Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-zcw99ssela
Target 36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118
SHA256 653127bdb00397483a3499db51337471a19f4b272b14c924a0bd7596d0a78302
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

653127bdb00397483a3499db51337471a19f4b272b14c924a0bd7596d0a78302

Threat Level: Known bad

The file 36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2166) files with added filename extension

Renames multiple (2209) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 20:34

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 20:34

Reported

2024-10-11 20:37

Platform

win7-20240903-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netvg62a.inf_amd64_neutral_5817ae5135655364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky006.inf_amd64_neutral_522043c34551b0c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_neutral_1975687236603184\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_neutral_59c2a018fe2cf0b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Purble Place\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{C650E966-B14F-4E38-8E3C-8BE886B090A9}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Country.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15275_.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\background.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382958.JPG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a96dc7644906146d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ddores.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b860e3728a94f310\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_998ff5c741ae3fb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3c76f7a2d9674148\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_10055a63a716b00a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mobsync.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d761dac9339ff88c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_de-de_751b92146cb548c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_ace9374689c7e25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ae6e8472b208da12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_megasas.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f6ecf0336b269e73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_6.1.7600.16385_none_b88be45adf067b29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5e99205161cab09a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f7ac452b5a04955b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershel..hicalhost.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_ecc5634fdd6d44e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1326ac88fbb14d64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed7f07959ef02f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5f06d0e6bda42d9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_6.1.7600.16385_it-it_038f935c6c1f0aea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-getmac.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ff099de0f3ac8f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0f3ce4bd4138c17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2d30036eafefaeb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icsigd.resources_31bf3856ad364e35_6.1.7600.16385_en-us_145a0fe137565c9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wsd-challengecomponent_31bf3856ad364e35_6.1.7601.17514_none_267f132f01972084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-708_31bf3856ad364e35_6.1.7600.16385_none_2ae246a0b4dfd97e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.nap.resources_31bf3856ad364e35_6.1.7600.16385_de-de_821d94e46283e8d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_reachframework.resources_31bf3856ad364e35_6.1.7601.17514_es-es_b5d5945242b09514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_en-us_5524f6957e36bbf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-secpol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8d538626cc9863b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc006.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_680656cd53a5dd85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.cmak_ops.resources_31bf3856ad364e35_6.1.7600.16385_de-de_99066deca32dab79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_376bf74662a3c1b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Performance\WinSAT\Clip_1080_5sec_10mbps_h264.mp4 C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky009.inf_31bf3856ad364e35_6.1.7600.16385_none_4082e69c83f69105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.resmon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_197c4fa8054ead08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershell.security_31bf3856ad364e35_6.1.7601.17514_none_798013fa5b3040fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6a017060345946dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_it-it_477403893ec49004\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_eede0e15732a55e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_m.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..almanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_26906a340e967570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..maker-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2af540362d6e5473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-medexp2.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1f16d54e15f81a5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Bears.jpg C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cec32720b1130226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\inf\TermService\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03df1be1120b3a1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_658ad4c6e1804870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7600.16385_en-us_985b8b2af38a6a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.tpm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c6759e4f8a082727\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_f55dd110912e81b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4dbf5d7248062fe1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..converter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e68c9d3fc84d6309\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_51a64269f04431a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PBTSQNNJTWCTJMW" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe,0" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe"

Network

N/A

Files

memory/2192-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a3b599ed8cc9ae80160f587d6eb64bfe
SHA1 e5351a1f356c39da53ca4cf9d759d3a72ad5370c
SHA256 18fe7a615dcb6222591095b5e9a71f5f49c20c012a84f7b353ea752312cb0b80
SHA512 a966fe7012a492e2cfe8b00a697ebafeffc526cfc1e0a552e183cabbf5bb63a7bc3edc56a1d689f5e80616fdd715c61a4f20a030938240fa0e3fec440f3dcb8e

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 4ee7944d570ac8c2db87430243ca4fee
SHA1 b8fa42771abaf229542689ebf5ec250b3770679b
SHA256 99ac3246cf0830629aeff8bbd9728e5cc09bb909e865ddfd5667d977bbc7c946
SHA512 659d4161830beb4e4d0aff70bcba92b3d9b7e781a514ef5ef767eb325470c7409fdd5a0702728b36ced30c3447ebbdd83e2b8970c1b15a42ff57830b9bf194f9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f01665d84f85fed01763bb390fc5a41a
SHA1 92108963dee4e6ba85ff660cfaca6619ab58bf0b
SHA256 3254d993ad4464cee84b33a5a1dc3d95c63f8fa9da273591902fbee15f3d272d
SHA512 e5f5ecb3497b0555a7d50888a8ea5a1174e58d79818b510e4f943dddb67fd7a4f440ddf22a2f8750f05eb597f34be9e18d673f997e141be3b7f405be29142d4f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 7567b3e3aba10cf6bfa7b3802c1ff6cd
SHA1 3129ff073a44581ddd0bc9019ef99fadd5b5cec9
SHA256 b87c728a9d188e96a669321d72e3dca3c501c89bd23068a3049979d228f8e8f2
SHA512 ff6b8b9d1c27e85c9c0106f63a40d1f0cc879143ec265fe3e91ec864ef4b797021cd190be5ce7d24f4387513e440709f106db052e88b961502546846cd869d9e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 063e558eb6980c3f2024470a85d78fa4
SHA1 e7eddf51336cfe650d6c5950a03f67d3d4c867ca
SHA256 e01af2d8e96787cd0f7f6dbbb6ecc4ea1763ebb8252a6819ac96debfb5d52800
SHA512 4fc2476e77641cca41c81c89a5e56f05ac56b2f79f324caacd1a47ce19b8ae7b049052627e4599cc9da1a2970dc16f7f16ee5bab187425569ca43a02504fc2ee

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f01c40866946dc61a226b6f992819ed3
SHA1 c9d14beebc17660809fd25ddfaa7878a522d4afb
SHA256 933d67f5c3ac9238dfe3257e4ca8d0c1bdf769606694990b02ddc7cdc7abda7e
SHA512 7a1292154cb1d806c708f7d61a96dcb2046ff315a3b9c3c10bb88606cc6bc619eadf07f107e51e2414139934efa49af31e3b290fec4ed0ee408612cd1592ba3b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 3154f5a57a021dbd430bbc774c268350
SHA1 b1c56add65f364ea911244e326c98c3455e7834b
SHA256 9a83c1ce8fceb05ed4a000af15a4aa82cd1b4d5722c55028e01163db3a40e92c
SHA512 8d323f9d96888ae26be2b23eec18a8f03e3346af4ddc5d9c6b95d57b15bbbc92a69179c6514c4bbb561e5537d9b2bd2e5138b8d4a5e99bf993b4b47c5719d819

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 2e9f2a62109381ffad902c11bf4af608
SHA1 7fb4174b51b63b2677d4c2a084c41a154cba9735
SHA256 1d87533e1c3edd79fb8ca8d66777807d814bc77c79ecac7b3dbe0e25cc05fcb6
SHA512 441340b80992a32ff8403382ba6d0aec3977adc9dcd42d1223d3e7ff032ac9fbb1b202cbf538e527819b27561014c59685202e5d5b652f6a638e995c90be7d12

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 6ceab84b294963211973393d4592f675
SHA1 d521d81915ff6403bf12724da7d0f47176961e91
SHA256 6fcd4a14d04a6b7c2db31450bf609e526f00dde8b1dc6e23a3f315e9e6202bf0
SHA512 139095c59d4cc404e75ff865ef901bd144da8901b43de4b3a71c1919d658468ff2f823bf4e390582acfd93b4bf3ce38705754e37f012f073103804f0c079abac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 03255ce91b456a28c9d1fc9a98bd547d
SHA1 a91000c6dd5cbf3a197b89ea3b5327fc5093d517
SHA256 6679d855a527cd843786218c995f93cf0520a5dbb9405e1e1f6c72b147998e4e
SHA512 1575737b6fa8d03d323eec87505007757279bab93de05ee27439bad2c1c0c7170085667877f060a85af61ad4b43d3fc7f542d883fd415b91714c22640590119b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 7486954b87c0a32113f06b75538c3953
SHA1 6b603fce46fc9e8bdb87e01e1273208797950437
SHA256 056669d8d8922489ba9d5aa617d3fe5ac7b154292f28fc7c2cf50c5e339a3040
SHA512 92d4cd381e82fcbdf25210f02b4f77cc2b239e30b2a28c776edbace90c895c3564a87160e8229ee4a8fd055dcc1f4c21f8b0751d632dd4ae3ed54ae23d2db92f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 dcb72472cdef84218c3c5c55c3a8b317
SHA1 9324277b5a2a5ff386706c201b821678afdbcf7d
SHA256 9d716cd22f63730c365665826d2e1bd091c8b37924f7265e490daa9b5ee80d39
SHA512 7d9e776891c4b91ccea3c083376be3ecccc16817a5dfa64ca802fc0f5c3db478ccba84f1e607617809eb8669363b76eca8d4f09aba3c916e843481c60113217d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 7d4bd32746c5fbdd3d96438f6eba10de
SHA1 8d91aaca081a1269d5f19d49aa337d8ec8668f68
SHA256 bfa82131ed5c1b88f196e748d8f5d264e9f16089e4b91675edc99ab65914e91f
SHA512 990f448b0336bb7400c4fa673b335a86958cab4c63075e09e4c948f68a83a08349064ea58274dc3e22f33af0ae2b34b885ef7cc25cc559bf5adc41d80675c9da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 65719022ae37905aded7cebd6cebd96b
SHA1 1f55c11e20829d30b532d82bed62e30b5a2a21fe
SHA256 531367a4f70543b4cc16c7a8eddc890796bf023a2b514a0614092bfa0c4a93ec
SHA512 e2fc057f6e07d880c598a136af3f00778e22af6ac15ba3f135873b883514b23fea0f0c45f086db5b292da88c7a6014d8b40f70852edb34535bfcb5aa85f498fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 cbb6ecc23a55ac7844da46e29b7685b2
SHA1 937c7ed5d9e3c1443dd1027b10afd61ff6ff2835
SHA256 d1b2570a3c3e427956f1d3600fd92c48eb22cf2570b5680224e7ca549e3ed684
SHA512 20113a0c6a03a9684285a464a0c8efdf48098381790d4ff45fbfc505467170436a14745e931db205ce47192129680217ef6e8697854df22934ca7b9ef7739463

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 74ec4a90303fbe535f935c47d81b2809
SHA1 12d5c2d73f4556d6e857616d3dde6d7d14b6f6a9
SHA256 b0e3f6cc99b997312b78eb72dd3f19bdce441ebe4b11c0e04b1df491553fa66d
SHA512 58c0498f07e5bed9334963f904d419e5c242d6c3a74785b67739c50aa4f41658700e746ee64ca45a2a58768fa3f0d290728f2c9f85db40c7c8a70399be91be67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 d7fb02311ba2d13db8d2bdf87d04f42e
SHA1 94963f43cbc8e357b2774738c30b52a181e62c2e
SHA256 4cc94e0d2e0686111ffe5b93ad13d735a7b233f682ae9ba84ac7964f9141547c
SHA512 71395c8a31d460355b737c151dd051b7600492bbaf4adeb2cfaa828aa0542ca1256404523fd31e0295b443b16ead2325170d7d0625ce124564ecc26c1ce09bb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8d9bc1336e3bd88b4b43a1bbf42574cb
SHA1 f4b1b9889e9843a6a09fb82d0b9a0916a8c981fa
SHA256 e38f9a5eee6ddd86ea8e7898170ad46cae7f77372ee0297e58855c0c56db3e0e
SHA512 78edfa6383294f66ba8a58b3dbc35089521dda5764d06a2454b76f012b3b321495402fa739e302f66d0ed690d456a1085dd4b3b90d6b3dcc69fce0cffa6ec3a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 44cf85cb29f80f0c9f9d641b0708b6fd
SHA1 b5e4d2d2a278799821351180ad65ec6f1e09db94
SHA256 ed151cc25b9c94fa5be2937ce84597108c7bb4398e9cd6b3770a41372d79af84
SHA512 d77504d06041d7eda3b9fd9f08b1f261b548bd2e2281202f3d10d9c77c3d6aeb35930cb04b42b00926ffd593f034813b2fc4c7733f2e56eeca69b09da5812b2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 889c5fef7016894bdeeb7d3f09086a16
SHA1 405524c0a7b9df7234b6e6e9f2cff38ba36dee76
SHA256 0b0e41be745dcd5961ae561c6975a6c5cee5811e4bc7bf9c620c7051435bb418
SHA512 96889d6a3e193abb62be09a6b4155a277f3f82b8f9fb610e8fc794b3b3df58f1e93c137c280cca777f6909a35eceb98d4a0b42155982c1282c768318ef8e33e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 7be85bba18d81f230f1bbe8a4ae99fd9
SHA1 ce0a76b46600f9a0b9005cdf3e75b24004226a50
SHA256 91eefab3ea6de0a5ec4aa5ff7c9beab8ffa1848a7ca1a006730bc2cba439d472
SHA512 e69fb57910e6ef5c2649cbb6473f16b11050a222f167c9b53ed956b8d23a178529ba20a3c061c440f3a0da950678defbc6b8d42535463a46b71ccf28f46a7d36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 3726b1d2b86921b29a8360459e60f942
SHA1 7a8706f8ee3ad4552537239b86815727c8eb822a
SHA256 42c00f695621a55cf776cad9dcee0b6c2ce2f33266aa04572e8330c7dabcf61c
SHA512 e2011a3d6e844c654a593331549ee7c35201a9bc9ac737823a0e74e97a40fa1c5a07ad962f57427f32802b1a8660aad26efc0403183e35e435d36ad6771287fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 7bc4e5abb2007cfde629bea12d9489d3
SHA1 9248d34ccf2e3182a2f621483d2e2d72faf62225
SHA256 298f799a6f97261bfb375ef6a7820d16b38dbe3d46db43da14f6c8bc6d2a50d2
SHA512 720458f8f3c8f0758d6728f396d43d0ff54940ce0ce959fc546b3996f9097d79e9042a2737de8af37215cd91db644e2a3ae25b14ccb3601a0b4c05a28ed46826

