Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-mplm3stbkp
Target 3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118
SHA256 917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19

Threat Level: Known bad

The file 3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2214) files with added filename extension

Renames multiple (2185) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 10:38

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 10:38

Reported

2024-10-11 10:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2185) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbeggjmoobeegjlo.bmp" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\32.jpg C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-180.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-72.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\82.jpg C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-72.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-logo-40.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Snooze.scale-80.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\accessibility_keyboard_arrows.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-300.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\166.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\YellowAbstractNote.scale-200.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_edge_permissions.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\iheart-radio.scale-100.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\GetHelpOffline2.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Content\SaturationGradient.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\v4.0_3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..nextensions-desktop_31bf3856ad364e35_10.0.19041.1052_none_d591ed56c6ab6093\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1023_none_6aeab5d4bd0371a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.117_en-us_1b3572f483fa94f6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_10.0.19041.1266_none_1aaa6e59bbc0f13b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-vidproc_31bf3856ad364e35_10.0.19041.1_none_89ae850c4a540437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_it-it_577ffd5619b6caf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..onfidence.resources_31bf3856ad364e35_10.0.19041.1_es-es_109d94d71a64049f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_3c045b5253f885ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_10.0.19041.1_none_00477c4c5bec215d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..remote-provider-dll_31bf3856ad364e35_10.0.19041.1_none_01f677b98674e6f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bootux.deployment_31bf3856ad364e35_10.0.19041.1_none_f4025a506f9e9f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_10.0.19041.1_es-es_af90d642ed6b736b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_c2136dc8e6a2aa22\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\forceStorageCapState.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_d93ee361fbbc8f0a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-installer-wercallbacks_31bf3856ad364e35_10.0.19041.1_none_abb87404a97c8365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hostguard..t-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b809fd845d97c01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_es-es_2d6bea4400ef996a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-runtime-core_31bf3856ad364e35_10.0.19041.1_none_0b5286455860a946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tymitigationsbroker_31bf3856ad364e35_10.0.19041.1_none_aa8d5dc2891e1216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-300.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..cemanagement-dmcsps_31bf3856ad364e35_10.0.19041.423_none_57997e21a0e0b67b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73e85422933e8c6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Wide310x150Logo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_it-it_c4a000dbff545745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\Assets\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devicepairingdll_31bf3856ad364e35_10.0.19041.746_none_4bfc8b1a61df97f9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_es-es_005f51d360ae9f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.dtc.power...non_msil.resources_31bf3856ad364e35_10.0.19041.1_it-it_40c042fc14fa32b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d0c1549546b1c2f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0baf56f6f50d18e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_f65a912e8f0c345f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.Resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmchipset.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1191b113cbbf70fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_10.0.19041.546_none_77f06efe5fb68b86\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..derninjectionbroker_31bf3856ad364e35_10.0.19041.746_none_2869efb22a95e6d4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_hr-hr_0e05abbb958aae06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_90676172b39d3cc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..anup-task.resources_31bf3856ad364e35_10.0.19041.1_de-de_6f69dadb8c567ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mmoncommonproxystub_31bf3856ad364e35_10.0.19041.546_none_4b068094b04e0329\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_prnms003.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b244ecffb8a0e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_60bd0d662573a530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0aff3d9279d9e5ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8aefe84b223b04e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-sysprep_31bf3856ad364e35_10.0.19041.746_none_48aee8a27e24b59f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_es-es_d2152ba9c199544c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_10.0.19041.1_de-de_3bd739481dfd46cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_5d8c50ee94ff78dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.Management.AutopilotResources\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_11.0.19041.746_none_b2c9d4a6b8a162fa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_336ef53c1e3fed6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Management.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d5cc44f8ebf9a0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Apps\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_54fc031bd6317175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LBXGYCLFZCAEXPG" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe,0" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/872-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 771e9e60910ff5ae17214e984d4263cb
SHA1 0f0f34e72e38ca6cf88b02fa1d3c9babcda2fe5a
SHA256 5594cb08289cff699592961ca1ef9489ebeed81c32c5bd8d668bd71e212aa300
SHA512 847e7d198c4f63e1a5cc0819cc0e2e60f080d8e19ff66e4ab06969fd5db88ce6be3550c52e9d38c7d417456c08c07cc2dc755e47f64cfe98a0e4c44f83740c6a

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 05f7ff9c6457cbdea9e21f9519611fcd
SHA1 cc991ff7f01d0f7fded61c3c034e3cb39837b815
SHA256 4672db19cc3ff29ff3f4db6b753b30c23994e25a4a45b060c9d7677ad4042793
SHA512 c857a282c6662aefe102d222ce523d309b6f02e0678b6c72af8d5a4a2e2b52f31e3bb7bb8f407879633957d5afd119f423fbfe711b72dd58a53f780adb4e2ee6

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 e20cdd80bafe9d9703fd93f7bfa2494f
SHA1 457fb7d96f68615f5a6fdae90bb96b6dd0f8be17
SHA256 3ce0008e4be1d055124640ef232a8c673aebced44695faa228031937d9324fc9
SHA512 7cda2e7bae7ac3c9dc34be89f0606f6a069c92320eb0d05ce52163ed4321429d81cc99d6042aa1e3460c8d0ae344a54b276d9871fcac11128b9a5ab713661c22

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 af7bb249078f29eecfba4d56ab58fba4
SHA1 506b0bb67713a4e6ee689fecf20739b2a4c800fa
SHA256 fdb13de1e311d949fdc0c3996694eb688dd591a27b9c7832d518fe189fe6456f
SHA512 d1c184763609e8a4272586995c84eeac01289cfabb27a20764464beabbb6b64b6d432a935d85eb7627b334323a5e3e23a3c5f36d9a355b5ec2c8ba029ef85731

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8dd002079f623bf9c1cc674f661057fd
SHA1 305200ceec7b75c57dbedc9f876b3de2e53df0cf
SHA256 afbc1fe33fd98261b6381ff2deefd11cc824d3bd9e7a4f34c81a5ce9d1ffd54b
SHA512 fdc9186e6271befa34165b8d206448536b4dd05d7d6628e49d8507e81af19cc78bc68381aab399f6bc2ab3e03d6dfe308f99ad99b9c66fea890f137282d01da8

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 f11be321ebab3460b05a5e3ba03a0e5a
SHA1 53d36977636c2ebbe5a2ec837804e7ca6fbea5e2
SHA256 1e248538c7b7b4d2f6b7d57518b17dcbb1dd64614b42264a7d9674e292a8ad06
SHA512 6b3b6bfc1c21b6aab1bf48053691c94e467a9fba1d780c172f276a62fd2ac18c29e30966de140427342f404f5fc60b76b40a6e9da4fe92d83c479a10207b5738

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 7b2591ab0879a0812de8a690ce5007a7
SHA1 7c187039807eb419c903b81feb3315763fc724dc
SHA256 933ca10d1bb4f679b231a5bc77b12a70467edd8e508d3bb9e94d00b77a89445d
SHA512 ee538d3b21d5d1329035c624f04c1462135be817f33a5c6b9c42df618c27cd11ae9f06ce8dfc93a59d3649ca89b0303a6b9794ad025fe5e9e909d4e07cc7513c

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 9a7dc0c2a3eac5fd58a2c1d08aac76af
SHA1 46a44f68b01140957db9d7f237a376fe8145dc90
SHA256 1a6e55fce2f5d30d462b4ec6c930a234b8a6f5e66eab0e4877071e055641a0f6
SHA512 2bd0e2c87f50ec88fc35e0dd31223e1f5c90906e90128873f0352399a64d5bfdc210e2e7ba7b5128509979f54d84c7e08336cc22ca3ea2893e5d26e34596f349

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 917017cd686c5db09c013dc0c58a83aa
SHA1 ce6ef5910d21079def0db3ab46f6eea6b72cd145
SHA256 1b035017b4661dd1abf1c6dc01d8937c621bfe13a7f8724ae824be683bc5753d
SHA512 06dec2b7f01ec381455d402bdc95689a4edeb98487359c739591f9f17ec56c1e0a52c0c44216331d173d251d21e614fcf524a13008a6e13177a0363308a7b249

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 c97eb8db01f3c68ae52fe78ab7e67e0b
SHA1 deb00813ce6013b361da9f15d895c7e2742b4cba
SHA256 1e7f75547955a932660f55d59701846e87709db4f05bc416c903d006a34d0c44
SHA512 0bd3f32d96076fb763a57725c95464403ce5115afdcb4f8e373e58f77168233277ec6eb4b4d0f12bab9dc15205f70999dbd51babadd10354e4d0bc4dc4d64c7a

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 fb96f25830a40485ac5eb3342e73c31f
SHA1 e43df0a696afc485d0cebc6d5e95c7d631b043cd
SHA256 49e652b648fedad24f0f4c1d751674a0e1b0adff4012faed0d68040d7684f865
SHA512 addabb16a13b41d0f671a43279393a620272c69a01d9053f3dcb90ca26be3b236044f52588762ce8d4fac75a7d4d6e07900b6d0915a883e71d7e9171ee49f6b0

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e08909de17c01021ebe5faf9c2fee7d4
SHA1 b0bbd8c947f5e709955fe1d6b7144e401ae9f257
SHA256 38b8cf4d228ffea4f41524d21befc52d9066083e5bc7746854958e57d850156c
SHA512 0f65e07dc977b4c26d44377ec6a37b75e2aec63ce69ee4f4603d6735a9a257035ffbd912477f48aba417ff690ca8e2b42a63a464291456213eb7c7aa197e460d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e6bf11360078b06a0b9d1e991a0a6a8e
SHA1 d00658eb8fd834d9cce5316ca8e647b8afbd0c29
SHA256 bc8f3fb236f5a5a031acdc9ea08c5e41f57bf17aa85ea5cb8b99b6458c012e2b
SHA512 945868fd0283b8be5927fe4ae7917b548d437a772b8d8d8f94fa9c3b0e600e0f1b93b228ef146a5f12004795e89fff536d9ac149eeec8d1a4fb60393bb0c5146

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 38d3549492ad915ae607fc09d7aa2577
SHA1 79e20b9a272d6c77134eb86724d56c07b5b2fff5
SHA256 508bde3eec8b85b077dadbb7f3986c2163ce8357b9d6852a0a9577355022f75a
SHA512 d4ff77280bae1e24eb601b5d8147518ee54af3a98b7cbebad77851773aa9d1490d2c93fbadd4681717bec5e8239b0c80f4a18eab9772e2a41458fc1ea0cf9418

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 d9dfbff0e56a8056be9dc8a3b1750e26
SHA1 2bf0adc4e8fc95c1b7e07912b561c0fabcae732f
SHA256 c528c2a827959d69c1dbcd97d9ff7765c0dddaed8054e48ae2b6a8061426e602
SHA512 133e5adb4739e218481af7f0b845aca45f62d7e3b1ea75adce4c3b401b45ad6a41a78533efbe6c44d1148a136638d26c8db8bbb011a44f5c03fa87249d495243

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 1c4a7a77f4efbf0a96459458cac4d538
SHA1 0c5515dcbdcbc8f37f32cea9ba08db248ba96279
SHA256 b89300bc6ef41784a0441b753936a751c1413657da1b12d2c8ad31818f11337e
SHA512 ac1fa4a9769acf2ac2c7add978ee42849678b45fe9b59532e7d8342b8d2ac75b5bd533ab043c10590e678748cd4a066224f63a46b521e5dc96d66517cbce0556

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 0398b6216281e2850370f36cb47e8453
SHA1 9b58a42393c1f01058222595dd716b34fc6c47a0
SHA256 8c540b571de4a990b3acd6aee0fb43626149a9f67b5b3a8d92172ae306420389
SHA512 0f1e8f65b29025de7d9cb5a6c7acd86f5858b9234cf7bfd453b3d933ce72401856f5ed15167c814e141112a10254c8ee10e47a3224c3e07ee7307b1bd4b922de

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 fe50e5396250b0ef72021c1813cd4c6b
SHA1 44188bd2d86202654a40257f21c94f7b3c93d533
SHA256 f613fa7fe3801376350389c66dfb9b289619f136db7cd31122548aaaa29beeac
SHA512 e2895801f16be751d2de965bb7c14272f1124fd19da6fd0897a8bd26efb1e2ece24c117d9c927d975e8006b80ba7f305b4fb38876238d30481508944c6acf7d9

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 2901097698abd81ff5efeead7c0eb24c
SHA1 7e9f471f39b5b3eb0c6ebeca5d9aa4bcbd3b1674
SHA256 6e8fa5f818c620607a393f95c2ce817ad9223296f47eb8b62f849aa40b0d83e0
SHA512 b4a77e185070b69e9258887bf2360e1b7354f44791927e7b4be72b970c2b58e0524744c7a12ea2a0acff5b7839c64751efe71911627ebe0d65ec9ad69c6ee3ec

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 1e036b42975360b4d41fb69bb6b0c02b
SHA1 35ed2a9627613d534e12a8312247aa74534e25e8
SHA256 0bf4bd1653999d9a93c830c7b6f9db8f278f0f23a8b7a6f8e382597331c581d8
SHA512 311c2728b70b575e9a1ab5354899cb94ef3749fedcc1c0be71da225a236b03ddbabe5d93e79d8dd1573b70cfd426561c5495191aff7e05ebfc4da13173f95688

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 1d1d723a81b45a197a099995394bb320
SHA1 2cd2fe52e2b5254cc8a87a4a2f44646f48762038
SHA256 e1d82a6b626503ea357456742e68b25d9dc189fba60f6bf3f5700f2333b734bc
SHA512 109c43eeee7e4c443d818e657d7c13322bbe2364475ff07e059db6215a71a7a30abe01df4286794ddfdf1b5d21532015b755e01d70c740723ee4e87c91452aeb

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 71e0b080c986101ec4ac94892588d908
SHA1 ce1e9d69b035ac3585002a8f1569aae45fc2c0e4
SHA256 7886c4e065ba40d99cb60ebb45988b767a538d462a96f12b7e6696914ae605a3
SHA512 22032b4d93fcdc4b8a8b99faf47bd0e2d21bfe546e361a93420e1b1bd184bef3819dd82fbbf75deab92f8a5bfc2c74dfdf77397114d6f1d562b2c68bff69c46a

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 23f5be57e8122c4192007930d9fc5d99
SHA1 714bb7893136bfc99835f1e5bb25910c42c50f75
SHA256 16377a2915712bbb485ce8ff39f177598cd80d878df9d0c64e61dad5aa1beece
SHA512 6234e0325668b8bf48f80a10a6de6507649a5c8b6107b6d7aeee7c0ca174380243c2ea2b0049d8ba6b3b186c09d2cc00b32598af491f4943491b3273e5310197

