Malware Analysis Report

2024-10-19 10:43

Sample ID 241010-y9abbs1anj
Target 31b39332874eca4bca19319073c479e2_JaffaCakes118
SHA256 5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a

Threat Level: Known bad

The file 31b39332874eca4bca19319073c479e2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2202) files with added filename extension

Renames multiple (2212) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-10 20:28

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-10 20:28

Reported

2024-10-10 20:31

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2212) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ja-JP\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_neutral_b64bd08009e7444f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\shared\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01237_.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR16F.GIF C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178460.JPG C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..tlocation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_072fe70b1d7e90f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6676e06742a646be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_82685c3165ec1ed1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_ff2b8a4884ab92de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\500-18.htm C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ftp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_11c077150164ec89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-van.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_131456d641478b64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmaiwa4.inf_31bf3856ad364e35_6.1.7600.16385_none_0a4c2d2390747c7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1112590f53def0c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d33f52c4d452cdda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d56a30200eef5448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_5a1caea4cbe265a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\Boot\DVD\PCAT\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001042b_31bf3856ad364e35_6.1.7600.16385_none_fc100c396281ee83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_6.1.7600.16385_de-de_04e121dc34bedd1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.core.resources_b77a5c561934e089_6.1.7600.16385_de-de_ea7f9306bf75036f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.7601.17514_none_42c1a490dd943b8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5c34e511d6176915\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000412_31bf3856ad364e35_6.1.7600.16385_none_43a886587d9fde59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_es-es_67e3340746b4581a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\ed852e32514b415cfb4ac81aef9ac0fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..nager-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4e7184a05a464c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..terface-remoting-ps_31bf3856ad364e35_6.1.7600.16385_none_ec4c512325381e78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-http-api_31bf3856ad364e35_6.1.7601.17514_none_53d2426eb3eb6414\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-edition-transmogrifier_31bf3856ad364e35_6.1.7601.17514_none_17983cea99707d4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_6.1.7600.16385_none_78226e0a149a912a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_918f040171f9e5cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7601.17514_none_b4855976cd77e0e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_618fce9aa33b1d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp4.jpg C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-mcupdate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2d7fcbfcd4689d82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..esframework-msctfui_31bf3856ad364e35_6.1.7600.16385_none_90e0e8d4377a2ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_addd519b8d9fa248\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000447_31bf3856ad364e35_6.1.7600.16385_none_50349038b09403da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_es-es_62d5e8dab0b2dc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_bthspp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_96b8910de8c5c670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmracal.inf_31bf3856ad364e35_6.1.7600.16385_none_94654f616d035e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_moon-first-quarter.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_41f6f4bfb8f74cc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.1.7600.16385_none_17aa1c2a6b40457a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ctshow-dv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_00e561f494950570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-opengl-mf_31bf3856ad364e35_6.1.7600.16385_none_27505f112f7632da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.entity.design.resources_b77a5c561934e089_6.1.7601.17514_es-es_98641e8c865842d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_es-es_04169dd92e463986\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_8172f0ac75c192a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7601.17514_it-it_6bea2b15c90be7d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_844f0ce25f4e0ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\01c92af8d09572a4e4ccb46e3cd71d3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.TextWriterTraceListener\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_unknown.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bba07bfbb38eed30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fdcad8d0c00fea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe,0" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.4500 C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.4500\ = "DKWJUSNRKPYSAQA" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe"

Network

N/A

Files

memory/2096-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 cdb3798b506c83415f1ecac9ed49fadf
SHA1 ee0bb0481ecff660fa164ad01a86965a427394e9
SHA256 1a87b80d731c0823b0c4366d87f87a6a392193d257cf24aa4f3e37f31270a73d
SHA512 002541e5d21f8484563bd180b01897f9403b320040d86d7a247a691191826c0ea227e8285f4a3919de05cbcf4c967e7f55d214cc19461f412156646572c91f88

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 e48401273ef54baed1f1e7d6d0ed4302
SHA1 ec304bd66560571618de33d43c2c80bca71bcf34
SHA256 2c98db9ab8c99eaf638934d63eb6b6ae4101c4bc73f2dacd07604451252d8dd4
SHA512 e7de74d0381c6004ad67568ffa9c631493e2ee462ab0390625b3c88eecf45d773b002332228c661904572dde13460240f4eefb7e9e61651a8b330a2cb092e42d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 cb2ffd3189662c09f6252b5e607ef242
SHA1 67550d1b3bbd133e90409751e2a827b671f53aca
SHA256 da0aff68f386eebdb6601defdb260de602dc032d6aae28a487df658f1582d5b6
SHA512 d0240e15ba2049032edbab15783f67ec3c37cb5461b0eb38d15b019d481f6e4e7a2866e0a473b949663174a65f6bab24b63660138c81cf7cf230f7d40abd7e77

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 5dc6706c733c8f1ef99bac2056543f7a
SHA1 af3c5497599b0a7c0efd81c51114d117fd40af3e
SHA256 6f4d10c26441aa762e488a39ddc7dbc1e62838d415ea473d05cc83df715401b0
SHA512 fc1081b1fcbb0d71e03456fb8e5d4d44f0e04d2591df468648c5ff7a84ca9bc2bc31b3e04fb4b70e88bf8fe1186e337bd161abf357dbf0d4cfc8a11792307571

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 f985cfccf873bbe036b0698495ed7ef0
SHA1 6de250e260a3e6317c91348f86a08f3d8f531fe0
SHA256 665b864a18688e4fddba14fb593d0cc2d2fda8c1cadc2b1e63b0a1f958df820d
SHA512 a035f9cf6f4bd9098ade237123d7d8a25ce7e02dab04e826efc0a4d6965f510f76faf1ba32bc9ccba6368bb714e35365442249a6f63c3923bf4161c659a5e27f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 066c9ba4d65d83e23061f49c6d5e7d76
SHA1 46d8c0b865f95a109d027313ae276682254b035f
SHA256 c4a07a450dfb1ec07a38a59846ca6aa42ed07b9f76037247a478934826cfbb8a
SHA512 1f140388b4e3600ab906680984dbd9c9736c6699592a14e770cd1d17170875e31366cb009ef996a139bb9a6e4fc780449a63b3dd1c380022428c1ffd0418542a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 006fc73fe2c29d902f2275355f0a508f
SHA1 4b71a543bea30dc94bfa197557325480eb318aec
SHA256 5d05320ee78d947b1f3f3c7d534aa03776ac391bccd17d5835323b5b92e47108
SHA512 46163ac9f79ea75cc4d365f90cabeb69933a1b3d4f0d72769d0a40a2db596317171c02e8329cd7d4bcfbee04cba9a1e4eb87fd192899a05d9bc1f9c9f3f8678b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 bf9030db63ab685dbb4a901d2107bcba
SHA1 5352e4b771fdfd8ea977e6480f581e3de1ea9ef2
SHA256 71087c44aa4fad11de15a30dbb1a3ab76a03325080367b53ce622fe9e1b3cf9b
SHA512 a445994c5900f681f66cdc479fae590492d5b6de422b5687ee193034e82cfd5efc39644279919f87b63464b99ae98611812662a2acb9f080dd89ed2240919549

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 13908f649c9ac359441aeec3ea5b5967
SHA1 daa0bc5a7cf754c50052039408b61b30cd06683b
SHA256 f7b5e1d7dacdc33ca4aa9a44ec9812e6e1584a87de22c8cc0b9f906068a6a24f
SHA512 1f4abafadd0e9d313cbe74acf2e48efdd8bd9aef502a0cfdb44d76b1857d069ee877ddb349bc3a9646eacdc0f203a5aef722227dc244dc4f62e9db72298a093f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 578ade5786ca5cfc6058cfd382e39ba0
SHA1 67526d6a4374575790ee87a4636af7a2ac0fcd13
SHA256 ec441880cb9665874c09a23f2499b81dac08ee696897141ff4d6b005574057fc
SHA512 1f94b8b60c6fbbac30d129a3c92643743d66f48510df23dc7f7f560186f722a765480ba365dde0ac9a923aabe2ad6a93b9ee32f635ad3dc693d5de480bdbe921

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 7a14c064fd45e91f186f2278bd627208
SHA1 f01aba9976e11c68ec44dff80f9934db8b3f4f02
SHA256 3502a61171670ff8bd2da79ee88202d50596d91c95ddb01e770a7838a2999d72
SHA512 865b7a3095bd2d37ed89613065783c99c361dcb8a807d3c80d4e7958ce625715c4c1be1979f3002e33455c77b2c2601747f85ce2bf847587794ca4837cbb2519

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 77abddf73ca4b126802a9708e93c492b
SHA1 a7520048a503abae4d7a16c0f55f6f1b5d03234d
SHA256 9071a3971ab00cf21c05296b50d8df540104f45d600826067ec73d18533d4553
SHA512 9312430b80a5f9c79ef8df90ddc3443533d65962c9c5e567e7cef88d1ea02e982d0fe9bdd8fcc2984567b55cd596658b79b207674be339f5e9a2b0ea11dbc016

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 95239a44754981211a39f8f05f95b5b4
SHA1 3085718e119a2d60c9f0e5e5b37e8e0b2b60e7e5
SHA256 9f04f6b3f75d1b2754af19b66d5b86e052697eed4563fe33be9083d2dc3ba3f2
SHA512 7f03dc53aa1e5792f4310906b2f4a55a7fe54d5dd0eb193e6a90a224783138a0ba0a3b6a18245df05144dbb6e664ec2a28e79b1d34b31a1fb3148e383e8bbbf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 b1b4fc1f1e09ab1e9f9d62967cefee69
SHA1 0314213580e739fdf8b08f60cd0b18e29930d2eb
SHA256 17c9959a8b69b9c973c7cb432f0517601c946fc247ab845498f7aad8b7586dab
SHA512 b9111773a8add51f0a9125c7456e13c8041e5173923b1200270854c94743f0b1d702e33f2619041af675ef5d938c65e46a428dbd1ab294f0856011d3f11034b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 71547d510179aa14350f5119307f6f38
SHA1 766ff64b89cee424cfe7671807bb4d429770da6e
SHA256 a21c4cb6904b930b56680e56deca6939ae7da83a8589d655aa44b57ca5edfe66
SHA512 1dea115c37daf46b73416f879eab15b7dd6eafb11db3d83842ea7b451f0b302ce5fae956e92e874136acbdc33a45d7ba718ba70e8d4c750f76e002dcad234cd8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 4307ce3f7dd8c62968addedf615fd316
SHA1 42a487a36bbf6044e4a348224be763712d637ef6
SHA256 4f4734083d37700a035c9ea63b144b3c53cafed9d88b4995b8da5591157923be
SHA512 34118e32659e68efbcea5dd56066ebcbfa7056e47d17b795f6ce69976177e419701dc56ed6dfe549b4f0ed8fc109c7082bec16845b94ecef2f57f2e5da7a218e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 6887a77dbe50bc8eaf3465b103e8bae0
SHA1 ea86c180ca51fb1805721ae701376724032752ba
SHA256 7733ac2bc2a0a9a648d4bc17ac0020f325dd18dd60ea168e153589b0a6a980c4
SHA512 c63e812a99b295329d31d51482a29e894b5d89286c03a655bb3d0b75d9cbf1bd5b0781d125276d6b01f81f05284d9d898fcf86771999fe84e5c527aec855eb50

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7201ecb24c207fc2cf5031a3b357bde4
SHA1 384980539193fc480b6ebf1ec58c3a815a90c284
SHA256 e1c73b6314327045853fab2a62596ff0fff436375b35efcb3d26725d6637d6d9
SHA512 1de74142bcfdb3e12c8b5ec7e049d3c4ca9da59a6762d02e9ce9e11349946cfc302d3748c147e967a804f907bc3784b36bbaa949b0089c2f1195f80e8f931d5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 2e786cb809c7c1984fa2754a8c973268
SHA1 cb6a3b2dbe8733fcf919817b33d7737accb5653c
SHA256 a7388287efae1c8735d1e05b90f5a59735a805357ce8d91be1c8e870475e2f3e
SHA512 d9d86b589ccf44694f0fd0a18d73edae99f3816ec643058147c44629a9d79a86d0a6d49d568227414b2b72fef2994a826c72156f5c8e3c534f50c2a50a2f9e3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 10939cc22c7ad72c280713c59b075809
SHA1 fda018f21ff43fc4bb7e6b9bdef168a9c66a0b21
SHA256 d23a32b57c0c52776d8b79350beb6ba7ecb3c1153ad3068c088d7df32f773529
SHA512 b38e1e9d300a01b10288faf109eb6ce609979e78d07ff69574217be1df872388f0eda7bb4630b1dfe4e15f9ca221d8a03982d87366631841c5cf8bdc56dcea0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 0382c1c9855f7ae08bf45fb32ccf90c4
SHA1 3ed5b5942e9a2eb68ed63b100ad0137e94970721
SHA256 5e960ce28bdef67b291728d8353b27dabc6445d95af3673204646d606a17fa4a
SHA512 9e36ab84659d4d6ebb85d79ea9c2d35ae31836fb4d7abdb151c4555f6d27ec160c1b59a68c6c09bb9cc1aaf9a7b841be63bca36dbcefc12423b72302e906346f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 eaed1550c5dfe78bc92cec6bd2df273e
SHA1 d85ad9f2a2e39d25ae7e8817d68ab832d64bcbab
SHA256 79a8afa229235ceca01996ce0b53a28728bbe353bbbe109802e8c898f420853e
SHA512 e462fcc55f1fc4c04dba8bd014dee24df3704cc6838c853120727b39623425a83c4f4a92d4026986d6993526f0af798af6e1e49ad0c67fe3a4c90b2f5c92437f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 6fb56b3ea2f4cdcc79cfc77a872d8623
SHA1 6aba24fdaa87031ecaebdbabaccf639eb763fd16
SHA256 5fe64b0362d14f44a31ab9adb6e43e6c5ebfc52837b503d965ab58604babedf2
SHA512 fefd63d87f9c91d62a9b7ed6108ff7b3f673bea6066e2d241ecb4d815d29fc84fd1ea0b5f8133465c4531facacd2a3ed96f4141e7dcf3171729a361dcda48333