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 bd30b4417b6b8ae18e11ff3fe1b3ec47
SHA1 01bfe94341c3b4efe831d6bda0f5e396407f0cdb
SHA256 ac24e505177f58f1c7bccc143836658d5a1e93bcb24e7b6c2edecaa9696b4b7e
SHA512 dfbbc936a3956527328f1f963161118d425caf0370d0c03a35748f8bff8a482ce0b75ba802ad6b7d33b2a66f15f4e7c1d3177e1607b68f21acc7bd209e6aec8a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2d978c9e78945c06c6def045ea3c60e8
SHA1 090a39d532e7d71ecd3934e7ac52808af54279a6
SHA256 9d72c861afbd6722a751028ec75cba5bc167c9f75b1a4977a14987b3186b7a70
SHA512 97607c06329a7a1e357d9dd2c5e7b67387baa0e60fa9415c8641e11312d4420a2f32438141f6a2d153ad378877994109f0dfb21f2224eed34d5c0f7f25b1ffda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 d4b0a866862a424cfa17a492aad65e0c
SHA1 8ea02344778f9286285cb085fca553b70c2be18f
SHA256 b19979edafa93402b238c8a3db59d901fefc677355746c4ca9ee075de6211af8
SHA512 af3bb42711eeb92274605dd1580d7e223f4de4b8c694465d885dec0c74086878498792b8f4c9e5986550139838135ba20ae542d41bef6bee6b3888eaa523f5dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 ef40eff7c39f584cde0f24a4a6cff770
SHA1 70634d70a2b45a786adbe21106da02bab9b2a39b
SHA256 126f79ba83a5814f36328b4b72bb97a24a08ca10152c85760af2f42e6c8134af
SHA512 91ddbadde66f8d2e11cdb578ce6d8b53aadd68f658ed14eb277e4376a354f33a4f09db9ede8970f1ac08dd92754b97a5644e5b1a496f274e7cf6a510ba94b2c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 e92fd45ded5f99cf201c259bd411674f
SHA1 cfa7fe2d1b74b6714542ec26f90e14157dea092d
SHA256 1855828f3ac951052ed4a869f5932020a452998f7da294d05b961e92348e9f31
SHA512 947d616d74308a0c222a765e70e1097f7d491b00d23787b0b3a1f27fd2389e661262f67cb14b7c97a80164fcc17445616cca9da7611d8c382f546aca200eced6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 08d3dcd610650cb834dbc396a716cf44
SHA1 e02f4ef074c254e9579980e50c48b16484cfe846
SHA256 fc1dd029361c5221a7d0731b2ae89c92656e5cd97a4eb4c3e8346b57ecd3a40f
SHA512 34a1d37b1fe4277d8c3cc000c8face3c09da542a0b1450dcad0f8f5b27621a3ebd446e7c01ee69c215f9944710945bed15a7999eec51d9c5eb75849c9b510fce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 57ba9fcc441390876cfbd0e6a284426a
SHA1 3b585c64e95d4c708af1fcc58693a3ce5ba82897
SHA256 0a1fa41dd9daa869c38535b9e2f07e53bbbcbfb2751d08d1ebf77f0e9b763eba
SHA512 7ed258178ecda7aae346e5f7fd83eafe32232ad7652946ec2d96111dcfdba36dc72d2501fe0ecd91f949afb51961d513fa608d3195f395bdf2fe0867dd2d5967

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 f8159128c51b4e8c2068afc8ecd5621f
SHA1 c80908e3460b6a957c05e8e32092cffbfdef4e75
SHA256 e37cbf159a377667941af65f78bd6fa3211211bcefcfbeadec2fb1d0777a9ef5
SHA512 9dbf9932f7c844c6c36bf1e991364ea6e7b17ba105fa841676dad46dd500be0056016611b47e930f6d9e4f8d237948996e1e2cf4ed0061b41ce8178034abaa6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 fe126881325a3062cae2f24a3365fdef
SHA1 7392044147e29d15f94a9b1b992bd882b6731e30
SHA256 d5edd230688ee43e5ba889c95c574dc05220409dfc69a85ae3c95c93a7a816cf
SHA512 dd36d445a0c4a2f0ae138a567bdd1acb772eb5a577e4118b1f201eda5ac7f01e6d1800ee52b2c0c84238a5feff2da641b71336c526f091cfec6ba46e60dfce84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 7b9269da3cfbe01131fdac33eaf7abd4
SHA1 415e8d964f48cda1f35495765341db0cd8987395
SHA256 e2d23af4c2a7a2fd74a610911ab23cd822f4e080a664bcf01886c378d7a7f87d
SHA512 4feabdcc99cebe089d347ae9732a8a93c3b146b9a7df555d456824ab744e2dc177d8ba5f69215d705c7a82aa96a505529e1938c4c08ae4a5309ae8c532e67e41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 4978188791618fefd473cc99b0dcfc7c
SHA1 d575b27e5bda8eca063a78bcda89873ce6462b88
SHA256 f2e5159831c025699f41120aafdd91660ebc65a6d69a3e53a310d4057b7b5ede
SHA512 701b52f3947339b953467fb12eec286f0435536c59d05a9a9dfd260dcc312b8270aaf59b40abd162e3c205baf929c1e4c76002193ca370ff892fc9d1264b75c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 78ba074630f3bfdd5ac17128e9bb1566
SHA1 4ba8e6b82415a2e82640a8e91d14260129161300
SHA256 041439ff3236f64fc757583db0b1b95dbed2a22b376dd1db6407968a0bc92dab
SHA512 b67f65eabcb93b0d152c6c04498dee1712af64d1f9ccec88a6ab466cd23e0098e8744d93881531d6878ed524aad97076d31fbe642976f1dacd9c458ea7611d31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 53fb214543cd2b79afcf5c2c9b094036
SHA1 713219c8c930d1c44794d9fbe88f9d17547d75af
SHA256 45169ae4931075234308848ee84930064a967e9bd7e80269b6a386c93da26eb2
SHA512 02bc0172be10cbd15a5cbb0c9da6a90b2c0a7fdb7f0bea54a388548dfc814dfd469c6668d808d20548644a2a0c79512c23f3d3d9338196925018eed11ffd23f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 50f586efd2b7c48b4a65dbf0fdaf4aa2
SHA1 efd86fccb11cd7951081e683b4a99ad23051b0e3
SHA256 54e4813222bd5d5474b10e579fe301b1262b1d62f4e0739ee75be404bd6459ae
SHA512 06d5b66488802544c1881035af4166c0c2da5039d43744d07800d1ac61ad771dd81990c08cff46ee0d7253445f560d48fff72573b451b27f9a47549604ee2963

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 4f2a47654b97f20e98660aab026b407a
SHA1 f863ba005ca363c504efbe5a3a0d3715059b4a79
SHA256 84c6dd4677b89cbae8c2eb13d10edce7e8a33d18dd4300c5e6c8cc25e808fd91
SHA512 287a9811e0772f9c2cabdfb8d6bcdfaeae5ba177a23a53d9d86e08135411cefb81099eb0b734259477f9c4a8d3dee27f20caa10ee1d81bd0839cd9d74c93111d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6e2c2a58235eb6cbd161ef64f2c56677
SHA1 821599cc33137b477a249ea8fbea4d37c9f8bc47
SHA256 bc5152e189db6297b0e692ffa69bd34a0846dfde20e96500ce8d6234ef6154b2
SHA512 34e8588205fff2c8a57aba48c7c3bbfe1e005f9750a894b81e20bedfdafd749ba35fb94ed3d1bbf6a718c11dfdc8082f222f84b633f66e6d179d7e4f8550e2b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 e1b25a51b50e9f6e57c29709a75f25d7
SHA1 bf88a0efb832834b1a6cd91ef8d5e7d1b8955904
SHA256 6a91229e281864ceb3eadf99c27c1262e696f34fe65ae6193968c09bace01ece
SHA512 02e32d98a594a1c63330f1f26fe865a54ed56ff52d04df82d41c7a50446b310f6dc564c4544cf0fa453d3c813325e3b06224cd230bb324a8296a78a230ee0f7c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 c9be4b95f72690fd27328185935b81fa
SHA1 9bbd934fde88365cd5084fa866c84b08451f2ec3
SHA256 5cf6004883617c30d733974a20e4e1908509492437929ee838c86f46fac2a749
SHA512 95807c2c87fe6c6dda3726019806bf9cfdddd8386148cea8b2e38ac1db6d29d23cecdaff69c05e91bb9cd90486eb3c9a2c3331012efecc8aad27fde039e80509

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 a0f081fac3338695c655f1c81f9ceedd
SHA1 ea6dd64e18ad73c93bf6551b17314728b2c23323
SHA256 d0f1083a5aa1ee91c5123056baa7e913ff20b523fda2224c36853e02e42da141
SHA512 5bb5fadd012887096120ad302937ce4b94501853374277081168c94079e8c0b0c09b7988af79eb234882759c59cd96b218472c23f9f461c9b8451adbfb260cd1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 c6c23559c415b6f023519906ad1dc949
SHA1 542b10dafbd01700703491a4e5122fd86ff7dfb6
SHA256 a354e6260ab5df422b8f3a3d8a39ec9520d51a95d9ec661ee8c57dd2d93209b0
SHA512 c53b73edba71d572d5fb5282ef69359bad66b358d8decc8ec0d4740e792cac57072325d4b67b66cfc4ef4dc0ac6576ba067b6316c3bc58b273477b0c497185d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 e4a0c94cf639e489982325bcfa219fc8
SHA1 6d22337f8d79b2c765bcde14ce1b6dc0dfdcd16d
SHA256 31a21f94ba2d628ca922b1d1df8919b9ea9b1bc5e38a7ffeaa5e7b64b8f71067
SHA512 7ed57c3c654a92284ac480a32a787e0c5ef682eb0084813adf2c4c028f2526660c0cb002e2d26d71071847d25b9b11fb26079c12f08d01aec0a8a4e7b57fdfb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 337be41db26ecdcdc7687224e59bafa2
SHA1 733854c1d371f5620b0bf8f43d1dc015c0f9ff0f
SHA256 a43f6345427736c3ad122d9f9d8011b8acb0b9571111c130ed2ffffffca48ea7
SHA512 ef1f0a526c06c02c4fcba2b6cca1d70f8c40e9cbe11b8c50e925588285be44a84b784510b53a54e1c2f493b8a3bcbb08270e952af9a54816455c99494acd3c64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 ab62f6c2231a6be42959fa3370125fc4
SHA1 79e093ac64cbbfd0782cc8a66edd5969555b3dda
SHA256 00868ea0d760187d4eee2a7100bd6e8d81e33a12e18d86eb9d3ef20d7c81e651
SHA512 8073add57ff07182596a10ead94e56cc45e28a27768e8841f348e946e5275428bf78d202a9e190d9571cfe00e8e7682bbeb1c069b9e75ada6efa5dd5b63e0119