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 baa0d2d6781f019aaa1846acb2674f94
SHA1 6b3d0836dbd222e36cd4dd1b842c83114958a8cf
SHA256 20566443bab3ceac5db7e17f95e6bfc4aa65c7beb63e8227a60827b76c6a68c1
SHA512 4aa35adbc2d94fc950190e38cc5b169206c75648ec12213627985394de4650f1bf2122591e447127feaa5afdebc0daafcb546823289d1e22baecfb75742a3588

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d0080574e610c7954e455118c7e1ac98
SHA1 561d9386fe2ce78b9b01c51ced321eb975622441
SHA256 7848709e9b108a30f3e6b4cec98f07ec772b41bb2b6abbaee59813a16e6308b7
SHA512 1a353294bc8f074bbd9d4935934cb26c465e91d484b8d06ce35c6c7ed40780db08b645cc0e4a56ef1b2ef04315cfcfe77b85be0010355fb9dcafba208f2059a0

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e7029a7cc689628c027fe08f4693fa81
SHA1 40fcbdbec70cdac25a45bd58e5b0b304b65fb35c
SHA256 b35dd7e624bf0da5417e0da795953dc215f7e0a05b9116052a922c2f50c56f6b
SHA512 4bc74e88e94159c8019c2328cb9f8dc50e642ddbe64117c2e621278d1c3223aa31844b3da96f614a9ff7c4f1977a4f88486212fbe5919b2a5df0cae66131b1d4

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 718c5f4f1df0b9195314c55dfa9944f4
SHA1 93d7b09e69b4df8d32c3f2ca7435ae9587fbb117
SHA256 948d256adcf4261cec0174e2d81220875e27e3aa0c881dd6645d016f10183cc8
SHA512 e32c6776f3815c01134eef97e89281956006deeb178074b76338b933d9ba424addf761424cd0a0111dff2e9633a25da41340dfc891990b6ff41289c993bfaef3

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 e08ba43b61bb884622fdee921e5bb4dd
SHA1 f2c3943b8b20c4d75676082271138aa8653df46e
SHA256 fa7bb407ae601ebf50c6d473d0938a9ff3cc3742d82fdb43b535fc0cea3415f4
SHA512 48fc1b87e031f1617eb3352ed5e21d14f2ed2fa9d4a4a0048137340e7d5ddf13930c33a90e87e4e990db728c5e7de66390deadd74802894f763e1d5ae6fd4524

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e70622cdd779e9408c6967314397c760
SHA1 52cc617ebcf0365430c8db59ecf5f30ec48ab3fe
SHA256 165d7b1be25546883a5ed484186e4602a2b87ff35fc13b4baba50fed5ab98368
SHA512 5bbbe3e87da54ec78723c1c3efb9dd154099004b11924fd8db96a4fcd51c8bd100232996f38623356a988de5e8c53c189816a2e98e9332f7e3da2608abc3de70

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 a00805415a666553cbbb4710bbe61a3d
SHA1 db0697bf062e36099bf421623d50b009a7715799
SHA256 4fbff05ff106078a7dd40c0e4d4b9ff3b2a5e854607550fd7d59def50a1095ac
SHA512 582477221936aeb74ffc31bb97bc828159368b544ae8cadeca47bf5ffa001fe71fc0419a29b240280645a7836e9a9e789f3255c54a5eb07e99a2932d00af93c2

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 91daf0243a4a4b63838fd06d16203d1d
SHA1 cd71b161f356083f8d6d52ce53706ab52bff63ae
SHA256 f82c1e11d929bec85b224598619dcc3a7fa6ea8010875a29041c886a6462b7dd
SHA512 02907dcd2ed4c3093b99a1a15feca64a5b81ff26f5300d756f5e50c56bd711db8ed7f404851524299c91c71209eeb51aa5118eba45a4f8b2bddab009f84b0cce

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 00f55c69cae34518a52a8de4217524f4
SHA1 179580ca871757d1655deb09ebf10cd86cd06b41
SHA256 e03ed976c0d08ec747d1c8d849cf6714b9bd1784d140b3de70b2989df7bb762f
SHA512 f77fdeb594057dfc09247e5bd56540ac935e48df2aae67e00a8cb6909c9e1f98a5c2de5a651f4210d768c2fff26e872865d1ac0abfbe0330d4de4717413a631d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 9947c2b82ba16aebea8c522eb63b3237
SHA1 750c12377321452b1f1aab89f5fbbbcdc929926f
SHA256 b799bb98273076fee6d916c5181fbdb6f2c9687b26055bb0ab60010c9d1bdb0f
SHA512 ce0a1f4b62f315bea0d997f9c4843111da5ec6db46c3141f1081ec05808ca1b2c4125cee826cd4950077b241a3e028377c1a804fe331bcde618e700a0feba689

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 04785804d61d12f7c5b41340725c905b
SHA1 d570d2f228d67d4a04f989946ba37a43bc8a16a7
SHA256 ca421cb99f17e9da3697d6034492ce7de436c1bff74867dffd3f55ebd7100111
SHA512 d91a594d711f1f3001fb3912aeef26d201c2340ed306faf7e857c561b1caeb8988f4d2a2641ef22f66eacd73e273b4129390e855ceb4b614435cf0fe1430c14c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 dec1b384cfaf33c2c44455fbcba4d9d1
SHA1 1630a7b67e6b77e3ac5265ffc06b4f69cb394687
SHA256 e1e30d7355689af1a92f8971b48d55c55a5aba0ae7d25a79d8119de4919882d8
SHA512 e72f2770b91c2258f1823107783c32223a7d6252f004194b8177150e5d335ac30d6d96aa1a69528ae27d444a0c36061d773c95c65892aea87915889eb6ba4178

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 14f79e4990e3611ef3c6250aa8780f88
SHA1 a938a853d1978724fe52d52f86ef768d086e8a6b
SHA256 94234cd44b562cb6a0f24a3c33698b1ccaca842c7e5dd5219c8c91c535050a2f
SHA512 af570b7348acb92edff4dd4f67b56af59c15f8d89614cbe1cfa15ae85e4c16e24b555b12035e9ec079c75b47c8c5258969046bac1a3a2c2492c38b6fed66d87b

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 66c04a498e97a029d6fb1f262812ac58
SHA1 adfea87e784ddf51580e916507da59858abd1a5a
SHA256 6f8c83e9c115377c8fe7b1e8bb79b9bdec9dc621af0de9e5ed123f8186e296a2
SHA512 45f892e47ff445f652e5cd3fc46c51d78a7349a23862c4351f4ce56701e0d8e59cf28b4cbf7c5d4515b9962381de0e865b4331c0def9031df01b7ca327247fa4

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 568b3ae148544d668a25f9bdfda87eea
SHA1 90c9b6910940525e0eda6a36ed37f91785d24eeb
SHA256 2cf677d3827f349dbf80ef74cea73a74667154374035924ef2815abfb62c61d2
SHA512 7407249b5e37fc1b793074ef989251ed99da9f82df7db982c87fad15ea67b2a747e790fb1b5185dba7b8ca259378541fc567fa4fc31dc2f8bb7af72fed06526e

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7ff2e2958b11f31b5fe329a9c6976c99
SHA1 bc8949e5bba38f4690bc7800023ffbbf7742f9a1
SHA256 63dd55ad8c5ce480cd103822fcaadd3f389c88f9392abe6b5c87d99eedcc7cb9
SHA512 ecd539f7ac4874111d53468f80440112088adcb24b6d79dd3c5069c5c3d521914febb2599c038f95f2929273541239ed68490bfa3bc8acac82dbbe03df93c615

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 a79c2d812572e9c053e330e4d09c884e
SHA1 e30dd2ff014c32ebee329528ee7c3b4ab81e20ab
SHA256 1883e26454708acc0c2463f6b7a54a327118a7ce98997223b0e1d14dcf2f5834
SHA512 8b8e9eaf49ca714d0f14dc45a3c77285115ae6372d5efb334a903ce722653742edc0bb543029f28bdbdeddaa40c4dea864ef9ec76728a38d02929eb0a79739e1

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e2935aae6b3adb087353c83604d9ab0a
SHA1 93fd71532687eaabcf18e79990962de9d65c1898
SHA256 e6367368cdc90a9765749411e59d3cddde79cc3b17f284194702e114a034b473
SHA512 4ca03a077dd74d77b4423ac9cefd45c2deae9b7c63092b0f28e5f25cc54d82ca69cb9f6679bf0f1f8f0e339a8b2dff98ceed7aeb138fe2eeb6f2eaf18812dbd2

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 dac05687511e5bcb3ff3b59c8e1029ca
SHA1 398a891182ea28ac5b00fea6423ac1cedb9f7289
SHA256 b34a3111ec2b3d7f2a819f272839223bcd444f7e09d38e382f74a257ff44d641
SHA512 fd972b7460bb6f2eeaa4fe8b003cf1eadce4d867c9b29a84284d0d946bcbe7439300278e97e2067c30f26570fd473b5abce5d3ad776738445e1d1e0314c0c87f

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 053e05f13a369d7e24c9f821c5130471
SHA1 12bd8aa78b11aef82fb27b71bd99fd071aa296e9
SHA256 f3db8346559cac24d3710bee8c663a940e35b057f596c3427f1e84d589cc1f46
SHA512 7ec6ff45656d01d022e7da34b3eb182149374d2476f2ef290fbc312436bdf939ee1bd392605e515db0317d2c2836fb34f02167a44865461bc46996c391a8156e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5e707b4c436b48fdb3d88b6f66e03556
SHA1 e759e3707ee72d8c2ce94dd08609ebbd2db82831
SHA256 ab9756a1b002b4d644dcbba0614ffe3da5908c03d7942a17f58b43761f680671
SHA512 11f2be75c81efb0370e51784cec3a59e6129a4541246751a40995c9a695399b6d86fe9bcf30d1790b14529ecfac2b1b221a43054bbb511fca2c8c1469c293786

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 92ee6d35192fe1806c359840563e78be
SHA1 c72db771cddeb9efef2e570d3e771bf766da918e
SHA256 01cddcf02b418feb4c6a4cfec0f48e5bce88db18cffb09ec0b31361720bdf26c
SHA512 a41d868e9c85106ea97aa2b757346e91edbe1a827cbf78033d9744178fc29423ae9efd93c5d272633b1a41b641ab690d08d212548ed61f6f2366b95022292c3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0dd43beabe10fcd2454f36c326bbfb46
SHA1 0c344b3bc322f89b5c70b75b72a0f7fa8c7c5787
SHA256 02f3dc703d910f1139ce97d10994349d93441873299bf68cf75187fe964c4a99
SHA512 9413db59ca9aaf0607e863074eabefa85179b7bb53bed5c12b6f6ce40c13de7bad0d5ebed7b8c52b2fb4b3cfc1057dbbef440182f12128ca64fb96f3b6db626e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a93c04ff078e6b89effd4c6b514ed825
SHA1 617dd05d5a0f0542d73bd766db8f7eb13c927915
SHA256 9e0a420bd50cabe6dc346b35912f33b05ea305d0ddd98ef763754105827f8343
SHA512 891b6b9d0ed751dfbaf77d7e5653c972e04835d5bd5c9a1a0d8f82a0bdd049c25e28c5e4e635117d79bb96a4e5c86663a5187cd708a48d0e655e0f9242b06819

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 4e02b5af4993250e64bf1a2f71358590
SHA1 92e31a940c19a7207503b210883e433d4a8a5b86
SHA256 8894aed44655190415711e34ba7cc126d97304ef9d2dcef297fa39d0b82abd91
SHA512 a7c3b6ae89efd1c227d3b5110214ea751e58d59f6e39f11276f9a8de1a7d54847f90cb314da290f183157dfb59f02a622c431c3d4588c4f6f6b180e2802bb917

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 5027daed9dc354f6aff056f39e3989c3
SHA1 bd4fef577a755714fd38229fa78788ca178d967d
SHA256 4139669de612141d54d255af6dfeb91efd255bf75f8df2fb12189308a7e40164
SHA512 017953f5c2d61469b8fef6c4cdb0acdfd81796c34db160eb76685a5e9d8799d8187d8c7378d7035d435b90ca7c618c769f67afb6f3ee705f69621edbd081e475

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 28d8012aa8ab28d55786860dd9c30a4a
SHA1 0be1489e74f13bffd1ed0f3118fa575991772a40
SHA256 b9baee70320f7fe1d97cff182c39aaacc86deb66e7861c1d1db7197dc3a13e46
SHA512 1790538acecd6ec0ddac47d079321bcc5a56fe75d5f74a64b268bfa82bb60d7fba28aecf633b7234e5bc11c5f9d7d32d34dbbd75561c573bfc660b145629b250

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 75c6f7dc523c54bcc700cb3da7848caf
SHA1 3dd8989a6bfb99f148d92644ffc45139b6db4a34
SHA256 692b99a3a7739dc790f16b8d132ff42e4fef6b386129780424781277de08d934
SHA512 0a2cb002794e7edce234599300c07b45baf15e83094ad85f4e808af6bb8250074da0c9a69829e6de7c95aacc23fd339bae05228d2e8cfc10c08be056c2b94e99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 16b3cb5b963fe17ed45645473152cda8
SHA1 ffd8b0aa7e74723efd6999a4ef1ff062b4915fd1
SHA256 793d8ef112c361e948491291949dfbb95b0dc739605abac093f0f78bd16e67c6
SHA512 7fb335cd30a0da81a2024b81d7b57e577537fbc2d87e2d303169dd477fa59130eba470bec9f00c44ebd06a61da682726a9695813da809c284704cf9ddf43462b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 0073f9342887d2aace6b3916e4f0498c
SHA1 93f07953da912acbc2c1680b359918eb14af5b69
SHA256 3dcb08605958c58fab6150b666938235110c8250da405d11a4e28d25d2ba935e
SHA512 1a1d4af07dfece8f315e8d5c6ff3703a6cc6d444395a3b8f96b96ea9fed9aa9340eb3a6005b2ad655873b1145b76da3005e6f8c128d040e0db20312ad5089085