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a6af9dddb42a462ea8939b9f4b0fa194
SHA1 6b48d139ad9b7dc1aec8242e459098e1552ffe45
SHA256 ce4d4bc8e1ff048c638ac26d3d61b1ce215d4978d16fc71a568f4c4ab30f8763
SHA512 af2b6e5d9825e563ba94b3ca8c98fa1c7d2c33e6ce1cd827ece3d8ab26b89cdecaf475906daed17e54b44f61a53a1eb5c2134a02dc258cca08429adea94dafa1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 3aec257fb74899ca99c2e654aad7aa05
SHA1 de5576e38f2427d4215524e0b0885f1f8e711136
SHA256 7976b6787c5cc87bec46600827452abf3fd1eb3735c8c0f357356ca2dbd29b2e
SHA512 b68e5e42b633ef368a7ca19e725d58f576e9e22155c8476d56e1826209387bf1d2e6b6d9ffcfcab93637330606eae7444f4e2ad9e75aa80c75a9b0466f30c3db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 bf12f387bc11468c3b8a5d9f9957fce4
SHA1 cd70208fad7a625945993681a4b48111b79b32c1
SHA256 efa07234113144a2c044dbba2ff90263887bc8c15c861bd7522930f4ead330be
SHA512 5678ed2a3b67f34a9f000f530d2d80defca5138136efd8a15d398b2ab307b0c2d49a11b685fc18b80dab370c8feb97ff144b4c28113bcd9908f2a7f23b00ce3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 ede84e3563132d0930b92fc6126306e3
SHA1 7f2e3705e60c7f85be0ea3da02cd3da200abd025
SHA256 787c6f7acc7dbba8efa448e0edefc5e013a1bf13fecc8be80f2090f7dd4a8c59
SHA512 de08342382a6e368095eabb17093278bee1727fab1af9d217beacc10fce76979cb249ffd9ddc8d9497d527813abaa6b8802bc80ec2511d0d3974ea497374876b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 5235dc189136023dc808234b6e4c7ccf
SHA1 f62b9ec86736efa7690ff6a652df65577177466e
SHA256 095a8b0280aaff0e5679253b51602444c30dc1e11930ee467a4746d5873159c6
SHA512 51094dc09d0260856ba90170efd458139ddb6795bb004eca093695501e00e955e63a55b1addba9615949b93d7737df0c3f958edcb4fde5589b8418ee866af518

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 c913ba25798d713163003eec70cfc83f
SHA1 2e327cc209f6af2f07ad8c4621cea95b45da4ad2
SHA256 eae6b5b3e3e92875464dad9fd5e0774f7e0b110b0f7628f1ddb4a64856c8b6d0
SHA512 54652caf535a62e0a3c0f9fc72c967c73aa7d23f500c208c7219202b63e5501d6ffe9f3bc0835d5088535f2a55d17e3e8ba7ca39290fc7e2553dedc1e06d8438

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f7fd58645fa8d39fb3f72694726c0bf4
SHA1 e8f4a55cfeece6e8540c80883fcd1c1e6eb6a9b3
SHA256 0c2426fc242eec9b2d8fafc04bc7611002d33288a125935f0cb79f344735ea78
SHA512 67995b4ac26a61a77da58e9b633ca4113bde1010df28deb690e978301bdeffea0ef0891bb787fed425af2c0f34f45018fa5c9c1e4fba5f91f77e6a2a261f14f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 024c8cb193dab7ee13e3d31442d7661b
SHA1 0ec5e620fcb1c7219359467f41df23c7c7e7c66d
SHA256 5c8acff066aaecb3e2a96097b0c5ec42589bfea80d515d803bbd21bcf13f1e23
SHA512 9b9d4cf85aa036c6843815f1ad32f58f0be01c2cfadba29737489951da369dfcdd6af52d333143906774755e339b26f7fcbff02243ec97de315e7ef7ebf436a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 1f7d25daf56fc2866d17ad3f05d8ec2d
SHA1 9a3ff106f89fd548234f06881b1a2056ca697a89
SHA256 dd9433440ed4d69bde53eddf72969512b3e4ebd7426d1920ba124e7b12d26212
SHA512 e795924aa266748ede5103a05fb6a3d3d5c1843a2a82cd987b6a71590c5f95067f18346860003db366ce8144b3f06c7193fe6c2d03166b8af03727cc592ffac7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 e05818d52c0dbc8bddd017de2d9b543a
SHA1 6fe9c8030f0eb80fa97526bcb0be9bb88179eb8d
SHA256 02e316e76db7a8a0198c828bcc7320f0d03afa23aa0378837d0bc32d4e5ba97c
SHA512 9cc79e76f040242d372c4a2a2b7e60ebc0da37583b83a5dff3fc69df187baf2b0ffb599be7a9605cc3fe12c0806805cc2aaaad3ff65046db758ad8ff927425f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 a000fab7dea7350d658fc8a179d28a3a
SHA1 4e382d1092ee08efab9848047ed720eb9071eae3
SHA256 ced17005cd5946789f060e0823fbcba4265b2d1433d24d4c00ce44b3a1dae324
SHA512 fde6aabb9695c8e47d9d89ae02e02899f0ee70de6983bda901b3b46b0e85815d6902ba3a8d797e15bcba5906549b394e88ca6a68e5aba0d95277bfa9fdc6e16d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 01e623b0509349ce181a0b45a08a2a61
SHA1 1ab97f3082a698320b39d89e435b600e10052e1c
SHA256 c737cfec14e6d4a732b9aae498fe86db2877427a741a5af34d17618c62556647
SHA512 46aa3a3c5a9ca563ad9673594be658e3efcd3c4b7260c32541d939a562776d33d73df8731ce4430a71ad872d8b31a74404739fbc7a06ea52b6e25eebf0041350

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 a546276757880b199d95bcf7ce89a78b
SHA1 e9913a6163dd691f8b5511037a83ebd88554376d
SHA256 c2caad2f24979f3c1668227eefc5ffab64fbc5daed44f1eed8fac6738d98d900
SHA512 17781d7e17fafdd8f0c99992ad6f38ecbcc02e4a19275bdd4f9084c74e386bbf7e4fe567238278c1900d8c086693fcfdd468fee6115a23fb9589cc8aa2f305f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 47e6e16ccc8d38deae367896709cbb65
SHA1 c770b7d825762169deb9327f50d50fd7353e0e93
SHA256 9060a76364813600dce181be1a1353746a53b9db4aa9ea73e184c5ac10355b51
SHA512 d5f285e74680aeef7f6e42b2c76dd9b63668fd271b938e6d5b2f2f8249b94e2d985a025e1bd670608c1b4118edb63516447bda0fcfbb5f439ba5a419d4abc98e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 fa0300877a48442c1cb56023c0c38c12
SHA1 ff886d9daef43907180102b745e5012224f0354c
SHA256 c87b14c6b6ea19e8f8a2b8760b0e9476b08e9b4bfd8d92bda9efe698de67c2f7
SHA512 0f2e1f02d7ff8f9c9b250553d4abfbc47f4dded2247124a293c1c7db874804b12730af4814809f232768efc8b2bb8bd91eea570f711f10cd1cd1411611e35514

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 c332b9b33e152fef24c1d0e0087b01a3
SHA1 f17d6a3e462711517f2a266707dcd96d8d495710
SHA256 de5e427e7ed618f93041ff887fdcf96d42f5a77ef8f2131756391f0874136808
SHA512 a17980ad65e707d450b8a561e07e896193363f8ca21e3f5378577d53e8ed9060bb1a9d468c8eba66bd8b0b6f8a0342d5613dc9dfc55bd8c4f192b1179fd6a0da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 7026bd202205921fb569d0d03754af80
SHA1 cb31ccd8fdbaf15e21522963e0fab0504180b8e0
SHA256 ea5a88d5e07e42fef3176eb4de7712d34701243440e4b92f98309457f608e5e7
SHA512 f7a4d5b2aee9b647099207552e8bac4b9ce3bbdcfaeac727646fa43282c05c7890c7384b199f2509699dc058cb97fd71bc71823daa5a4154814232e53a68c15e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 502ff4a671828742f811d3effbf44b73
SHA1 21f50310b13877a6af9618333a75cdc5a0f3301a
SHA256 2ce1bd85a24ac3ad0fb023cd453b86e8adb43babe1de347fccf18bbdd35ed9e3
SHA512 049a774fc7bb1d7d7ec5f01f60d17d7da53d57a5cf375db6e12501427f8f2e76fe7631cd725de601c660bb73ca40b44bd127cc7c7352c81d1c6b322b79eb3012

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 d17f2b5cd0f7147baac28b6eb7b3ecc6
SHA1 b02536277f863fc5e4250a619b1c1ea5dfbaffa3
SHA256 0de80a4e5a93011fb73888a326fe4cedabddbdd47175df4f810068755a7caabc
SHA512 21ebfb6e59c0e002b4e7b15c5b67fd74b40bcf88eb68992080aafd358d050ddcca515d86f10067eba2462d0baf032e2f4a8d9e234d07a512ad310c5f7f1ee8b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 1ff343ac10e61449ebe3ea37775bbeab
SHA1 f01419c8e1236cb401d88642134246232b7b4b5d
SHA256 3573ea590dc472b7aeeb39028519e6f7322e57d52ab57f6ce32cd5466a3cd8e8
SHA512 6e8129f8d8bb670dce312006f3b5eb68e50bad597bbcd601d04d4e6b7896f4c59901bbfa394d054469325a3b9884d0c05989940cf580f75705371fdbbd6f4305

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 f6a577df961ff6ca6f6b0bf5c8d27455
SHA1 926587b00bcf594306d612da831c2cb2d029aaed
SHA256 dcee7055081c5027bab7624f064cefab4f49973ecefae5a4805c88aadeec8001
SHA512 48a8dc4bb945dce2ffe949930f4086557e2260967d6a9ca56636be1f816a648b711d06ab24e492a7c214415d4958666d80f3f76c683c8c7449184aa4e8e1dd06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 a783446797dc6311a534dc2f384b6d00
SHA1 8ada16fb4bab974c3923a4d7f2e9faa41264956c
SHA256 9f96bde879190483ffa9c683bd2e9f3fed3833775b2da58c11a27efaab137d36
SHA512 7ef421ff6e8085b945893e5f45a90a7fa9cecbf6d887ddf6471131fefc76247a53ca52490beadf514770e3e9423a16befc7eabecffb2da29ee30ca11281c3199

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 e8652c092b056a318d186b78bedf978c
SHA1 13bce35194f32beb58602bd5a461042583b94066
SHA256 6007c5ccee645f721fb5ab69b869cc752af3a7a63ee43eac2561d746769dad84
SHA512 f695a9e492a8ba8049615e132c6f07a89495497914eac8f557e9155d1ff17188af18250448615142c54d05f786e2dadc6904676f81a0ca29d13a5bc65b2108c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 6126f5cca50b340194bf0fdbd2bec1ad
SHA1 2ccc3bad2a2727b299e9f1f174f9c5c22dd13d69
SHA256 1d435eec50276655a037cc43bf383d2d46d3269d3a9d00532bb3e3e4c5751cb9
SHA512 41493ec34d522a644cc606145aa54362dda4295f08b88514541897003af2997a4f9a7acae99b4e6c2b90ee4cf2f6a50f7c5d542a3a34be950fb429c55b47664a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 b42e5a529f87c2d0f4d1ccb311732a2e
SHA1 e53e678be368d79e1225b970ca43a09bcd01392e
SHA256 b08a9bb56568d4d58cf8df3e84bae41c6e9a3138502f89751924d1430e30ac0a
SHA512 29dfdcdf34264dd8fe059ca6e4bcb64be64e66e7022bd640f6486fcc2feebfbca0462372acc3efc58636651a84a79372542b51996fea2b9d50b390842279ba38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 fcc3128d79c83d36079220d6efd30d57
SHA1 99c976b83f884bc86c0351a8b99921c32a03fff2
SHA256 4cc8c8f675eefedebcc057f0f83cd291069c3f5e59a972e30e9dceeb5afc0d22
SHA512 c198ebce7e989aead22610bb4ba41a56a7092fea72692c0d9f4dfac9ce0b7695f66fe2f51335ee96525debfb0db2f7f6f24b3a10381e8f2aaf9ea617d108e5ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 847c4122fda7910668ae7f7b921ba9db
SHA1 ff194906a985f2c6891d4398d6e23465a229ea11
SHA256 6c29dc0e8fdc041bf12ffb304f0bd4144059624768cd626b5b14b0f551eb77bc
SHA512 2f55d0898f4e2ef72273d61fb81c908198e1b21749c459c748d8d67ffa5294e9c6ba42d738cc4e53f9fc92aa2652cd1352ef0dc235de8351269f51ef3fd2a817

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 58f7855be48af1b627a036495ccbefd9
SHA1 2e961c8b03eaaded2dc813b005a48afad16d1e0a
SHA256 965d4bc38729e24bf683bbf541b1b9f15b619c6dce2f48cd70407b33b918fad9
SHA512 8bab1cc9f6f77c9b5a3a7df832695b5266b31ed2165361a03129f3f5a38859292f9307846f69f8c945cf99d9a2c1e762f5330ba53c0e7a0682348ceaf67c8201