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 7976dacb70c092b0ef6756b0708841e4
SHA1 d72af19e657d96b13daebcb7e698c4bbc583c50e
SHA256 1ae7f4343edf10f7ecd5c81475ddd1eb3a1ecea33988595bdaadbfdec6f729bc
SHA512 99511aae33fac997c3023914ea44e81107b91966f7499a5f5db8f4d8fe085ad871ce009a6c016a1a71cc4f373f14537b6336e08ac4a62e31ec0f5dc7dc714a65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 3aab77a487d79bde3b9ea3634dce789d
SHA1 7999fd4141db45f6a0a47e3d81f4c1cc44acf931
SHA256 3944cb554345d1ce6771ea6e472c2d0b009a958e99c22bdaba5510c342f4c073
SHA512 4fd8fe4d2123cef5aac963b49a6c01dc52e915c30e67625df1ca707eedb38190d774d1321c75b0b09096ebe08f492c7107928d9ef4ac661d0436022541da961c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 f71fa1aea58c599b91bb3c901c2bcfa5
SHA1 9353b2e00ab21f799c95466878742411db2f311e
SHA256 8af3c74fd7c610981f845b5c8ad31c82d6deefc96b86ee70b9837c0e92916bc8
SHA512 1496cfcb4e87c341c899286119bbd9f4dc61f21135e82c7fda6e6646d90731af934f204ec3af1e312db8d971d9c401ce3356449e1f48c129d19c90aa397498f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 3c796ee4a70ad0ebf682f4d002b48ffd
SHA1 ee2b8b22bf780bf0f05656e36bfde3a47ebb47f1
SHA256 a845e0bf258aac2e69c5631c6b4c5bb9fdc91a0b48adda3e082494bd9bd999c7
SHA512 bec87d04c413d515f7c93769c4c8cc13d925ad4cb163b2f23876bd349a3bd55dc286ee039b53f1a203f19c95dd1faed6c97b50ee6e4ca4846047100b4fb4901c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 ea013ca0ebddfeafa127fd6a1047f130
SHA1 805d781038f562e43c20bb265af93017fb043093
SHA256 cb07f00440167d20778a46aa35ed32fd6e2ab0cd57d152d7a337408054429e19
SHA512 a5c1cf0e8692bb9ea779f43bb3c5bd63734c6df1ab4da6f92d543f2c15421fa8ba526e0ff69a762b22ae0162593d62e2cad90b16f34c757539a1732efc5de3be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 40801546438625f828c6542dab3b740a
SHA1 49d955ea9e88a73e31340731a8b0032ca4493a16
SHA256 9269b7e2561bd19e155ac206db9f8c918be26f6f5cb7686efb94c26134acedbc
SHA512 7ae3c9eeac68f78b2118eb14969a4e8829d4ea02b00cdf18b2f6e0fc92c073345c2f8301c9550f9998ac1a9e17d81737a5535fb082d332caa4b08023a68ebbd1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 927aaadbba3f3a8920ea0a1d33520b3a
SHA1 48e4f4401deeaeb3b699926b056e5a99b75addbc
SHA256 0a5c7c6478da298a29759a0dc251ae81be18f7968fd610c23a4f433671293a3f
SHA512 d65d38350058ebe95431b1776155d320bf62fa82de8e12af2511b991730fad1ffc620afb2093fbe5acf708d52778fd7df833e8501e5234994dd8582c900e162e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 57487fcd9a82f755b61a048625f3d7eb
SHA1 8ff8e7e2e00032e3bd65dc172c5f67579493ff8c
SHA256 34cb66ec191d7e64ccfffd4eb6e30d93c69d5154aad9e136ee00763e60d5c68d
SHA512 1ac1fffc8c1505668f6d8326d9e3b413c13bc97c173ef373d09f3a98ccc13db8ae270916a5bc0cc61795873b7567cdfe09ef6ce3a41137bfc281077e4b2a8fec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 2d24ee9eb0259ac6c818d100ef06fe94
SHA1 1cc624b88094040f0aa53b50a11cda143c71784f
SHA256 b0d28f599de3f0103ac0190dc95d63b2740b64a12a39d8a46512bf80a6966a06
SHA512 73bc54308c5c02e8753714a647a9ec34f4e0a5b67fb943ca7e36796842903874b2ed3d865f38214307227c7844423057b64fcf8e3ecb1cc22ad89de9abacaf1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 fb6ac089df68f91e7dae94cbc4c9f3e0
SHA1 73ca7350a11053d535551a445032659db5247e19
SHA256 30550654fab3021142d9c374b7426c4668d2bb2578881b30c503260fd2bf1585
SHA512 90de89b60e0a799c18e46facfca8f963eef9212941faaeba25127e3663f68ac68882929f9950b986e3bb6685ba98f0a0ef3d4de6853f6d6cf2c4fbbd23301513

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 257626415c390fda1ee397e5d0760860
SHA1 edb479baf872edd7730e798ca2449881fca847e0
SHA256 c7f519d45ce3987b6d591cf6ffb072fea18b9230f2ba389e76920e60f51cac9e
SHA512 aac4c5acca452332fa0bbaedb9873320817324636abc491599ce58a82bd530557e8e5bb73e70b0d4507ef1c2383a61fdf6611442a0a132b6e6c42bc274d623ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 1337082a4e314a489f0ab153a7dc64fb
SHA1 ee691501a4567626db89a2a61bab23c21256d191
SHA256 5148a67608626fe3cbf1cb82478a6bec1100810a40fd8a85b43bd9d40ed39c3d
SHA512 b2519b8872e920d1937d62cf46835182cc8c547d1f657dccff1cb8804e4f944ac171fdb71b0fb2f00333f0bff9f2c2aefd900c92c296e79eca58392099ea2f94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 0652707166267c32c02d27c155d7a7f0
SHA1 96b07e5c4e648512d975ea619f83e72f663bb305
SHA256 972843e7d9b69e5af1e49947774090cc982c47e30f0e4acd1965b5dbf4bdb1a2
SHA512 6c13fe2e4dd124bff133253790a9811aa4ec8e0904ba95b5b5adde35f550ef0f9f30ad0f8f9f0b5333d722d92e1836d07b1045526da690fadeb75389937fcc39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 38d8bf01297129057a52169616ac3678
SHA1 e8aded46e2e2e5633d7c68596377b7bffab43869
SHA256 aefae55ba00f7ce0fef94ad5da360e11583a3fcfaacc4709e30f72efc4a89a69
SHA512 842ce2605f5af6dd5d3787e0e398e75d97dbc1d7525d2f1c3307cee9bcb0bc7dc1b81075f00e47cb94905afabe28dce91a0945046fb95ada74072086b8cbbb03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 313a7ccce3e157190099e1e501e9082a
SHA1 23884db0166889c06ecb058dfdeb4442de75f3d8
SHA256 fe8a1eff3970c5f78704ca8aabb83f6f8083548962eb72b179f4355988d7b040
SHA512 ce07d67c7b8835a1c3f1dff5b7e1895e46fa0e847a047baedbe8a5e144d18e123a06151df57d18f76cdfb02bf696e0114ec960229555eaaa0aefd923bd4e145c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 ae6a1d0922066774516d421504e994dc
SHA1 cfe06d61aaab6d8ac7a68045f3d7186596ce9e72
SHA256 8c22daac0eb0f9bbc9dc68350bbf91a551d04d8f6a52889695f4d0b6fb98fd3f
SHA512 aa0a3bdfbf2c838e6a44cffbf510dd2ca6fab77cf40ce07ba8f505cdb28101455051fc0916088fbd8260759be44c50e7c116e01e86904c6c5995536b304f7d17

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 a98e94a3315ac956192af7cf17427f79
SHA1 d4859b9bfec98ef5ec35d5866774e0d03fe56299
SHA256 685a65199c50e4c5dd69e6b98f903b05aac2b7633170783c60718b2f90279140
SHA512 7bb3841dcfea0b30e3da63c4bb93c6f290f71a59669f15a561c0f14b6ff445e571163714d807a45ceb9fc364e9d38fc0b4d4b99d952334e2a788026d6a2e71c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 b5e3b61db98f34081665c18328515f37
SHA1 1323e768529794c72fb7aefcc942cb0d860738ee
SHA256 15b530667ca04fa50bea1f022b6669b3cac9eecc52225d4767ec7ec34243cf97
SHA512 763e41e3e8710c897f78ab70163b36653807e7dbea4f1c9b2e886b30e9f3ee7dea78bbc518cead62e83384e5babbe5b39062b4263397d647b75898b53667ec6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 dde246a3b99094191c81c23166f8e166
SHA1 6c4061cb09d6dff7e25c6adebb438bedd5bf94a2
SHA256 5cc27104f58b0cc2a82aa8fd6d91596de665ebc6e157b67cdcaa7c05ad725549
SHA512 46a89e79f3cbadd77e6786a4c3b84b9fb6bfa48e2f9fd7ef96141dfc33c0adbf7741928ce271e4f3b93ca20fb8bcbfd211c75a9b8024769dcb35740612132bde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 23d2960267d9a03d0c4ac54f8ea09295
SHA1 cc3f346be1aac61cdff55345e3ba5890ceea1acb
SHA256 8a266b000407bfb318080145f8e073c4c5730c02ebc7e1163e0c86a0b8ad23d7
SHA512 5d37b5fea99b62d554f07828575d817ec5f47951f60f85897be353b9a57e8605ee8ef7b5df709bb6522872f92796bc5f5c197c8fb0df5fff5b3a99f2c19e5339

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 10b61a44b40a73830c3f3af64842098a
SHA1 5ec8c27aa27d7f33d7eb259f9d57f25036c66d8f
SHA256 b9204c05a513ae4fbb24c9b853724eabacb951e0ca1a6fd1925c450639204a6d
SHA512 2d941f7b0dbf3275d79a2399076bd6e7eacc068af8bba4386abf8e9f856a90026881a492a15a09a1b9a72bfb5dff23c0551dc01cb22afc02876a9d0408b93f3c

C:\Users\Admin\Desktop\ResolveExpand.xlsx

MD5 029238aa2b92a02268ee3d86ef3f77be
SHA1 739a2e559fade003d39f4b32de9cc893ca08ddcd
SHA256 e8fe4e03d3a39d105252fb99fe6b7eb58605e2423cd42bf5169614bd0fbb2217
SHA512 86aa40c966fc2f4653a238447c6f184a124ca611cadd9af680119f64d06999c65b0fa576bccfca74d36ad28dfafa73bb2ff6987df7913d7cac9b994242400725

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 1d9704ba8855f72986d18c61ab9ca8f8
SHA1 3bb41c0e729527375d63c2ada28ddd5d8eadcae6
SHA256 58bd99b94b36c54fd2ba575512b6902cd24b98bcf12d7becccab2de4dbbb21d7
SHA512 b03e757ec591c072e5efe9e03e4c5b5c636024d84ee8d617b7ff2873b79429be91bba7da3f837aedd68e217db73c3d01bb27f94cf31ed1be55a8c709be311457

C:\vcredist2010_x86.log.html

MD5 156cca41e606b6d6fb42eed1cb4d56f4
SHA1 51d7d18a45e3aa7272be12f1d89afba9cec38cbc
SHA256 22bdc25f22e9c8f87e2387c4ff12f422c2aeb083a9d25738bbac6b4477479797
SHA512 0f6a8dbd8d543f6f68a09fefe16aafd2e4bfdc743e49ea6e1fb174b448974316d997e06b05f35c3a6b6d387ad75f5c272559708c4d8f4d2a8e999a5067636bde

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 c77728bf68337a765152c9a55f1d7c5f
SHA1 26aabae4ce6a7e9652884367d7d8050bd1ae7719
SHA256 8d783cef26214a749b11cb23537913c0399b4690196a8d185a0a27c7d7196312
SHA512 4b6ad64d0eccde2b47ed43e274b4f2716634e0627894fba7efb7e9d95ae937bef1b9e13279eb0db8a67fb38eade4e76cd278711494b73d034a70315743988de5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 a87812b8bdfdb3f3701c778c7431238c
SHA1 fe89d3bff35a8e147de86ad52d9967f8d7deeefe
SHA256 c4215bddcb1d131dd290d285605b51ba2069616bb59a3abaf577129d9efbc38a
SHA512 4abb707c577d0c59e7b0b77b9ad33116ee267efecc0502c23e00b558d1d1e0eea24b3ba29e0c02dc29bbd3b441feee7e2b6599e7126afa1dbd894268b4a5fa81

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 59573eedfc4048dc30fb2dd5c72c054c
SHA1 bd0bbd5285533e0a25393cb5d1a847bdc7ce53eb
SHA256 d3518e83b0311eb6e03400baec33663e153dfdb49867922472e95732ac150f69
SHA512 66913e8f3a35e1709aace5a61c0dc5e902a481e65f8d71d595059218c78a4b739d89a0c0d4489e113722ddc61bcf19724fc20b58ddcd849795c73b243ea1f162

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d97d7de2fc49de121997b011b4c1a296
SHA1 b205371614809ba4f192aba26bbfed324fdbc1fa
SHA256 adecf4f6fb58702a6d4633016ed952de8b97aae557d94476387d0128c2325fa0
SHA512 f3b1bb359c962f807ee91d2905a9d0f9de7b74652d1637348427e03fb68437a3b4dcf154787930db3e6a3df478e188ae223920978dabab8687b5178e301b40fe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 fade8673033dc04b45b2fc5dea6d5797
SHA1 e090fff81b2009e6968c8b5580b0c77bf3ab7cbb
SHA256 c9f4b37417fa647d10f8ced0cfcf1f035609a3dc4c81c2ca7d9df902a20c96e9
SHA512 409e65c9d1b13b4c683618bc1303eca40a6ff0545b72cca19e26b5ccbe4ac3f9bfe1c9b63c46b08becabef8472ec1e3c46353da4c4d3924755b4ece6509d093e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 3f7f12ff5a6ba335874fc248b994b33c
SHA1 601b92790295f710de92bbe25a251f72c489806b
SHA256 de74292bcc5f513d8ea84c8ea990f0fd526fb2b32e6c76925ed1410bbe2fa889
SHA512 8540dd0c2245732a622b5f04eb8cab3d612094da3c9f4491a81c9d6f06d2ea58f2d9423c726ec11b9dc6a88404587b42d301eee8cb2b9952547288c3e4353c0b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c0257b310f2d7aa15f6d4e551fad529f
SHA1 b65025ca0addb4bb9f43b304fd13d248ab743071
SHA256 7d135dfc2c31ccbb2fda8965f9099149c24400871fb1ec8857e1414275329333
SHA512 c75b21ba198038ef0a33af1c3c7ac2cc654b46495ef41e5122c8bb6025f5820665e96f96f212fe8e627d7889f39ea4ee8f09c0245f4f7286c562028b963fb7aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c4d05c70a01544dcad644a4faac23ca1
SHA1 a62854599bda3664e9e835d703c3a4e4d6c4449a
SHA256 1ae0eb4167d563d313d1061bff4bba77bbb04ebc6a410a03e0856ebb56544b27
SHA512 b50c9abb3dfc9e033a532f03882adf6de6b64eb7c8c1f0009ef028218b4134cf569819a7e588be5c0fa587cbc29fc89df16aab3e96ec9bad54a2805b06f26742