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 73b0d431892e18a3556ac0d216d33553
SHA1 5e9cb86f130f06f0024884bf0a5ebe0f65119b48
SHA256 41587c00cfec2a14ced6c07680086f5697586fa532df0eac4dda108dbaf09111
SHA512 e2e7b681e538c6d169668570498bf5070d6ca69ffa768e6b5d8283e21fed7d1148390f0081f97f5d2b99bdbdcf5aa45a069fe2187a36399557317ba63738581e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 61894aeefeaaca477f66b990b9330917
SHA1 29fd8a8218891e515e787b0cac1b83512dc0adf4
SHA256 9ef6766a97f3659e4669ac48fb18c113c8422b49e8e646a70016c4d944f8666b
SHA512 2e877c5ecc52e7b14b14626a1f9f9af187a3b4f70184ea162f35ee0a8d319d7cbd456d45a2b21b582508bff45ef5e4394853d01eca9bb9d378c950b7a7e8ceed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 35ab06fbbaa4608989a2a028008ec125
SHA1 0ac35ec2f6c922926da85639e7a64b8ffbf92110
SHA256 b76a871009066f8e93abcdf202d1474d5acd331bc30cbb4ad74738141fa10fc8
SHA512 4e45fc34196c81abf67021fdf536b1b5e6cc77fb9fc9381b688be7eb8a3a5ed4e7456dd26968dd6ecd4e27b409369959c49fe71445eb8cbcbfcdea2e3cf6a011

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 00f6761b54308282e3c361dcfeaca37d
SHA1 72147617fdee33e95b7775cb2bd541959455a716
SHA256 d507999cbab723c68c4cef4189a09a0fa3df334a9a2638ca944acdb779e5579a
SHA512 56590b9d2904056b02f2d894bf3e0e85e4ee747dc525eb9f31ef490d58615ea4f3d2d38ed61bee0065303dd7217b01406f9937d7ecdf89dd5f1aa9537a647646

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 8d0f1da0c44bc9fcb20d649a857f4f04
SHA1 e411db6f5bbd272ef4bb505143e791124f6faf78
SHA256 5a15be2b5435c4c58d02a38a807791e50bd940173d725206627b3eac1c2a05eb
SHA512 2dad49cc1e830d33f581757f1c0bf1b782592ff78f890f53dfb4d70b56b8e4e8d2349c6dfddbd1b53a36c44d56019036974b59762816971533a815a5fc8b382c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 a7b5f2f1b3941789bc23768d99668c21
SHA1 dc20bcd233d1aefaeb2f896df2be8ebfb94ac3da
SHA256 02c00d1e820922804fa80ff8cc9c239947d9f0ecaf0b8064e3e2f9ab01fc2244
SHA512 887146d36df168d704bc0d98c5e232814ecf6ac87012363a2a3af4c4635dd65de9645800082c706c724917633eef79ecb46bfbbcf841d3ad377226980a09af79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 677454039fb346e077eccc5f870fb856
SHA1 5efbc44fe3bdf82a3e0bb3cb6388d6be65835009
SHA256 110146495dea6c5ff1170825d33aabf4a8fc13d71621670f604dda5b56fbd7ce
SHA512 8a2e095d8c8a76895046e06f89ef7d256eec265687e57fb72cf92a539cfbc08cb83d7038d7635a0eb68af1dfc9baf28d91efe396cff591accc2027c7f17d2e38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a36eccc9897c0e3c8f74f3c4b3311734
SHA1 911e354dd83d1ba8f710423a95284557bc2907f1
SHA256 1e9fce4db87385c35161b392e7e3ea5a6c22ee10717d4c91fec4dc099a362c25
SHA512 3ddf30172ebb91280e07dadeb7130e7fb07165f4721b2831ee16682d9bce3eb1aa7bf13056ed2652a98749d28af2c424f31e4d17894355b8fabd453fb1962fa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 f36fb8c733cd1938a53f584a808c28f5
SHA1 2e00e135a6dcd014fb69deb62cd0242e55a59c4d
SHA256 c001a9fe311f97c226c987c31e73ded95f193f3683bb31572a12ca6c38cc7f06
SHA512 f82269730a90ee520e9c3bdd3215ee356ab1b4ce8e84858b8549bd835a407793abd28fe484c6c2edad5950eb2bb2a994e8b7dfcc3fae739693088fb7c09a08d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 88abf4cbbded46bd6321ccbb2e693a0c
SHA1 910d8c4444c6046355e242a4889a073bcfa69bc7
SHA256 62daeb158268f6499bb07b29c6f492a9fa138b51e39671abfad59cb6336b807e
SHA512 8a1ad2003642c9064c94d13bcba0a01f485b9fd0d060e40d2d099a72776b2f8fc9f355e7df5a13a6e3505b4086f3638fecc16e20e7bfe082ca923c777093888a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 8fb4f05553646b31a08e3dd47086e234
SHA1 9d733c40a7062cc3168b9cf58b56c0e659abc657
SHA256 411548360912ea5e256dce0bbdb3e81bc0521788619b6460d09e09849fd8a811
SHA512 cb4f7dc726ac8a79ea97d83856427fe48bc208f5d80b2525dcfe4438f05632e55ed165581f8b9845ca28d72e5d546121125be21b10218150f9eb869409caa07d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3a275c58399403fa9169e3d9addae68c
SHA1 9f493825f5aedbb4082017973c43cbe21d9137bd
SHA256 9b7ed3f4db50743dccfae69c5590be56c5e5df3b3b0e32cdd19c5366c2210d94
SHA512 21a498e26fb99966968647a7b2531a26033351cbca9164103b8b0d2dc45af6625df1cbb46b0105338ccdf8335d65cddfe3445c5a08fed049562480ae9ddfb3d8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 38ef2fa51b4d4f30d8d664751a283750
SHA1 bc05eaf7433829aa356e1b5bcd46f28da7197235
SHA256 c0704b935dcf2fb8bf155da8886bd81c2339c913a91eaaec581567d03323c25c
SHA512 6cfa3977abf2946722b4e2a3cfe7c8ba94bb727d696d359b839cad8e590d5dab2df17ab6fd218e992f2e45129bff60f936884d12a87ab26f16c4e1be855be5cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 87bda595358d7861df6934c485ca5a1d
SHA1 8f6bb7549d79151820a37a9d1738a4e5ee07e9f0
SHA256 c4a2ed1051a2c627aaac42abea1ec52c866fef88d65b0a2e516bbf48c51d2bac
SHA512 0e80464faa49fadba502093ec831d7e812958c761b64bdbc5432e5935ad04bbe0646926f57570e3e24a16327942560e02e9710e9ea33522abac668852b5b793f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 d072499a669ac9fe68f905f3fbab7b50
SHA1 6c5cf1f5ecbc7928d20bf35819423200b8454970
SHA256 6ac83d4e9b1dafbbfe656d440a24af32473522d224ed0849ffa7ba69d3eb2317
SHA512 d2ed71aa17c637d9ebfca439f6288bc79ab7df2b4389e263e4371b4f0c6a10610f6737c5d748aba210a7fe2bed47220e20405b191e478caa78597fbbede11bc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 13b9e609b89cfd9687d3281ae2969bc4
SHA1 78604ecd3368778380d7902f79bad1a45e63e52a
SHA256 8d2e1d61a0ad980ddcba59b5f82cde6edece345f63e01177836da9b5180c2718
SHA512 9b478a3d7eb60c4adb9897aad3abe1d021203c12ee8d3dd6bb4b7c1cfd2003b4a65574aa010ce563c9702a36e77647bcd3ae8934e18e8c8e8ef32752f7fee131

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 2b4b17a86cf38bc60d7be79c278899b6
SHA1 8bfc8f4d563447856c91f25d7a9197a001833ac6
SHA256 fba3acf8a75386ab17ad8876cc49812b8b0e7a17aea63d459597266fb10478f5
SHA512 36352e8c133bb09303b2d296d80ee444f020e8e48ecdd912a751e4ac90d2ce9887b932ea1b420b6fee55104f4e6783fc9ab71c00cbe2d1ea1ba896c946ecc023

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 64797cb692a434a43fbbec744adad89c
SHA1 09171755a6962df50155fbaaebcab376cad884f7
SHA256 07499595cd5c3ffc44885f5d061c3bc80cc377401eaf6f6366dbb609090764b5
SHA512 f077c3368846c732726bb64e88e0cc3c52cf0d812e7b771963c2a00acaa465451d5e460b32543d4cf8b80eeb2b16a25bdd4e7518e085dd4574d909387b08a9d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 e460abc796d712722ce121f359aeeaaa
SHA1 91e6c80681bd9ce0b30ba30fdfcaa0d292570a1b
SHA256 397d5f9c661f946634799b745273f7505422316a4fd1a62d469e48bb599e9bdd
SHA512 98293946792a668836df3f4556a938e6d4637d0083645b2d5d32c4f710530d69d668b5f536236c05d3746cef8f03187114c34eb173835e7bd7a25b5fd49afb3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 29f6314ed45abbd9a0846589d215b06f
SHA1 7214c27f5e56a97ce0e4c33df7c90a76c9a99330
SHA256 629223d0f4c8a03f24828a13f4ccee8abf747517db940282058d30cbc297c0c0
SHA512 5f38be49fce3724252949335b42d871e844d3844514614febe5fdebb65eb34f6c8722687e57c798d96d7eecdf65f6eac5b40a0bfe93170ed339163d60a387b8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 32a6d09965a723f559ceaa66d5f81748
SHA1 66ecb196948407b4d40c6ede63c4f0da92954aaa
SHA256 545058fc57403252d56518aeec70589926e05637ef86bb88513de12d17dff799
SHA512 a2316be624a86a6d660dd28fcdaa468c0284abbd83a99d6574fff39c1a701eaf4d43d94d9614f0c63dc7267a896d0498ed7b95a93f5c1c0a531d1973ef9cc8e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 5ab6c73154e896cc69ba0349beecb233
SHA1 a5d68abd2e9738d25fac029000d26334d600ad02
SHA256 87a924b0507e9677e1c27f0d3a21daf623a30c92eba5534ebcccd42624f1c95b
SHA512 a572d379cfb2c34546f4e9b0c51cfe4bf497faf301fb63daf073a76ca7171d436d7bedd0e15241619604ae9543a734593702702d94dcc97ba05800ffa8ae80de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 1a1d39f22aa35f44dc4b479d23ba7f7e
SHA1 270339b0cdb81c39c845dd63c923e471b6e08602
SHA256 d59f8851d5ecbefceb4901a3ce707a783c82588f092004dd6ae6f5d31a003ab2
SHA512 bf8ccec7d9fdec2bcd612f52210bf746223a10c19732871e5593b48a3b428db655331b4854d9b0847dee24fec8c0ea5c0a312ac42556a6ab372db3454ac27a0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 870b62e2a10f0649dc6fdf52f303a76c
SHA1 d6d1dcc89cff7c235fa3b5fcbe301f35ad103705
SHA256 bbbf2a4f53d09201199e40a998f90cb0ce2aa0e5f077f4f518f811e4f79bc320
SHA512 0641a70a5e92dd84ced7d18d76acfa4a6a8b3692f2ed2ea1265005c3af5d923c4076eddc140514a2f1f7ed82bd660c2633bfe4b7645989e31d183b25d227b6d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 cfd16d91d3732faa95fda6b2088d0664
SHA1 5b4ce3efd328daf132a61c8573192a1d7578db00
SHA256 55d1f571b77445e1a70f52f20432d76ce33a2e1af5632f3550dbd299db5bc91e
SHA512 50380939b934d53d95388b98fffe9cd49b584547c63ae107e674724bfaed11298e318798eb48d21b03d8261465239c00c48daf0fc69482a318eb7842ea856a3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 9b45b9fb7fb951a913790484d18285ee
SHA1 e93d0347b0aac4290d8c7f3fb76617e7926a1b02
SHA256 5def93266137729d7190981b37fffd04c3fb333ffaa85bb29f18164dbc79a091
SHA512 8ed0a023eed538f202a247c75cedc34e5a837032725a44eb99d17715a28581edf0fa1fdd4059d579fbd55d07bc2aa5770b7c589d066185e1213a2b0c7a60e440

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7ca9c23ee7087743db0529f50ad5d8e9
SHA1 ba2374e86c1011b3042fbb400a036d447461e32d
SHA256 95fafdbe39a8a146efc3cb99ea9b6657bcac4139378eefca9e28f44df5add36f
SHA512 03b6c481b91bac290a905e49d90f58904dc2978b112e92cbd8c9d5369878b41573f45944f4d4c7f6713069e878dc102bc0f40318ae17a15ad1d1024bf7dda55f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 dd7ecc76c0e780ff00ec07ed578a190f
SHA1 0e7c2fb984a296b763252d9707516e83421429e4
SHA256 63755dd30887c5c7bf274df219f115bba9a6a00e698c104fb8b5d890b357db83
SHA512 b7fe3445ee375147b560e4e16b751a80b99a5a5d8647ac0ac775cf5f517299f6848c0178b6fb8961aa59788d5613afe198c9fc1bbde935d8162c6db7b06c45f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0901da45ad9f483fa8d0b557d1049219
SHA1 ce206896dd91b9c57e8e8affec39b78c96c00ceb
SHA256 4c651813b5e239d3941bf6b800ce8014c3c5e50ca9e68c602d2b327df4b863f2
SHA512 f19de733932e489c94644bc6526c0693fd4ab989dfe63fa2da618cb74c7ea73e8df514de802700c217906cbdee2f17d9f956cf3ddcc454099cb749d75c675269

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 274c0d7b12f8c46189d95a859996d26b
SHA1 fedd3f00bea3654fa5398d158f53f9bf54ab5c11
SHA256 dc005a45b80fe480a228a5f9495497a875615b89ea7e7f551f6d8dbdb892a628
SHA512 7c949cca6db181b31dc47895cfbd78b20b70ab2405991177bdefb1f89a3aabb8b3ec898eff5d9caa880eec9ab58b03c3e0d43d2fd2c35331fd57d4b823219272

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 520fe99478ff5cf0298fae5eee7a726d
SHA1 7473fbf36613a000ab70e009307c770b7b878a05
SHA256 f53158d5784f99ac32925b5a7d5154234a93d0f5942bb00bc649f45f617c6aca
SHA512 54adbf13d04246251fb4503b79897f9428a32e97be5965e68b585fe642fb316361d7fbd9db51859e5388e31e26e77d42eed643af5ae72ade8c09ea406dab6504

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 31030495f90ef654f955818422833386
SHA1 512f116ddfb1da5d6294934b53ef569abe5687b4
SHA256 291cedb55f4a5dbc6e2868d1acc8b256b47d80cd62f3b61f3bae72abe800a1d1
SHA512 a93d3589170dc4f31a5c4c3b1b31320903d3e26ec464c44a453e8b4d6ad17d0cd1330963e7f4e6bf92784f2a0a95a792c83e753e6b2828d46dbec030f91b6813