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6af5c6dcc99ed424534065cc0975e907
SHA1 70ccc59906b5b44bb9afcba0b4bb63823ae7c152
SHA256 8bf74ced9c7b682a496cb9de815c86655c011c81dc192f0824a42ba95a181010
SHA512 9e04d8878345338a33f9bf390a61e4546cbae8faf5caad4dabbc5d2107da42a7aeba843629057f77015098488c0f536c6cbfd8f5588515a72108146d24ccee91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 701c56d951bdc0b1fbae2a5bb79febe3
SHA1 22b519352c4e666db0f27567a301be553000c50a
SHA256 8b1f977fc14c1bc5756fe1c04cce3cdc24971287058526876af0044c5d9c468b
SHA512 a723e3dd818b9769746f8a74aea0bacafd9f142c4f527748d2890153da2fd015df27f95574df7dc8139a09ca216c4e326e101d5621692e573bdb5964bc04941f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 d6af6c44ce90b7c85c4fee9d8f63c51b
SHA1 4a36942de1714aa2425d971a4d001a18a2330aea
SHA256 61b5966c2121466744512f65ace6bc2584d66a83ee595fe5a8d7fb7d00e3e5a4
SHA512 6501d15a8436d7e3127fd596cd03dba3c3bb68d21fa935cfba0178eaed171aad85495def1501d5bbbd2c3f38c123f0d41468ce4cc293c5a205f01e8563fa883b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 5d50133a3d62b8013c3405c76e3d95a4
SHA1 334474b2b83c21878ebecdd5eec06f281d6ee8de
SHA256 b48e9a4e71e2d0809c12781d485739c639153e588c844d95a0fa8ec758a9cd14
SHA512 03e4ee3a7f72ca7cc489a9f9421ebecf0105037bf358206980b8891c3dbbd92544e3c9cf2da2459d4659b9623e52bc8f2888df86a03a55cd812664f69ae4ce54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 1103958b85ed0b0e193fa249096b7f95
SHA1 cf91373d1e84f8225a90cc73440ad574a858b5a2
SHA256 db5674d9f1d036abf6f4cb950271e32dd6a7b4f63e704d6fd1d00bc7e964f902
SHA512 93d8d0875943fc667445c07d1af3884a544855b06dc4c3985adf80d08d7b2abc37b490174ce0d8ed8267e6c980e215e73a4e2d05615d919a0411519406e52e2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 c8110b57c09e333a2a0bc6733ff8d013
SHA1 1a58d4273ed6ae65d5803525cf18fe50c6665be7
SHA256 759399a7b76c32d990416b2dccb89588773d2f5211c39bb13f95df524379b03f
SHA512 4d6b84d8c24e7274f6518e5c1af370c4bc279b8cfafe4a9a8baeec54080ef2fc797a9d618c93cbc8c0954cdfaef8f191c739279940f3946c7871647fe4ff48f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 183e5ff9d800bc1287e507e2b5b932b5
SHA1 a377f058ebca7aabd4e833b3a1a27d1ed2a56c62
SHA256 71dcac72d2e9c926fc98cccffbea4745d5ac78084c726eba1754e143449e3978
SHA512 c29f9446f42127234587b5e603698a887662bd135592d78716c116dce0273e860b77b030673fe7e1bb3af9bd50e8ee3f5fe37acfdded0d8bff829a7070ca871e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 c4cfc6a9184bd6b14a48c0f73729e98f
SHA1 91609e29cd980b74f899ef2b513d2c7e928c32aa
SHA256 7246beaec1c4701146343cd57412f0d726e8a117bbff63dcf8d3b81cd6ddcf7f
SHA512 0c873435759b2356847fd8c3d687ec13aa68aab877076c61ac1b7e98241127f9215e230cedad6b6df7da86b6eb21ec022572c452fe4e613a86642b0fafc78221

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 e60b4713e844c7c9a9ee1dd8d2abd238
SHA1 b0fa31bcc3a88dd3fd2de96d715164dce0f5a4dc
SHA256 a8fd4d2ca6c74125eb0dddcac9e0ba0f1eb1bf70567fcf8b9dbaa3c09f1022f9
SHA512 18427920a57c62e4426f579c0390e2fba980ed011069769cc814243847acd94f83100a6f843779415532253057925c1c7b1a07de6e20fb74aecb419b550c1274

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 da70b6db232ba4c0d043a4880e266605
SHA1 04257ad06a99dc677a0ff30544c2e2b8f878c22e
SHA256 ccd144a808added7a1943a5c98dd69439859db6228dc09ec40bc8e700b2dd068
SHA512 2d540fe450b5f57827fcc2de21902d9578331b2fc28640166f45589005af2bac02aa26a61c0989b4674ba1e270fcf4e5b4de5d14c9447b57455b176c37705e04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 44c4b151883be328e609acfbc8230c7a
SHA1 a67e585b025ed34c0a450ff7f3b1283e80f237da
SHA256 83f74605c5cfd6ccaff5eeac7bf664b6f8e6a62fade4a3757ad35b916c2845a7
SHA512 4367d13826e9bddfb00164c1ac1bce492425866b846cbdd9309b1866098f6d029bd5a2a18cb45ae2aa7ff33ebf571980311ca7752bd5a20ca5e7629264f6d58a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 430d40857412e2216a130c9cf6b1f94b
SHA1 69425ed579da0a79264b16c7efac5bf9e8267d26
SHA256 13bf56daba1bf7447e3e54d3cc05df3f8c81dc393ac97ed4eab7b35ce8bad23a
SHA512 1f2fcad5fe7a15472ff28abe3d825ac2cac5e31cc21fff14512d0d780fe8f407b5b94f38f6f355e57506e08e9de1b8bea1f7ce75348ee2eeda5514c8a2805ce9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 67bbed4306a0c912d8b73536ba596031
SHA1 4df4a8326cece269797675f2eae00ccd4237c804
SHA256 994bf38e045aea956113760f8769519566aa700c065841e2b087f366ac250710
SHA512 c3cb1f0551e95dbe3e6376b77940b2eb12367ae2a53477862e792b6c35ba0d6f0dd10cce4613cf0b321cd2fdbfa93708efaa01736d61d16d4b2261589e8b22ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 14f4994d7061b42195e04d3067b7af58
SHA1 407a97c382392619f279443a799f0499ea463b00
SHA256 5f5fd24c755aa9ea437ca04a5bf19a90b800d713bd4b0876a1d6fc7d73dc09c7
SHA512 cc8552ef8dd9c085d14801c1eda022369b0ff900ad2d86c9b2480238ce95b78ec2a5430191395a2dffe5492a3ca3d6a825e33efd210c1a0c1e4cadbaafe6eb4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 588d5d90e2311afa2e6566d7cdb5dfb9
SHA1 6a0bb4000982585abadde9e8f9c01fb1ebb88fb8
SHA256 a84501d361a3ecfa73e9c9daebedf1f52dede0d1fd6249eeec254e82b5be4ed5
SHA512 c3e2588ef948116b59dc2def7778863b12c04562eb34ca538b98ef373746a9885a5d07cd3c42a90955e20b8535e244dc87a100e9bb2e553329f393c826a49c68

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 429fce72aa8d002c864f7203735a2759
SHA1 09d8bfae17af4515f62ae74c2cd68c84958ac02b
SHA256 4a19ba47eaca3a77a1c47ef276682d97312af9f43d732f8a803feca8b5f891be
SHA512 cd21cad0e7714b5fe97386c8fc1b0795f13d734b77156e8c62618efd9b34bb52512660aab82ce2762adfcfb36330c514a9dc2c6e16eba403129156a4fdfb3868

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 a5b789f19c6884346f1c505ad36a6d44
SHA1 a73014f3cb0dc4b6f4202cd6b7e4d55f98b73791
SHA256 14d98c444656099428248555d1dc041f31db382d66a8c4f7faad99a4302b04a8
SHA512 2495c55aa17c490bcaaac0da8732c318e2c8d0dd3ebd7bbdc410e4ca110d11fe7eb6d1d50db993656f82e3371d0f7968bae49a05d8dfd32c78118e297d8d701d

C:\vcredist2010_x86.log.html

MD5 ca0b5f459731b6185a63514f4359add0
SHA1 4d8859c4218e286b9e4ac7968b2d1564c20389ea
SHA256 1c09892e0bc253dbc26eeff177c2dfe365878eb4b00c23ed96f321796cb5ce3d
SHA512 9cf5fc289aef69346681220c72b6d0bcf30bfd5415a5e985e5c9a7604bc89aaa90ace0d1f1ba78149567b6c684f54be8fac33e5f41a8a1a7ca553c81a0058bf9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 e5283021f9cbc45b64b75491ed9b561f
SHA1 9b351f806f385a4755757053a8412af1aece3768
SHA256 ddd4ea63e625e59fac5015e8f645c532701564879316a1789390f64200bd0859
SHA512 9bdae0d2843b39f491a5e3f84e666d0fe0a13b73e3f0d6dbcc76d3b71209595edf036c709ba28b08f390984d07af04d9f24ea08cf50da839f34dec55bcbba140

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 2640e90457652bf7221252cc08ea2c7a
SHA1 4975ae9665e65b2c2a71ef8434eb2680bc602285
SHA256 0a1b53d8f04ccbb7f06b2fa441221312da2ed5c0d78450d4ad8df3c269913776
SHA512 f962a079b97aad4ea22a7d6a9bbfedc09e0e9b56bca9c5761cfc1ffe0bfac54b59940109a5dd287ceee6a8ac7892015964604105ea77710422a1c0c923d34e98

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 ca3918862831390670018c6038af556a
SHA1 2f41c44030f9b551c064ab5d9f4674a17420a873
SHA256 036532f3a96082d78d443bdb6394fe91d70744740e4e2002d3102f5baedf76f2
SHA512 5c6ce2571060e0c73ae4306473bd4b246c746d7738601fbf743e5b38a668aeb1c418b2ef161dd29d9eef524b0a948dae7470f0152122998f8ebc3b2bd38a74dc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 68586e30ab4f2a14b27ebde82c27923d
SHA1 5ceb92403a35fcd1016e031b5fe590678d16121e
SHA256 1318b3a84bb6ece0943379d7f0e47df59af3a010b68f0c1291cd1638fd5b35b2
SHA512 3af5d0e8503f91b39450562eef18e2027ec01bb6a86c6461f39b1e7de3584e658422fa4bfa9cd9dbf860cd4675d7e75fa97d37f343639756c26f4cc870bde4e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 81d6cc18693db984003e2704d5323050
SHA1 e0c0dd0de8cba10f5218c47d86496de29f8c3fb0
SHA256 450be8d2c6750120e778ef2d8982da3babc797a49f41dba4b4f054c378e13d4d
SHA512 5c97e693393807303df235c79ed67c9338e371640554de35dec6f17cb4426949e01016a0821ba611cd31ec9e3d5c7572f084f1c27d9b0a628466578402e1605e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c8d0f8960811b84a70df86b18d1165ca
SHA1 d80744a0571c86f26b1329506614b7231f806d55
SHA256 05e760e9938d1306261d816f7e8842f82e531a588a5221c85609674de55f8610
SHA512 9f2b308bc6a24928513a83fcbf61077b4d98d9faa551c951a179c7c95ac0582e4d70de3898b23c91003e2a4cc698d1c6a7c6d4acbaaf1d8f8152601f2d2aed50

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c602b008cf0cea02d172617193b144a5
SHA1 429957764692241cfc27710b412e68f230ee16e0
SHA256 7e4cbbdd4019d8fd88d807285012cd36b88cc0a25d420d5cc4e5175a4df420a7
SHA512 751865eb6f580f4ebf2ce3abe1fe0ed2f01dd9826c6420f8ac9b6b0530482e83be1583b9e7878c5efa86aca008300342c261f184cd3ab0849a031c10a754c729

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 4cde7229aa5577478e558b44d057c66c
SHA1 5cef15c2c4a1287ea7bf98ba8fb2312916c27ed8
SHA256 3ee4d7c5deb0a487606d4580efcccd7cf4ec261582f174dadf923278cb52904e
SHA512 fea568d70b7f32e4ffcb77db6ef6593ec92e5c4c676a76932fa2213d10f24e356d4d9c6620026dc4123ac8ab23120eceeb54afb64a31ad728fefcc5760ab4d77

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c27f989ea98f0c027152aa2e95c2480f
SHA1 5a0fb8d86cd496e8becf5fd3904cee6be9c580ba
SHA256 6f24eae745f1e8941a1d68331d863816074f54b339c066d1a805d33c74ca47a1
SHA512 9d8ff83b0df09b371c7aef47eb13cf032c0680956c0bac553211d471ea73001b8d1b9a084d5ebd5b8a9b7044e03f1ae971ea1c95435de4cae352449d2fb3e4f7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 96ca5dc5ede2eaa76abcf34da5f4ff72
SHA1 affabf5593c0af2690ea111528b42a0bf271cd54
SHA256 07edb46dc45797a5463aa497b6967c199e096cde91419fc17918d959d46272ac
SHA512 e1266fcb8382ae1bb7942f6a0368331de383a5fd83b24c8ee612532affa1c2198c3b98189c26da7cf6014564a8e1950728b29f807746fb7bbe84927747f636ce

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 04b5b5d091583c4c5d542bb943b98ba4
SHA1 d7eb9cd716d722ae9646ef64030abf76d9d8f107
SHA256 a98e0d1208a21c621d82a583bfdca89bd16341ccbf7acd055d7d5b9381cf82b5
SHA512 fa1fda8d42409506bc4bcdb8b2219ef476b5944b5286ecfd41c43a29891e962051799f5328e4272443078c1f242913ffe744acc67c0776ff5a1ffb08d000a2ec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9c8d59f0ac687a3f71c762b21d3a72f0
SHA1 1feeb44f8ed1c6f551513d654286aa54274e2dde
SHA256 6cce29d3029f4a24f8854181ec6c663a267592888845c147d5d56093b9115c2f
SHA512 ec6020c57c9f9a5d6112fe40b782a582144291836e8dbfe531c7890fcb508fbb53660c69caef454c9b90967d7368d035c6d54fb27654f04ca222948d9a94fc7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 d98f69cc3718085028986f6b3f3fc88e
SHA1 818c53512506c4724dfe44d51f8dc88788c218fc
SHA256 5d529f176114d4094be3546ef758eb92b5d98275354818849d8d21bc28136bbc
SHA512 51432f8c92984496ed4418bacd5aa158719df4da7bd3a29d6700b6336791d6e4261b15b3bb9170879dfaf327eb205b631f76593de0ce75ee33285b5489f00a88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 49dd79e87f03cb58d863949894d6be7c
SHA1 58e0c8b1f9516258ed564a7525b86b6c1125594e
SHA256 fd9a86a4cb039843d29dd4343fe543b4d4f9a60397c6690723e796cdb3c88080
SHA512 22fa49b40ab093222844e6469264656681cd69d82f2a44cbfb8059eba4e2849f9643d157c4210d8bad92ec45dbcfd479adc8d766b9b374b607d6e769c5c807c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 59a5c7e8b7c3093d430982f5d2d5130b
SHA1 e5f572c8d6dfca760e1a171f6d4796ab127ea29c
SHA256 4f65d3b24add4d30dc965a1c31bfbced75fd96b12603929dee189bef4174db23
SHA512 c6db53c9c94576079929e5851c2c0cea525203d2637c5e152776c20ce523c4318630c29ff8686d176e58164215074fc450f273173ba6059cd51e00d92dfab7f3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 acf7b0a8202f3530298104e2a909dfae
SHA1 346a660c4a08cd1b511e46687877f482591e0e86
SHA256 4a2be5435b166fa4323e443586c4b314af1f68ac241107d2f01b08e429e8b053
SHA512 47451cb7dffa9014ee0887fa100e94334bba4838801712875261d1f44f40a2172aca4b014059df340a26234ad031f7b320086154026cb0f3b6a2d436711e2f70

