26931c2de5aa527638aaf859e4c
SHA1 1f0b523c5f721c8bf23c731764694839b5bd1f83
SHA256 f1410a948ac984335f4e693d37b6411a958fa182abf73eb262cfbbef5e7f7555
SHA512 400d6d05993174cfcceaf4efdb1c0f2f2040cd11ba54bcf05e3358d6147f1c1698e98d51a9641e9877fd3e41d76c9bad5eb10ac1ab6eaee82a73d37129a93ed9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0a37f1e89840e7909f42451cd84219f9
SHA1 cce144e5b66fa07bc5d4d9d0055cdf453af48591
SHA256 5ec228f7e333777c7db15baf1c96e3c32950305d08d5fef8a1aee91682c53449
SHA512 87abf1ce356ad6e29716eac9104589f7404f9c1d3e40969438be14ecca9b0dbe4cdfe43d12c0853e8cefed53d6dd0d50a0e0db9126c4387b37c3dd9ce0142669

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 025ca584b2a7d41d2c4a81f9d1bd45d7
SHA1 5aa0df95effefb618e2534b26ebb117c3d56bcf9
SHA256 8361286cee9486321a28e9c9a0248f915c4f07540edb7ed374d9f098376bc556
SHA512 5b42944b9ca42452479efbf4ac9f5ff3abbf3b7448a1184e7f5637e40880867cafd235a4da33274243d4291a764400ed3d2dd4c5395b5773cac21d581a4d8cfb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3eb34d3a25acdcf7c6f534db38b03060
SHA1 b6832c2c7a8470d2c49ddf768bfb235124d75bb6
SHA256 4dcd2d2b28b4257684248e78cb26bf3f6731322811fb79b4dff5c50c6d2e1c9b
SHA512 96aa1b92cda10f34895b7060fad606a8326534eaecb051302a73886bf9b6a7d49fc62c3117ee2b9387c26c668cf5a007b3fdc67e3e2fb9dd4f09b6f1cd75d055

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 40c09a67b6dce8bb51a0cf425944a35b
SHA1 08771fa66f51cb873eb98af7e16443cf1d8205f3
SHA256 93ccbbc5e3c94181349cf8d27bd029ec2bb5349a21d609f111abb8ec93cb7e7f
SHA512 9141ac091491cde1bb17042df70cb65293699407f350e2e606a4e62fa5b134e1a474454b4e9c0acc524df8d48e288444ed66ec3d5e00db32e6fefec481ea6e71

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1efaef84b3e42d09047d56b316e7fe92
SHA1 fd2dc03b3d85a825402aa9e5eaebd4072253f0a1
SHA256 cc5664bbe5abe043f53b3406c3007874ad38cb516cd1665059a481c1ba3660a2
SHA512 31a7505c6a9fbb3e5bb2804be5f4204323218f058fa8ecafae9ad8b52c34b6c69a0a09b80333908741dd170fc481a26dc9affb97f66d1f443d60bed9c35666e1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 0a2e24e93635b867aa51886a3895139e
SHA1 5b88f4fb9a1c4e96684f54e52b190749ff38aca0
SHA256 fdaa4ecf243f7472205b2c629a07527b81c604009ade298c252d3d39a78ad8cb
SHA512 308297db36e337f9734e945fabe283ca41c6d0053745989d1f3065c8dca01914531c3c8812c013f17a837489bbbca2aa6b3fd8c7f77a6e9241bde974fe1255d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 8beaf3e476b815427f1e9e74b832a5cc
SHA1 2fe362683847dbc7ab44b89d1748f91741ea5fae
SHA256 06d421e3d5733d3d3a0d7a94aa96ab4c8106f19f26b58b55aac27d6ba0ac8ff8
SHA512 76781eac93b4ae22a04585c3f82bba0276b40c351821d6eea6b042c00137cf6d67116fb91d5a6deb885c6c9fb867fa334ef01fbfb8b6a33c28235289b6dde0ac

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5a9a0a21bc8c4eb99000971ab1156720
SHA1 bc96e776cf1574f069652344a14fbfe37c5702fc
SHA256 b5c229ce098a7be4596fcd0872dd2cd5c365f36da89dffd65f40020db21a75d1
SHA512 ee9cb5f10f713e719d741e9303317ea63f184e11dd6d6afdd13109baf6c375e2255c7fcd8c7a27485de0d2d65b7ae6f0dc4be9ce044fba95cf8ecca8088e7135