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 959a3b8e3028c74ac31d95b072e79d6e
SHA1 f18ddec2e37c07fad1a0ca9a8d003c11d695849d
SHA256 6cb1dbeb8a1d30e6e3a3f3ddedd3a351ebec91c19ecbf2f8166f8a8fc2fa7ef2
SHA512 652c578ac67599b408a8c21871c9cbf5ba20fe23dfe7b0ffa62d35daadd40a103850afbb88894591281b450647be0bf402a3d896a7b2fbf034c18921bad1fc7a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 07e3fecf98d8d216f0487b92199029b1
SHA1 5526a18c22711ad4543077cf8aa4bd94cd90df7b
SHA256 f00ad6debe25ea63f98c818e02fbfcdf9c4f8dbd5a2ae4675f728e52cbedde96
SHA512 2eb7bab1ef218c7aed39a0bdff65f947a68c83823cc22c3d09383a5a4eb490cd3b8623a120b48687a265ed9f31505ae1348bd7ef705b59688f995919dbd42e21

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 a1e7fc341680a001afa05b6652d7cd98
SHA1 76bacd009d03bd1188503ed36d506ef00bcf7cb6
SHA256 fae325fe5fd3435bc26b75ef828a8db0c063c2bcf0242fff95259cd17a712bd1
SHA512 567f66e8816ac0811349414813be348553bbb465c09de2a9f47d98483d732aefa34deca0026296fcb202a76e0d7e29f4088cb026b439f863e67fe6581f662ccf

memory/872-7124-0x0000000000400000-0x000000000040E000-memory.dmp

memory/872-7130-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7d518c6b59d0322f80e99e5e417d3d48
SHA1 738fc77523801357d05817ec58c96a4ca499bfda
SHA256 2f8f199d74439453a1f966a14ada8bee14c4982c3bc703d69c5da6ab9dbffdff
SHA512 fc79e050cefcb6b507e6e8e1ff34f746fb81794bf7e03dc68cc9bdefedf3e19518b2ebd2f1f8e3951be22f38c9612886b3fd563f3c9d692845233e43861be55c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 f19535f6394bf03180bee9ac724b80cd
SHA1 5af0a454091b714589efa6c507f8cde57e0ccfd6
SHA256 24bcb0fcae0bdf214bf7e590692bcffbd701a25bbd71cdfd968aaedc27067dc9
SHA512 3c3d04a4f97a708c1bf2154711a11a721ff6d393a03f38cc20d814b0589f68133e68d8ee67b50ed883a59b4fe4d4e328ad6395da4ef8ead3404acb5fa3d6d5af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 445afbec1a9131faabe3d9295c50c414
SHA1 c0881a83820f9e5d4410dc1aa4c514343a3665e7
SHA256 8405384be1380788486ef88e05a3a8d7ed153d506fc88fd06652d15cf24aa5af
SHA512 60550f490dcc979115c3cce3d6c7f8904831d69a5cd6c38bef8e7b171f70d781de547f13c87b5a347d781366736c2f04995946ccd8ab3f2d34a443a203048975

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 98fa0a175021128037b7937ea84c36ce
SHA1 6ddf3eefe0f8b34e6deecc38f6b209eaff9323ca
SHA256 85e108da775516dd894c3659594fb61b41c11f3fc300d14e1d76fd59f0bc8744
SHA512 9bb2349a546cb900d663431fe9d2e2391464e84cc15d840a9944a1edd98b158297d4ae3ac849515a10220e19131e3b36a548a100d42a2521e4bd96774da52a28

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b0a50b065bea2c81884133a8e015cc0d
SHA1 03094e1f1b0b6cd89dbaeb8663251b8bb5164012
SHA256 52193a94dc7229da5215c86cbad5311896dd291ec3544fd46a3d1b9d4f2988ef
SHA512 37813b28d14717766f00d62f3016dcec2758c5b688637455d15f1a1deacfa9530f020daebc530d8c4d6c595db6d6af1d0f68e272b448b0501d0c4e9bbf5016aa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6bb7ade19ce482d765b3d1a80851d590
SHA1 f014989c4ab6dda6e67e2bbadd35775b18f2ce3f
SHA256 cd606d1ffe97de47a82e6dfcf39de4938019c44d1a180738dfe4f9eb99a77ef5
SHA512 aeccee4ba8ac56b1f1d514abdd65f8cf9ff5699fa90fc580ee46cb197c47cf6288116356cadd25fcb75b62b90220890c3a9e0ceedbc66215db8e592fba217271

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f3b1ffe40f64ae417082a584c37c74fe
SHA1 36b2b2be1d6114c4ee438d138b887b1b16d08235
SHA256 fb2e030cd20797648b8edce40b832938145600db635afb43248f9954031bfb30
SHA512 e8b54b6fdc84277eef6038555a8f203f9e824cdd5dbfd388fb77a8fcff5b78d5964b4504fae40bec4ae70ce9117af40ac5059781a8102fbd86ec3797d9fb1b52

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 90f0484f10c7eafb9524e5bf7e186190
SHA1 be17d708b67bbd123ef83360aa0114a603c1703b
SHA256 f6eecd92b70d23003ba9970ce2945ce721dedb1540ea6b64b8165e3ab540559c
SHA512 da5f031c0ba3476f7fe2784966bbdcb9c61d95342177fae8662b00e48e9fe4aeec1e3024d39e58b1aabd6d7f5004343319dfe6311a87949b9d4bda67a4a798cf

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0599289e8ac007289cd07d4b70d5c991
SHA1 51dac2d1ee26b4a70fb5a45c686d51255684b2a9
SHA256 3583f6d1c856710b9e916f9e782a56c6646fa6b4fb19af61ef5df70eb7eb2de9
SHA512 0bec4662caa0af1ad8e0a65cd5819a45daeda0f09fd8a3baba77d7059700d8240ee41aa44bb8d60533d1f400738a6fcb3769d473dc07bff6cc71150e491a95df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 19756955a4f50b67aebb9bae095db10b
SHA1 1d4e414f3289cd1c523da0bd4fe93fa481dde3e4
SHA256 cf8ea2ae0550636bb2d8004c68bbaa4e1edaf460bf4f25ee435fcd0331d78ba2
SHA512 5e2bb5551687ce2d41bde32ef16efc1eeef6284c6489e51b8833c65331e64ac58fe0e8ed216d5ccf650808996ab84f3a363441a51d023324bc55b07384e9e8f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6513f82bbfaddb0ae3c1cecaf4e719d9
SHA1 333a52e741a5c535ebd0c57913e1cde3b2a42ec2
SHA256 0e954e5f956b3029937f096cb89d3e0f59a20c8bb7a01d0843f11152d5cb5514
SHA512 05a3593978189e314ff574338d48b7550ba1e0bb94a786423d5f5917a7d766d52029f517d6933b8b90d63e09e00ddccf2fda9aaa8dc3c4e668c1ac904b7f4dab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9925494bed9f10841fb048aaba6c76a0
SHA1 4f00272ed70b3f1b4ccf8313a00cf84ecd22131d
SHA256 2ed3fa90e20a84b9948e24c69e1729e38649c2d04170c290dcb7bfed12d75ab5
SHA512 8e97a313885cc43fdb19c32d4882249bd6c8745b33ffae5b6f79add111ab797adf416b97b768e64385f377ad0c3aaecc57046ef2ae2faa49f58c640cb4019db8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 c4133b9ddb67f10d95125b50a8f1ddcc
SHA1 296bc330a72ae608be52ce28ab44d92c1a546e3c
SHA256 22682d3212c8e837eeac4e168ca9184fd3bf5afcd1c4d218523ab9170c32fc1f
SHA512 60b008f9d14c6f6e1de8f9674ffafb95500b728f88e9eabc345947505db727c12dbc38904079f6dfbb502964c565a104b377e69781cc08fce8824f80aded0da7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

MD5 d98e7904dd0b4dab56f66f4d01c8dde5
SHA1 aefd9e3a59af0373aa841f76f9c89ab5bc475ce9
SHA256 a6a3b85d52b84a1357895e75455258c2dc0644c0b52e1fb11a0f7e6e25976e6f
SHA512 8020d7a1f4e0314b41c24e00cea153304b4cdb36141ef6e43e5c76f1eb38c383a9e2281ea62a585c29e17adc4e68e84024c711ea5127eaba5846c811a6baa782

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4f3ac9506fa89246cd0b38a3e42eaa63
SHA1 84f67b85c17d8dd262e3be89bf8b5f183c373581
SHA256 d7ce9c3ecdc3e7b227553ff159a1d695c219f3838e52cdd0e48c02c97e71e8b3
SHA512 1a8e25ae31e85ccb9180ed92bf725128e0a74a8684361a750e7027daed5714054358f8112fc818090ce87ad91ab8aa7dae4a149ca0ba83a091d1e3c3aba2db8c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 5720e14c31466316b71814716049144e
SHA1 033d6ef73b8742dc3c4ca96c00830e0685657d2f
SHA256 f4f89c555cdb4efa890e8b06f030d1fa4bf0fde5f34dc06608ac94e554a9fee4
SHA512 6ebbdce11d62a60de23532d79fca160a0623a8b29d6d03e2bb96db2721b95f71d4192a45e966699b0edd4e5d5915c637b2002a798f19de62fb871098520faa98

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 7c663a4d837312b113e783e0541c1d7a
SHA1 5613cea10b1247df0a251a90bf8163bfb7995f9c
SHA256 3cec27fc52a35a87ff0ec1e297f5f2a1ba8c17de0de85fc32e22af432da6b2ae
SHA512 6e48d4a796cc29fd27de9f877d78b5a0987cf1b7753fad205e7167f77fb7b71fd55495f88b04a2995361dd7459f4b7ea13e73b72cfa7fe16133195be5ed1dff9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dfc82f4d8343c8b1b9e3208dd14d88fc
SHA1 40309152425f0993e5fb6029945d3d24103213ae
SHA256 0b21ddcb469fed9970c31346dc1d8ae1086ef104481456389258c0a36a5179d7
SHA512 6c49dab0fc2fc807de309052a6327ff24eadd0ceba4857f436f7b5b80c90558d1193c00dc8f9d1ca221b71fa5164f7cd36c474eeb675ca05e396c2f0197cef64

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b18b591bbd6c753b9b1840160939f261
SHA1 04e47457b11fcd2690d548a87e215a0c48ed81ce
SHA256 f12cf35ee827971a3375f9245187904eddd6081b1175f63934f1acd765fc856b
SHA512 3e5579e25ccfc87800fe0608856efa65246bb41c3478aca3bf5393d1ab5d9b61f8ca0d03f1f9aca7c954ae4779860a7cfcd2afd35119804d878a075ed5cd8e60

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 141afd63a7efc70c24def1a5e60f68b5
SHA1 f65ab5adcd8950b4b1aecec57fb690071a37e372
SHA256 a971ece13c746978b975cea423900cde6ada61761c7723aa465238771ba8eb85
SHA512 4078a1e4ab25c7a755c8d9a0decf22af75ea2c8cca237edc912723e8d13396c9cbc8a336e37a92265c58f2c752aba03abdb3d6414bd731a1fd3e48f4203f661d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 dfea1a9d65c60c0208627227b689c06c
SHA1 47ac861ada985c6d197a5126d7769bb2df9af517
SHA256 ab9150545023a774cd4d6dcdc333df9e9e6b536e9cc5a44a55b29e46e8b53633
SHA512 c650f54ab1be21c20c478575cc921e6e2fcca863b9767ea4818caf23b33c1f52e80a8257c9ee81f215d475166227151a10039e9aba2946d90c7f12227de1c843

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e981a0db5161b5426792105910ab8b91
SHA1 1fb880aef60ec198b7a04b4c1a6544fed99119e2
SHA256 ace6ffd1a6ff070b30fa7564d742a08ee667fea276ff3a3cce8a623129fbadcf
SHA512 157b22c7fb39ef220772cd28e8fcd7072cb21e7bd8912140fcf9178ad84f8443ea7928d3316fd59239834fe751c5d3d1992fd1a6fd9bbab658c2ebf3a41225d8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2fdc923c32a8623594896d402d391223
SHA1 1f49e2332b1fbe8167bf4f736b1df9b1804ad89c
SHA256 2fd15de19eecdcfdcd8da7ebde8505b635f868dc9c544c4c8db040c7e14f6771
SHA512 e3707ab794942ff8d81e3cc7808cdcd6043595923b1663dee77364fa8bab8193d994ebe25cda510f1c6f6af1ca6fc8d6d7959076439d07ee83671df1e2babf6a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 f277427707d05c161973fa90f29d3e41
SHA1 e1491d700a50051671c461a048587b932a574726
SHA256 6ce561f590a4fd8cb24082328c469e8ef5c286d303f4cb21d4e4ff9a239c2cc8
SHA512 a3469f1ca65c4f09cd36a486a88bb4cc9dabb1d20f656cf8e40b0ead989243960f89e68039e2454b682a5c8e843d9012f144952390514cdac7a9c10b5e96bac0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 9f89839c403289b9b9d0dd99e3985cd8
SHA1 98c1d4bf14069521974a8ad700b1c0aa77f008a7
SHA256 dcbf14a98456efd0594e0e67bd7e35091bcf7b4ffb3bd76dacd42d6fb6b4baea
SHA512 4a6c95b92a99b128a67d71e37cf30e357c794d639622391e6072f54ead9729e0e1af2f745ef9e079b803f21503829391c25c9baef0666ca8edcab08459c9d24a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 7b2e6ce3b87ffd5208d9c25ea432375d
SHA1 cbff8af7296ea66a899f0744b1500940ed6ddcc3
SHA256 9c56891317c7e4e30afc5ca183e9b6e9cc7f38c5985403d0c44d509314638fa5
SHA512 db0aec85d06bfac575e35e9bee76f156c5c6e0b14ab9e1b84c7dc35956494dac084cfff98c9387987c1a68d415380c30fc07444ffe56c41441f56473d29a9a3e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 bbd3c30f0a6e188de2b70f3854bcffc6
SHA1 5deb4440d10fb971ac21dd8ed1e0d2d23bdbcdee
SHA256 e1522744206bb6889db49cb8ac967fcb1b6c454ef5814f6329ab2241ccd47795
SHA512 043f9686414239a406995a7f743149071a9d312f01ad0fe5c66f804d327a0c5976e66be20a9920ec46b6def6a92093f6f8f18b07158f6f3ad328c314020986a7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 4b03785586e2aae93f5ffe782c123ec6
SHA1 b21ac4d40a6f9c3d90416c075538e6bab6c64262
SHA256 09db5554f82458a46e7705bf2335cabff406f0ab9bfc186f757a6acabce3bb13
SHA512 669224dbd2ed9494ee587b7de6fda41ea97bb4146e25448d13bb34ae4e9e4e0402d5e21e06c3fb4ee4fea22d9d840614c9965f2d55306b1ff29fe96d27791cbd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 2fa7889e8e381b8a3892b5c02bf80a48
SHA1 e89635f1abb06c19eb00632301401e5b189c368a
SHA256 851d700c1bf3e91d876ebce28df10f3115c3cda0ff27006cd364a0d2bb6614ab
SHA512 b5bbaa833e3f5daf582b7446eacfec3fd0ac18bb532a72d13da728c1d195ec8c81f70cb10624b9b95113c854148bac9cd8e8f1ec75e21bbc193ccc822def9fa5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 5cf8784ee477d27eefcf6aa3e1676b3b
SHA1 f6912d5cf3665184e5a93cf39ba32a36eeac3e05
SHA256 3fbe6db1ef2c2009e3625bc6b76c61b365daadb94ce97f79e9531cf9146fd880
SHA512 bd489530b319ffa8f38d23b751b6283864babe04aead3b769e5de028c7e882c219fe9ab71ee2bfae48109e010de7456691ee99518270805bb3c3f674cbdc4f7f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 90efafbf0f285f979fb624e5208c56a3
SHA1 25e52c43ef6558a9e77ebf7412a97d69eb8bb4cd
SHA256 d69d1485539f4d319c98e709b79caaa2387261686a703d9683726e970b42e55e
SHA512 d645f2c44b25a5ef5a47e1a4fcca76da06cc84ada8236cf3516629bc92f2f456896413c1ddbb0ac38b669cae515b49d1a29e24d766b649847adbe696e41d10cd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 2477fd199dcc74717d31a33a948c3ef6
SHA1 fee3fac79078cb54dfebf1be1d89b135e19b93c3
SHA256 9f57646b8352e56f23c705d347d18c380b7affa2dae8ef17e9dbea90cdd00911
SHA512 032c902d09a72ccd640eb6295f6f95bba8830a557bab0e7f273c823a98dca33f3114ec4a280124f83f3175e24c476a7e1cd32d19c34d827e23a0e0a14cc87c12