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f2d04e907eccce4ab0acc00faacd41a9
SHA1 e46c7a26904da78389380327e8cd02c50eaf518b
SHA256 6b447e25db4d0268976b60aee585706b6414c29f3390a59e0fae4e0cc860a88e
SHA512 0fcb7f89ea83b32ac06a82cf1e333eec238b94e448fbbaee5019ec5201d38a4cb720b74773786761654d8d2ddf73cb1448c4cebcc2057256cabe1284943efea8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1ec519989b57c12c2dfddb2bd5634440
SHA1 e4ba60ffa43f577f11c46be7b77c897c038aca10
SHA256 47466f9b39d0d9edb5685361daa35e91f883d0710e7b8f8ada7ead808b132357
SHA512 d7d300c1e538d8b1f2123edd015382082d69cd6225846f8ba4e6067a70a25dc22aa1a827e7ac7b98aa922b96ad50084e39990cd800bac81ea917be574f8ed4ef

memory/2096-8924-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2096-8925-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2096-9157-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2096-9158-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-10 20:28

Reported

2024-10-10 20:31

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2202) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_biometric.inf_amd64_edc558d403ab30c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_61370f3a47f08ebd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\ImportFromDevice.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\155.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\SuccessDot.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_EyeLashEye.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Undo.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg4.jpg C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\6.jpg C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-150.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\optimize_poster.jpg C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-dnssd-dafprovider_31bf3856ad364e35_10.0.19041.1_none_49efc64ffa55d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\404-8.htm C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f82d70485c9d9c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_10.0.19041.1_it-it_fbfe2a4406cad76d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\OfflineTabs.html C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-xwizards_31bf3856ad364e35_10.0.19041.746_none_562154fc9da70d1b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.19041.746_none_98f5b8d3db68981e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4c361f22f6290673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-ducsps_31bf3856ad364e35_10.0.19041.1_none_8282d0cbdcbb60cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040c_31bf3856ad364e35_10.0.19041.1_none_b35f98caf5542263\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d62491bd80e0aa8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..izard-dll.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e981971e387b1781\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.0.19041.1_it-it_b419c49c2927b83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-network-qos-csp_31bf3856ad364e35_10.0.19041.546_none_362a5598c3e142b8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.746_none_38c6194376a6b88c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmssystemtab.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_db68e7b0a71be5f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_352c8e03937c933e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1_none_be7f82b3c03af8b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\SYMBOL.TXT C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netrndis.inf_31bf3856ad364e35_10.0.19041.488_none_559eb4c6233414d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_b281bba039a7e747\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\deselectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..icy-policymaker-mof_31bf3856ad364e35_10.0.19041.1_none_703e42c91c4f0ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wpt-addins-perfnt_31bf3856ad364e35_10.0.19041.746_none_101eb3611cbe97d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netnvma.inf_31bf3856ad364e35_10.0.19041.1_none_b64f60875fd50b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_6d48508caa1f00c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_a8b00e462593ccd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-diag..formtelemetryclient_31bf3856ad364e35_10.0.19041.746_none_fc0f264fcf6d2332\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..band-experience-api_31bf3856ad364e35_10.0.19041.264_none_e1c9ae689bcae321\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-winrt-extensions_31bf3856ad364e35_10.0.19041.1_none_19128b81645481c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_65d5d9e3a4814875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_10.0.19041.1_en-us_455ebe4bc501c4c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9d7efd7160aba0fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbba47c77411d25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50ec65893e509426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_guestinterface.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7db1ed00c7e9895c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fax-common_31bf3856ad364e35_10.0.19041.1_none_cc4a66bf245ed011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\defaultbrowser.htm C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_36b7cc29a529c0d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.746_none_ad089cdcb186eff9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\291910c52afc6a4c83bd042f709c7e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..extension.resources_31bf3856ad364e35_10.0.19041.1_es-es_94e96ef496bba8da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_vmconnect6.2.resources_31bf3856ad364e35_10.0.19041.1_de-de_91a684f878ac73f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.19041.746_none_e7acb2599054dc72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..seraccountshandlers_31bf3856ad364e35_10.0.19041.746_none_71518e1c3be7c131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Generic.Theme-Dark_Scale-100.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_10.0.19041.1_none_2c40f135b952ab85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1081_none_e3f87355251e8c43\Notepad.lnk C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_c2430a66245f7885\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.19041.546_none_ffd303094ff1fe66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-id-connecte..-provider-tokenprov_31bf3856ad364e35_10.0.19041.746_none_b7e2d6ca0f3abd89\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Splashscreen.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1202_none_a5b2e5b8b986fe3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_10.0.19041.1_de-de_d9e35635662e64cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.1266_none_d50c6ce1bd959a1e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..nsentverifier-winrt_31bf3856ad364e35_10.0.19041.1202_none_604b8ce6d251ca06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44.png C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.4500 C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.4500\ = "DKWJUSNRKPYSAQA" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe,0" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe" C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/1096-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 cdb3798b506c83415f1ecac9ed49fadf
SHA1 ee0bb0481ecff660fa164ad01a86965a427394e9
SHA256 1a87b80d731c0823b0c4366d87f87a6a392193d257cf24aa4f3e37f31270a73d
SHA512 002541e5d21f8484563bd180b01897f9403b320040d86d7a247a691191826c0ea227e8285f4a3919de05cbcf4c967e7f55d214cc19461f412156646572c91f88

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 e48401273ef54baed1f1e7d6d0ed4302
SHA1 ec304bd66560571618de33d43c2c80bca71bcf34
SHA256 2c98db9ab8c99eaf638934d63eb6b6ae4101c4bc73f2dacd07604451252d8dd4
SHA512 e7de74d0381c6004ad67568ffa9c631493e2ee462ab0390625b3c88eecf45d773b002332228c661904572dde13460240f4eefb7e9e61651a8b330a2cb092e42d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 c308e7fb96be603ae4f0db577dbb569e
SHA1 c35c5f1a3c49e445e8d9ed291b41a03c152a08b3
SHA256 e86004412e391160c181a87e540a5f3f8d09adae28fde2b0ab07e3088af9d958
SHA512 9ab864797801a8b732f773571d438a263aa1118520258d66db70fa35789d39d76f2ec4b8ac0ac6442185c6fb7d6b119fe8b84dcf4912463b1634acc9e46f9043

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 282cce34f910c2aece3247d668a8fcd8
SHA1 f5cdf38ab5dd0df3ab650db263a87c240e7b9cc1
SHA256 24543cfdb42b0fd64641ded85ff3ecf583ac736b1b8fbae93711e5373e68cd55
SHA512 edb878209daab203daec403fe41f85f1745e971329a6cab38f0d8b52ea950c292d90e3932bfeb2b2092a39a2aad687c9ca86b6e424c8b00b5fd1572f1c9da825

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 f3cd52422cff5a4cf2ebde0180b55ece
SHA1 8a46a3e36e900d28f5df253f86b65e599bde722b
SHA256 b0521e536493c021bf9d2b43b9e26e9e9c0277e5c032accb7f76fdcde31e1230
SHA512 2b01d0ac3c4d3a0e9051b87752a7cf2eb7e4223bca30e61f3e72778c6968d9fbc01c8042a2936557a998005b5858b9498f0e8c7e5f877fc3f94163734a1b8975

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 12f2741cbb942e5dd6caf98b82c8ad87
SHA1 fdfadd71968f9836d4dfb15a7beec624d9c7d773
SHA256 49239349007b4ed0600ff573ba53f11b2ac65976f405e809fe78bff5d19d3b2e
SHA512 ca1ad19fda4836904767a935fa309810b3da0e8d6097b128591bd1204975ebd670c5fc68cd69746aa426d44ac535a16db674b4d407688fe3541780190b9ecce3

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e7638732bda63d701e5135e0913a3a33
SHA1 039a5028908b6a2e9ec9ff85c0a2c69f35675ff5
SHA256 219dfa3b108e97a3d9643f2cb2aecc99550b6517d9549cbc18547d767a646b77
SHA512 4ff4dd562cfcbf336571ea02e72adba077b769d5170e45769e4e6e65b90f4abcbe3c323fe5dcc0f6586de21604f26145e62566eec08e8ffe3b14b02e0ab9a35a

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 678c8b845bbc67d759c59efe5006af02
SHA1 1a5096fac53c07264766fd7bb7bb49cf78752eee
SHA256 0fdd78a9e07bd177ac77b63d7ca4c2c5da30f581c23651eaf0d6a0c9956ea1f2
SHA512 ec9698c1bd6fdff69cd659a7c547bf89426d5f01645f0a98623684065cfa33a385dc80fc42f3cf677d86062819e5a777f59ce6d501f8e40f16c612ad7ec85bc0

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 c827a5b484e5f4b656262515eb5d1cd2
SHA1 bbad3ffe0832acb8d79661758f9a78c33683fbaf
SHA256 171937c662e20a85f483ca8969b042810e5dd5468cdfc30b2a81b19fc939b994
SHA512 49c80d2fb8b9ddbb84c6ca54c331d725d904985990fc2dc972ad090457a9e94d0404c004e9b731d9a9a07c52fbddd8bfac31b97f931322d7615a1bf16a4fc59b

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 061778419bc6ea0b06504c47c6cb7be9
SHA1 ec518e4508017a27d571273e103db0fbee988a9d
SHA256 e1491fca5667c45a32e65a41a92f38861e13f6a7b5eb36e2e2e1c9e7dbc7362e
SHA512 1849ac428e593ee43e3e49c191cfbfb76941a05ad8233fce32c2c06518f4fbf0620cd3d7d8f69566d118173211ee52a4c8a4f094556235c0a1a684dc90620183

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6f25af28e073f9dbd8f8008691334fc4
SHA1 efdcc46bf3380df6f4497d01fffd298e09c46074
SHA256 9e54e283bd89044a590e1ddebdafc0258438daeed438980d652d9fd097c492bb
SHA512 556dc6e5e0235840dad8c4e34e71598f19dbdbc02e95e214b9f635e00e5b74d871c1d5e4026a5609d7ca2f07e174d156bdc359d5b549b3d504184e474aae6cd9

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 1975ee73d3691b2347ae984d051100e3
SHA1 a2af41c9170b013015b7223769c6fe09b3c8018f
SHA256 1eb62dff16c2ba24f77a552b9902e7fd19ec0b2c43c41a2eda62eab11b0629b2
SHA512 797779791c632279d9421ba8a52def72f9d04452cf75916f757c0b0c9491259c4be22005bbbe4f0e2e2f02a6f05bd4116656a956c0ace640d838452660fe1f41

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 17cba9b1c5af6da3eba405a1c74c3e07
SHA1 240eec869f7002a174474fd46ba1ed4d28c5ccef
SHA256 34bab1aefffd890653ce630b6d0ab4862e7af25320eec19ac551dcb643b37526
SHA512 3feeb4287e1ec4b9214ddd081e2fefe2bec3af46aeef9d82cb0954faa495efc08887d27a635881474f4db5a8fca363443de4c67cfcdf8248e623ebdc01dc8c86

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 cd72972f0ac3c4d90852a6bdaa4c4728
SHA1 8e326a3e12b654d506061ab29bdeed46eecc0d37
SHA256 6dcb0c23e460018347cea800e4066c82d8eec51af96bf3902a62935f996e2406
SHA512 94e6d56d8794f40bf8fc1cc856ea2389897e4c2276e8c2dc7a1b73611e455a062409422224bb3f39a9b88403c0bedc7b5d8d59a60df67cfa1f482533bd422fa9

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 3fe5f696da18507cf36c5347c3c096a2
SHA1 5c5aeb7532c3525f2c64d399b6410ebfef16b262
SHA256 73db93f30d9ac14d8f79e7212863672a0b8ea37f3654491c338787fe44ca47a8
SHA512 362913a96040c4fa5a22b94c461d07f040b326647eb4aaa48e18f9e24aab360d6fc87bc986baece2733613c06968d57c8b4db4b643180a974ae2bd99a9d3f2af

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 20e9b9b5100221cd3e1e82ba9c7bbd34
SHA1 3dba63962538b60d549e2db9bc9f883f4843ae14
SHA256 d7cbe2f1c4eb51f985847dbefe6cfcd2d42eae126567cd535dad3443a3ac5971
SHA512 ee122602da7471224f7095472df7b801f5d0d469111ab1bf29ca74611e131566cd4215b560ec3105e246f90aafed51c4a5217417e208ea01a7b99bc56b5d2766

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a0bd31fd8eb20f3850c6437f7a55f25b
SHA1 f74164e5b70c0bcd75d701c12637dfec36fc97fc
SHA256 a55be06192dafd93f518aaa4917a6b10895500133ff201f0afa372d700aebbbf
SHA512 849c3694094350e56eca6d0debcb4f0a92c6a050ddc8e805d756b806c0284f9b75c2876c8c6f2a36c6687476cb4b819ad225a07cec123283b585d67e8074b8bb

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e95e271f285788aebc20068e09fe5a62
SHA1 25355e65696cd422d5120e708ff2a5c36bfc94ef
SHA256 d663cb714576b9e91c84bf295d1487b61ffe4548103a85760b40faa37818372b
SHA512 00b3ffc281dad1dad73714e31399b25245756f0ff6235c6bf32e991e930351f771015fa69e3d2119f1069733418e12aa171f9937508b1b744c8326c5af129b39

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 0402bdcd42db00a81056065f30a02966
SHA1 9dcc0409cd8564358c75f5e8ada4826ddf7e3669
SHA256 4b3af122ac1c75624254868b09212f5f28890ba0e9b2403eb6d9b40305f9e932
SHA512 f87203b6efbde44f0b1cf57f70d4f6104bb8f8eeb73744be352f29da631141aff48f286073074899130f9785576d5a300867d1e3c54525708fdb1514685d55b8

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 fdd5b409db54b7d1dd3f0003a2427e38
SHA1 642ed30b9a7dbb52da18ddcd438c19b8af255bb3
SHA256 5ee25722e53fa63a3107872ffda1c12e7b9e0f9457a99750c8d501bfc973b47b
SHA512 d13726c0122f1b92902afb9a86c427f08e05c781160c39bf5c00c1c97daf89db23f43da82b5ade46b333ff74dbe7b0628e7efd3e5085b9c38612dd9e30aaa67b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 5948e8e2b581c7e9c2315005b786a70e
SHA1 48ba7697b4a69a308f33bd28694ae736b3b0c331
SHA256 a928b7da52b4ca0ea30535de83d53918117b29b06c4da0285c200cb96babd00f
SHA512 d865506bc8d427e8f864bde97ea736df059f411fc3238e34fb7c27d3da70e596bcb060bd3f6947d64df01f3d002cca8083ee30740abfd85f68c6cd053e1a252f