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 17c84087682be8597575aa123089054c
SHA1 cdf47ade57b607e0333f4f31be7d69ff2492d237
SHA256 82207176ec4395cb525aca2cee53dcda5d6438d9afeecfd0100ad4bb8359b5e5
SHA512 5c6d4514a68debda19b968338d46882916a1ccf6ed6c619cc01c9d2f660ff31321b878bb4596a6020a32d19ff56ef00c59d0107ba35cf715e2fa4db2432d05fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b40aab03d97d6d3bec2c8e8d2b0e8092
SHA1 e4f053c2c615e750d81ef03d2289513add7f3e89
SHA256 89cb288bdfa492ce657c95bf9f146dc284fac2798305b41f107a0670c11c99ec
SHA512 0e1e14a90bc4165610d7d26aa67e697f39a2629ce2ca909e90e4086ed6710178092882749da3ff0676f30f956e95a1c99d4d4384341de6076bec3842f7c019e3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 decfea146dac5f5ceedc2f5727bef53b
SHA1 070ce7d4d2ed54a4e787ee08f89005a87cee7f8e
SHA256 ca227c79742aa8cb24254ab2a641f045f72d06875fa60a86b918a7af45c23617
SHA512 d6c918e18e28d1f07093d600ad895c3805c4f27487aa19d92e2dcc49cf3f0a1261b149e6d7e7c20e4d9207f4e9312a3bc620018164759184f1a244986919d2df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 51b72bd852c4d427baf792a30f6e761e
SHA1 f463e459a84aa4ffddb58ba0937f684cdf5b3f10
SHA256 6e525ff03f992a5bfd6746b67f6267998e64c7ac241c4bb45f93ea5f51059638
SHA512 210d820dfc0493fb8690520324f18b2566ea4e91249734900654c3826113c0ef2494db0c188cf77181b4fd0ee939cb463d8bcd5e167f1ca6bacb03c14b18edfd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 884bac37e35e6da1d7bbf9534f6b038e
SHA1 51ce8c44eb9969b114915f82eeeae38298893a37
SHA256 5952d3dda762603531d5bbbb1814ff4cd2ae9f4087cff21a1cc3c1dab7b2386a
SHA512 0583702db6089ed3254dc380902cab64f0297587f0afcb5249d6662376874875446411e316e8966882d4d7b38b1961fa89f5d733829b225ab7c8cd59bb42973e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 3d6bca262bfda7ed56fe6c1ab48ceef4
SHA1 b6fb983f43b60fe250cebf192f8433892e13ef96
SHA256 44cf251ed17e37ff6daacbf051c5a56b16eb0f6f84fafb0dc78f2b928388751f
SHA512 a91689684dffcfac1743b128e3be10e379d74d5869c825a2ea201d16f29299693dafea3b5a0105679386df92bd880263e9591cdad3fd16d980e036d25f069c9c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3eaf29344f277551c28da02893381d10
SHA1 8483c1d86688a2e306e998d783a0287dfb59104f
SHA256 13a907b36b04ad1f32ee61da9912888f79ff7ff2ce907422284f48a3fdd124c2
SHA512 bee0736809a751422d754ec823d3f310d074afd352dd73730a4254e105ffeb61bf11a0fc5ca0cb9e9c1f332e441a5bd4f5216b9a0f7b1864219facbeb3e90b1e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f0cd7070a3a1dc18068f93e3a241ccaa
SHA1 84b93ec5e9965f522b2a95c80ba148b0e4c9b680
SHA256 5baa59e8872320185014825ea27c1f53fc82b0203d28f8bf5ba0b19c6c308851
SHA512 27f7b91ec0d8a4e7d111844516b68cad9e045089339a77585e9fb658aed15dd15175a13b438833835cdb41a8baaa590227a367014af2f54825109173827425ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

MD5 c516a35599c5600749bebcf038e1bf4b
SHA1 98796eab9c3a794aa1447ed41d1438c8725e0426
SHA256 6c2f1ed3d308f1216ac996b8028a25357e065020133fb791917c99e3a0cf0271
SHA512 1e7b9e817c09580646e27eed643ea235f2011260a861a2cf49bdace4a0031a4a3f12f4cc628048d166ec222f38de9b7535a3ca7bf116e8ad39cad32c2669071b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 43e0679f014498d05ae83d540d081e89
SHA1 afcc9ffaf7d7595a7adf2e53e360085324426d7a
SHA256 b1c2f5a1b28111c1764abc9be9f4ead82277b11ed996eb827d48bffa28a3dffa
SHA512 c478c8ddf8ce507f89c8cc1c5ea20fbb96aea06f55fcd8b9bb639c8d54255c4ba63a9468517f80fbdeea11168d28e149fae23c3291c656415263baefa0223553

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf9ab52cb3414473bcfa92b44594ba3a
SHA1 365c67e890135e09232c306b4a0e31add43ba4f9
SHA256 e00f088b0c4eebf0a21290b2a4e9837d01c45d26a14618982c92771142869af4
SHA512 36f935141d068faa24774f02bfe709a7a2c987b97f6003351ef4bb66e7d678bbc8bf19dae3b88a5d965fa7cd9d83a107c5b3e30af7d19efc24d74a69c6289a7c

memory/2192-8767-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f086bbb037c8ffab39ad285085237f11
SHA1 10b474fa9ab4f5cadea1681f92707584abf2a022
SHA256 38be0d46bbdba83904810c7a936bdb6d765406b14695a34c560a0062bfde0203
SHA512 a4e7fa87d72bd885c4a75c0c3134bfb4b2d65ef021ae4bb9fc4507cc55a7ff5a6161eda613878b2d1f47e4db7cc4d07cf169810872a098031b26fba41a0043da

memory/2192-9186-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 20:34

Reported

2024-10-11 20:37

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2166) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\Utilities\Styling\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-300.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-400.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPP.HTM C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Excluded.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_47bfa59272ed1911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\selectAllBreakpoints.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.19041.264_none_9b436d497f039d6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.powershel..nprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a91f60f846bc1081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_2ba5d847f7ce4398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ardbackgroundpolicy_31bf3856ad364e35_10.0.19041.746_none_08d146b3a00cb6b6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sechost_31bf3856ad364e35_10.0.19041.906_none_65e76b262ba5060e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..band-experience-api_31bf3856ad364e35_10.0.19041.1081_none_6e71490dbda799c0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.dsc.dsctimer.resources_31bf3856ad364e35_10.0.19041.1_es-es_e0f8e013c8e90d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..tance-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_5b0c07c46c3f38da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-retaildemo-retailinfo_31bf3856ad364e35_10.0.19041.264_none_c0a6e35b15bb449a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_intelpep.inf_31bf3856ad364e35_10.0.19041.1266_none_323b1cade61f29e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_es-es_9cfb5ed19751d38d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nager-api.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d383ab70e06443d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..namespace.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_84a20dc938b5b453\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\xhrBreakpointDisabled.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_9fb6581b96beecdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..gging-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_caf564a6d9e76647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_a8b00e462593ccd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-com-legacyole-olecli32_31bf3856ad364e35_10.0.19041.1_none_c13b9bea1e9e7acc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3a12e886be6ee94f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_transfercable.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_03dd0ed7851afe9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..r-manager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f03f03b8f63e557e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.84_none_195697e687ba0694\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_2aa975f68f862bfc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.928_none_85ac1b118ff2a924\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_10.0.19041.746_none_0a27ebbb92d57ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_11e9088c3cbddd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_usermark.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_410.htm C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ppvclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8c24ac10d2337291\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.h..s.payload.resources_31bf3856ad364e35_10.0.19041.1_de-de_a040da1cab96e7dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_a86a789537648b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\Digimarc-Logo.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_9d3eb67950964dc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_nb-no_63be8058058cb0d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netbrdg.inf_31bf3856ad364e35_10.0.19041.1_none_a775377b740f7257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncdautosetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7d1828dd9edec1de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\BadgeLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f8b767fc41bdbe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz...settings.resources_31bf3856ad364e35_10.0.19041.1_es-es_415fa22300793054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-setup-cleanup_31bf3856ad364e35_10.0.19041.1266_none_d8b09b7510dbb514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.powershell.ovf_31bf3856ad364e35_10.0.19041.1_none_9b15a85ee89056f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.19041.1_none_468c75481260dea0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ca397b41f1481bc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-configmanager2_31bf3856ad364e35_10.0.19041.1_none_c8bf3d944451a9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmiso8601utils_31bf3856ad364e35_10.0.19041.546_none_4ac1b0d8ac60bd3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c5aae9da6f5b804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-installer-sip_31bf3856ad364e35_10.0.19041.1288_none_b24c19d701d4cbf3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\INF\SMSvcHost 3.0.0.0\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vp9fs_31bf3856ad364e35_10.0.19041.1202_none_7331c53ec95f186d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_10.0.19041.1_none_19940ac523d47fe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.1_none_d76ee614d28656b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2320fd6af5859163\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe,0" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PBTSQNNJTWCTJMW" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/2400-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a3b599ed8cc9ae80160f587d6eb64bfe
SHA1 e5351a1f356c39da53ca4cf9d759d3a72ad5370c
SHA256 18fe7a615dcb6222591095b5e9a71f5f49c20c012a84f7b353ea752312cb0b80
SHA512 a966fe7012a492e2cfe8b00a697ebafeffc526cfc1e0a552e183cabbf5bb63a7bc3edc56a1d689f5e80616fdd715c61a4f20a030938240fa0e3fec440f3dcb8e

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 4ee7944d570ac8c2db87430243ca4fee
SHA1 b8fa42771abaf229542689ebf5ec250b3770679b
SHA256 99ac3246cf0830629aeff8bbd9728e5cc09bb909e865ddfd5667d977bbc7c946
SHA512 659d4161830beb4e4d0aff70bcba92b3d9b7e781a514ef5ef767eb325470c7409fdd5a0702728b36ced30c3447ebbdd83e2b8970c1b15a42ff57830b9bf194f9

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 4d467291507f5a91b58e6edf89dedb1f
SHA1 6f8f345a01e1caedbea3655b8464b488bbdae14d
SHA256 0700e2f504823d0eaa23f8e6e7db724d953e50277094d83c3c01af352b039d98
SHA512 d7e6ac366d676b976172133f3180efe49e53a009a6398c47c74a6115afbd505fe85d820e1811b52ed5a9fb907c5bf80392057fc18db649b426adb1828476ae5a

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 e2b5c4a3b1df1104a2140adfbac59d4e
SHA1 6b55d6d2d0f70c53a4d47aaccb6f6b41608346d1
SHA256 265cd5ed4712b1ce866f92c94087934c37fc247db0d00383ab42942eb6de5f2a
SHA512 2fb93bbd07e780e8061743d8e03ec57b60ba8f7dc638a221cdbe0387ddeb20981664dc68a9e31110015698244777c2146dc5a4f2171246f3d0adfd3b45c1dbdc

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 a4b84333346133798650c672b389ada5
SHA1 60740f2fb1280e152c600dace6e9f9bbd38e268b
SHA256 81ae7c0731fe9dc65fe752b27d280b07f924248732a1b23ee6289cededc9dbbc
SHA512 12d97b706a64c10df2d7889abe67bb7fa8c9003e81ead2a3ff6d34abe52dff1e769ade071b971088296df2ac6687eb768def61bd0660d3cd1cd3a009a0dbe685

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 00b977564c9cf87d18519f58f1f66f10
SHA1 d009b26c612a5f2e0faaaa64df5fe247104658dd
SHA256 67146b91213e6c37cc7e4eebe9ffa9d26fae21a816a9529c7b51ee97e90c2c9a
SHA512 21773fd7dae74b26df22c2ec6b691135323e3eab6904b958f9e3fa102fb57bc5bbd7cdee0dfb37ecc54dd32ee9fccee0ce1e98f88c4a955fb30e66eed5074b08

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 cd66e5909592039025a4774d433dbc78
SHA1 52e6fc15f7d4a9362e7a9ad18c6cf9fac11d41d5
SHA256 6b0fb3dfc5a1c4290bdc94cd7d9a3acbff3391cf24ad787ea35fc00ce26f5538
SHA512 f6641649394beaf58550efbace911ec1d92e57d06b40fc470f095b436fef3da0b046ea03455d0b57c37c98c68f6cadf2661a0e4dcc24ffb0b9917974482eb760