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 ad7ea5c417c6b7c47e73dda17fe9b7c8
SHA1 23b487ac205bab297ae287d7f42740c42d48c160
SHA256 36429b581fa27de980d4063d5487ab8d9cba7b1edbb1cdd90f4bf100fa8ad790
SHA512 8157602331cd3c6ef5b4c58a70848c136cd1e4c5f4f517490094bd307a8bc40a2538832178307d0c4a547263a67b296bacf7e62790d9dbd00bbd4d5ea96aca7a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 1373946853d0c1253ee6a0f90f8a4949
SHA1 fbe692d0dbdc87043766280dc396ef668152edf1
SHA256 8b1160b7c6fe26f01f734cb2e8b63bc9f6882059b8d059c46405ade2286bd9f9
SHA512 ca9054748242cbd8b4daf083317377c227b2fe1d119c1ca4aca5408b9a7c9fa9851ac16e8761128cda139c12d9feeb41e5bc05341fc4866fca1238f54980ef23

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 e5a60204880b45fc0242321af4a05fce
SHA1 c6369e3174254b77b4e6953de67db1c2aecd6a3f
SHA256 387ad7a483c7bbef43cce25f7ce43ec1e98409d2579ec2c5527e27900748270d
SHA512 1d6da90619f1e5467d95c44c95ce86df581582d09c6528ded2d68018309229a8f2280395f7e1c3663dbfc0dd4ddd2a9331be3eacbf2dd11182dc415430c7390d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 67fac971936dd91b942766df2a9cbac7
SHA1 fad97a1b94fe717e9262bf007d3dc8bb1d0e49a2
SHA256 b89c4d04ba03a23b2e847b5b7ac4cb3abf22b8ea0f720fde04a8b1cf29235c46
SHA512 c3db3ddae736b5fccc602f6990100be6cb17d383e0e923063536c117c79d81a0bad065d87cfb214c26d819f67e843e04c450a9115d158cb6190b760d045e1188

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 49ed0de229af059ca5ec29448543bb98
SHA1 a3769ee0a771d0456e4217b47097268e60897ec4
SHA256 0536737d3308481ba1097a28e30cb0a97d84e63f1a7178bdd644a1b528e336e9
SHA512 d6335112bf8a2c8276b40cde15b60f77c2209730b78cda21f1175a68628c702a174e2e1d9f3c2d4a942c4bf550e60d3d95991d95f2a757261e5046b4900ccd6c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 95945403aa7ce6c2226ec47df077be44
SHA1 0d8053e44aa1e87691023eddb92b7228cbd7e3a7
SHA256 962aace4ca19678847ae8ad4f9d66c8577d36b50fedbdf6255ea7fd8b509be49
SHA512 17434ceb4215c9d230ce0e6a6d3545f4e22b40a8c1151bdd9aedb4c64762b87d34856e98a480f6b62567b50eba0bdf31340a71558f6dc7b8467c29023e6570a1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 eb593c45cef279c37373769d8fdcb71a
SHA1 e24fdf144b44aa933e25fc3e29128b479081acc9
SHA256 e2a0a52b8e4dd9f975d94297b91444b84c004b748dbdde7db8dabb526810fc99
SHA512 144b81ef8911929ff0b7370dda2ba38cb8cb6bfc9d91a49f74059f663d66fd85b1d3f65ac25d1b489f56c81233313eeeb17d3e23b6ceaa92eac28dde460069d4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 d6a4f2a20588ffce660bf262feed54a1
SHA1 b75ca6b6ddd6c469154a92c443edec40b9ddaa5f
SHA256 9dd5471078047af116046954cf9f82b037ba4e1b610df17e35d78f940db422f5
SHA512 97bd9b51e43ac90ab0df2b56dd46019531e92c026ada397a956b27c93d0ca4dd7e43453c8704e8d5e7df58ef08dc54f8ee3fefc4ffcdd0ab5b7c74388767a5ae

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 a51f63edb6ff637723c56adac45e6ced
SHA1 282ac7975ac1347d28ce3ccef910349c66d7212a
SHA256 0f8e72992d9d98a67be767d86a77aac6ad11408e931f527e8d515527460d30c9
SHA512 7556e667280c0f962708c99d960a2358ecc57fd9086727e6c910ad9c7dabbceadabeb6974a4fc5c4beda12a50f573e43075399ddbfd82ec53552d19715383e77

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 1fa2cca339e56832f8d267e30150916b
SHA1 d91a59f5c068c025f689e18f0964f5212b365b98
SHA256 d424336f4d6d4280679b85e06fe2531da6a25d2c9bbe8988f8713762aba3e15c
SHA512 6f1690b224e1e1c14fb48c4342ce3e8c7a1490757002b58e54b2a8c3fc7ce803d528aff1fa92417af947493d05d561dfcb9c68b5ec9e10c935b6bb396e84f137

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 07bb24f3da000f3818657c6a4b12b4ed
SHA1 a4482af8ccdd3583c07b7bb813ee194abb46fe2c
SHA256 5f06235bea9d8ce0b416b763984e56df2d0b9b4bbd8bc000424c8c3a14a432e2
SHA512 8d477e93d7e622e8583000b3d4999eb96e8b3c862c39e62b7d872dde03ede1418b8e897ac809a1269b665fd905c062627a81492ffc5919a9a058e1ead14a3409

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b06349c62e8ace1cf412feb42b889fa6
SHA1 72d2ed82251e7dfc3305e66566578b3544a45da2
SHA256 ecf9b4c83811189f6183b18598b9b0decfb4a9fd87b8d7e3acc034d543045f85
SHA512 4b42489fbf98aa4d78946e769d84294c1f3cd71a866b9f985559f25b7549e487e0c572c99ac6e1a57a791c113311affdc7355374a40ec8cc11b80e6e35c9634a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 cfa417d33c4384ce24129b96c8bb6d5d
SHA1 f50f80a67cbaf493cb37ea423bbe914fd50efdf0
SHA256 0858c7ef08d8246487e44242fed8376186131c2d5d3ab9ef7c1e560076378074
SHA512 88fa89820970316031f68abec5cb2053910ff0b7dc13bbe27ded1503577cd67bb02cf11559d2ca63a5c1e9165de928370cc32280e5ef9334821a3fc7dc37398a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 1073171dc9834b334b8d85a5fc2251f9
SHA1 c1eca37d577c567101af4186109e2151fffed796
SHA256 43d30e91bd841d8759ace3877bf048142966eab8e781d627d498a8f1c2925e3b
SHA512 92995dfbeee291121bc8427a90bbaa9e94f7adbf2ce23fff479d5ec5ee70cd1e6333bcbf019a86d87b532c1615367d1621d32ff70f27aaac48f253a56cd3f687

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 897cd4922d8ae24ae793c2a7be374c95
SHA1 96f3d34785afb76598b79421c4cee6980e4e9d01
SHA256 28c7701cee690d1024373e8ffb3953379cb9e5d35a5d24e5e991a06959f1ee54
SHA512 26888326c0ecfe517dfeb18b62ea83e3f404ddb3749cb7683b93e3d4d2f11b41865b16e8a7c7584c8e6a223bc410d4518916debe5078f8507210f2bf34332030

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 8c83789610a1fa5024e453a4b04437a2
SHA1 36452a7703aa52a568bd4bb3ea36022b6e4bd81e
SHA256 128c2900a6d7246fc8bf6d0dd3237e11214187c1e31ded7f24ab973f19b3d294
SHA512 accab8b29912ad119b096aa174bc58fdd17d1833e89e1e52c47933426ff2904efa2354597b3e40f178c7cfe6feaf69cf5bfc7fe8381ae7939c02e0c2e3766c13

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 ec5bbc538a82195bce2b2f955359889e
SHA1 b7793f1a48c4976f5782047c58414d90c014403a
SHA256 52db2a32bbc55f397a1d4117765184de829b901ab08961fb8a82d3347b0ed921
SHA512 d680e5658edd455483be7a0fbbd390aa59c6cfd593e327e5f997079a951548eea9fc8aa24dffc27c0b1cff51bc8d33bb26dbea94c9e8eb2f3fef7768eab4e65c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 58db889de3593e735d44109dfd20efc2
SHA1 44325ba82a2b5e60ab3985083fa8cb5e1a5dcc06
SHA256 9c409b1f0948c561aaa9564245acce3a0a766614c105658f67d8fc6e1a78c01c
SHA512 89d60c250733d5b9db7358f4354d6895128cf85938b56889939f30850f9ed604aad4e45ed89693e26c5f86dda2b9f2fe54e2110969a9c6264976019e79dbcff2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 69e34b1dc3d30b172caa95a258ad5d77
SHA1 4d97966bdc0d4155a3250e8fe0541ca929c388a6
SHA256 f2c0882a8e24117029da3576d1760cbf4679624ce0557010ab4eccaf19586003
SHA512 8de299246d606f4879fa1d6c21a99c1115e9c9dc6743d2b23fcf60dea73630f536ff6177acebc82186f0b703bf233b5815f119ebfa75767945d804ba27a6086d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 21ee2c41d203c41eb021eb0337c0e304
SHA1 3a544ef432a9dfade757a31770807104228675c4
SHA256 ed730410d8561410399a40ff07543951a6bb4c43168adbc2154e2a7ee123507d
SHA512 4c3dfe9b83fe3c1e04d763508539cd2fbd058045c01251a6c57ad61b163f19ad3e52dfab4f12d5a4e798133e98874bce6bb81655df0a965e3842a60a10ae9383

memory/872-10866-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e1ed2f5edfc8076c3812f05f4be28e10
SHA1 cde742782b1c4a8411e67c0f284b36c66144b912
SHA256 de213d54fc15cdd4fffdc2cf1ddf076afb503334a95ebeb0be10869e8c1e74c0
SHA512 560eb5ce82f3042311f0b62e0dc1250d95b0e54f745e7df43e3b378f30abaf1834a4bcc23dc4a850dbcef8b1b52d4a610c3a039bb6249dc9c4cbaf488b0f77fd

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7ee736aec2c0144b781351eff9445210
SHA1 66cca24de0d5857470fceaaf7482185d13d4f324
SHA256 6db13a71142c4f5c19848d241bff8640cd508fea511cdc4713122aa742b73035
SHA512 b3df69a13f7d009809ce6a42a1a775927cec4bec60885531567775dc641043cbff26cf2bd6bf03cbc43f03d0f6581ed3bcc8a04c89c94e49f55629c5d6adf213

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 58c8c250ae6f3e5a29df06cf8d78ab85
SHA1 e4a0ed9c494e9812c0f49f3269d3bb3d42d44aad
SHA256 889755c8bc9715a7c39bc05e0395576d3686a8b5392f8692dde1a4281aa61552
SHA512 1c56f71bbe7a013bec587c563d301789111e49e5c3fc4c2e0dafe59ec86fadd608ad6ce09ddf718b2e8ccc7b201e3f22e633a34f5029dbeba530c0bf7bab7a84