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 0ef8e0371349336abe0d474e5f028962
SHA1 54bee4650cd3388232a8bb631c7ccd0cdd0b0beb
SHA256 d3d501f2442922cc0a12afac04568c3345b7c1bcd35f3f9efda1130e7ed00dfc
SHA512 4e9314b7d2c29f3dc4b8ff92101319b036068f596e705a9e416c75289560c236b61bbe7b32ff6a09c68dc028865179140a4a640f5d21bf7381a62dfe25210d8c

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 b9d39b1526d0cfdad77d4ae5b1c7c102
SHA1 f39c4469c280c0457cf23356b5ffadcd62a933f2
SHA256 10b733493c95ebd9a4065a043de4d41032bde984f78aad30bce8efbc3204d038
SHA512 c1dae0b2ccda97bc9728b19074d6d2b2be0899f1ad234cafee3217e5e94d3bc686305af19b88735f0d32d7aefaaf8bc8bb216f04b9bf2d6fa644f5b180b61470

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2fa8c9682c822767581a9e9b6920a352
SHA1 2807f8cd6ee45f763d9f1cc69729c0decf0b4407
SHA256 895cbcdfa0c49df26f3a3dad6ceb8b10e7e7ec6c6b7edb9e74bfa216f7e441d5
SHA512 5216ae0f65e7d1098b5876030b8fe8522ffb3609fc688e6c27dc5166db7f1ae1e67e4d708ed9c150f206216c0d108b8fd51bad1813f26687e9b5f92c357ab040

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 40573e0ac7fb7af3459ee8068adae240
SHA1 77aa7d178e5d4bbceddb3da33d4ca0ab48b4ab6f
SHA256 8f22a6c9ce2c0e30aa0ac56d7923de7a33b04457e9dfcadc03545435104c1d78
SHA512 841c7e481e3c6e4ef9951927642fe2767ce9028209b64d7b05c969daf01bfcc62797bfb3f860ab6da53911a132bf90d60855352285a1f25a6ed1594169ef90ee

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 df357b9b8ad2102340d274fbc9e12861
SHA1 f66ee3080495057085934870a1f2736e96b26204
SHA256 c5ebd2902f1f4a649318ff35efd26081aefcd6114966e0a0c1c206b210607fdc
SHA512 c1c6716d711b7882caf40e7904d00723f26e8832f371dcac5ccef715721ba4fcbe729fab2f6b76fc22ad33f93ffd57ef99bce5a96fe9e9727f0fc90d29dff597

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8cd3c5b1a87e6292e899fada1273b2b5
SHA1 3736a46b7b8038226adec608b8432ae948e6db64
SHA256 0baccd61d3d380ff6099f7a16a93d03a06ec098aa0701ef06948e8645d4c3659
SHA512 18ac89f9c6768fa1468d61404dca7d90aae6e1271cecab24ec33b384a0839de560aa503a8c8ea8c2a34eb5a224d4b99f3c13910f529d86ea01aa9d88de5f33ba

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 15623fd94c356df36e4aab42cbbad085
SHA1 8f75fa5acaa5b72080c9d3f1cd2ff31c2f052256
SHA256 6480fcc1c02a31f905640af3d498fa6aab27ccf26d4c42fa623b49aba86f6d9a
SHA512 787454f87e407083e9c5a2071cf10d59f391378f59a1eba4f7a2a72a8c6bc990f6f418b132661dc13a9fb322b99555213949dff24a64cdbebce124791b0df02e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 b60f68aed7249a153eab6d3d89b7631e
SHA1 5ecfa8493ecdcd4d70133567cd33ffd08c7df562
SHA256 8caad585e9a0ff4415741afe454c233c06d6c6be4a8ec9a995e4655f08487683
SHA512 c2f8b482acd72e427f3975e0ccf89b37fa664424ae34f74951fd0ac75d96bc861367787c35c58276a037b067b45491161a0c4540c8dd3db7722d2a34e2ba8d5a

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 76337780ee6bd6f2980f3069b0b3ee7f
SHA1 bbcbfbe5fbe4012561235127c8b62257000005c5
SHA256 f5f404f3e4eff0af274f82ea68ac5d8417425047d64fbe8f5e37252f124ea475
SHA512 df05d34cd44618c7bf8bd178401846598cda2df9d207ed32bd76a7e0d1721c495de60e68428f0341b83d01273a51a0f24f10914f0b918e95e501ea23d7a615a4

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 d1f60b1d1afc2a785e289bfbaa077403
SHA1 ccdb224edf79c728cd1f064ba70a30aa8ec6b099
SHA256 026ee92242ccf7a0546103176462abb0bd9235be82f622a36cac9813ba55913b
SHA512 01a940be5d986600619e6dd2950d7ae64bb4ab444e23d9ac6aeb499675269798b57ade5bce9e86216655f922b230bf428e6e4ba5c614cd5e85a335b85e36ec22

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 fe05822e8d254ec7f612a2960eb1f30d
SHA1 80cde2132f3227bf2e22d243ffa76fa5dda12633
SHA256 80c5ca195269fae5395f8f5439ff28ff0c56883bf0d8e8fd5140137f884ca52c
SHA512 683eec4dde91a8999e1022c053a56d465ae5e3134313cf7b1fb11479c13b683f4e7e2013912a04a5fe4f484ed9b5bc15aed2c1cbed9072c68932f183375b76f4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 321439802fda606c6bafaff712e2411d
SHA1 671f9598785b0d38d6a9adb1c571408691ffedd8
SHA256 e92179eeb998b5ea22c34f178dd519686e5c87a27ff8338680df067e40d39ea7
SHA512 f95ee1eb3d03fe8d3084b709febbc259aa45cac53a1e116fa5caf8760786c8a167c515bedc19c604fef897d5d5e51b6401934729b42695a459922fc97ec21651

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 6b00d31946c391c3e013d71abb1be096
SHA1 5dd84b609fcc06ba42931853b6648786d2933090
SHA256 d676c283e03b5912a949076f15c8afd2dee02695f6cfaf158687147adfd8162d
SHA512 77393ccaae05868de28627a85971a9aeb7d2cd414a9b2ac57e77a368d2074d76b1c32ba37166cf50d7b95da6c79324e400b46ca33f3761af912a5cc80cf1e280

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 8beee71596555a14e7c72da3c10388f3
SHA1 721f9b172a5b5da8ac7fdd06599f04f5a6b5522e
SHA256 00b1973d4406cec13dac771c1eb6b6348f3efc6d830f0bce9cb1aeed851469ae
SHA512 599689e5d0eba367a80d5e3ca33126870e1f08f0bfc7bf6db87ce5f47e0216507d3b12af3066760c90a5b242ce3a366055d6a1ecdabcde6a31b3167b0de206fd

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 0d151e2697cf7c8fd7b259b4a8ae16ac
SHA1 ea47f31f7d740aff2eb5f603f64de209c63531ee
SHA256 ab6f68dcd461381b89e4f824a96a17c48a3c352c5e99ebcea0f83b3d2c186337
SHA512 afe9a80f22ac001c89dc75df0025232cadf489e046a01a1087efdc56e5209a7f547603d2744bd7f4474669fe5dde0ed73dc5d6215924cb2228628f466dc8d5b1

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 1048033e829d7d631fb0ae785328cb43
SHA1 5b7248e609d04ebf255bac637c965898a3f23457
SHA256 279b1cc02b98d24961e48ad7ad9576b0ca8520152e9627b7f3079bde250b8e42
SHA512 34ad444c441f5d8acaa02003cf42d040b88d7358994079b51f0d0a5c1dfbef9e25657b9eaa031aa7dbccb8334d0cea1e05227d8d735706798b41d5973f7279b4

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 aa58f77a0368c43a4f31b7d751eb3c5c
SHA1 cee23bb090ce941dd51f0aac597023e0cbbe60b4
SHA256 122ef096f4d1a04cd1f07836be480133d7775802aa0bb9f68f7e5ea6e635f01a
SHA512 23187603e1bfec77874d03aade18ed225ac2a3a7d51fdc7c68544be46e17239fe75a72bb8962dc30535b07910f9c831facb2c726226773381f803ab126f6d5a8

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f2360738989f3a41a5497d452ec4e853
SHA1 bbb2658e2d23c8e9ef59b920163c461064c3cfad
SHA256 6f1cdad31dd606ff1dfb1c4fb67157b7654bc47f048a5e551ddcf8d130265694
SHA512 7058f19fcf6513de0bd64176646779ddf0714b8040ef16877f90115f21a5f6d4a9eff2820a9e87dafda37981ffffdef6a73ff350f35d53048202de70aba69b51

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 82dbdeec7311051b75ad9da3e070a206
SHA1 0234837c09a7aed68560a29bd1e3452c8cbd4ce5
SHA256 e2c9ad8d270e11bb3d1e9a9d36c44a6066a02e822aaf6bca5bd28030d60b4b20
SHA512 7b9bcf39975962f4c6c323727f0f5611901ee06425269f1dcbeab0b8aaa2c8f7b86dbda69f3a16be35f96e09678d2cd12d250716443d5571d5baa0f69bb0e169

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 186ec7671b171c0b63999de80b988793
SHA1 3f1413e300db69d2f7c7e49b1a5bcca0d96835e6
SHA256 6885f2be9cb0fe7e9b92c3e3e84538af578f838b3f97027321eb18644443e13b
SHA512 da099b779aebccf0613ff118c26f80491a0e048d071d093b40516b70a0389493d40789305c12b14cf36fdac3700756243efb9718bf82e594244c40c5c56f8c6e

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 dcfb381011b3f43c5f9eadd321cac68f
SHA1 d71b52a1e98f26566399c168f9b93cd38d40b6f5
SHA256 d982944bf1ad26eb6b8005bb17700b593732064388df068088e82eb3d72c9032
SHA512 36aaffbbe504ab7ff688b0e37588fc9ce0db5e8914dffe445a6d2dd83dda730785262f614a129afccbbbec478660f0242e977ab3de7e6b1554c9dfbf173b2016

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 6cdbe883ac113203bee5373d3a3734e3
SHA1 d2d56dfde6b269267fa597beec3a0a6c2d5adf8e
SHA256 e3a73299ce48682b0b0557f0e0c2bfaa4e0db72575d2cfb18f203f3191240742
SHA512 8cc1b8b3bdbcf05ec9991caa5278bc491fa9ad4a46771aef694a28043dff67bcfae731d11bc6109a7f2c871c3ea26c4aaff7d83eae5ddc7d9b28a0ad1a302f80

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 3c59ac700086df03bd78542a8af61a6d
SHA1 1bfd36fd829023de5acbfd100b71d9dfa03ae5ce
SHA256 8642ed225b91e26c54ea8fea6417e53b7d06b54ef081581308322801c67154c8
SHA512 49224bdcb48c5cefbf18101138b00294bb9acf4bbe4b95f090e6e4abbca7e14e1447facc1fccd725e782c2b61ec2f26449fe2d1236eedb0c1a26583e6b427e12

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 b4cdb977ea93ab7bcd439ab958a3a634
SHA1 c06682eb0ed10c8b54f5156913c8312bf3664c02
SHA256 c223d64012567ff32bfe6c46bd037cb3b5652987a13ebc7c516e2b5b089e6c87
SHA512 c123d85b970d3a09c01fa6e1fec0459c094204fbb3868fc58652a5a8a3ae05ca373cd4c33145e94a7311e61aac7f1b1e2e214f85406012e782afa2627241b164

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 d433c0f4da69e2bf59b99b94db0d79d5
SHA1 901533ee8a0b29721fca22c14bda97bf78f7a421
SHA256 da4472b81421011bd2076c0460651f706a1f8e1d6ebda91c0a66a8cd7a8ae9af
SHA512 c7c1b2a1917049baa876ae565b7ee2ae485e6d1e6697cd676f4af9730ff2a4b25666f54be302278b662d1eea51492a3e18520871aef420e726fc4e11f5c3f971

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 c8351866198d2db170660df21179c678
SHA1 8e3c787a50f7ed44692934d63e49f92335d84821
SHA256 709c8938ffa09eb73365bd62898726a9d2a187e94e9761b9c0c73f6479c18014
SHA512 1f9bc52c0ec81ecc6b18d9e0599b71577500942417b0d942074a4459d8429f38f26bc60519ce7adda59f5b660c1218ef81f4e60a2b2034e78fb484b9cc3455d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 eed3023623eae7eed5e1e11206b27582
SHA1 4c88958c9ca7d713b820b8943906526c41f2c1a3
SHA256 bf4dd136a82b810429976f3dab5179b269a18f81113857e700d4a183fd31439d
SHA512 45aafc55f1968b759846828ec664a590d8990e95db555c844ed725279fbad123d3cc0cb9026beb4b4f5a0c1dee63314df848c269e6726c714c0156b22ced48fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 fec14147bb486a3bcde71b38992b472d
SHA1 bed258a9396f2ba8b74080923fe260e4b4cb1105
SHA256 fa42d5c18152d9f59306cc746a403a5616cc8a0bbad898548cfd21162cac6a8d
SHA512 73024f75c4dbb84d23fe1131583ab8c75efb7e3315c25a61a915271683590297a9563c491e3328a931c9d5222b2db7f82132f4603ba7fbc91c27973cfa47c30f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 8d2ee6e4ae456880dbf11b681d08104f
SHA1 9c14e920a521e6784032f72696f08bab1c613dff
SHA256 d375bb07f80af5b60d90c06e9c24aaa2b38de088847a35e9a51c6367a384bea3
SHA512 516513fa9c7596180cae10448801aef6cbe216f9be09e95e8c1919509bc6bedba77249efab39fd0295da8171abd7dfd95167b049bb543081538fc80bdc3a1590

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e9ff4b938ef87dcf9d9e60bec78b653e
SHA1 9d15266e09a34d5ea594eb7ad68aa5057ef69c12
SHA256 4596e248947a074e8c526f4f19a45a3fa04e61573d5d98847c9f6b0978b82f3c
SHA512 b69a1fae7892eaa9dad1df46c76472a50700226cf08d4bd5d8d35bc9ac3ec98e2dd2d5f1982cc049aa568803b1d8efcca52c58d6080f049e382c5451703276ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 e4de75ad049365e95684fc92dfce28a3
SHA1 bd92e14f3a6d222774d75168dd73369c22c9bfe0
SHA256 58c42a142165814b3d1cff6c8783003e25235c0833e30efd63714dd981284b04
SHA512 1c34eb2387e7a07ab712fbc49152c0cabca823b686750a42bd6dbd2faf1d559deb5802ac3481a1c141c7f04531b657775366f417c336d27e04599c4477828ce6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 890837a2cfe368ad19bbf458e0d282da
SHA1 c82b5aecc1def64ab45f99b2e524e2d30a292c77
SHA256 dcdbb2fd2132a519262f362f6c5a5319dc0bf2cb8a572d25ae4c8e3f435ff26f
SHA512 1003483963089c872f537d528d87c59d57eb660e887b8c03709b582c0db0d45ba1123f8f2e4f3c532763dad05d763b73b23c9103e95cef1c029f78690b811aca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 21e509f3a03c177be3982951e99d4af7
SHA1 e2924d01cd28ed73aec44127134996f1f31dd958
SHA256 c4e2bcc6e983f9522a110f2c890cbbf54c74efe1f550fd9c40af3df76f358587
SHA512 e1a822aa0442de4beccd80e8c27e89d67aa1394ba4ecff0c21e70587aed3d9c85ba2436f7e0ed90085ff44645f33cfb471c996320a7b4de7ea9c3396a1572147