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 96629060001779b50e32f526815f2803
SHA1 bc3a0995d82af175031964046e817771ec3e4854
SHA256 69d9b3d604a0c42b74bf2f1c8642056055502661765d58dce76bdcd59b8e4ef3
SHA512 8fbdbd4d3ae4697f6f18e5464771c555472bcbb297eb08034fce1921b2b4e024675bda50671bed9c89e6ab243ee3e71a4764efe80df2fbd6ac8a248dad39f267

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 d6b073c049dce22021c23c8472d411a8
SHA1 f5822d7b865d19b7413e3ac54183d4d1ad12e502
SHA256 062c4c0aee93e7fab02b8d5cebf1fd97de9eacfb7a41e4ba1ddee6d0df72be05
SHA512 20d81ddeeb73a7239cfb763fb5a4dd8b328feb424674a1fef639e2a4ed7073c1b284ff42eef91976d4b684b1827b3bb2261df1c4f334bb960bf4b087f78ba390

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 619c42a08489768f2a541a3aa741b958
SHA1 ec04b0374364e260185f214293089752905ae2f3
SHA256 b0c598ecd67dcc84f101764be782b6cf42ec2534e6797f5bfcccc125e9c40301
SHA512 e9aadbe8f5bc1a4239dd6cf9fba97cfc951016f33d66808406d49fd0c560d14894686ace4e80537a1334568d473c472df0213ebbdb525b98fbbd9e456aae0072

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6be13d6131e0b06b6aab03645b79f98d
SHA1 d88d20a42451394a754e141ddc944c9bd303f718
SHA256 a7afe6dd9ac0a4ab7269fc99ec80b8746c7bbfd43160d6a56083346777e70963
SHA512 d3823003e7ad84a1f3019260e8ad1273ced9531d591047eb0484b88616d6a8eb21f96f9526b8570c3c196e94ef46b9853efb1a130ede9290bd8bf48d462f714e

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 ac9df5a848fb3f1e217713bb3f6a898e
SHA1 0c50e8d1933895311fc3c6f793dcec83bcae9783
SHA256 130903bc63577c0eedeabd33c743ad0f85e5519cc933afe96600bcb4992ecf70
SHA512 9eebc29e93d864f17dedf03a805c28aa37efa017ad6b4900f4e7b0af098d888dbea250f27f24c1b91e51ccc6f5f06e458524257e7112ef6868fed7a16e5e3bd8

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 c81bea9db03340bedd8bfee47b17f4bf
SHA1 2c0a0271eb68b4335ef3f0df0a2ba4cad9ea26ed
SHA256 0cef376eaa19a2a2f7893072173f2a7264e60d035192eba8313638e808d6c3e5
SHA512 0019e009c92b5cc7b83ff8165485ee8e08d077ed5091fc5a7e58852ca45703109113e4d3319f95c41fe03329df3b3cde237dfad1df75bc702ce4807dad2a8e13

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 ed2060595c437c984bec444f714530a6
SHA1 efbf7066a8072ebd40bbd6aebe54a75aa4497c06
SHA256 e71e7dec17fd69e806637e899d1513f9a355a08d1cbefb91e94377e6e72fbae3
SHA512 c948a6c2d8259a974f9737f68953ed4120c43a13294f98b89bb615f364c97cdb0ad535d6492ba8e750f8d640798aade6ba0a6d573dbeb2706742fabf67976257

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 f83b6b53021281cf4a36e93a38e869c6
SHA1 a7656d448f9977a1a41bd5a19d52a17df7f7d7d5
SHA256 39ea4bd113c5053c29312dd706499389249df4cbf083ba3e7f81185bd3aa5f18
SHA512 3d3905dad2e13b8c9009149b850d92b0f0ccb91cc6931b30f8987b34d0ef4f69764de84947b2d7c90c7ba9208b0cccfbc0d8459b60c11d7342068e691d207b69

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 b726de2f817ea15042dd837456e67ede
SHA1 62d6f9d765596e0962045bdeb1925a37a3b053be
SHA256 145e9531fd2610f4f5415c3a312d14ceb6b2895944407ced41f9cf5efb68209b
SHA512 84afa2c8fc1c97fc1685f63045bc5f455ff3509366a97d62d912e428e2164e218f9a858ac8dfc8dbd808ce187167587635fe07c4093e94f0f080c4b89d32b99d

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f6d69dd0dd01b3a8a2dd3718ba04a4b3
SHA1 e321dbefbf3bda8d439a4e8b9a317cf53746f540
SHA256 02a6159af9e914ec138bb466a9a05429f27ac3530a04121f00623fa7a1929e4d
SHA512 663265e50febc778b8b2f05a4e1d93928e42237f530b76704087cbfbb1cf7afdceceef8488da9c26f61bb8cea72343d99f4f5cc21a0c5e3c166f140b5a9306f0

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 5bc10897ef71676c48e09706c39ccded
SHA1 1b80091bc2a68a49d20e81b4a251b2d798543b96
SHA256 1af635d0b14419caf2ff7da03b509811d9d63578bafe7712e7c7e0415a4bb47a
SHA512 f7c8c26227d23470c8c0979aabbe9c27eacc00281603f19f62e4e9214cb137c3b91d3c70049b53653b88ea260804d08ef808f54653a8528ba6284bc80f633a5a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 54c7c703ddb00a4bb848b179d39dd1f0
SHA1 902b7c5e9505338ac1933c1f5009fe111103ff60
SHA256 c8f9019a33760e675239c457dbc3b44c9cdc425e662a7063ccc33c21355ee62c
SHA512 5cf54cdbddf1e7c6535e5d359490e3c4469d9a9dbeab20c0c15872dd5c664ed7998d3aad50af88cc97de55618521f9b55a41014022900915b57039ae46c9f624

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8437da3dae5889bdc11a804639812168
SHA1 e18a7dc71b8c821b79db253c16c52456f275ba62
SHA256 14d5bab94c3e2193eda9d9aabbbec90beef7f35ac741b5923352dbaf74454dfc
SHA512 ee96388f58fbb47a065b53529ff4399187cdc72e60c138146e358d9ebdb364b57850546b569fd6a8575d2d46a71cbc4d8769edc57ebeed13c9d4ff5046d7b185

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 dad0ccc3ceabad8019a72d8e01de79d4
SHA1 8e62c35bb109d5b3cb367ff32dceeaf0efce98c9
SHA256 adaf73669707fe45f79997743da2f6ccf7567c1fa2c40f3e5411aac8f4d30cb5
SHA512 78a25deb750f887a899b5ac58a417652e68ebbe6675d4b7f412f6f84280920034cd55e6638b5f7bec79874e3f24d277938e6ce192aad40f835ad79fbca4fc24b

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 2d05619aedee3517cb5c870d856a8d8d
SHA1 2b87df83df65cde01ec585b220ba2a65868013c4
SHA256 8bd7616526fcf722de86cbbc273ca4381e8e8f1ed2856fadb6813412d1f78db3
SHA512 227907d7d65350fc8f90acb5793147181c980479226f12f4b9ffd8f113c0b6ff9d5820a10da21716ec272a55485ed213c01a745bb91093304c7056ca3283c855

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 f2076d1aa20617f28a9d52768430b73b
SHA1 1c1682f55acd946ea395b6fc27d1420a4564a4be
SHA256 1b0cc8372101b2015fa82b75766c6351c1fd6f0652728c3c699a5f0cb69bce31
SHA512 6ec387f293de931a15ee9a2aed350abf1aff20a525ff5d8e8fa0e6775847a0c9e0395a2f97c49f482ca7cc71a4a3923075a9370b7fa07723d868be7f5353fb1d

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 b1dafe81442d3e301c024e3750e90322
SHA1 d8d9849dfa1e170f9e3e006eb463332c7c16ec7b
SHA256 b4cec2ab442dc539418687f91a23aaaf6ac5f9dfe77ad17a4547bb48a9ab0993
SHA512 cd6f98ae2d639bedf27c8058542fc05c2ee19b475cd964d00cfe1b578f3b789edb81f78ce25a1a71a08d9c4d54811b2a196cb1d44e9adbea0ba37f33e9cb8011

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 c97e51f31532639551056e9a186035fd
SHA1 75909d22bd774b46e5725b18b99e8b0b95a984a4
SHA256 b58b932f444fe3ef725dbd5d9aeaa2cd2bc9d91884b65b3047998fd9a239aa81
SHA512 d8062ccc27f9d8504e34a15c30950f154a929293dd7bfc3b1aa7a50e2c4dc62da6b342970888613243344c75d0ad34aaf2a45660a4a1f6f1377a76c2832555c0

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 51be709c47878307e8c8cc77f8ae49a9
SHA1 49ad3744fe64b4e05119e6b2498f96621a955405
SHA256 003c9dffbe22fca53037e0e030dd103b7984305f016ef90948a0e4ca5a7c50d9
SHA512 34109ea38d5b9c959abb87b336612734aa584c6d740d1064117222f5e0ee1d8057967396a205201cbde822228afbde66571e8003974504894894f5b910922b3b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 af256a5bcc092f187f52d896bc88d9dd
SHA1 a3bec797ccdcb3e3e2eaadc3bd88db594c2a11bc
SHA256 7243235700ceb38a6f32b2c4b2c9856cca56e94adc2ce310cf101e5e45cda2e8
SHA512 9e947d1358a7a5b2c8ddbf4704b240307bfcbe9e62192bf7c0dc78be65db378c3ea2ad8e8870a3767324fb4980c26df520c8fd3bbaa43f792982308f417d5a01

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 b1f7966f14a2a42450eef689a3dd6a5a
SHA1 9bedc9df2d877cd24bd72a34bdfa722c435516b1
SHA256 1d16be441a724a69308fff9ca1bbc1bc2558596265394dcecf2a26bf1a22acb9
SHA512 66772ae696022c702fbf382a1b8238f1c66983f954367adcdfd0b7c87072043f2c9c4fe227f6e5af3df6def2b112112393cf94ceda46ca96f431026654cbb055

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 90212c9b7d6f1bedd2d9c4ef54a18d45
SHA1 2b3ecebd5639f6e21d2b2426531633f0bc81b6ad
SHA256 2329b3358e7aaaea30df854411be53e04d2729c928af70e470f491a81d7cb526
SHA512 8fd9d53f8e464a0a683a210eb6d4358347efc6a48e22dbd47a4244bcfeff90d87067651636d70dc6c40fa8fa93092322d3c37da19fad4f9ea8092420d210df9e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 515d37168795fdddbc5c8efc27fc02e9
SHA1 785886e9ff2453549a7db51052f43e48581277b4
SHA256 51bafce2377a088247c8b5fdfe59455b8b4575b9eaf052564d94051069c0a2d1
SHA512 f5eeb0050fedd9924acf95c94b1aec0dd6a1c736bae394a1015409d9c4b84797f00557c52e2ef9291a881b0e34ee2340d18c6127e9c52c889d26e20603355273

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 4c6a41862bb6a53875489f817c3f8533
SHA1 8de3010a251721a5faf1c3d291a1188d26c6ee5f
SHA256 e6b01a44d1435f3b84c62f32054818cbb9dd296997cf179b10e81b38c1a6386a
SHA512 3945cc2c0d4f18e88b345e826e4ee0e3cafb5b8ee1ada83c0512842b937808e88e3262f103382d5b451d4f773c73b70b35f0eb154748da5abbd19e8ed1b4eb10

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 b3ca0faf1fd25284646cb95317e92d19
SHA1 0b5ee8d1d75687fabd7abc0ba7d7a0d4d7e4c86c
SHA256 63c28f8d55de0a4a7a0266bb6af0d1555698a927fa1aaaf8b107b9ecb99c7688
SHA512 25dc70d4fd9d2d5acca9848149543078443efc61ccf582d977bec835e30fb3d788b06dba7efd703af903ba6580390b96e57019fa198f635e5f17509b7dc968fa

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 209cce4ba1b2927b9009f218e821deb0
SHA1 f13c94b95583bba884263a6247bfbd838f620976
SHA256 97d692a79447dc82932e9022e95a2e0ae3efd1b1d55c77356adad8dc705f202b
SHA512 92ac902a63f59dbfd5c5e190f4ed9a0ae943f512c80dbd303c734df7be9feb393e810caa951f4ebfb8a03655143ca4900122c2739368f59db7a202813c85df53

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 a9a7631baf7095e3f3eee70ce1c26ecb
SHA1 563ac7b39bb805d5f548ca682a598dd8e7df20c0
SHA256 d93c37f5a13eba767ba9690bfd60f08d3356c795ae889afca55d12a03b02d1ca
SHA512 828915783735d6d250cd5e0fbe44e17ce402ebd05cb637fe5dc0d8c7be42159367b1dd90770e6e97d07c58dab25518f16743a14815735f118dc2f1f5347732e3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 0e56c11a8435193a539d54d17e51933a
SHA1 2fb8462e3586578672c76f47f207f7fd1f4b77bc
SHA256 a8d4e1cda2173fdebe4023265f64a810eba2eda0d6aedf4e028f0297a9a3bb84
SHA512 758145f76463e4005f01a22eb843074e5e0c3ea2838de9e9b32c57d7246664d2f4103469aded434b1a7ecd46923f0502d5549e3831536624625b4bcf55b0379c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 1f00d1de1a5d0c7500db9ccbb89a39d3
SHA1 639a73807db6c01c45e935689420fb3b51158c46
SHA256 bed603d02bc9de192a2194cda75efdc649f3237f9fa99ecd62163ad2e5ae9cb1
SHA512 53b472272a1b535297f311dcb204a18a4428a2a2e14c79d4fcedcf9214ddbbb97015cf0a2999a6c29fade5367237dfbcb8154b5d4a7b908bee950bfa920c108a