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 a9f0c635db736fc248f908d6fc31e721
SHA1 b88b5ebfa76f09bba768d2aa7508a7f6bf3ea73b
SHA256 f58d9ba1ff3c5e7576aae9f07d130a350e3a427b685b30dec234cc653f2ad98e
SHA512 4d927bcc084415b40f5763066a6ec60592ce47c31a10b5939740439a098969c69ff8b56ce25e07312d03da8df6a734ab0a7ba5bddbe588903af07fc48b281a22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 8debad8d6119fe30f77ff14f6578ebc4
SHA1 c0806739714e3760b8565c4dcc1e3caf0b2df400
SHA256 8e86ea362a68926735bc5d3174289b0f2cdae541927f7f2ead525b41f10ca376
SHA512 d8294fc7d848a71af94b29d4aca9b6f3ed6224ade3bc9be73b06de3bbded395547de79fab1e752f90011a7be741a0037f4e38e833d0813eb8ff592c0a95112dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ebc325097037180c07e8d7559504ec47
SHA1 05012199f71aff718e4ed4cd847f46d84d8a6e72
SHA256 58708abfda5e941efd9aa3d8a3bc0fbf86106340006ee5b5d96b967577cf0fef
SHA512 c6830ec88f7b2e2b5bf50b7889f2663dd06d373d6cc916cf36e3eac35caae02f6c999540a693b31d69d6f1b5f917ef7972a96d53ea77900e5b8a539473ad31f3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 2d4a8d76ea63434fe71685de81513b0d
SHA1 6860212d6e89462aed69039de8b3c95378f6c80e
SHA256 dc55d918e2bbbf636bbc4f1e0f34923762f7a511eabcb6057c3fb744b3120e87
SHA512 2f423a91e49de9b72f6acd2ac575896db85f391cc12a5942cd3b3dc45ff1c9947deae8901b6a93bd154e07b3010c109322020bef547e67fe23286baea3deab93

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 a53272f5b5e03215590b703972c8d5ef
SHA1 08bcb7216524d110e885556a1ba1e3f24060a00c
SHA256 b5c65aebcab620f813589e283960122ac439eac4b2b88897793ce35f15b11ba9
SHA512 29b1ad397b60300392b9fb08b5780137d5b1a7d6f60622ae1d1413f6dcd18ab032da561bcfb443f17f2446bc85505c394d0a52bfef77ae69a8db136783a79023

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 77f021e591e3552199d38f68adcb9f56
SHA1 35127d5d3348c0643d69ac6952807bfa5bff8af8
SHA256 bdb15928c25dbca08bead905270bb3dbaa49da1070ce17ba523e2e8770375c9d
SHA512 82c15878a125f4f4bbd9739f33a9ec1a20aa47c2d80caa3a419cc63cd9b0ea6ec8345ba7524d1e055f30d47b0e6a0478cf8de300f4fe8ce2d86b080151c41c12

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 ab93c0cf76ed8794afa9d51106e20d46
SHA1 ee5f55c2c75dff4e60b7cfc77be905890ed7e1fd
SHA256 8ca92dec1b7178c351fe709ec1a43facff0b746dffd6d6f77d2c94909e6bcb28
SHA512 4684ac85b80c84997abd3a1937a9378de72e1efa64cebc6adbc1eabeb12f20f0b1e427e092504e6a09308ee74cf6b9c6872faaa1ae7009f9bc782345b3130d42

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b73e252b1c5ccaca6323deb99c85f829
SHA1 207aebc3cd5d1932a4562a7f8eec0018371cf377
SHA256 9093a012be7a90b6dc91672f7ddd5174bba93da8991f0764d329065e277c01a8
SHA512 e7fd8451abd9c1f6eabc52832fba9aa962fb6c89d326b58a66a41ca536867c6b78e856e49de1b6bad299cb27a451e07c8421cd56fd46597e8b8a582ea33024bc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 88df8d0f0b44a625f60dbf5c79cb8b9d
SHA1 57c09c069f471f3e1d76411ce6286b1919410aa5
SHA256 0100fe8fb4a5cfac801ab56ee1946d9d3bc5fbf6c8ffdb31df08508d4b359366
SHA512 1c65dfbccab674ebd6dfc6f8dd4d99435f41dc8cb00fafa02de6792378e9ebd94b4dee595474a881190895e38b5ec25c5ae6c4dc58570bbf0edaa2c3e9038556