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 0c5d0b3ca5c0a1bfe8f66b33ce88f6bf
SHA1 eaf0a895124bc203a039ee2f2be2e0ad99fc9665
SHA256 c4f348d979b453a66630be92e2fa13df1c9a0c6f943d04ab550fd7db2e1fe2c1
SHA512 f31dd9ec691a5c90922993e7d3c6f673dfc486198b3abd1a5ef0e23233bd38b53c0ebd31f8c33613916408e4dfb8c2408c7dd7e52cfecacf13b0f063895323fc

memory/872-11251-0x0000000000400000-0x000000000040E000-memory.dmp

memory/872-11292-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 dc3671168233f979b5741ce063bb13a6
SHA1 6a1635862e5bba1a8dc5749348c359c5be1e5609
SHA256 1389b11cb5e5357884705a4c823a9e7618ac7c70b443c128d5bcd1f85e2fa23c
SHA512 6380ce0b011ceefc96e9dc563a992d80d1065d85f856eb4e0b3471e667dbe595975f9979ede2ad758908411605619f778d1c950e869df388812d483c186839a1

memory/872-11298-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 10:38

Reported

2024-10-11 10:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bdggilloaddgiiaa.bmp" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79a6269ce8d217dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0c5ef8bfeb655c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_it-it_58c0b0f0f0041d9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_282d1900db697084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..mostfiles.resources_31bf3856ad364e35_8.0.7600.16385_it-it_2454ab4efd21f1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wusa.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_98d236f1683c8164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..ollmentui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_38b2b0e8fba01a4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_6.1.7601.17514_none_c87778b746d52a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-object-picker_31bf3856ad364e35_6.1.7600.16385_none_0f6c30b96de81257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cb54b81a0a78bf8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_58d860520ac16b37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_35b011d70e1c44c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a954f5523da316e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c15e27e5445ce1df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b3303c4a2492d8b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cd9932e5aaee1f78\settings.html C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac91feb2074de783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ac02e909516f7d8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cae59fc28e078161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee2eb924e76291e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1.resources_31bf3856ad364e35_6.1.7600.16385_es-es_23f6dc047b6676d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cb28c86f28d65ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_711dc6fb06230c92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmmcd.inf_31bf3856ad364e35_6.1.7600.16385_none_75f2f184549e8f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1114714a18672629\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..mentation-migration_31bf3856ad364e35_11.2.9600.16428_none_9169fdbd15286489\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a222165421adb16e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7f899f7c67d0364b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ndiscapinf_31bf3856ad364e35_6.1.7600.16385_none_7d40259a2e779260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2242e72b1e80255a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b4335a571a3c743e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.2.9600.16428_en-us_da2f02e5e31b2286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_804ee20534358f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mchgr.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5420fc1a33c12118\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f2bd203bf02934e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-journal.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f13bed568d7ad40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ba57accaf17aa08b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cd64998bdcb9c762\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1039ded3acd3a6fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad23a7a77086960a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0efd8e0c7e80662f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c388a810f45b04d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f6e1ec9fa2e0ba82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1667d0c70a538c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-remotesp_31bf3856ad364e35_6.1.7600.16385_none_0b18eb4970943336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET_4.0.30319\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasmm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_98f36a13cac0f221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stickynotes.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e32a37af24907a87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..nvservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c9f660d22efb4b98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_36116b6b901641ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
File created C:\Windows\Boot\EFI\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe,0" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LBXGYCLFZCAEXPG" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"

Network

N/A

Files

memory/1800-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 771e9e60910ff5ae17214e984d4263cb
SHA1 0f0f34e72e38ca6cf88b02fa1d3c9babcda2fe5a
SHA256 5594cb08289cff699592961ca1ef9489ebeed81c32c5bd8d668bd71e212aa300
SHA512 847e7d198c4f63e1a5cc0819cc0e2e60f080d8e19ff66e4ab06969fd5db88ce6be3550c52e9d38c7d417456c08c07cc2dc755e47f64cfe98a0e4c44f83740c6a

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 05f7ff9c6457cbdea9e21f9519611fcd
SHA1 cc991ff7f01d0f7fded61c3c034e3cb39837b815
SHA256 4672db19cc3ff29ff3f4db6b753b30c23994e25a4a45b060c9d7677ad4042793
SHA512 c857a282c6662aefe102d222ce523d309b6f02e0678b6c72af8d5a4a2e2b52f31e3bb7bb8f407879633957d5afd119f423fbfe711b72dd58a53f780adb4e2ee6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 632b51a552f75a98661b21629300750c
SHA1 340cc182b7d84306639bc60cd5f5f098739e1205
SHA256 0f3335f7b269c6a30863380d45647a99858fb987d1d21c16c1d3ff809925cfbb
SHA512 3f00302bd12688fc36d3ebcf8cc067d3bf67e514edc0f3a50c9f63337b68ef75c123a7f6f085280f8cc47ca797f23c966f4adccfde11539924d3cbff5fc6505c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 d2409931cd95b70c377ab654e6fe3df9
SHA1 063fe366a3aa3d28b1e6e6f77020e14b22c588a0
SHA256 b676c08b3ef77796621a0b417c7d6ddb813c613cb6853314230a20d65c2ee3e1
SHA512 8885b2189a18c1b0bd5fc6795ea8b6a1243b6ebd0031d1df9f4fec66e3a033a26fed5c53e6064b467abd550d7f39e9f3b6893018d5fbe7488f0329aa33a5379a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 80d1c028425288801450daa95e35162e
SHA1 c1fd2aa1e32cbb74de3d81eb28d6b6702849941f
SHA256 545629da070b7f0095a2c88749efa120867e96312ca411ebda65a5555e69f089
SHA512 829ad6e906fa21a92f94a2bba154027fa71707297269cd20f71fef4613b8a991123cc231b56f10a67b136f445dd2dd42961fe8575d6352add2baad375e791493

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a55b8b2b07abf5c16dbd6342d79e4334
SHA1 74f7d7e3d008e691d794342eddd89c7e810e2515
SHA256 3fd350b18b7e00548ef907864aa25da78480370e63ee3b020094716f0289defd
SHA512 9196fa40b95d306c5f7127b113f2615433a7b39ec532fa66a32490cd936450fb4e1814b4902e8b36d4cb710b7d5ae0e9a9c2eab7ec2d1ef9de1eb2b73afb4bf4

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 ea12a3bbdbd8ab9379ee89e84ce7f95a
SHA1 3a594222078c9625da518d47558cee4aade03ff1
SHA256 f74a37eab8d814dec9b7b8ac376f27bbbe0ae1b2b4bd3b467ca53a341d3d4bf1
SHA512 a6a3716249bb21be759eb5d4b5210c5d8619e20f1315f33ca77ced30e7ba805383e54533ff435c1f7c24cf991ac673172cc313afead8c45ee49f90aab4e1435a

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 54168c7cd18fce5b6251dd335a894071
SHA1 993a6e7c88c4b341a1cac61ee8d6ae34f5d3127f
SHA256 6e1f7a6c8797f61795a89c144312d54c44edd6b92d7a3d5c5b987437d9089e17
SHA512 641aaf92a89d66dbba46deef89887e18c07a3aeb1c0e96e135ca8cd2b9729e34ea1e5fd668520dd9217cdec95865c3de0f1d31ddd6c4d3ec607c01d4405852a6

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 ce77f4c2284478f6252002181ca7773f
SHA1 b202eb1d5471e6123482e68695be32db89be0823
SHA256 af052c6f5592e748614707834a75f21900a9e7a58f0f103eb156ce258cf60c61
SHA512 b033fe048ea9f13e5a63e99be658d6be62ec0766308249f7ba766154ad211c2e6e103809da1a7e120f45cdf8afcfb5fca6c4eebec54033a521d92ae702bc140c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 37c974cf8b17a0fee3148304cef8f1b2
SHA1 ddfe39710be81e8233e0f5c86585b3cfcf7ec4b8
SHA256 cf05376313e4aca844d700e5047ec0a3d84a0cfabc51ec0a9177afa248d0eb7c
SHA512 202c0bcf704daeb1d2f527300a4686b45fa6f71769e4099225c4bef43c78f64f6bbd14fbdc1f1f0d16148d12b20375852147cf56c892e3a2f9d28afeadd3cd68

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 4411ee7217c8a410988e031650a78d91
SHA1 5a1d0ca80c8a6f47726be3bcb65c4f61b9c27aaf
SHA256 eb35708bb95188af254283089d78f9e6429c282924ed5ecaae65cfd2933fdb44
SHA512 ee7aff402f63ae9f1d0b0fc1aec3f3f2680ac688ce912ccf3f4b1ebdf787f384cd5faaa8e2ce6fe05a4196effb4bf6004c3d1e5e55a05c22b148dfb2d3de5482

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 adf1060471d430fbc2bb242de3d92dd3
SHA1 2858adc2cc13d7d4fe73cd100fbb27e2753b089e
SHA256 1b0b96d8d71a1c3b9e4f3290e7e77406345bcc1015c3476d83e86206b2ca2e19
SHA512 7320158b88377bc1ec01187828c3fa705ca5e6ce97e65342f978c2ea0d9dbd48cff441bf0354bbbc2ce517d18a36b1485e92e2dc3f612f48d29fb4dce2489173

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 62cc2b0e712df645abaeb6b26bc80433
SHA1 a06c1382d293a87c8d1a0cba0c63c27856120983
SHA256 8ad5076fee15d50a3241fa2ee3a232f93a2a409ce3a3a42c99e35b63639f2b29
SHA512 248017f6ad5ca93a8f24227c8df2c6e3f5cdebee9a342aad9c21f2d9133b176e2cf965ed58b69aee7407a0a3c0244e72b7d6aff1aad8a055490dd2cd2129b399

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 bc5c332a2ee76f7371c941e76338b75a
SHA1 d2c19a8faa71700add40e728c3a9846ef1946bc2
SHA256 0a7949f6c04e2ef632259953ec8ffa747d241b654b2a4afc6a8d717c4f1ad987
SHA512 3922355fa01c882afb578f54218b9a225b3a3f6ae9808e41ad776355580d00d25755d475c9bcc22396066ffeaf872308c673b5504d82991606ca01b82363205e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 bd1646b72b257a51af25df14fa0a7e65
SHA1 b4d058f5f9185e665877c09e6480f08488a9955f
SHA256 08e3fd6e079ac3586e87c38a3aba2a0e63e6e7b49c7a78f47f8b0fc49c243a5a
SHA512 987eb6cf5c5819b49a18156b9e02d388414c97fab2b2511514c5fd1703444272669b0c6be93780e93a5564a14db2cdc310c8392103dc4fa0d18dc1aaa4ea9ce5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 63136ebcd4ffd3377bdce753e420ff97
SHA1 6acc9b0d415e0f78dd922b6e685668498e599828
SHA256 f572af4188c0d803064a2b6e2f4cee2224504bcba4132a4abce7907809796795
SHA512 fcf0a91aa6a68fb5e5e7456e66a487fb9cab5c3a31b7c06bc3a5472e3a6f4d2818c354824920a0522b84363952e03b186554ff59510333cb84b05c356d670d2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 5aeb795475e0cdcd74554fccd8bd2901
SHA1 7703058c5546dd1baa2d16c7aad35abf78b1407c
SHA256 299efc365fec2bd679266ec3342684bb492e6fca6320d08108587614ea8656ca
SHA512 aac60f97fc394cde02fb79bb86c080f1e7a2626724f014da345c550ecfcdb37a7a0ee6a73d167586bdd8cac730923029478ae6e3e216a6accd65edbf64521296

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 724a26b9011a5d8c6e9af0ac8111ba09
SHA1 6fb38282be8d8abda581d4a5d37a61abaab13b2a
SHA256 df5bae05fd70d800422f3cd84060b2b9b62779ad496dc55fe008bfbd0a9eeb08
SHA512 3c8076cf512924e8f0562de43aa21b7b7245c7c20720049347f63c667662f99883e0509fbc56fd89134b026df4ada81feb8b2d3ade9e6fd900b19fcfd56e96fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 4365aac866f311f3096100638fc4351a
SHA1 a155983e78629f26de32a6d7b92a09abe3e7a5a0
SHA256 bedbeabe427d374f4579ef4e8d504e86268f518a8188bfdd6fe8275f3d736758
SHA512 474dde9cf9af7bf821e36c462d78f0fc85306fcc3ea69480466f7717b676847e1193b6330291c383b9a3f0fd36f62304c0550034bbabb58abe3a0eb2f0f0334f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 cf309ca4c21c794c1f7ae2b8544adc33
SHA1 addf0da220a9247e9c526811146fb97f7eedfe24
SHA256 65e7e52ded231b4dc05ac8a920162f781b8528653b6806967e54c9669c5f1aa5
SHA512 d5c1cb06e8ebb2a67cbad60b9d0e04312851d5c4384aeb7285a4e8a257f2e56bbb2ff6b50611b42b065999c51264866d222dc0660018a303e886379d8d4dda91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 9930fc0f763c5bd859d6c51255b5622c
SHA1 cae7caac1e3442650767e7f18c0e1beb2b9ac3b0
SHA256 33de36600a24eabb0ea333f319a14c04a862c192e9d55596ddf543f00ec70809
SHA512 3989524c32ea42509a79b08b0a3088e3575b2b40977a097fdd6ee6e482402c81a879d3c3fb29fb771f7958321b7cf86ed5b6e371761db480455d9aa1c28c2ccd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 1966beb165afce8a7dd62bc5cec87b3d
SHA1 1d57f63aa2483a4f443ddbcc39039b793651f6ed
SHA256 b1e58deddde6ea2f348939d5ecfa6e166e7f0e6e381d6043a3082cf60ce0b5d6
SHA512 e1baad83974a8317977dc593e8741ba708a29083571b65e1dfce1c18ddb4950f150076ee697caf953cc576f7d8b43c20431823fe1c4a2e8b2218be68c66f84d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 900287530a5887dae8a50be7fd191b29
SHA1 aa23c9af669febce4658a34da559ca9552035a49
SHA256 0b8e5b45db0ac0e55d175c4276c3f59aad2a1094a57fbe851b9873ee547c4858
SHA512 07730e0b15460e6651621651fe949822db79631e75dbb523302d40f2f2a86e8fb8b6a76eb0947a3996fe7ac0b382e56feb63a84ea2080fcc17022dd3cecdef26

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 e606f5d5bcbad2c6bffe87edc5901f07
SHA1 f4ad9812dfaf6aed4aecb9c4543c7b83be429e61
SHA256 38e565e33ded3f634efa6795b1f31e7b4c8a2be72e9f49b237a292393432567f
SHA512 9ec656046046fee927afb044f6517e7cd3ffdd52864592d894149133b3beb1249d8b6608964fee5361d698eff6014f439e00d422ce9e7f554b37a901f4417afb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 4e5a6bc1401487be3baf06e122a1d691
SHA1 e137b2404ade90793c3a87a17ce4116540c6a1a1
SHA256 c12477e67521d8a1062bc96a656268f759500922f183cc4474d0bd999bf3fce7
SHA512 524792a12e7fdc4331d62e8cf12768f2802cff1725d511435a3ec36756d505266c3721158c3343505244c2402ff251e98d8719ad5e3db69a6aff7a1529dda042

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 2495bafe6a9b3e85eee59ceaffe0029b
SHA1 1cb4d30df7cdfdbabc9daf37254150194232dbaa
SHA256 870a4981c3689f1fbf97bdc175ed36fd24c0d2470d0ce691b83450071f9bbd0c
SHA512 0c6f060d6af7fa814f8a01653ddd1376d18942ad04ae1cb1f6dd3291f74a9850453cf90b508d4fc39bf9015ec3db2f806d2da7ec5af5ca304f08e6c577021403