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 31055750d88192ee57f316e159b5534e
SHA1 5205f69bc264e23685500a97f35ff3362aff9296
SHA256 4ace63813f4d7eb1cdab3f40bb316a39834f2cfe8c880cf2bce5c71bbedc7b98
SHA512 2ea6ceba2370104a2aae479a202bd20708e55878198710481a31ef292be93bd557070e54e533d59db13ec66aeb854b643f4fbace0551bfc728af0c1e67f8f947

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 5a09486161a44797426f7b6f8b66803c
SHA1 0f3f253f78812be6d6ccf9531e8bec21d379bc34
SHA256 a045ac195d7699488d3524646ec4d010cd46d62424d979306493e5b08a1895ed
SHA512 56ea03508ca24380e723c742dd1a72899640a71e00822dd1e73aba46b683a2473b0d52b0cff9c02d34e542b606951c72be6f53d2ed79f136c7d4509682d2c5d9

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 fd29e2ed7a5768c1005a7560cbcfcb9f
SHA1 196d83239bbaaba86d6da87701fa21b8d21bccb2
SHA256 1b2775c17673a93dfc737e7885b515d867007654c3b21f759e433ed7238e0812
SHA512 d0f09cb32a7c5640b3630b9f7d891e3c8908bd7419d8633048f45fee376643cd8fd44c8f45be7bf02e891401e09c50cf48865c99fe03d241ca2d604f80f15051

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 aef3f8859d5a2011720379dffb5bae10
SHA1 9f9ea99915191c7e8d077df840c0e23dd7f877a1
SHA256 57a5c91d9ee03c83f3ad371da28aab7a8da2af198a124fda33588165555e7ef4
SHA512 b2cde9f071a67538431859ebd6b923f4ae4d6c2bb0cafb6241751a8ceb1faf37eb8a95889c6fe7bdffd4b41e9639edfadcaa5b9c855d82d6711b0ca1384f0487

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 74551aa1790a3cad1895f9aa5c62bc43
SHA1 0864d1d646da4c2b81dcc62eccfae55821c68c10
SHA256 d69e4c3998a7bbd10701c99687e2a908b8537ab03c502e1c41909d84f85db2d6
SHA512 8722d07bda619309018fc6833a0149e5ca9588413d8f75cd7be9e6a33149fa058f58f31543f19d393f2c75593741acc0554023d4d7c06480ec1734824fe54bf0

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 813df6e7a2c7cd74508d0e8e76d86e64
SHA1 16909bc0b089e7760f11ca91c194ad011597e651
SHA256 f5b701f14e0edef9899dc4e49dfef450b61ea141eb18792177a10ff67966445d
SHA512 8816ed8128a44f2b6e7b444791d639523a4027bf158fd8c4eced4392085fad9f0300fd93dedf978033c58f0ce9e1ae73de67f1d8753b6deadf8aa2d8963c21da

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 564bc53afdb3ee893ac904a668bd78ce
SHA1 8ca829273bb273d5a0e2349765cd9ab113b0a417
SHA256 8c81a5857ed8bc1b99c226cb39c672d37467c87ab8fb988f73902dfe28764a71
SHA512 5388f838f2de455df09142d4266c8cd95fdf89df52d0bdb5fc49b78040760d108d3a6be44f2b4126f299f3e19fdd48d8f5e333c1bb8e6883cae4839012a58550

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 53c6cb52b15ab0a44b00e8e38728adb9
SHA1 20c73c3dd524854f314ff6d0b7538f2c680e789a
SHA256 0f3198ad099805124143ac4a7ddaefc400ec1245dc88fd0fe17d710e37dbd8b9
SHA512 ccb05c40ee5200fdaa913dbe1089c157b198fc60cd886586d6624deb5355d71c302401414a2008a9cfff3aa057044ba53c530786d8c2a5d7a912b711cc37918f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 38d9ec3da4d6a7d41bde7d1f2427aa78
SHA1 83c0840ed504ce204f2088c3c543627e698321bc
SHA256 7a7d63016349e1b46da58b3fadb2a8d37a1e4167ee97096678277033f1c37995
SHA512 ac92243337e26061b6ed5e9ce0fe0824af688db12f6db09107e1dec8023a2964bae0d6cb4c75726d6016955f28bcf91dfb26548d948563872d70cfcf81fd5a6e

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 aac7827b97683ac652923cd645012724
SHA1 da8bfc88f50790431271cf9b281ff64a7c9bf163
SHA256 027b554ff8ba598a093d3fc14c7352d7ee9863af2db88eff0a8dfff2fa5802a9
SHA512 df040f662d9628d3e06ebee3c8f7a5a5576fa1924ce8fbf98d2fad68996dd2f6c890e620ddffaa9a46c4efb87b7a188e48666640740fdde60eaf0f94b9b287b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 4a0e6195272273118290045d816f38e9
SHA1 eb213566397589b8837799c8a3139a42f272cede
SHA256 1ad442b9a28446fa90ba0858b424d9412c25baecc8eac0ba3509850486ddbea0
SHA512 b7061ff7868ebde52ee9d6c84da99026768a2fa2481f6a1f398144b63d07ceff4e66d000ed42f72a55624fa290706f9516ca686a9fae6fca366ccc7d6b827b03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 07c9aa0eec6ef16cf459de8d66f46f28
SHA1 d0a7b3be50084b38e83dbdebb33110e65d755965
SHA256 eb2920eee5c3238cf6451a18f11bdaff7e606d480860bcb71b7f6ad8945f6cc8
SHA512 8d4ceef581db09a37d8e6f5cd89ecafe8db3b3769fdfa8d039e212b6d6a7e19d9be52b20a71ac70a04781b036d6c8bba5e263a40b5cc5751a86eed00ff38392a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 d09ea0c82c993bfa26833c56e9ff3f31
SHA1 c592cd434aa79c67ece0fb2d43fd9c2763190593
SHA256 3c783c07fe15f905e5f62a483834b24c2f9f74e46698ae053114ae5cece92e70
SHA512 5549facddf0543c7561ae192d3e1ae1df9035d9e96d4017c97250d6b2a12d1c675ddfb8310499918e5dc916a9e3961bbea4b574777c2bf0bb1ded6dca6c4c28b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 c70f132b9c39ec556951a952c4062900
SHA1 82df9ea55b8c6a0d398bb2f743ad79d7bf2e6397
SHA256 49d968166bc966e0306fe276d45f606171f3f6076a3804cf76449f8f53b4bde0
SHA512 b0f9a5deab4f6f05d53bd675bf092a3ec355174d81905b89c94aa0427e3fb29396e669f087efa6b480e77cba4cd80b63fa9afb6c99310ef998b219c3dad564aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 567fc37ea5415474ac304305e677f980
SHA1 9ccb4f952e00d9978ccd9f74d7242edde8b46a61
SHA256 88d493e70acc6b506af3a2fab7599eea2d86baf012677b99859c639b1052748a
SHA512 ed633d01daafaa1d165dcf294c6c40fcb59aa83621388041b86e85754e7c1e6c1adc051b21974e091348e8d26edc91dbf7b7a2dea471ce877a5561d1f2479561

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 7cd3ba6a156a272c8e6a97d106b1929e
SHA1 26efa701aececfbe9de507288862dd576c19a5a6
SHA256 3d44e457aa320554188358b3efa7eb6933e2c73b16b2746fec0d86acf1b163ce
SHA512 7d803a5bf656c1f5e2d5ec88dafb7f10bd54654e8dd0ec7e3c00d1c1401ec222bd1803deaa3f18fe15df75edc29f0b534132a342fb1127b643878fbf220ecda8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 84973881cb5b91613bbb59f484e0e1ff
SHA1 0e227ce5a3b5f8d254a1f38f7b52377ca45df406
SHA256 478faa697cf066a06ab32ee48e3f8bccf639d40b54675f49b21f748a7d02fa59
SHA512 ba7a04a0dc11c6707cadecb2c66c2ebd001181630a9e5446eef31c3070432d6510bf710c57a16730b4180e2f5ced3b571e14ab245910cd39d0468bcb9c91db4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 30bc0db5de64e64b9d1eecb7f232b658
SHA1 ac3ad8c77748df202cdb12c89132deb2f3c337bb
SHA256 c6f3901fe9384c13fdc37206fb691ee628c296282b0826505689ef6ebff68159
SHA512 9ac17b2ef8d23bd69cded02fd765c6c1990da09cb76d15a613766d68a2eb16be8493a6360744fb47ef8042c908c17623d1103e6e8380e03c46e9a2f547c55cd9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 aba7866a46b53199207d92ecf7c4adb8
SHA1 06555056c56bd4d7d33cb2b21770473ba0d1a8c9
SHA256 e595970fa8442a7c562a940e8cf5454a274303bdca933dc10970fc4ae7a5eb78
SHA512 332f91f789146dd27e04f412e64049ee0b5b8754d91f541afd57a190c33ef29c3aa1bc70c36f8865661f96b1aec228feb841a5ce510fb49f36e8c726da42eb6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 2a294c960c22411eef69a45715b624b9
SHA1 eef433112159bd1882455f5d7f62fcf03e50b5c8
SHA256 907b93bef9cd4ea0c49f81f6e3832733fbac7f273c545d94b39a74e457d69785
SHA512 5cd1569b7e96b94f3dfb4729e9e5fd33240bc622fe8e5f792b499112a3760b5c4edc3711d700d4aba28f00e406d219a38dc6e522ce0906fcbdaf6623bc5795d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 3a298aeea5eff9507560cc4237396cc1
SHA1 8e7ad1f6780c30c27c99a80bb9d69b706e007203
SHA256 1c4574835c1f609c5b433eeb4b218dfb1a45e51a78e42f96f7232c175e7c6d3f
SHA512 78c2ddfffee630024d31f0e1b6522900886c67a74a61f96f42e134233ba1afc90d88d8e37bbcc86217b46aefc4f1feb8f6330e61d3ff9a095fa92d67fe132601

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 93120c2cff7046d019e3231f0b0fdb56
SHA1 013c6c87d2755fff9b67ec258e8718bc1e6762f7
SHA256 b8ecef0110c8154b61f48516f41adb3070b38b49cce052efda4d38ff9f466cc2
SHA512 31d651afbaac7074f3bf6ed9f00218e0c89920f48c4b9edfb80297f30cba03da17dd3caf6a786b7ba7549dfe257069f3a59a7c7bb76a0618a2bbc52a43bc60a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 865abb4398a4223c85526dbda45d3b9c
SHA1 fbb476473f70b0aedd7c50bbe79f225752dc4571
SHA256 b0c4b85dccb692bca8eb74a740b5b9cb7829c99f744f3cdc11b6ee318772faaa
SHA512 33f865ae82f947cdcbb50c4e58c7115da9aec7b45ced588a28c804a59b7bcc079da3f4c80b22c2c2ec6baed8bdb4544a0444665020d17e6c2b2729a27ff1d597

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 46b500671094c9e11dc1cc0c029585cb
SHA1 640b2bfdad8e0900ca3ddc27447fc3ce765b5807
SHA256 76f0c66fa0fa8d42ebaac0ebd854ba8bff4dc1ea07d19f0d6517621780ba4c7e
SHA512 6f64b939107f054dcd7b9995886ce264b538f68a5d4113f2f6d05bc42e4bef8adf9423e1fb6e6cfb39949f81d83a95f4cb32385453fecb43cd9c8edda9f64a1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 a6186c126bf122185f08801036de25fa
SHA1 1b6aa55779b9e08a8d44edcf1bc2c7df99e940a6
SHA256 db2329e43d4f83c6ef0a7fc978f98686710f55e09003931f26df30c017882013
SHA512 c469717057d36015943645550d5e853bb38d517dcf91f6ae4cefef726ea4d095cc3aed8f3a29b4cde3f54d771b5877ac25f4c13c2ec6f390e25988d07455d281