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d69aa70ed743553ada727f4407599e97
SHA1 fbd484b243206f8a3b174839119d63bb9f50a9e3
SHA256 f14184bb073a927fe00e853be9c5b9411feffaa939cea9dd0ec428cdc97594ae
SHA512 8ce261eb4dab4cdec47c338240caa549b216ce7d67f48e491cda76a079f2884641c2e984c08888e7ae687de1b29e7cd811ecea802840b991abff4dd63c12fb0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b064df11ab4b0dd9723902401067829a
SHA1 e21c0eabcb90a9412a0a87960033bff5ecc3061c
SHA256 6f8df8c8b5c0d271208dd88fefd5a85c8c376f7ee83ac4efd15384ff52cc5510
SHA512 2635c6f22108ba02776dd0143583f86160783363096ebb1b8e72ef8bc93811b3e621d2f1aa8126df02afc11cfa6ce422c5a050e316d59a508259fcf0c519f2b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 a6fc10bae79b7397d6c6655d11b6d5d3
SHA1 de6558f67af0912dfebb8b5731a2cef5ddbd5ba0
SHA256 93d984e5e322893881bed2acfd2c26909e730c884dba9e81033310c5d34b09a7
SHA512 89e004b8ec9dfd5a0dad8fb0ee7aa044e162da9d09db4744b03ecc9dcd8c0e3a9bc6f9f4616a9abe18f8db968d89341536e4a912e6451f1a7aa3b8dba3f567fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 860272a42573044b44df925c6a76cd3e
SHA1 14bf3db15fd375abc4b2642749f465c86ac5e4ab
SHA256 83e22ae83f848fbf26c612e074a92ddc8043b5715fc511f39036fc697e04d017
SHA512 157120ff580d7a469fe5add5592e3781fc811c02165ad5ceba76a1196429876a489976d509504ffc003aa7ab41050ac9c061931d04d1bb7d71256fdb7869528d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 f4c38665d4e199875091c14f48a19a5e
SHA1 e1f49a26722b8e92be55b7864091ee3f1374cf3d
SHA256 77e1621aafca6ce0b537ba4ca609e5e1d0eb083d90b5b2508844bafa1881c196
SHA512 4e1aa91b5d556f0a870a057ece07c62a269ae9b635e095fc345b9a33c10ae0249eeb3d917e01478f4357c02d9ed5786e9354bc9663000337e13ae3d9d73daf05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 c161f9d93be2a0fdb6f0add88cb7759d
SHA1 70d2c5e6243f1142769ad6bafba95e782897c97b
SHA256 cf27686e3a1b16cb14a7b68cecd332f961f1d4b42baba4430d6743383f9a8af9
SHA512 0d949f1e80ac7dd3d54f54ac0d30714a1132a0d3ccc091838deb54869971c139708506d4d95882896f0f6178595a1636156cecac38baea1293d16fdec01042d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 b31dabce8c7b1e93cb08c3d044406ddb
SHA1 61965396f6a2e8b330078341bd1db23990e0bf4e
SHA256 17b839c27e4919a0139697dddb99a81fe80a80a1364001e7aa1b750bd7285d06
SHA512 ca794a317c91634c3391342f1da6feaaecffe21b83010ed0ee1d9d9351fe4f1a3214541287f1d3c75eb1ce5d7f04ea53d985145397dcf467baa7e21f1c0d7f2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 bb03594c8ba16da7978cdb5fbeffa143
SHA1 ae3562d03cd1362ff12d0e1fe1efb97cc57275dc
SHA256 7f3218f54bd0c9f07150e6eeac923da14216b9fe2bd6aa9cf68680501b91238f
SHA512 5093036357a5a0734745e3b4acbddda1baa10eda59870b3c7f11d42a6f5a7efb3768ed63d8341f01a8c80b129c3a01f1b78b72e96a97ce63742acb9b5dc1de40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 474f5292693b593441bf50eba5ee81d4
SHA1 7996fc0b041ba028982dfbc19242181e522bfc3c
SHA256 7c234cec89365a41457e496927a4284e9c1e03ba964b712c92e9eeead33702e7
SHA512 053a82511fcd2e1dc7ac9b5f5bcc353b0f7c13607ab813ec00d0f7f2ff9b576851237bc0bb6b6acea6868878dc2ec5f365dbcb2ceaeabf78c979c7aa794f0fa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 b7ace76c72aab213c4df49dabe62ed4e
SHA1 62840ed8bf0b0a9de46ee8775cc010354cc97d8c
SHA256 9acc299deebe8a66a7bf42c490c51881859f6473b4d7d297ffa26a27373774de
SHA512 8eaaa04e3a23ffb115456d619c4c2627263486a49975659e4c5eb3e25b6fcd5d0ba989eb9b23ed0b33033aa817defc124e53881419478efd79af1768eaccdfb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 dcc17719c128d975e89aba0fea263bfb
SHA1 89f8edb03d7a1b01e2835d588111fea46674f90b
SHA256 32cbbc2f655a05bf0ad9264479ea9727f536df586a3cf2bcab172a0d59d149e1
SHA512 18674aaced64b039c4b69156c584f92924b78ecc248755e06d727b1e91b4d595e7671971803605e2e5882e5c860c73f457f2c0f99d881cb5d68d9135b5a7814e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 9f0d5ed2864f07664a6d48e7270110eb
SHA1 f11f9ad3f38b3075ac04c76ee4f9b4fc65c3f290
SHA256 d5ab6f7a315f51aa06227ead43f9ee81b706de2c9394142b443b015b19234361
SHA512 104a04431bd0b0f8d673fa2dc1ca09e0e6e3211769b146e3aedd46ca6b2e6f2ee8731b15f0779216a01294a0b90189dd77bc618853c121077d3cee034e66f463

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 7119093f85c9b35efc9bbe801c217c79
SHA1 6be7e4b91e9077cad3a1b1af689bc142d805040e
SHA256 32a0c541e4a2d09cfc98fca3bef96e1fd8101dbebeb40ef3f0f60cb3efc588cf
SHA512 a43eee37f27856d816a75d5c1139c1b87a100972c84815fb18a5c4c5eb55e99ff1dc044c985b1c2235838dc17ef65640789b18ba4319c55b749b6833ef8646ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 b885700365859fabda4643b8550e72bb
SHA1 781cd3cf7b0a1b71f442cc7500cffe896d917167
SHA256 80e09a01ed386b55e5c3b5c6d5bae9776cfa52379eff9d7b50addaa235661e22
SHA512 2a416eaa110fab4c52c8feb8666f282d325b6c82b2f8a8ea22fda8e059388bb3e0f4188c8e14135d83867fc8f2adb42c3ed9a3b56ad83b7c2a43f08aecd8d739

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a776538d7f1e5c4947bdd026cd6309d4
SHA1 08498e864173b1143ece11c706f14ff3afb749e2
SHA256 a562b3da59ea4bea1f074ae3c4602b8541ce3fdd101b70fca235da1e46fa190e
SHA512 e6e0a776edf3902167e5079240879746edf925a92b7e4e8f7e280632b6cf246abaa35dac48203ce98e1ddfe0d5fa3f6e83e3b9511432f770f7a46300367af7cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 71daf7863a3235eb4f23eed5803ffb96
SHA1 1b8435b8287f9db521552579e588ff61948b814f
SHA256 2086cb9e10d72c79c140d31dc452dc380cb2fabd602cbc6a1354ccd4d6f6a521
SHA512 235c985feb9be498bd7caf894a2685132e687ec52b36eb2acf0e401c56aa9139644e7b4440e03aa0e5276fba9a9b837692533ea0821a4627ef4cf51a143a7db6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 57176a80663e098bac12870b379f2100
SHA1 149e4a8cfa71f6e34004088b0f99587b950dcb1f
SHA256 df68b33d2d8b9dac8413a4f3730e5870fe892cebb1110de15938cadad996f763
SHA512 0d09db4411a118472474b1b3b88e7b27bb4d0d41ea4a712af5c3ed46ef21bd48e787ee5819db81bf6bffab561997fbf6fc72f74be86e2116af5eef1c6d119f38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 8dd72428c3749d2842da8aa8aad465fd
SHA1 eed9463e9ee1d13f383da98489bd519f3057c535
SHA256 7edb87f06f978552b686bc3867afe0fe33f784d59963a0f351bf209b7e92d941
SHA512 c3aae1a7703710e0c39b159c60f769b0554b074456316d7a4e8d0fbadb19c798189595909d283e03da9064b3ea33b24ceed4ad2da548c3aa9b7b1609c7752813

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 496e6e1cf07d82e25b5179b422105d8d
SHA1 2de823fd1a862c8f285237f235d411932868b738
SHA256 e0e97dbb3a7328352bb3ec5aedb00db94d71d5403a2a62dcad453bbd548b9bc4
SHA512 b07a062c5b6ec4e4e198dce0d0101ce5e156a90664fb6511eee656330bb914fb8c94190ce81456921fa30eb0e123cda2950cdc3f008e9d367cee8689fccc3e32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 5c43ca1fec3ffdf40daacf28556c48d1
SHA1 842692e576689c881947cb53e744d7f3f76661d0
SHA256 2133c53ae4c08ba06e5888f929d91dbdf4e2384f66e4b0fc379a5410e6250c78
SHA512 88d6c729a593bb9b547a8fda6c5c0909f6ff94e2efd3824d3f5eb1fb36ba8cdeee08f3e7bb1ba8eda16a17e6d577c25f2c2a5c56f96ca0bc5e41626c6fa95d2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 b686a9eb50dc8ed3658a3097231c0eb5
SHA1 9bd534829b77bafe2b6055d404a39b4ba7b8c249
SHA256 c87f73d8c5a2040f9bdbdcea617cb22b217c9132df777286324dd748e04c2164
SHA512 0782bb4d2508e4638c63ec700f00a5da265442b9b1ae30d22971e3b7f3bbc8d4853467ebf05bd3f6185d591404715b67ccb2b733f135e2e9a64ab884c43a3ce8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 cb3c622d06a080855b1b96437f982608
SHA1 7c1967bc01ba4a4c161be25d7d6615ed7e1e58d7
SHA256 675797cf75ac2c20a8e1241f511656d9e1b652b9ead8a1ef50be87ee4befe138
SHA512 e6a63bdd9a555d8d251e6afdafe6655628c7d61991a1adbded3e9dcd44f1653730d8b6743d52e5cb1772ee012fe7c9625e3ad55b6dfca0e913320d254af1643e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 216462fa3ccdcab37c880304b482bbbc
SHA1 e03588f339f6eea07a6cd1e146c929753ac39a65
SHA256 b0c476bcf5d22a0a621801ca28aab5d84fdae26602b8e86b4921ca314caddac0
SHA512 b55ba5ac52d462acde5b2b3e9c235805747ced7233299e3a8d75467576759133a82a97a328be5b6da2ebdf053ef1a351ca2bdbeffbdb253930b7e5d034004716

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 7f10a7d5266db5f99fc52769ed287951
SHA1 649b419ee8362eb8c39e73512eee224755ac6339
SHA256 f6850a789239b9c92639b23bdf87bbbb289a4f8ae89d08f447b774fa4cc91325
SHA512 8d85a93357d5d098f91040c79a4d81ac02363a32a3dcfed2c12ee88f4ac7875632644b736cfb89c916900d6470af4dcdbf25a7058f84bd325156fea86fe13805

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 81c63b30a0eef8923e8387b14829a7a2
SHA1 160ab3c3f9a9c72ca378c1afb52e440823f8b9e7
SHA256 ae8863c091dbebb07d39e9dfd2f09d3ff8108132d2402f053eaec614bb18c0f7
SHA512 b92a7d450ef96055f096df3f7ad847744ce80f70c9e6f248607c0f99dd9635f62e2e2034b4db2d333e70acf1b21b133fb81b4dd88a0d966529bb99d89dbd550e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 bc9955cc1756f93e957d26b929aea219
SHA1 540d6df4be668062698f4e71a2bac34c9b30de33
SHA256 c349f6e8faec032987ad2f1c463d08323a6471394cf156722b9c61a4b5c37189
SHA512 dd154ad1aa487b8abdd5a1198d0f6deef2600ee6f6084ec02b07bd56b1ec0a97dbd334602d613597edd5a5041f17692cb5a109c1f5964993c75a6972e5778b3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 0e79ebf2416e814e10d09262d125111e
SHA1 c69be2327233121337eb94b9d36944a5e4db6bbd
SHA256 bf28f712384aa0c6e6288a2d1395a787b7b512d8f87ae57bb5491b4cd82fe755
SHA512 1414a63819ce4d4df945e3299f08e42cac2f436d543f501020e662d5f99ffa886a2b9bce5225e8c5c965e1024fd3351b8f51db05f4d78f6d342a5fe9a2673ade

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 396af7ea9d1dd32358dcddc5202c5208
SHA1 43017317a87a0bba19221ae8312c50f4c02a783a
SHA256 7fd3b455508513ab14d5caf5a2c5c2ca45b5c7ade2ab8fec086db780dd88602f
SHA512 b333b431ac671e546bf2cb18a84fdef5903d3a0b93811fe08f1d6c5c65b8549c38c89f99e6626ded5b31f3557ac92bb2d58d2bab1f774772779540f55ee8723f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 9d447cf887c822626ba8436a57d685dd
SHA1 45ecafebd5ebde6e5c1626bff91cf2e8d0387065
SHA256 bd1bd08a38bc141743739ffc5eb8de0280502f745fa7d27e6deec8557601e76a
SHA512 9a808b37084358cf1e6d901c3df2eab148b8d0839ebcb9bebf90b6d1746e8fca6135bc63a225e154c8e5fa63e63509de6ae6e8470ec4cb8e8732b0a3396cc290