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 42766afc81003ef910535df507d71947
SHA1 58ba6d5e618d83e13001c94e012683451dcbd31f
SHA256 1676ae2bc1ce4b5bfadfdc37e033c8dd5a20896d66ef22d83b1d4fb93d72eb74
SHA512 0d53fd7c52ad5f24479a0201459e38452a1fef01cd200e89d5e758b3f58b6f5afedc651e96a11a34c08dd3a69d1954db9c43186d5858cd5296dd1eca9ab8b6e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 a9b50ad88fd2e6e7dad3b6ca9ce95215
SHA1 a36e42859d7ef0bb7309e37371f54eb0bf4ab20e
SHA256 febd04c65540c2d2e38f19c4dc0303cd0bd6a234a1320320c1a639a1f6f94086
SHA512 6312a8a9db23ee4f473299628a7922198c867b17bffe47b2d795700314d672caabc3e8ba9cb9679b154e504a0dd52e7fcf6299469b91369ef002c6caa56bf938

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 cb716fa48906e754942fb9c33e665eba
SHA1 7ee59e39508c4b023a96779b3c5913090bedf4f1
SHA256 eefa81cbad200c8fd04a829d7ca00f9cd5cc4be63fa3d0b54dca29a90f3e018f
SHA512 7c960219ee4300389d19e9859dc64a236f5370646a5901afcf2c6660f2f5ba18f3aa11b76edc52188952ec85a55d64689eb2578bb4ca5897b8a8a61a552cc7b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 345ea06bcafdd97d41d2f56f7627dd48
SHA1 124bf683d9ea7774abfa5751e5730b7268ce8378
SHA256 d2743067b27cd4f13a611a53c463a1ea4132ff5bf56b108f7bfbcd35d830fdf6
SHA512 87ccc4d580efd75368e34fa9848a37aba2b0190f2abb92499fb9602d69efe034c5b2e0b9780a31752a31b1f5e50e438347e7715002861588526b835e70605627

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 2f9b3d46b62169c13df71e23256e0a29
SHA1 32c9df0755f442ce3ced51760e0f0963c64d7611
SHA256 0612c5bc0cd0941c325c428f8a06c2237e2be5f44a8578602216c1b2d2d4460a
SHA512 04968bc6b2755bbd77e6d518ad6d96381ecca35813c51505f99440fba51046b27e0cf07de4d4315410f38ecd6d095f89c4e3c6ff4bd593789dfc87c7f1df0251

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 5d944690f7d61311e0235d345a735aaa
SHA1 733d247be4d113ff2ff5831b3b4ea564eda4181a
SHA256 0e9c6abf3899edcd83cd41f042abe328a813d9da730528fcc8b7500b201361c0
SHA512 8baee1f48893387334895a6cc8b8b09f59a8361d4bdd0f919c6ff0d02750e3b81e883c0e4aff6bca249e3d57d53faefdbc910179c5a7712a5d40a350c4e6c2bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 5e5d0f8d229285d7f2fdf0f58cd9750a
SHA1 d99f9c8822acf760cb8f75555cf0e93e17a00aba
SHA256 7398381ddf7b39ba9f68721b14b969102d327f500c5ded9b4ca4a11cad8a258f
SHA512 a01c1e9607381e88862144f41520d32dcd488c99ec85888308107f9e06cc52949503dc6e0066f4dcd7eccdf5d473d987e4ebf891a718e4b839e10ffd91122b60

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 e0b8cef7221bdd50dfa25a6f6192c77f
SHA1 19a7dacd3da85eaa06046ea8ed04b394005da522
SHA256 0127a448f133954ffffc26257079b721bb95da21dd1f8b42167d279480692f17
SHA512 cb56097b7d14e78823abd96f4fc13acff5b973201d8c78dee56dcbf0a6165f005ca0b7c7c4dc4ee32d646de21a28deb50f94f77b57aff43ddbe2b03ef7d7e5bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 74439cc012f454d8ad9ff7ca6bce52b8
SHA1 3883da679e3d96d2e2a8f7f93684d51981473134
SHA256 9292e8562e28e05d392fb1bca08b48ba9428ad093f46c3e2ac0d637d89cce796
SHA512 49a7a98aaea25f4011a88c42d180a6c62fd69a559dd23b5d5d7a89bcd55a3127cfb9bbf40ca78df699cb55122319c1ced1193d775b2579a8f77dfa74e60f77de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 f2026520f74cd49f62cdc9253b302a34
SHA1 8eb94326c104a71bf66d9e4ef1ba68d01219b1fb
SHA256 4ffbd1f684e10a88f9e23a24aa206b711204f8e2065183973f3cae4f28d3f036
SHA512 a19a32bc7252b90db80cd1a901e969e76815d033c89471869967701210270f4400a7c98a336fc13cf7099f2c51ec9a7e750237931db95685fc6da6b704d10138

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 942f75fd0206ce9d4d458a201a1850f9
SHA1 51c75ecc19aaead60a96c6cf1c18892a474f2b72
SHA256 5b6ce8a79f37d6277de1e08a31a96497b724b33afc857141be2a0f3fc941026f
SHA512 d634ece4aae174a52b2d75fc5b14826f9818aa41fd0768a1eeca53da31126da60c36e79584ee7822cecb39e5528864cf12cd6ed135d18d5598265be8989b5621

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 abc6f19e0dbdda72928c5a49d63828e5
SHA1 3f9bc8a58b721388792fb5cde42390c5b2dbda84
SHA256 9ad55308481294edbbce9f06ac097def90d41735720505f20b241db7d5ddc418
SHA512 8ec56326b9fd93cc4907c78c75cdb6d8950c324b70fda96d61a474378f292f34dd5c2dd7033dba5ecc1f38aa1c7f0e48a1461148eda6ec924f244d479a2ef438

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 b7a3550aa7c284a90aba44f1ee5e079f
SHA1 5edabb5615210a0c046408365d723da90720ef82
SHA256 fd49761d7d57b6df1ab07f81bef8720fdcaa45d891c367e95c727d417542d877
SHA512 55f3cc19c29874a22c69d8b604f543fb0cdbdd9117cb6462b61d0465f22fd4e20554d0471f793b228ca531b74ef71c898db600284d2ae29644f8ff3ada83a596

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 a185951cd94cc2eb3508169c968dbafe
SHA1 84fa9f6e7981e4cc86b77f4b7541faf19a7ea791
SHA256 b0dc6b7c2039dbd41e811659b2392d9ad6c744decdba2c2d73e693a437ceaaa1
SHA512 d58cf2c937a6611b340e817f159b8d23c364d5db210e74d937d5a28a7312a5b9f6d8f5740b1abd7a80a24af6ffaade391629e06a2e5638b6e6feeaec52665103

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 51c41eb310464487c545a0dbd4a828a9
SHA1 1fa8a72ec3f04c0c5c4e6c367951c3fec3fd5b0b
SHA256 7274ad6c80ac19798b009262022fdaf7e84cc018af994fa9abf89dd195aa4456
SHA512 b693b9191841eff94a1600715eb3e8b985ef374ad30206f4a9266ff8e8aa11aea894102c4d35a160916d298cfc561fb2a749f3d468b2d975366e1bfb4c181228

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 e39f91a9ff2adbeec0788fccd84be663
SHA1 ec76021db1385f465a00fb22a73b2a8511dc3059
SHA256 f034b5cf528451d908bca72605dcf3468ced86b113858b86dabd32d0cfc73836
SHA512 9f59da5a5bcc83244ea987c6689a1793e2b869f1b9739ddc1ef121aae1d1bb8d7ac28e5bb826ab24e63805dd828389b87cb43195722de47727f7e7306bb61372

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 422b8c00049c4bf9103ff1f160e88998
SHA1 4ec04620523f3433e1ab33b7042439a84f477b02
SHA256 b1922de885c77b420f2edfcb71dda14d75f1e7da0a37f1f5b3731e5eddb3c839
SHA512 6dbc6510db1f94dcf8935ce1f64780fa1275abf5946bdac14ef73687505562bd5d908a5086ede2e0f3f59a9d096c53f7ca74f2cd5a3a6a6adf6e357d9c595a96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 69e643d92a3df269e926cead83700d96
SHA1 6a2e7c92bec6ff6b283d3e0047bbedfe57c26b73
SHA256 94ac324b5a5c76c30071f2498cbbd1f0827e7c7ae632d5d68871c2f19ce9302d
SHA512 b109f4e318cabe4accf3b3f689f09ef70d9130e587912514240cbd5bd3a112dadd278d79fff754d8b20333e4c4abdf11687855aa531a5881f8fafb25b8c610c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 bf4a240f78bf3df609b32731609068ca
SHA1 d402901671a1cbd0a937719b7f585f644cbf0d2c
SHA256 4bcdcf016217f7776dc293e880315e7c6306f401851464c1159e16d9a8337366
SHA512 0e7c78349df08aa5fb69dfce42d924ce8a5481ae80db7d8d77509eb33076a97bce17516cc507ac3a2c1e3958324e66ac76600d015d4ae07b97c2ba859418873d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ba7d73699244b3f5df83ef4c732e5ddd
SHA1 438335a5023ae1036c47c2b809f6be0b7255275e
SHA256 53eaf575c3c2f99f67d86384993d1d794af1a23b69da5a16caa8f55639280566
SHA512 b5c043601cc230efd510543956bc928f03777ff05fadce4bd839a9d750460a39f0f722f645a998e7a1bb492e226373da94ea4597ee398a92c95026f72d7fed5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 0b17a838a320b38478dfe735c9d9789e
SHA1 8bcf2b33a5ab52d705c6fed06e058c89b1f9c816
SHA256 1c986583a614b3f9caaa75d9d7b56db2fbefd8587c4922d1da2d18cf4db79639
SHA512 88f1faa65cb22d48e89ec1085fcafc5ba4f7f5880982c8dda4c60725f4f5a726cb552a096470303e69c8280b38c965087186392f6c46030e43d0644ed84dc64e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 ffd63ec8941c35cb0c29d51694aa6787
SHA1 fdc3023670ada3f0a0024d9121ee43675b36d661
SHA256 5f8fc4d5ed7e663d37f9475e32d61d31f6c156265a2bf4f901e89feaf54e14e6
SHA512 2d1f88af6b9aeb9ca48a72e3f231144498973cf7d7b4503888678ff5be55e5511ffd8b19beb6ecd063b15aaadd97fcaea856649c52ac3bb01e81e6187e528d41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 5bb2ba55ebb7787597b89eb122efcedd
SHA1 d2eb3e7fb041b6891e26ae70fade1b88fdffb27e
SHA256 9b41ccb73861ad556b781b43247759741068f4cf06ea342bed55fa5413000ed2
SHA512 6f91e7d0cc8194f45734e5a6c8c3a8fd1bd93cdc85a0ef24a9a6567fff217cbbb75f6c030675a9e6dc688e19571f776bf98e24409f714c911b1c24a3229be070

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 8d3625f8bfb6b063f3e7a5ea5a38c7bd
SHA1 193e7d1e93e85947f854daa73cd294c8a73c58e5
SHA256 1e5e75305255b80a22d19de5b817518dffa6dabe04f581e9659022de3d49f445
SHA512 4e48e0bcf4c67632d4cf6ddaaa14467f8bc6b94fdabcb82daddfe04f5b35bb4111c266923c7817c0b73dfc9c2fb380430622f0c24bac7f71c8188b96079b1ff7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 3edca3ad5c96adfd46f4e3f0d23cab7b
SHA1 3f6e1e298dc2b55e961c47fc324037c0f3d37888
SHA256 0e0944705b5c60017f4534e7b46120393a3fbb5d2e3d06e7f49c34cf477cda5e
SHA512 5bff5a7c774f368863cd8de05bbcaec8e0783728e079603595be2f2283511e833ca6d475c1f2027902dfbaa2755c54d9f8f9dce8009943cc988ebba4bf117d3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 14a7ab133eb6953455e90fdeb8baa6fc
SHA1 8612762ab7b81f57cd72233c9d44db53e75464cd
SHA256 833ceca74d9088d818ebfef3d3f2017480859f4ec7039ca0ea76091f343d74bd
SHA512 f9bbb14bd4c4f606afe06b0b1cb3d5a4a077a34745537253b06b263cc55092f6792e9a341918a621e6ff33926d243988493e7ae85b0a7580a75efa823c96aae2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 fdf3ec5d9bd82691b610c7dfaaa14455
SHA1 09d6a397d0fd90664ce583b72acf40b59eb94d5c
SHA256 87f4bbbf713779db59508472be8fd6412654f837b3e52277de68366a0c60dc19
SHA512 82388075b33940593ec651b6771f78a8619e1fe8761bc56fe573203240d2fa4e19b62eecb9c994b50b51893baafa8cf8832e8551b81951199e0997d8ca5d9120

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 9a9483df7f348ed832320fcb0ab06115
SHA1 891741976f82185834664019b4df4907275847a3
SHA256 d52b1453dd05cc79d4b5af20ba550d1f40c1b083e3ef4899eb916a99f417e7ba
SHA512 3fc4013c8c8214983d5bceff2f5ff87630c43d561e26cd20ad58be4869d2184d88305389f754bf06c329b72c7dd306f6a50010df618866cc00b9a15d1af5dfb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 b0d634628f4118491092ceab77fa702a
SHA1 02cfa2776cdbf612e2b0cfbb1ab4281dace638fd
SHA256 1ef66109ee40857fb62a306535c6e7a6f8c0473045a0c3db07633de29710b179
SHA512 6ecbaebb50d010352e307e9228c5b23baf83aa79082649fd329e83b557f473e8f903b1fb6774fa23a7bc3f475e181386ad00e1bd80a0336d90d9172bfd0526d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 f3a7b17eaf5af6a578e7cc62a2647004
SHA1 2d22f32a44728c895bcf25103fe01f4b401e9bd2
SHA256 c809ef256df48da987383338f71671138f0b9b3e67daf2fe808c5c28fb27d05f
SHA512 9efa036a3edf1b98bb4c7d8800c96ca6eb2ba135f8a93764b141e1f46513cc82959c982ee92d5ae1a1779ee323e5cbe8bc3acd67e38d02999d62346ed972b639

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 cab0b2de8294c9411ee38b0ee4105e7a
SHA1 7a805d1eeeff22be68f02e291a5447624d728473
SHA256 fb7979e2e51fd1f3420ae86b6db6e489d06b2439ff2e0702f4855114ba108e05
SHA512 69b7fda2b4214f0331c51849998f719cfb12a6380d96b316c34c2b34ad857565aeaa74905ba0b0c94216149ae6337ac638dea538b1142f18d4d7123ab6134546