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 471d098d6c51b68a300203c9d08be276
SHA1 fc518ce37f56c5919950112821d528ef2b48c74c
SHA256 0b98d64ee5c8d038bc6f4c384c87d129a32cc2f6c8e42f1b8a3e64887bc7a6c9
SHA512 7110fb8d688cb48a60c0423e96025baa0e6b37a30c77b71bfe61fb303d797ad6d64b2c32753bbc357bf81d962975ae4ca5bfdabe6a5708786f411459b01007be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 992eb5ad790597c18ebe67f7cb68fcd5
SHA1 a0938ff12193af774ef598b914347da07ad4ad4c
SHA256 8625822b0fc9c1da04387b02fe87f5c410f2567bbd0416d56f4da3be3afb4cbc
SHA512 07116e2ae6ab8e45d2c5fcd91a06a3bee9e698c8973cf97566a56bdae4c37bcb9fbac14d879da47e8aff3bc3ead87145f25ff757b263af365e856e8bc6315a67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a4bdad6c1513449a572ce027c2f90716
SHA1 1385f40b61947a0f7066ed20a435d903b03327a0
SHA256 9700acbf02c24f046240c0ebc616e78b3aeeeb7a4d6f747b576414123ed37896
SHA512 8f3cebf49fe6ce21f9d67c1d5557b97e2d68a177a3d724b3d710e7a6582998ec775e06eb685deb3eb4d0bbcd04eec6bfefc351fb86cd3f3985df9575888f323d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 55fde0d01bef61d16845d59eff3547f9
SHA1 e4acda81f553f26380bc7a64007e4b2c4e9f75af
SHA256 b7ed010e6c82f73b38ddd6099bb10a51e30b468404fe9f1b39e94e09e3bee864
SHA512 d7d749a7324b674cbd798fb9a1a23561ca8f907f4712e683eab5634373f8d2a44eb692c28e8433b0c4dfaaa17a802c19f79d6ee587c2d51221c9309e87d70852

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 cba02829439eec1ddb62ed8923bfd8bc
SHA1 99dbe3c629a388c92813cd96b219651ed1232b1f
SHA256 1be899c4cc1e3f35d7a3253741ca32eaadb8c44e2c5d98f93c26d8d0e8d8e5dd
SHA512 c79e0d1512f3ad8b2c704b678beef947f7c3f921ae155de57f2f678b34d10cf9068766697bdd5fe18c6771e2ea49d9a0f99b83e8b727aa70c87d647c835bba24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 22e46af58d01c5790241871b38fc9c33
SHA1 3131494483e3588227ae1063f5b222d539cfd0f8
SHA256 5c886167aef62f1608c3948c7d98193a0af12aa319bbe4d63ca36f6ed5624d6a
SHA512 c5b7128c445bde195cb90822c39e248e9633f977323d18bf8fb6007aa23de7f7f2174fbc038c77d385f54a693c990e02b161ca683e9622bac64a6064cc07f40d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 4bf7048b0e8f1742d8c312dcc0390b44
SHA1 be6c152a60e9fd44cd8a84808110f3b2df29616d
SHA256 d08ccc7e9d5f771b9059d83c198618be294d551c6099c98094b2061d783c322d
SHA512 6a08f3b6c5336737a663e2a2f615f5409e846917464b0fcbf88df0ddd5960d9f42b1f7f077194ab8f53c67e3081e854a0cd9e41d737f385d64af5bc22e614226

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 4553d0052d307301263c9feb8e65bfd5
SHA1 10f794e0ca343a350d60805f860d5a92bc133dc8
SHA256 04d9509b1e95ee66f12b62f3aea047239303d47f34c2ad9c0045063981819549
SHA512 0c1b609712141e2bfb7385c5a1ce48bf27fe78586d4609f183be37fa25dffb2fbc36461f59f9b4b2bb0590dc9d6146aa7432c62edb5ebf059f1f3f6b290014ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 0d32e4f01fe51fb1c629471338808d31
SHA1 ba4490bd622bd469dc31f43e031e66d681b35bef
SHA256 5e80ce6675ab0c2ebf6a3d56d64ef82ed180bf3d5d7b52f1f1e832ee1a9db508
SHA512 eca6abc60c761af105028109a1d4bc0e47ffe3d51649c79441751bb57bf6db3836bd9f42822e9927057d3a06012cac7905b9a52d38b8b679d64831d60c2f7be2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 8e377bac713177cf3d6cc36e3c54caba
SHA1 5ae2c7dd2c927614f914f9dd8f3cee8428d27014
SHA256 614dc8ca642e0459c51f6105fd550ece36b7ccad79df15ded828f9e84396537a
SHA512 4a2dc6e65052bc56684d7f176c4439409b4e0d251bf1ad0b6c04005fc760e1b01322cbe6e261aa55197a0ca5b55a8d4b8080d84647c11e9f36597e2eb1b0502a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 ce3480d7952560615ac6bd51e0e11284
SHA1 8f2901c02e0b75388de51f8111f0101deaeffd66
SHA256 61b2ee8f1a9a020025f6002f45fc69bd6a7733ce4ca4df7e6cfbc67bd5adc4ca
SHA512 f4bc5bf6c5f26612f5fb46fa68979ef0c5e5f6307c8125cbeee2437656287bb9767e15686461c33eec3b882755ad3373a9b0186eada987030629643f225719ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 39f9bdbedd935d1c82663d3ae19510dc
SHA1 2ef0c329fd22e9bafddce43470f9e59d08d998c9
SHA256 2db3c06b25e9670d6a4759bbc0eb9f6363ce2a94f3bd98d836be3630a03ed2b9
SHA512 edaf0c7cea5b8ef09693df7841230c5657421cd9fbcaae8f9241cf118954513d6da22b23db20882df9abb126373428125799ebc1319e2605fad4938a8c290b52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 dfab3a708e3e6b3aa8b926cabe46923d
SHA1 577dd8561b55cc9c7257f60a79ba5a27e5c89dc2
SHA256 92c5a239e692c6e240d5c72d71d2a489f9f07afeff57dcc9683a6edea25b806f
SHA512 b0a305df17ef5963008b62c1cc374ffbec368347534b1ff2f695108dc944228e97e16792000e8949fd0277e65a1f7018eaca4d93e6b2a1aef07436fcce0954a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 63d712a7ab1dec21fbda137573064135
SHA1 c237cdf98f6589171d7f7b5bac83d8527b37c9d6
SHA256 8a47c8d3a21217723f6980eb8826a8c0d4b1c608d4418f448026805ae2ac0d86
SHA512 1bf61beaadf78106a93083f439115d1d164261c35c1a5b9d669b4a2123180cab7d76fa6f209e8c15d47345bd3b2c28cdb98ab7c07077f5175ee90cba03cf355b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 2ee3698f659fd7552dcc9aea4fcf6b60
SHA1 077478b90d05cd82413caf87a46f666d7f2c9ee0
SHA256 cefd4bbad56d3dc34a63de4e07688fbfdb374fd7bf5f1d05eb23f68f754d9e00
SHA512 6bae6aa4c13bbbef0510de8401d786ec947b702d3ad7a5756b3eb7ce644ea571acdc031641471910b324f7c3b6251032b3dd5b974f5c28525a2b3e0cb19d41b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 fed16b27a3b4e4903478e7a5eed9210c
SHA1 271e5dc931331293de6e1db822dc028b364d7927
SHA256 d4fe14573ddff3248aac9098867d59d2e8defdb16d69f5184462f8c1352cc6fd
SHA512 3cc9c9145c534cf1ea49e68ce4a129ce9e35fa2fa5f789caf10ea724c96b644ec7894583daff0cde1d7bab4225d24d18dd9e8613f1f40185127b9f5f878b9adb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 0c8af3d4297a603811b97dabf190ab41
SHA1 f1390637a7bb98b065fee300843ce4c63ff30b25
SHA256 c7cdd1952671e01b0778c99f2aa54491af550e55d1aa5b0090974e2ec11d25c6
SHA512 076642fa0e1689a1f04013b9d329c77deed20e7c0346dde1f0417e7a5fffb822da6ac4c633d080711c8c25bf853390a178c95db15338b9dc83bee7cdfe97b839

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 823166b789e20d23d898e4a5a50c39a1
SHA1 10348d1c5afbbd0d2f18b6a5c0f175cfaf2b37ba
SHA256 5ac007259561dc6eaad975e45e2f42712935082a49835c84f3e8eac93041868c
SHA512 5b04300ecb4e3af896b7548572ca10e3a5392bd11f4f789012daa41c44dcd0e3642f9b2015d2984cf81d91516b04698c0f48110a674b0cdea6434991ed2d2ad6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 4b90c4062a3cf4dd15277867aaa51161
SHA1 9e94fe7756f0e1edbe915f67f526afbff4a075a0
SHA256 76ee2645e8ac908df55dbfa31f8b5b242e71d6236d977600bec1fc16b9bb7510
SHA512 acfb0a07edd80d0a60c7e0e09ed3a471638a56047f601889c598bff5529d9b83ffbe64755893871151729db2b719f692604a7885528d9e2cc73dedfa81a865c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 47e41a9935b8d3144c3a474845090b76
SHA1 cf00a84f8b5e63c4b2776a5b3da36812eb75a8c5
SHA256 5d34d9d92a3658508c506451ec2bb468124aac519f059e62a978409988987e58
SHA512 465ae61eb98d20e17f2e3ce9f7e4ef893348912cf325dd127633d21a3648b23848a55569ebc67cf7e09a408b5408811c06bf2fb9421ad8baf0d72d38a3b581f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8efc58ea1bbcc933b5fd06cc5fca3d65
SHA1 894d47f3ef08dcf525de8cbb7e36b22d9d8511c9
SHA256 6f6fb383da4f78c177f9fe85145d3c59cd2bce08be82a0032f1feadf2a32cba0
SHA512 4c953d72e76f5b74c33ff1416fb67b1029dc4c83e3818c5dc2baaa6524b60847a873bc195f385b083557ee2c574e83c6a996ed5ea0dd7d497fb52fb1e1af42f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 8d179c5e7f03414990c12669e144f639
SHA1 726971d06a2616b5bc49744abc6b14934012a339
SHA256 d630bf2643faaf7c8aecc667e0f81924fed0da618dec944871b4b8b3e804eb1f
SHA512 3660fda3b81f2f959d65b2543a94ce241ecf94e0c27a9f0b79b83f5fcdc67b441fee0798df375e8daa65338a170e87aa3358037556016ac4f15c22891f45d15d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a1cfde7fdbfc8a9449b6c4ff81304a28
SHA1 96603113c4555081712bdbb788e21bacff015ded
SHA256 afb8b1b7eeb628dbc2b51491ae6e897884ad230bfce53ed6508ea593ae7dfbd2
SHA512 8aaad375f8b767a2bbb5377fcf8918cc1229417718bd1839ab0bef93fd7ece5d5dcf47f936e6b64454a434ca97f5b0b0497b1ece980b91df231ef514e06bd737

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 88a6579f68402468846b6caba5acab54
SHA1 d0cb48032c0b5301eef6b957c117b6a5a9a4f350
SHA256 f2bfde71cda0c0accb9dd4e743e84e554487bd3fa6bfcc072b1e53f51a13b14f
SHA512 add48a8fd181594ec678e8c1c4274a623c21004d63daad319e36bba9f000a3ff3efb6d8d288c272f4eb3966d9985170b4f0eb69affd23990bf76a79055208717

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 3228f9f386f1ffe81f3de0c2b4102d58
SHA1 a3f08429b1ce64865e9da8341508315c1d380e85
SHA256 de0cbbc2e99dfaa01f3424ad16d0c53aac2b83480d0a9ea90bbd9d15d679153e
SHA512 ff8c13ef24739d4ec0b9b9ad240b16364e44a4df2895e67cc63e09f8c969e16623cb350e21d59b7207e3bb65c416839d1b3412786f61ae6cd905d5e5deee9ac0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 f1580427b436d1c5ba7f050a17e1fc8a
SHA1 28e600ef3c68d8ad38a5f19133619e7b4ac97a09
SHA256 0ee29d765b7e7d4e083ded568544d9425f1170ea600820a3f18a4b2519492743
SHA512 c57f0c897e23e271391f2c6cf0e002e79a01423f4f2076e0c7ffc3c32995c19650cc27e4d27fe51f6c790b489e4d83a06264e11a031d6a12f90b25c4f47522f0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 e2b4b0e58e10927ce829db2b52847c4a
SHA1 1ad83ac784224a2ce08b2b3906c3a4f99024a06b
SHA256 9a3889d6b8587c2a3b94d925c0fd1f96a4fad7ccb07229833c8de7a689906d27
SHA512 4433baffcee41e31288ebe987d63e489f647cfae2f7cd6bccab6d12905a10ce1f9f50bc97de5283a6cd7b4f92dd0660195ac880c9cb9d241783a86dbb8d3e339

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 948018c42cf40507ea82519f5e1fea63
SHA1 3f1880b1b69028b62317cdfea55b766e3c00fd01
SHA256 3db1e4567a392d768aa84e05c368044292d9ae8ff0b8e4d8dfdc6563ca7b214c
SHA512 ccbc3023701da22a20e893d286f2d82649292abd4a77e3c970e67f2bd17672f069dde8314b211ac27fbf1860377833c53afb231056914e0d4c244051ac252f75

memory/2400-6309-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 73dd10bef1610d63b7ec7b6c9bf349ae
SHA1 85639aa4d492b9e511aecf31517c4df59f654d2a
SHA256 6aca06b0c3b09509fb63c020b39c1f36cf0915d9d64d21afafa6e447dcae24a8
SHA512 10134e0d4dda8d1403ed9ad4d35b4af5f23468d426c63fef91395c1b453e847939b60bdde325973196ad63cd65a82579765d777a1eb920ee935b98a2c9a65192