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8366f17859faba7796ff5ea7d1b9c094
SHA1 7fe1a86859ca295435b0e4a18a25f42a52ed83c9
SHA256 5aaea7008379f0a0e5140f1970bfce6023d92d0daf743ef0ba9cb2bcf6aa818f
SHA512 c0116215d166d3f471e278d1a49b229187eb178a05b8e55b8631251e4f56f497c3d9d5abe174f8982d8db15c838b54e0000af881ecec8302a4a19494aa306f73

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.4500

MD5 78ce7ca86cc57fb18ac18a4decbb93b7
SHA1 32890edfce0913b76efb6525c8cfd53b93ea549b
SHA256 353dcb1e8ad95db7f9e308bfd7fa2b11b1e617d50d55d91370197623184627eb
SHA512 bf0c341901f718ccfc9a7ebc4ce87a38749a5958ed57e3a2f2270330eb38cda67655ef2744528dab7ced21a1a95bb7dd3c398164eb62360af0f3f6343f259f87

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

MD5 9c4dc530647efb1991d2b5b19738b9c4
SHA1 e55d70c02767e5acdea574475b6dd038a2e34451
SHA256 6a4ca9340b76571f957ca1e24ea9ca2678f351f3a487fe1eefbd0ac19a9a3c4b
SHA512 f3ee7836a554b024a507f7b730709e9873106ca1693491dd9a71ff61b62caf57acbdccaa200bc544733863b1b164457743eaecd2035411883fc3135e5b3e1a4a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

MD5 ec48febcd989eaa8db999159394c6a39
SHA1 a87db104a802f0249fa60e9606531004e6d44c76
SHA256 da0c8b16be8a3734423e67ac111444b77f386121f66170b536dbd74276b302d0
SHA512 07dc4cfd0f7af4cf31093aff9a80da486966fb1cd5d88eb96ff88b5e8a236b9f1b66fa53f8d52dce35e2e4d7a33d769b5e381c1706cd5d4d6fd2766739ed60ae

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

MD5 7f7aa0decff839a94b9c8578074b6f6f
SHA1 7198c7625cce08dd2f6131399fad02c1b13a5db8
SHA256 36e9cb9f41d805f5e39ca2f36caa05dc145ae5bf1dd0a3ad853b5b9a39c9e3af
SHA512 9ecffd2d8a56795749eab94a08f97c6fea4685eeb746773d1a7bbeebb70acd441d9926d9a88201a73ac6e92ef04a167fafb07d5dff48f89af325a9e16b183758

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 5e162f5c91e9fba8533f050545598652
SHA1 0cc642e168e07d09507aa22650edce9562b3f23a
SHA256 55b1f5a30b638f3fd6e70c2052ea913f279d6c66b15cc5f8668ab55635280c9a
SHA512 fbfb0ff5d845794551535d704f8382c6029b83a079c11612b95b7622a55d6bdbf43baf19e0b2422a64eb09bd54cc8f161ca852d6a36dfc8b2a95a4fa4df9b0bd

C:\vcredist2010_x86.log.html

MD5 8c195285d5c9b1b6e24dbc6302b38993
SHA1 0300b6e16cf9556e5d7699954bc7b25f18c14662
SHA256 5ecd1a0140add2daa41b421c55a5b5692e5b67e46215563c8c8436bc39f810d9
SHA512 d2fdd684e4e5d49070a0980dcfc8336eb13b0da8dd1a89d688b324a7f9e16a1a8bf3f98f17d7426c11b06d8d82a33699d9614430e69bc12726fe7834728126bf

memory/1096-6622-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1096-6619-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 e5283021f9cbc45b64b75491ed9b561f
SHA1 9b351f806f385a4755757053a8412af1aece3768
SHA256 ddd4ea63e625e59fac5015e8f645c532701564879316a1789390f64200bd0859
SHA512 9bdae0d2843b39f491a5e3f84e666d0fe0a13b73e3f0d6dbcc76d3b71209595edf036c709ba28b08f390984d07af04d9f24ea08cf50da839f34dec55bcbba140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 2640e90457652bf7221252cc08ea2c7a
SHA1 4975ae9665e65b2c2a71ef8434eb2680bc602285
SHA256 0a1b53d8f04ccbb7f06b2fa441221312da2ed5c0d78450d4ad8df3c269913776
SHA512 f962a079b97aad4ea22a7d6a9bbfedc09e0e9b56bca9c5761cfc1ffe0bfac54b59940109a5dd287ceee6a8ac7892015964604105ea77710422a1c0c923d34e98

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 ca3918862831390670018c6038af556a
SHA1 2f41c44030f9b551c064ab5d9f4674a17420a873
SHA256 036532f3a96082d78d443bdb6394fe91d70744740e4e2002d3102f5baedf76f2
SHA512 5c6ce2571060e0c73ae4306473bd4b246c746d7738601fbf743e5b38a668aeb1c418b2ef161dd29d9eef524b0a948dae7470f0152122998f8ebc3b2bd38a74dc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 81d6cc18693db984003e2704d5323050
SHA1 e0c0dd0de8cba10f5218c47d86496de29f8c3fb0
SHA256 450be8d2c6750120e778ef2d8982da3babc797a49f41dba4b4f054c378e13d4d
SHA512 5c97e693393807303df235c79ed67c9338e371640554de35dec6f17cb4426949e01016a0821ba611cd31ec9e3d5c7572f084f1c27d9b0a628466578402e1605e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c8d0f8960811b84a70df86b18d1165ca
SHA1 d80744a0571c86f26b1329506614b7231f806d55
SHA256 05e760e9938d1306261d816f7e8842f82e531a588a5221c85609674de55f8610
SHA512 9f2b308bc6a24928513a83fcbf61077b4d98d9faa551c951a179c7c95ac0582e4d70de3898b23c91003e2a4cc698d1c6a7c6d4acbaaf1d8f8152601f2d2aed50

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 68586e30ab4f2a14b27ebde82c27923d
SHA1 5ceb92403a35fcd1016e031b5fe590678d16121e
SHA256 1318b3a84bb6ece0943379d7f0e47df59af3a010b68f0c1291cd1638fd5b35b2
SHA512 3af5d0e8503f91b39450562eef18e2027ec01bb6a86c6461f39b1e7de3584e658422fa4bfa9cd9dbf860cd4675d7e75fa97d37f343639756c26f4cc870bde4e1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c602b008cf0cea02d172617193b144a5
SHA1 429957764692241cfc27710b412e68f230ee16e0
SHA256 7e4cbbdd4019d8fd88d807285012cd36b88cc0a25d420d5cc4e5175a4df420a7
SHA512 751865eb6f580f4ebf2ce3abe1fe0ed2f01dd9826c6420f8ac9b6b0530482e83be1583b9e7878c5efa86aca008300342c261f184cd3ab0849a031c10a754c729

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9c8d59f0ac687a3f71c762b21d3a72f0
SHA1 1feeb44f8ed1c6f551513d654286aa54274e2dde
SHA256 6cce29d3029f4a24f8854181ec6c663a267592888845c147d5d56093b9115c2f
SHA512 ec6020c57c9f9a5d6112fe40b782a582144291836e8dbfe531c7890fcb508fbb53660c69caef454c9b90967d7368d035c6d54fb27654f04ca222948d9a94fc7e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 d98f69cc3718085028986f6b3f3fc88e
SHA1 818c53512506c4724dfe44d51f8dc88788c218fc
SHA256 5d529f176114d4094be3546ef758eb92b5d98275354818849d8d21bc28136bbc
SHA512 51432f8c92984496ed4418bacd5aa158719df4da7bd3a29d6700b6336791d6e4261b15b3bb9170879dfaf327eb205b631f76593de0ce75ee33285b5489f00a88

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 acf7b0a8202f3530298104e2a909dfae
SHA1 346a660c4a08cd1b511e46687877f482591e0e86
SHA256 4a2be5435b166fa4323e443586c4b314af1f68ac241107d2f01b08e429e8b053
SHA512 47451cb7dffa9014ee0887fa100e94334bba4838801712875261d1f44f40a2172aca4b014059df340a26234ad031f7b320086154026cb0f3b6a2d436711e2f70

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 04b5b5d091583c4c5d542bb943b98ba4
SHA1 d7eb9cd716d722ae9646ef64030abf76d9d8f107
SHA256 a98e0d1208a21c621d82a583bfdca89bd16341ccbf7acd055d7d5b9381cf82b5
SHA512 fa1fda8d42409506bc4bcdb8b2219ef476b5944b5286ecfd41c43a29891e962051799f5328e4272443078c1f242913ffe744acc67c0776ff5a1ffb08d000a2ec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 49dd79e87f03cb58d863949894d6be7c
SHA1 58e0c8b1f9516258ed564a7525b86b6c1125594e
SHA256 fd9a86a4cb039843d29dd4343fe543b4d4f9a60397c6690723e796cdb3c88080
SHA512 22fa49b40ab093222844e6469264656681cd69d82f2a44cbfb8059eba4e2849f9643d157c4210d8bad92ec45dbcfd479adc8d766b9b374b607d6e769c5c807c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 59a5c7e8b7c3093d430982f5d2d5130b
SHA1 e5f572c8d6dfca760e1a171f6d4796ab127ea29c
SHA256 4f65d3b24add4d30dc965a1c31bfbced75fd96b12603929dee189bef4174db23
SHA512 c6db53c9c94576079929e5851c2c0cea525203d2637c5e152776c20ce523c4318630c29ff8686d176e58164215074fc450f273173ba6059cd51e00d92dfab7f3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 4cde7229aa5577478e558b44d057c66c
SHA1 5cef15c2c4a1287ea7bf98ba8fb2312916c27ed8
SHA256 3ee4d7c5deb0a487606d4580efcccd7cf4ec261582f174dadf923278cb52904e
SHA512 fea568d70b7f32e4ffcb77db6ef6593ec92e5c4c676a76932fa2213d10f24e356d4d9c6620026dc4123ac8ab23120eceeb54afb64a31ad728fefcc5760ab4d77

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c27f989ea98f0c027152aa2e95c2480f
SHA1 5a0fb8d86cd496e8becf5fd3904cee6be9c580ba
SHA256 6f24eae745f1e8941a1d68331d863816074f54b339c066d1a805d33c74ca47a1
SHA512 9d8ff83b0df09b371c7aef47eb13cf032c0680956c0bac553211d471ea73001b8d1b9a084d5ebd5b8a9b7044e03f1ae971ea1c95435de4cae352449d2fb3e4f7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 96ca5dc5ede2eaa76abcf34da5f4ff72
SHA1 affabf5593c0af2690ea111528b42a0bf271cd54
SHA256 07edb46dc45797a5463aa497b6967c199e096cde91419fc17918d959d46272ac
SHA512 e1266fcb8382ae1bb7942f6a0368331de383a5fd83b24c8ee612532affa1c2198c3b98189c26da7cf6014564a8e1950728b29f807746fb7bbe84927747f636ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 1ec519989b57c12c2dfddb2bd5634440
SHA1 e4ba60ffa43f577f11c46be7b77c897c038aca10
SHA256 47466f9b39d0d9edb5685361daa35e91f883d0710e7b8f8ada7ead808b132357
SHA512 d7d300c1e538d8b1f2123edd015382082d69cd6225846f8ba4e6067a70a25dc22aa1a827e7ac7b98aa922b96ad50084e39990cd800bac81ea917be574f8ed4ef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f2d04e907eccce4ab0acc00faacd41a9
SHA1 e46c7a26904da78389380327e8cd02c50eaf518b
SHA256 6b447e25db4d0268976b60aee585706b6414c29f3390a59e0fae4e0cc860a88e
SHA512 0fcb7f89ea83b32ac06a82cf1e333eec238b94e448fbbaee5019ec5201d38a4cb720b74773786761654d8d2ddf73cb1448c4cebcc2057256cabe1284943efea8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 b3f0556afb5f4ee96dc4c5b27b64d627
SHA1 3233121d173e00eaf556c83094493ea7776e5e58
SHA256 c518407f018d811f925a6bbbfdce3cc629981f0687aa291e2340bb26df77cdf4
SHA512 a580d60d13e6f4ddb9e8b9530a4fe78756ca433966b1560ecdef4f4614394ac91c8ad180239d10fb3e490d32be93413a398925ed8bdf29980d7e96e67355cb7c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 094e9a24820e4f6285380aaf1dee0630
SHA1 7c5aa2a99116cfcd4c2843f4c972d5af5404c92e
SHA256 4cece02188b0baf3906a026bdb14bb79de1efb7f0e72f51fef50259b453646de
SHA512 6662224d16d5a39dfa991961d3055b390525703c21e8c9874b578d2854a03d8bd62b29fefce473940bb99a10618252ac05002c064470c1f696d1440bb7a2b1cc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 a5e82607e4a4e1fc8ebcc641b073ed0d
SHA1 01cc776e69cc0c48daee71a3ec34e1d4fc657077
SHA256 a095fe661f00d56d644914f7cf9d20be78515b159b524335f49d4de0e830be4d
SHA512 16c946d03204fc4c1a379806089f5a9097e7406125b0aceef8df5d74623032dc17a19bc711bb46d8d2b538850d9ae2752272bf8c1a0af664a973391d239c2b61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 10bc9752639ecc6eb877d67442663baa
SHA1 bd92c9f464826f58ba853ec5fd10d1bc4d0dbcad
SHA256 1f8428b839e499a0f6282932cd1efd30c04a8341da40be0e4bdc58278228261e
SHA512 4eb01b59a161716616972c05ee848fa3e58be5331eb9a65655ef668ef913415addaf667afd0c2086a4d9cd120a71408b25c7c9353da42b129f68ad4b69c4360b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 0ae2edf3b338ec8dc9a7199c04de9def
SHA1 51b0fa90d0c6044cccb5faf6a285123573d58009
SHA256 ac22f760a43237884eec150dc4f41dad9be81ff32ec1693d2c2b40a2d58e33ab
SHA512 98ec4aec05f5e9c6b474b5e019dbcf1f7e8f63a97b76915066d008b53320f60677ef4478c41e4699e5978f2eccce3098e6d2ec30f07e4c49c8384831ae54cfef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 3b42d663a5d42a504c99f1c655729224
SHA1 07b8f51cd9c6002b50e0a0b2fb6a77054b0cccba
SHA256 12eb63d3aa99633306db2d996bb185a3ebe424dc474e56ad2097b768fec1f710
SHA512 2698878a37150534cf8fc59d06150ce12c8f93b424fa55e96262e816b2cf4c479152075e58254ff616b75d185ca34a7a7107e2d87ac3bac7004aea805a1e58ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 4b48cabf8e15ea176fe7c80cde07da55
SHA1 e2ff83d0933eb7e9bf06e97b8491c6652c44baf7
SHA256 5ee6df5ae30e76e213591e3d84a3470e116b382e1f2ca80ccbca2f5a4886f436
SHA512 08eaa2a8ef53fc397c4da83d83862cae61dec1e46480c997a0fb0b3a07dc014f44a2d6b804c7e5d86a35a0e3f810d20010a67e42d31f68513941bae06cf06f2d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 6a9153d02ae72fef8a73bcd186570c4c
SHA1 7d197be6e9b0b9d5ad831dfe65ea192fe9b1eef5
SHA256 ac1c5d77168c82a3598882db2855a37637d2f426bb1e1233d82fb831cdb797de
SHA512 417170f5b073124323934be4e6c5d06e22e0ff2598c9b2c06000c01e2bb298781d34479381d93c80207c55a26bb34a4878521066aaf352b603f1134aff59f957