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 0c4eebbb34177cbd7f77a88a9a72b717
SHA1 6f7afd445aa3ee40d10df495010ee2527da95bf5
SHA256 050cc03b62b820baf827a2e21645a320c55e1a487e97fbe707438995edfdb9c8
SHA512 552f6b856795d1fc17368381cfb9676392b9d00a3598edb279ee742b39966c77d4c791f15973fcd8bf14a4db14ab49f02c338ff0618c09db1765bbdb0a88d019

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 4ff9829da2eb2af443f7751d93b102f2
SHA1 97811262e3203fb9cbff103b8d473b94d2e099ce
SHA256 80e1feaa8c86d8b3edfdc09a3139fe6c74024934af3c43d26d1a8e5c43c6d204
SHA512 3354d7cfc17eca5912745c9cb67cd476e4302d92369e75b8f07811b7dc08108f68f37b99f054cc9777af2f302cdf2536a7acfc85f172eca19138aaae87fd7651

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 95b499902e310f689969f9f4770498d1
SHA1 1fb53de34b4ce1b4e7eca6bd465c8c46b4e7fa94
SHA256 e5eea3fac6ef6a4d844c95ec3db5afc367fd8c10bfb382d59b739b6582936082
SHA512 619a05699fc1ae4a6aadcf44ef381c97b40492091ea0216df9abf8930f53d7b0d61a73e082331fe68d6d543f1ef987a44204560469c6d5af243992cbb2c1493d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 c44fbc131d8debe5148683b194686bf7
SHA1 f19dd0e9704210ba52f6f30fda48385a9ee59daf
SHA256 f90c8941ad3c742aa1fafc8ca2441e6e8862e5f8ce558bf45c9cab428efbd415
SHA512 99c0035a64f5144c6e2793c097570683944737b75be036a70a4b15d09fd3471c5a16bffd3ae3e51b01d7d1612b4013a3b4c5dac2f6cbace54894089c555e70a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 3740fd90cc521c86b70b6259d1a08a7c
SHA1 4241d31ef32afd23efad384a6cb16f27c7646f49
SHA256 7894c8abaab7251b3a05e38895f561562df219555f5307bcfa767c653db9ed11
SHA512 582c024da7d34066ab9f3c321cec028bf86cdd9364b0e9a8daeac325568be2b9e78809639195d5c45b5909ede7a88663a12380b14ee36b83c5bc064e3f7b5884

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 2edc34dda5d59ddfeeada9bc8a08278a
SHA1 2528591c000a7232867f18a43b3159c4a2a5fa6e
SHA256 4db2f16b5f5ef91f56fee48618c05a2a577a0bada7375e03420ed1890dd9c167
SHA512 020e6d362210fc5d02d56a710571938eacc2e2d5fa834910a5f10cbc4b5f494bf264661e311dd95dba7c3bf756069e992f362a68a8aec01c06d335aa76887009

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 95fe4ce8fb5f1c78f81e409c4be40a93
SHA1 339051b0033ac3c57f3c88c4c6f536b603a43ca6
SHA256 196cc3e145935e11ab885c313c49e4a1c01c8ce3ac6a6fe0ddfa68e62d1f6457
SHA512 ec9bbc27138a109180cb4f683d964ad1f645969c95ed92a82ef0e24c37197b87e96fabb86371025afd41ec6633468fda1047e0aaf12ba11256cf45b9fba7741c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 83281a45b960a16b809fcdcae875ff1b
SHA1 b057439ac7ba88698d87de1bfb56cde5d7b2d9ea
SHA256 ea8186185c5a4026bfe596776c9dae9645543c5cfec6c5a32243f1b22b410180
SHA512 ba88a1234e58821eaf60e03968e7ea7d3f5e1c2e1c94cca4a5d2c83e7f5e6da3fcf6b93c9490358c06d9e42f21a8f3383a7b7fbd0307b2f471fd8cb08afa37cd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 725ccb8bacf204fc69b0d64080e87b5c
SHA1 feb0cee790d6655e0f62dd3e38a675981dd3f48b
SHA256 b0f092f54f4bed7a1a1eee71a5e5aa318977fbbdcea916555b6e41a6ebee4618
SHA512 61a303dbc1472e1f208f0a7657434f8e01ee7039018a7e762689b8ee598c1a8d1a63f43354a32727f3b98aa74a508fe06409d3c07f9e5126c9050ca036f03c51