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 309000a3e757194370aef3bc5d9edaf2
SHA1 386d8328e446f49fbbf64808f0ad45238de80cbd
SHA256 5b86ae705bddc7cad746360f8e2af3c5e40c1c4aa0f96f8ab13e2b1a3a656b11
SHA512 c5a43ad3f1888e34658d2976bd3177d38af566464fd9d0e395107866726e1a1701a2155e32168541821e1bf6009e7025592de397418d88692d314b988ea73596

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 ac1c36aaa7f29d8db705e5ae5b7653a5
SHA1 b152bc0cced3d3f63cd67d92ea0a1ee8da300435
SHA256 ba5af185947476e5d7afc52aabe7c3960e4cd581ae6178460b4fc8ebf980f708
SHA512 50623ffbab92e5888e1249aecdf64a9e09b55ff666a85bc234ee840917a93bcba5d2ddef983ce9f7ba1968e3466016ec00c8e49b531b5cd9135cf6aa51fdc599

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 897b89a8c51dcca311e699397b82b035
SHA1 50392b06da435222cd1aba27b8d28438623ef52d
SHA256 d9202806dba842a356678eff1002fc02560828c01b8dd5ecc932b8ee7352f813
SHA512 806a250c6d6cbb744a437f05e250e8ce6e316ed8730a8fa2c921e730aa45466ad9bc754b287047d6156114019e4ca4793f81c9101b91dac85c967b54ec985a28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 1b2eb1b4b64cd31ed3d5c79c892e8165
SHA1 0d098bb84d7092ac75a77efbe29dd79d99026fca
SHA256 81c16f270af63ab27fe67e85f097662506277a6d44554a110220e3248a49cd11
SHA512 f5759d2e83ee95b4e2d60ed63be31a657ffb0dda5e01eff0185f311a55a8cde9e02c465748be8c00b4b3eb67437656c6a592f0b2b3ab3f7248d54b294ef3228f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 1032a75dfbf1c2e3a1fdd45266c6d4e7
SHA1 fc2a85219e5ba45bde47565a4f528668081a0736
SHA256 a17b0876ee00373edbd39b659d456be97982baf72e945764c4ac7fa599ae7db3
SHA512 6d6a2dbc580bff041d749f6f58cddc51a7aa3b09a9fc6cc3059148cca7b34186b732b173247b780f46ffb89e28faa53e87cc0dd54b762626599a4f2a6220bbfa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 e8ea52627fbbbabe169fd03af3253e80
SHA1 d852bbc482ca49e805e48464cf452b905bbc3c3c
SHA256 b28cbaa2af2972ca24428ed9604c19d19f50ff292352a212d9fb25946aad1e44
SHA512 72cf2347d40866ae9cff07be1e159d3f168c718b64630450bdeb9be09a05b202c85bdcd0fcec13035e8542571ea0ead9074e9ef609bdae390ef0d8d8684b9b10

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f1a6cd2b7d08fd82229b6497be6e3a43
SHA1 1a95f7556826214d1796b4795b66a1157ef2422a
SHA256 86c8f55fbe1be1318ecc29f08cd3f42deed596f664a08ef3eac2756060ddb5f8
SHA512 3b40c786d0d55ea8eb7d3508c7db573f069dc8818f3eb57a8f09ab2487564a44a82044d8c49c2d7a1d373a9d95c6221c8dfcfbf42be34ad1a767bf6083db44d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 6d34493ccf2058945dabc5d10d15e83a
SHA1 ba6db16803e53394b8c802273b6accfd3aaad3b8
SHA256 ea4acab08bf798cf46d42529d320a104dd67890e01abdf49ba70028c36282df6
SHA512 5dddcc917132d019c60f25167b5abbb89d6d0937a621c669de76d11f64f613705a21e9f6514acb2b04c896162a434a4926782e24ba9d3a74d0489eb812a1febe

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 61fcecfef69e9dfe72c86999dab6fa40
SHA1 2e752f4c08c1005ebbedd4efa7306782c89ddc37
SHA256 e0f6f0ccf52237ab43dfc62aaa1323c9f39e3d389faba7f0447aa39fc6490932
SHA512 95b42483c902e30b8ed227f3de840a6ab7155b86b65631cb0c69b9336df5e908a45844249146821e260682c7582f23e7c39e7bafab8f4cd1776287ed2e8f74da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 7d518c6b59d0322f80e99e5e417d3d48
SHA1 738fc77523801357d05817ec58c96a4ca499bfda
SHA256 2f8f199d74439453a1f966a14ada8bee14c4982c3bc703d69c5da6ab9dbffdff
SHA512 fc79e050cefcb6b507e6e8e1ff34f746fb81794bf7e03dc68cc9bdefedf3e19518b2ebd2f1f8e3951be22f38c9612886b3fd563f3c9d692845233e43861be55c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 f19535f6394bf03180bee9ac724b80cd
SHA1 5af0a454091b714589efa6c507f8cde57e0ccfd6
SHA256 24bcb0fcae0bdf214bf7e590692bcffbd701a25bbd71cdfd968aaedc27067dc9
SHA512 3c3d04a4f97a708c1bf2154711a11a721ff6d393a03f38cc20d814b0589f68133e68d8ee67b50ed883a59b4fe4d4e328ad6395da4ef8ead3404acb5fa3d6d5af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 98fa0a175021128037b7937ea84c36ce
SHA1 6ddf3eefe0f8b34e6deecc38f6b209eaff9323ca
SHA256 85e108da775516dd894c3659594fb61b41c11f3fc300d14e1d76fd59f0bc8744
SHA512 9bb2349a546cb900d663431fe9d2e2391464e84cc15d840a9944a1edd98b158297d4ae3ac849515a10220e19131e3b36a548a100d42a2521e4bd96774da52a28

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 445afbec1a9131faabe3d9295c50c414
SHA1 c0881a83820f9e5d4410dc1aa4c514343a3665e7
SHA256 8405384be1380788486ef88e05a3a8d7ed153d506fc88fd06652d15cf24aa5af
SHA512 60550f490dcc979115c3cce3d6c7f8904831d69a5cd6c38bef8e7b171f70d781de547f13c87b5a347d781366736c2f04995946ccd8ab3f2d34a443a203048975

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 6bb7ade19ce482d765b3d1a80851d590
SHA1 f014989c4ab6dda6e67e2bbadd35775b18f2ce3f
SHA256 cd606d1ffe97de47a82e6dfcf39de4938019c44d1a180738dfe4f9eb99a77ef5
SHA512 aeccee4ba8ac56b1f1d514abdd65f8cf9ff5699fa90fc580ee46cb197c47cf6288116356cadd25fcb75b62b90220890c3a9e0ceedbc66215db8e592fba217271

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b0a50b065bea2c81884133a8e015cc0d
SHA1 03094e1f1b0b6cd89dbaeb8663251b8bb5164012
SHA256 52193a94dc7229da5215c86cbad5311896dd291ec3544fd46a3d1b9d4f2988ef
SHA512 37813b28d14717766f00d62f3016dcec2758c5b688637455d15f1a1deacfa9530f020daebc530d8c4d6c595db6d6af1d0f68e272b448b0501d0c4e9bbf5016aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 19756955a4f50b67aebb9bae095db10b
SHA1 1d4e414f3289cd1c523da0bd4fe93fa481dde3e4
SHA256 cf8ea2ae0550636bb2d8004c68bbaa4e1edaf460bf4f25ee435fcd0331d78ba2
SHA512 5e2bb5551687ce2d41bde32ef16efc1eeef6284c6489e51b8833c65331e64ac58fe0e8ed216d5ccf650808996ab84f3a363441a51d023324bc55b07384e9e8f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 0599289e8ac007289cd07d4b70d5c991
SHA1 51dac2d1ee26b4a70fb5a45c686d51255684b2a9
SHA256 3583f6d1c856710b9e916f9e782a56c6646fa6b4fb19af61ef5df70eb7eb2de9
SHA512 0bec4662caa0af1ad8e0a65cd5819a45daeda0f09fd8a3baba77d7059700d8240ee41aa44bb8d60533d1f400738a6fcb3769d473dc07bff6cc71150e491a95df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 90f0484f10c7eafb9524e5bf7e186190
SHA1 be17d708b67bbd123ef83360aa0114a603c1703b
SHA256 f6eecd92b70d23003ba9970ce2945ce721dedb1540ea6b64b8165e3ab540559c
SHA512 da5f031c0ba3476f7fe2784966bbdcb9c61d95342177fae8662b00e48e9fe4aeec1e3024d39e58b1aabd6d7f5004343319dfe6311a87949b9d4bda67a4a798cf

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f3b1ffe40f64ae417082a584c37c74fe
SHA1 36b2b2be1d6114c4ee438d138b887b1b16d08235
SHA256 fb2e030cd20797648b8edce40b832938145600db635afb43248f9954031bfb30
SHA512 e8b54b6fdc84277eef6038555a8f203f9e824cdd5dbfd388fb77a8fcff5b78d5964b4504fae40bec4ae70ce9117af40ac5059781a8102fbd86ec3797d9fb1b52

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6513f82bbfaddb0ae3c1cecaf4e719d9
SHA1 333a52e741a5c535ebd0c57913e1cde3b2a42ec2
SHA256 0e954e5f956b3029937f096cb89d3e0f59a20c8bb7a01d0843f11152d5cb5514
SHA512 05a3593978189e314ff574338d48b7550ba1e0bb94a786423d5f5917a7d766d52029f517d6933b8b90d63e09e00ddccf2fda9aaa8dc3c4e668c1ac904b7f4dab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 7c663a4d837312b113e783e0541c1d7a
SHA1 5613cea10b1247df0a251a90bf8163bfb7995f9c
SHA256 3cec27fc52a35a87ff0ec1e297f5f2a1ba8c17de0de85fc32e22af432da6b2ae
SHA512 6e48d4a796cc29fd27de9f877d78b5a0987cf1b7753fad205e7167f77fb7b71fd55495f88b04a2995361dd7459f4b7ea13e73b72cfa7fe16133195be5ed1dff9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 5720e14c31466316b71814716049144e
SHA1 033d6ef73b8742dc3c4ca96c00830e0685657d2f
SHA256 f4f89c555cdb4efa890e8b06f030d1fa4bf0fde5f34dc06608ac94e554a9fee4
SHA512 6ebbdce11d62a60de23532d79fca160a0623a8b29d6d03e2bb96db2721b95f71d4192a45e966699b0edd4e5d5915c637b2002a798f19de62fb871098520faa98

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 4f3ac9506fa89246cd0b38a3e42eaa63
SHA1 84f67b85c17d8dd262e3be89bf8b5f183c373581
SHA256 d7ce9c3ecdc3e7b227553ff159a1d695c219f3838e52cdd0e48c02c97e71e8b3
SHA512 1a8e25ae31e85ccb9180ed92bf725128e0a74a8684361a750e7027daed5714054358f8112fc818090ce87ad91ab8aa7dae4a149ca0ba83a091d1e3c3aba2db8c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 d98e7904dd0b4dab56f66f4d01c8dde5
SHA1 aefd9e3a59af0373aa841f76f9c89ab5bc475ce9
SHA256 a6a3b85d52b84a1357895e75455258c2dc0644c0b52e1fb11a0f7e6e25976e6f
SHA512 8020d7a1f4e0314b41c24e00cea153304b4cdb36141ef6e43e5c76f1eb38c383a9e2281ea62a585c29e17adc4e68e84024c711ea5127eaba5846c811a6baa782

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 c4133b9ddb67f10d95125b50a8f1ddcc
SHA1 296bc330a72ae608be52ce28ab44d92c1a546e3c
SHA256 22682d3212c8e837eeac4e168ca9184fd3bf5afcd1c4d218523ab9170c32fc1f
SHA512 60b008f9d14c6f6e1de8f9674ffafb95500b728f88e9eabc345947505db727c12dbc38904079f6dfbb502964c565a104b377e69781cc08fce8824f80aded0da7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9925494bed9f10841fb048aaba6c76a0
SHA1 4f00272ed70b3f1b4ccf8313a00cf84ecd22131d
SHA256 2ed3fa90e20a84b9948e24c69e1729e38649c2d04170c290dcb7bfed12d75ab5
SHA512 8e97a313885cc43fdb19c32d4882249bd6c8745b33ffae5b6f79add111ab797adf416b97b768e64385f377ad0c3aaecc57046ef2ae2faa49f58c640cb4019db8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 141afd63a7efc70c24def1a5e60f68b5
SHA1 f65ab5adcd8950b4b1aecec57fb690071a37e372
SHA256 a971ece13c746978b975cea423900cde6ada61761c7723aa465238771ba8eb85
SHA512 4078a1e4ab25c7a755c8d9a0decf22af75ea2c8cca237edc912723e8d13396c9cbc8a336e37a92265c58f2c752aba03abdb3d6414bd731a1fd3e48f4203f661d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b18b591bbd6c753b9b1840160939f261
SHA1 04e47457b11fcd2690d548a87e215a0c48ed81ce
SHA256 f12cf35ee827971a3375f9245187904eddd6081b1175f63934f1acd765fc856b
SHA512 3e5579e25ccfc87800fe0608856efa65246bb41c3478aca3bf5393d1ab5d9b61f8ca0d03f1f9aca7c954ae4779860a7cfcd2afd35119804d878a075ed5cd8e60

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dfc82f4d8343c8b1b9e3208dd14d88fc
SHA1 40309152425f0993e5fb6029945d3d24103213ae
SHA256 0b21ddcb469fed9970c31346dc1d8ae1086ef104481456389258c0a36a5179d7
SHA512 6c49dab0fc2fc807de309052a6327ff24eadd0ceba4857f436f7b5b80c90558d1193c00dc8f9d1ca221b71fa5164f7cd36c474eeb675ca05e396c2f0197cef64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 dfea1a9d65c60c0208627227b689c06c
SHA1 47ac861ada985c6d197a5126d7769bb2df9af517
SHA256 ab9150545023a774cd4d6dcdc333df9e9e6b536e9cc5a44a55b29e46e8b53633
SHA512 c650f54ab1be21c20c478575cc921e6e2fcca863b9767ea4818caf23b33c1f52e80a8257c9ee81f215d475166227151a10039e9aba2946d90c7f12227de1c843

memory/1800-9150-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1800-9151-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1800-9164-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1800-9167-0x0000000000400000-0x000000000040E000-memory.dmp