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 303e63052132b4f6bb10a81a7381c200
SHA1 5617dc31fde4399c3fd836d30d2a97e3a600feb0
SHA256 8d389b8b83302c2eeb9b23ba801a2db3e124af76a79ee19acc8a8dc88c90bde8
SHA512 3bcbddf94be37200adba8492d8e7584f50f597eabd493010dea317d8f3cf4dcf6bfeb778b635740c5476a0ec77f23b3d7275ecad684653e9ea019f6df59eb848

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 e228c7bf0395c115c35df308f0e56978
SHA1 9d0e5dc525f46303bb6e05e2e82e654bea30f1ff
SHA256 797caf7a4ee79b4ec6799bd44d9c0b6e1faf2e6095e87d2087336722d9bd0e09
SHA512 31976c5d37ff71e15f38b5fb2ade5dee6ed0cdd8b0c11d12c80f108be89a5abf1b995937598657a7e844dcd0454ce08c2c25e23b8d73ac2b4bd92db8d16380b9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 f6cee857b663c98c35a765d7d8f03629
SHA1 116b43ae0478baff850f01bf34487cab2a0f313f
SHA256 543192c5ba17f63d0239533293b1b831ee1823066d3c1ef7b62a27de7179f7a2
SHA512 21bd0a53c730846cad5e6c11ea5962425d2f59d0ebe70e4d1bbf9dd2c77ba555aa3fce65b8a60bc8a04ce18e7912e5e49043d60de13ab941c09a2c64d7a33ce7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 9bedaa25dbe4d635e12b02a0b2162b26
SHA1 51d9d412238346b00c6e649027ac8c482546ba6c
SHA256 1c872ab602334a3864f543483ea129dfb420144ce25bb747c149f77afcd1acaa
SHA512 250dfa9abab9d1ee2f3f6abda3cd27feef77d6bebef1261a1784064b98e77023035b6c5e8ecac8ed58d9b5e48a486ed6abe1af152bcd3e35e99781bdc3492086

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 81c5920bc71cc03111d942f4a03606a6
SHA1 daae625c3f091f1deb84d43b04710c2380fc7ca9
SHA256 2e7b5a4ca0788b0cbefb853894044711379daaa9fa72a79cb6797cfdc27f28f6
SHA512 9693bb193f39e9a8496b6ee4b60b4647de8221459afac3f2b420b81cba6fc195a3a8271f719239ccf05dcaca9217d77f5eb663d302a3577fa370bb55705d1b46

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 a74b58189d9ed9d9721f748c69f51dec
SHA1 19a1c6d95524f733d1e323aad340909e7d3e3cb7
SHA256 66d5e4042627c4c129abe1506bb9cceb3c31643af732182d8acec9299e16e21a
SHA512 d6e9a94a8acdb73f552580a22965d217fa6ffcba7892f44d84637c4e9e83c7f478e0ad1cd7832dc348c37dbed35cb41456c620107e63f1bf4082992ba1cbe948

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 e8286637b49c873af5bc79a54425d0fa
SHA1 cf1b063778a6d76e918016a650094e1e3df676dd
SHA256 1990071267804c463544db3241c8b60947417abdc11cad9aed2f5355445512b7
SHA512 7c4d5a335766bd173d3c815c4d37956cd978ad7f43957e438199a97babdd9e688ddbe9f9091fee54fef0dd05db0592982609653d509bc4adcf264fdd2e4ec33f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 07d13c97d1ddf15e1b297cb47b59addd
SHA1 d2dd521a684256dfe0077294ab889194718cb624
SHA256 0cd0a268d5b546fb6fffa1435c1267a6951c9d6fff320f59282c4674539a0484
SHA512 559ce6a83cbe7dd0b0a2260d5ac82625d177e24db66f1e6ed35821be7aed8101cb12539700d1c5d8c79f0b11bb3742b5a1c8a4fa0069652ab07e943b9e9c0093

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 710239d0414f5f5e473b2d9200bb58b1
SHA1 0919ec46e50a786cbcdafbd78975352e40579697
SHA256 a286eaee0f01a73fb16b5281ab67fccd494cbdb5be39657035c126bd0ec980d8
SHA512 55ddd26b38fdefd58ee5f7185b131b3caf40dca2e1104e8b004d4c2bbbc07222550ae6ae33d7dc8301bf9764078ec0e743aac0de1561df2560e552616f5dcdb2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 f72e972bb7f05bb3235af2543bf36637
SHA1 457e5e1f612b119d7ca1d53ada199f6dace60029
SHA256 5c3569859496f1e19166ea53137ae9a4011dc48c329b4e3db06778952dab3c21
SHA512 01db4de0f82c5d09a67b2563869bfe635be8875a01e8f1daa61f957ef7169cb591061fc00143e55fc014cb4cd8f1d17a0cd09f24fc2276da0ccc593025820155

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ee703017f4ebcefec8e6d98cba4493b6
SHA1 10967b3668e82aee1a2378f56ac54fdb8d4bb204
SHA256 d3578103dc66f84a639e90dfed7169727f384d8c735dff864d875924a4edf5d3
SHA512 7a2deeeb819dd6dfb94ca5be1b6c52b36779c99e77c67e7068538254353863e4da9745fbf391d1e4ddbd05fd01b3256584c32a573bbafd1f59713a3ae86f041a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 bfd36a7ff564b9c74a9c7ae400c8625c
SHA1 2a0a8ffbd88e4d0e8165579664b8f7260b0d1c4b
SHA256 33c31753305a22f94465706bd4e27140ad34eb49d700c2875ecf0bbcf75dbe00
SHA512 548dcdd3d599e600af64683bf407020c1f68a7523c85af2f24438b5f44c71f2fb90431e92c85b9f761aa160e59bf3eccdfaec090a2fd455c12a5a72b486cddf6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 84722e2ed9b0e874a3366988769f3dba
SHA1 c44fa75031c38b24f922b2f2263dbdc19f4a5ded
SHA256 27a928fc27b0de99b50b75df4e09d6af067b1af35cd127d7ee955a323b147327
SHA512 57d131a91b9956c34138eefee1917a063416d256416213f7662684fd0a440fb6f11b62c88f8841a4cd88b8b3fdd679edc653c4dde5c47e01fdf0967b1ecb5762

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 bd75af9049617ddffc550ef18dee0c16
SHA1 bc5069ba699170846a36deeead52409321113bbb
SHA256 b10d77fd48b6783a774308641247cbf286931c8b1543f636d174344a0fbdc20e
SHA512 961dae6a06491370c70d5c8ebe40a962b20c1ed23477c7935b04e2cbafe517454afdccfe56a65d6f1afcf5529fbb126e190accf8f5013052be2ea07da09ef993

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 5604bc4ea2fe4b9b6323f9b479a74420
SHA1 96d828fdd0960abf96143de222e26dd204beb73f
SHA256 2f944b4aa2d4979faac26b2f7fc27da300d38385d17a5fbb86d4961660044d8c
SHA512 f518f1f25f3695ed9503dab77dc09cf08527dcc19c0f66ee4abe3d8210d7e6a49d5563d204a5b4b0c403d10f081ab2d4c26664088f19f27a31730d39ad46eaff

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 d8e956a224aba94dfc2925fe66ece168
SHA1 8d2cd7ad9e696069d9cec97818b5fbeb5e025ec0
SHA256 ff5de520e35a133e9b8579b6aa13f569e2b791a664836eeedee9ce0987732758
SHA512 0df9d09e0ce60f892a3b2d0e000e9b20e07f94bd88dede8cf28a99abed741b9b9c1bd681294aea49f45b4d589f19e77711503b1230def90c0bb3349a7a933063

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 2b7e67233f4abe10e09e84c699fbb3c4
SHA1 9cdb969cccaf25a4cd00a793cf067eac6b66258f
SHA256 b407505bfe6fca5e3a24b6d93a7fd4eb79a871b7637fadded4e6e1164e1da1bb
SHA512 819e8baf3e3eb1c0f9c97c382daf96bb0656fa2e6a4b7a47c176e801580a66772ef7ea092a108392e93c4be44dee3c329bf576faa09bab825a0f43f2f0af5c9d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 1785a6b094233d213d93028f64573afb
SHA1 ff681f211d118f6fd2d911f19176d2fe8ec15005
SHA256 489be4ec5f89f45df6f7f8fbf43736ac1a46e8a99bd847081ec9a5019d9e72b8
SHA512 c48501e725b114cb0ea796ab8e7696d546b4ad59fb38dd3da6da4acf8866922a536810e8c719f79a21c1bdc45d378139c8bfb57b24f5c7beeab9d4188152c0de

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b4d0289ff965b8b97ad495a92c47eb38
SHA1 e30a4b87d34927e55717d13a7f4d186a07cf2dcd
SHA256 2e3244a7d0996c037b7740a3bf7d079d4732e0ce88b4669eb59473566d3bedef
SHA512 c9bd7ac74bc2e5b5df9d6316e7aacb743d942fcf35cea4922702e9222a6bcf91ce32295cba6bb9171c899f0ae98195eeb87a770cf5a92da6f0d156cee14590de

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 7d71d69d6372acb15039ab3c766e7f7f
SHA1 f8ad7291089c07ff96f07b8f8619ba00ab6980a9
SHA256 b77d13c56dd709adef5decaaf894195ceb94b11c54ba5e26549d3b12242bf414
SHA512 e21aae55e927d9395cef94d1ec5ac128922b608e0ff0fc28dfd2a444b15fe09f929b430360bc465547b9e5ac4cd8aa002ef7ddb3e652a8805bb044eaa59d3536

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 325398022dca994ba60d4bc525cfc857
SHA1 674e72838a28d44577ceb7005d51c3a6add46e28
SHA256 4a6790acf5167e38c1a5e508d10b276ed0f6c8769600b18973a886b7efeb2f44
SHA512 119403111b15abea8d851e497ba20da02e708666f71979ec0ad9bd8d4e98d977aeefd4e35bc5f99eabb6ae16478181c466a19c97c3d8e66f89d5fc8aa343cd58

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 f3598762fa7b8e44f3a71f06886ec43c
SHA1 1d9dae9009925d7267be38b77359ad66bbcc4eba
SHA256 c62c0f06d29485c059f470f47b8f08fa9395994058d9d39f04a97b0ce3af4120
SHA512 2f334d2138249de201c3a9e2cb6a023c2d93ae9254081105269443d43af77654d7f21eec9b90196da57d6784d0814627d2395665e72387098e726f96b5b69ee5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 d492827b8b14132b9a6704a1e6fb7588
SHA1 caf5db817e1f3f91b912794c4b37ba21f346e6a0
SHA256 1a12345416ad2579ecde88ed07acf4eda1ef794751787f873dc2623f748e3a16
SHA512 b8c5c65328ae9d649802a9385d1b3514fc67fd2790b34589b1ea2f60a7deb847653d3083d8ea7a52aaaa96cf8e121b9de74e05bde6306e9f1761b7f120672695

memory/1096-10883-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\Quick Assist.lnk

MD5 a6b7739c36491365f8732830ffc1a1c1
SHA1 d07a14d5c02da4dfa85af355c4a0602901fe9df7
SHA256 dff1e00cbac6a142ad0c0b760f68b7e5e92f3bb603d80507d058f680efd90ba8
SHA512 b292373831544eb750521c26a0b33b3c42e5580a6b31d40cb7523fdd0195ad516238f08563b654c01af8728acd87b726736f5547e41e8c9e4694e326d373662a

memory/1096-11034-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 93836db06befb3639ff4946c1545ddc3
SHA1 0e705c199f5b4d2d5b3af3647cc07471744e3dee
SHA256 55b75433a2d686103e6f4c134de36fda376f11765556c51069788cbb05f15047
SHA512 c92316507a0bf277c6ee69abf55b18fed11f37c56c37982f9ca782211197435a94f0365edbaa72611ebaef2faa05312bc2e7b831a6d180ce63028666010dfc66

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 64c88bde84c3039f3fd92113e9b8c161
SHA1 85410f3df0b7472c9e4eca1ae8e668aa4945e001
SHA256 a57b9e9e713197b9d4708004e7b41746de5e43ae5175acfc8a8e01f45ad87c2a
SHA512 950ea945ed820431ee6e52bf010cba1f17dc8eefb0c0c43e4b4e967d37e3dab212b227bb7c50bf9d9af7040917bea4aca8d421c91934470bcd0e27da0886bef1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 71025c0cae1ff40b1a20555cbc698f8c
SHA1 6dfbdbf394d5d99e4c6f9c713b5c17524831cafd
SHA256 f12df2bb64b5dbfcd7a5a1a833c29d1f50d4c0bae1211a37da077957c42d67b6
SHA512 400c705d87635386bcd7b263aa01854961638ce380b181f9040f3c2cfaf1e835fff9d654f0ca40929b7a3a2dca7c530536a233d5e921340b2b2f3af30f1bb244

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

memory/1096-11311-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 b2ec565d9ba093da1876207c3acee32e
SHA1 129a9032e1c7cd7b9d9995eaa4360b22aecca96f
SHA256 935df829ac3ab8f9a07395be2410e95f531cbf96b73930e81a654d4653c04115
SHA512 62c6b56a929777cdfe7beee7e3588234756b7890c8b8d0c88a5f09d1b5b675d0b750f1067407a01a819d9f65383fc4c87779469cd0e22de6e02eb584d09b8378

memory/1096-11316-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1096-11317-0x0000000000400000-0x000000000040C000-memory.dmp