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 0caca2f1ba0ebc611c55967504f1b4ed
SHA1 195d20557e485ffc263760a7fe82394154fe7e43
SHA256 127ceba7b31ad71db922a9a1ba258b37cb1b26c81f8f26cf69c0097009b00756
SHA512 9b1ac70844bf22ab6741701da53d79b6ebf370e990c3e2ec46a7e35c2a146322fe8da44cb7ce5a7ef500cac8857a7be3b43ac2177da8b78b0abd5a9cdcbb164a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 300449118cbff6b3120615029be104a4
SHA1 33f33a6d00c0dbbc5a546e041840819d0b1f43a4
SHA256 4b936a8486d46b4840f0bca1f3b026c82ae36fc0ab152995360629b5cd3fa35c
SHA512 b08b892352cdda458ecf81a694eeaf0feb1cc6ea8f3d5cf999b31878bf76e22ccd1111a88d65dab81a7d8547b36a078d08969f76963f8c9255b356eed4947e38

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b8d395f1d996a6632bcb945d64743bb3
SHA1 cc2b8be14606767082cbb621c7b1c3d9aa534593
SHA256 32c0ce931d2d66cd66d89b40897529ab328cc4ce0a4074d0565e6490748f920a
SHA512 0c393a4fec614915906ca484392bf6cbb90193a51d255d6d3690a3aa663ccf4873798c7acc1baf1d32df22b3cb9c285c4cbfbc6da8c6d345bbe63f02e1200f6c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 607815773595a168cc7df066e4efec7f
SHA1 aee6ac695492b2d3370cc8aad9fe27ba392ea00e
SHA256 6c75ec48c9ce874bb724b26902c0ff49c59076ac31550459fec2ba2b4f854ba4
SHA512 4c9415fe6970f6f14f7f813ff195e70b7a258aa6b8e48468c2b678c20e8bdbb73c74aa85ab3074642f0a7fee0266fe7eea00354b6994f90692d6a82af715a103

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 18d921f530efedb7b619a6f52d355b62
SHA1 488ec2d7f8dce4282479fc91fe5184a0e4917367
SHA256 6d78ef71e6416a512a1d697baa801506df36fb63aa938b01c3f81eadacef8f96
SHA512 ae26fa0a42cf5105943e759516f880e2ea75a02e61697a7e5b6c735007396b89996fa21a9f6b3a9500c8d8697543e6138406e2751d40da58657cc21b305a79b7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 2ccb9b4695baf73d1e90ae3135f8ecaf
SHA1 c130c9dbd2feeb52436fdad2d100443f682a72e1
SHA256 5fe0e7b3b2bf8d7fec543c7f08767f7b39d322baee0bdef1e076db344736b5f1
SHA512 9a7e658f397ec1f2f8507fa087c547e95fb7def8ea762bcc2e85de8df6589cdb6724b0008c1ba9321e009690ae66596cdceed08ddf8d05922e258fd1035c4fea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 47576701e6424eaa5e0b0f8804469b1c
SHA1 82636b6fa3069b6dccefd9e2ed1c531a7d238e6f
SHA256 90151cba2e4bdb9efa463874873f0ffbcc96e3c9bfd11dcf4c74331cec4c9a84
SHA512 0e35e8218ab1efb71fee4ae152061ddc4be706dc7bba81a7e0ef4db31b43f82e2203b9e0550c5d05005c8b6999e62c5f42b58d2c62f1579d04d7369f7b395948

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 29bfd53030087b4c072ccabfbcec75ff
SHA1 38f50e67f488cc588fd4a7b0e5ea295b96d21345
SHA256 274f637cb0fc91632175eef0723e01839cc6247607ea63caad4c9c2be53c655c
SHA512 5c3fc5c419ef30da6b967fa829a79b9959841664c0d0e2cc0f9b20636fca25efe78ecbf60ce73aadcbdda80c401c995e432dab433e8a8ba8975d3fb138ae1792

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 2aa0b0cd1862924ed6f7066c8f6fbbd9
SHA1 095ed1be35c1ba2afbb7347f7ee903a3acec1ad2
SHA256 fc3d4e470b5868c6deb5cabdb4e1af04e0d56debc64d6bf1a4b1ca59fcfeafae
SHA512 84d66c8c5c017a417878f81bf183661813eb05cfafb902ebf879f7d214ddaec2ef35be9e16d947121cc468e05c0f1dd900aab9c2e8ca84c13572ff3f342be54e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 9f55b384e1134debc42d014b25d10041
SHA1 56f1471b1fbd0cccf974e0b4542f98f068e227f6
SHA256 f0b69d3e6ab9ab3ccca63b1353da442bdaba26841f2ebe356fc339a5183a37d0
SHA512 7befaa35d38a6bb650b04747139354680a51bb4473f1a873b4023c2681e5f9a5e01ca514b973e8da8c554062cbad3573c8713c473bc53c8dc0490ba1d8534740

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 d870dbcffbb75d75937cd4a3a5ca114e
SHA1 358e83b79f7cf31ef842e06d7b60beaca0f617e7
SHA256 763ca27fdc8dcdab73a4f81040b0a74fbd8d17b3242309fb745b33518f0e8e58
SHA512 2643d297256495a9ea19e5f9c895bf5fb4230bc9fe3dab4b3663aebd24971b7c3867f0e5dda6bd19d01d01e46292962516a1f9a9c559b4143803e240ff196ed2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 fd2505daa09b4484469709774bf89834
SHA1 e457daea8dfea5e4f79e94d7b406686f17db83aa
SHA256 08ce54d87ffb8a89424bbaade4608eb73cba489f1de05b9d5e528ef25ec04b66
SHA512 8ae9be19faff7833e86aafa3f7024f3de7b29df6ec7664d87cc379a7fea190d85a193efb952f6fa6331939a221d1a48d19750be7439c610e899a45608b58578c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 2d1aa3e1848cdbe727debd0fc2b29cbe
SHA1 9af437583f11dec9766ce6421d5774feb26d9963
SHA256 36eca58dbcd5834e2a9470482b0d23bb0a9f20b2accc70aadd3a5b70699947c1
SHA512 122eec2d835c0874aa0314cd681310794b6d9538ebe758cbff06ca1491c4ecc424ebf3cd9de7f1483c32c43511bd6c6c3e5af04cdc1692f557bf55d3d509699b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c15398c4b70a427068da363b240f066e
SHA1 a3514ec69ec173fbef9677f6a9ed4e523157db4c
SHA256 8eb5683f6f02891ae488420944a2a2bb0611c4387a4dec7ba91361239b33645f
SHA512 aa54e90f28a7ef44b5bad2cfa318c902a437d7b686d10751cc6b366cb6d44afeb0bfaee6d9cd845435b2b9b39254d34a2030cc655819fc4bc8edcced0371e7bb

memory/2800-10915-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2800-11051-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 7d41d899a515f415a9a3336e3dd22c06
SHA1 4b395ea7125a3d5dbf241680d4f8bf49dcca8b63
SHA256 718579ccc2626f5f72c53fb2fffa42e874d746a05f32eb37d200e1553f18e59d
SHA512 ff097bdfe73a0d289008eec2045450f0aafb835ef383cfbfd5b784f83239298e7ab0a98fa5343c362283b2f75005d5655d790e2b2054a772451590e87894d732

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 fcf902d08eac858237c6da0e28a01415
SHA1 7e5ab6c5bdbc13626b430736d92f017c2c57db62
SHA256 93fe25f357b51bf3d21ca7687e0d677ebe6b5b5e19c7af3b808201bbf6efcbd5
SHA512 fe98a3ddd3afa89354850795301233e6b88e93f08d616f6dd97f3d230de38c4c81cfda33151b3008083cbb441798a7760dd5aca808c01737f637529eec94c8f4

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e3d1bc584f9074d3d21bf34e98a6f057
SHA1 74792789fca03e8d2a3479ae9bc8a93e6df244bd
SHA256 93b981ff55bc24206bd901457dcc91b97b8e48fa60a69d3488158d650e7b0084
SHA512 5736a75fe4b6414d4907684417424e2e05ea182b3ac179453bc959eec689f6a9addd8ef2fca1c8081e5cd85a42643c94dec8c4acfd9b62cb11ea486080611349

memory/2800-11354-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 cd1596b0077e9256fcc48793559639b4
SHA1 9980304694c110e1d6017c807312a21deb1fe8f4
SHA256 7225556e8ede3046456a7f9e7c24a189f06e2b5002ed961e2f684eb1f16773ed
SHA512 e452b617b5a2ed9d4387c874b3f51a084935bc35ffc0c488b3d6d8e90e6c8e28b9eb7ce979193da855f27b68b478ee470b12efdaa39dece5dcd4a63d13bdf630

memory/2800-11359-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2800-11360-0x0000000000400000-0x000000000040E000-memory.dmp