C:\vcredist2010_x86.log.html

MD5 52eaf2d1658a94f0b55d47b743e78b6e
SHA1 e6ae7237fef14a3361c771d3255f0dbbbd126bce
SHA256 e1346ef655a5d9bbf8a0898b79c1aed34c1c369c066010da30514130575176af
SHA512 87452bc5880182dfe2010ee3e344f9ab6734e0e3458e0b64ffc646aa39879791cd715e81deca0b6a33ba1c01cddd99b9ce76cee4c310eeb2d6a3a4d71dce6916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 c77728bf68337a765152c9a55f1d7c5f
SHA1 26aabae4ce6a7e9652884367d7d8050bd1ae7719
SHA256 8d783cef26214a749b11cb23537913c0399b4690196a8d185a0a27c7d7196312
SHA512 4b6ad64d0eccde2b47ed43e274b4f2716634e0627894fba7efb7e9d95ae937bef1b9e13279eb0db8a67fb38eade4e76cd278711494b73d034a70315743988de5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 a87812b8bdfdb3f3701c778c7431238c
SHA1 fe89d3bff35a8e147de86ad52d9967f8d7deeefe
SHA256 c4215bddcb1d131dd290d285605b51ba2069616bb59a3abaf577129d9efbc38a
SHA512 4abb707c577d0c59e7b0b77b9ad33116ee267efecc0502c23e00b558d1d1e0eea24b3ba29e0c02dc29bbd3b441feee7e2b6599e7126afa1dbd894268b4a5fa81

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 59573eedfc4048dc30fb2dd5c72c054c
SHA1 bd0bbd5285533e0a25393cb5d1a847bdc7ce53eb
SHA256 d3518e83b0311eb6e03400baec33663e153dfdb49867922472e95732ac150f69
SHA512 66913e8f3a35e1709aace5a61c0dc5e902a481e65f8d71d595059218c78a4b739d89a0c0d4489e113722ddc61bcf19724fc20b58ddcd849795c73b243ea1f162

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d97d7de2fc49de121997b011b4c1a296
SHA1 b205371614809ba4f192aba26bbfed324fdbc1fa
SHA256 adecf4f6fb58702a6d4633016ed952de8b97aae557d94476387d0128c2325fa0
SHA512 f3b1bb359c962f807ee91d2905a9d0f9de7b74652d1637348427e03fb68437a3b4dcf154787930db3e6a3df478e188ae223920978dabab8687b5178e301b40fe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 fade8673033dc04b45b2fc5dea6d5797
SHA1 e090fff81b2009e6968c8b5580b0c77bf3ab7cbb
SHA256 c9f4b37417fa647d10f8ced0cfcf1f035609a3dc4c81c2ca7d9df902a20c96e9
SHA512 409e65c9d1b13b4c683618bc1303eca40a6ff0545b72cca19e26b5ccbe4ac3f9bfe1c9b63c46b08becabef8472ec1e3c46353da4c4d3924755b4ece6509d093e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 3f7f12ff5a6ba335874fc248b994b33c
SHA1 601b92790295f710de92bbe25a251f72c489806b
SHA256 de74292bcc5f513d8ea84c8ea990f0fd526fb2b32e6c76925ed1410bbe2fa889
SHA512 8540dd0c2245732a622b5f04eb8cab3d612094da3c9f4491a81c9d6f06d2ea58f2d9423c726ec11b9dc6a88404587b42d301eee8cb2b9952547288c3e4353c0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 c0257b310f2d7aa15f6d4e551fad529f
SHA1 b65025ca0addb4bb9f43b304fd13d248ab743071
SHA256 7d135dfc2c31ccbb2fda8965f9099149c24400871fb1ec8857e1414275329333
SHA512 c75b21ba198038ef0a33af1c3c7ac2cc654b46495ef41e5122c8bb6025f5820665e96f96f212fe8e627d7889f39ea4ee8f09c0245f4f7286c562028b963fb7aa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c4d05c70a01544dcad644a4faac23ca1
SHA1 a62854599bda3664e9e835d703c3a4e4d6c4449a
SHA256 1ae0eb4167d563d313d1061bff4bba77bbb04ebc6a410a03e0856ebb56544b27
SHA512 b50c9abb3dfc9e033a532f03882adf6de6b64eb7c8c1f0009ef028218b4134cf569819a7e588be5c0fa587cbc29fc89df16aab3e96ec9bad54a2805b06f26742

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 17c84087682be8597575aa123089054c
SHA1 cdf47ade57b607e0333f4f31be7d69ff2492d237
SHA256 82207176ec4395cb525aca2cee53dcda5d6438d9afeecfd0100ad4bb8359b5e5
SHA512 5c6d4514a68debda19b968338d46882916a1ccf6ed6c619cc01c9d2f660ff31321b878bb4596a6020a32d19ff56ef00c59d0107ba35cf715e2fa4db2432d05fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 b40aab03d97d6d3bec2c8e8d2b0e8092
SHA1 e4f053c2c615e750d81ef03d2289513add7f3e89
SHA256 89cb288bdfa492ce657c95bf9f146dc284fac2798305b41f107a0670c11c99ec
SHA512 0e1e14a90bc4165610d7d26aa67e697f39a2629ce2ca909e90e4086ed6710178092882749da3ff0676f30f956e95a1c99d4d4384341de6076bec3842f7c019e3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 decfea146dac5f5ceedc2f5727bef53b
SHA1 070ce7d4d2ed54a4e787ee08f89005a87cee7f8e
SHA256 ca227c79742aa8cb24254ab2a641f045f72d06875fa60a86b918a7af45c23617
SHA512 d6c918e18e28d1f07093d600ad895c3805c4f27487aa19d92e2dcc49cf3f0a1261b149e6d7e7c20e4d9207f4e9312a3bc620018164759184f1a244986919d2df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 51b72bd852c4d427baf792a30f6e761e
SHA1 f463e459a84aa4ffddb58ba0937f684cdf5b3f10
SHA256 6e525ff03f992a5bfd6746b67f6267998e64c7ac241c4bb45f93ea5f51059638
SHA512 210d820dfc0493fb8690520324f18b2566ea4e91249734900654c3826113c0ef2494db0c188cf77181b4fd0ee939cb463d8bcd5e167f1ca6bacb03c14b18edfd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 884bac37e35e6da1d7bbf9534f6b038e
SHA1 51ce8c44eb9969b114915f82eeeae38298893a37
SHA256 5952d3dda762603531d5bbbb1814ff4cd2ae9f4087cff21a1cc3c1dab7b2386a
SHA512 0583702db6089ed3254dc380902cab64f0297587f0afcb5249d6662376874875446411e316e8966882d4d7b38b1961fa89f5d733829b225ab7c8cd59bb42973e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 3d6bca262bfda7ed56fe6c1ab48ceef4
SHA1 b6fb983f43b60fe250cebf192f8433892e13ef96
SHA256 44cf251ed17e37ff6daacbf051c5a56b16eb0f6f84fafb0dc78f2b928388751f
SHA512 a91689684dffcfac1743b128e3be10e379d74d5869c825a2ea201d16f29299693dafea3b5a0105679386df92bd880263e9591cdad3fd16d980e036d25f069c9c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 3eaf29344f277551c28da02893381d10
SHA1 8483c1d86688a2e306e998d783a0287dfb59104f
SHA256 13a907b36b04ad1f32ee61da9912888f79ff7ff2ce907422284f48a3fdd124c2
SHA512 bee0736809a751422d754ec823d3f310d074afd352dd73730a4254e105ffeb61bf11a0fc5ca0cb9e9c1f332e441a5bd4f5216b9a0f7b1864219facbeb3e90b1e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 f0cd7070a3a1dc18068f93e3a241ccaa
SHA1 84b93ec5e9965f522b2a95c80ba148b0e4c9b680
SHA256 5baa59e8872320185014825ea27c1f53fc82b0203d28f8bf5ba0b19c6c308851
SHA512 27f7b91ec0d8a4e7d111844516b68cad9e045089339a77585e9fb658aed15dd15175a13b438833835cdb41a8baaa590227a367014af2f54825109173827425ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 c516a35599c5600749bebcf038e1bf4b
SHA1 98796eab9c3a794aa1447ed41d1438c8725e0426
SHA256 6c2f1ed3d308f1216ac996b8028a25357e065020133fb791917c99e3a0cf0271
SHA512 1e7b9e817c09580646e27eed643ea235f2011260a861a2cf49bdace4a0031a4a3f12f4cc628048d166ec222f38de9b7535a3ca7bf116e8ad39cad32c2669071b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 43e0679f014498d05ae83d540d081e89
SHA1 afcc9ffaf7d7595a7adf2e53e360085324426d7a
SHA256 b1c2f5a1b28111c1764abc9be9f4ead82277b11ed996eb827d48bffa28a3dffa
SHA512 c478c8ddf8ce507f89c8cc1c5ea20fbb96aea06f55fcd8b9bb639c8d54255c4ba63a9468517f80fbdeea11168d28e149fae23c3291c656415263baefa0223553

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 cf9ab52cb3414473bcfa92b44594ba3a
SHA1 365c67e890135e09232c306b4a0e31add43ba4f9
SHA256 e00f088b0c4eebf0a21290b2a4e9837d01c45d26a14618982c92771142869af4
SHA512 36f935141d068faa24774f02bfe709a7a2c987b97f6003351ef4bb66e7d678bbc8bf19dae3b88a5d965fa7cd9d83a107c5b3e30af7d19efc24d74a69c6289a7c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f086bbb037c8ffab39ad285085237f11
SHA1 10b474fa9ab4f5cadea1681f92707584abf2a022
SHA256 38be0d46bbdba83904810c7a936bdb6d765406b14695a34c560a0062bfde0203
SHA512 a4e7fa87d72bd885c4a75c0c3134bfb4b2d65ef021ae4bb9fc4507cc55a7ff5a6161eda613878b2d1f47e4db7cc4d07cf169810872a098031b26fba41a0043da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e170d60ee145ea3bbeef1f7691bd2901
SHA1 401abb4fe5b7c409e25071f9af6484a6699823c6
SHA256 c47c54964f13674c429c55df38c4a850ed8a127ed4281e768a4554c1deae3cc5
SHA512 aeaaf6ffdfbce4aec151a77a35d59ce8cb380b57f7c0e3cb5075eb9992a67f0a4dc69dad7665f27a83296f40a7002c031ec37b21308549a5973c8f0e5df13eb7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 e044625ff09fc6a2c70bce0f8ab527b6
SHA1 15e2857a9a2d90a01710f262349ef2b865a31f8c
SHA256 98ccadfe6046be439589ae5a9ed21611f69428061bb9c939a1f5954400ed6a38
SHA512 e04a56f638a2cadef9e339798382dd64080f1a8ef021957840b53dda77dfe10a3074fc4f53e24a4612fe28c6ca5c6f93d6db9b84acaed7f0ac809890f2586c5c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 51be7f6494914eb0e2de6dbf8fd1a489
SHA1 ad2332c0aec2a5a0981167229b0c370a9c2bb089
SHA256 64a667fc6eb6727b7c15a52706777d2c254df8cc1370a838bd246e2c20644f83
SHA512 27640b5403e7b9a3e77c6ca96495db61a391a00b5aa95ad329cf7384dc9e9de8b953d69093170852e1399317712370156fc6e10c60a69c662cf3d6f7cfba735f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 db9c0dc8b410a1d2b36f691c2b1f886e
SHA1 457773c876bd04c4cc78a75503db2cec31421944
SHA256 af447fb5c73043ebf61a112c9514bf845d72acb92bda164208f32008684b19d6
SHA512 f47c6da640043225bbcf8496b73085cde7a755b1f14fe4d869a2b2a794c417b735601e27441aec8f831723f6e606cc486e6296457312293a001e4a87ec2cec58

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 bbaec2852e575ea5ca0ba9655b68eb9b
SHA1 1e9ee1b6623d62e9c644beb705b73a446988f986
SHA256 eebe3897f89d6df1c031fbf48d49cfb844a11d5a5fcc10362f7e42a7b1e51209
SHA512 69188cf21198bf9311d691a69fcdad3b29991bd9c3f0c75e80846af02ae35a692d65c81dd2021e459c84bc2496be636e3c938efcec014b56c3d960fa4de3258b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 a161f846cb644e606a2cd10c6973fead
SHA1 f699d2ff95350d72694f84a2b53e03a046fb6e17
SHA256 28db4e0f2d97d3b8f3dbbf8c29736c920e79e072dad3ab0f2f520e8eac40e011
SHA512 fa3de0242216af583a0e34f7490b7681b962e5b0b7c59be450fb247dd1047dacb249e4fa12dc76b55ce02ceffdc7abbc16f5eceba74b2f13a78d1c155938f335

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 c453a4f6d608010a125c9fae5057157a
SHA1 69b9a9bf221c5f11d85c417ddc263edb3de5d800
SHA256 263e58caa05415e7299e2ab81cb38a5dd2c8692d79491e1b250c703a64a4075d
SHA512 431dd155667ccef6d4d609cb16c76f42ba32bc23616aa05a820eecf0374ed9cd97b0150b69f8268894634b05c790c8a8b1f3cd91f5167d817bcf64416b13a657

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 dec063456b9688706d64e56e1a022d59
SHA1 635e5afa9a0adc88b4b90ed862393aa14f8a6330
SHA256 dc9b85d641c57938237f50872705460c5c0a4cd4cdd514ad6420ad9b52855cdd
SHA512 6d1bdaeb6ede5ea9dd79c963e5725603f8394285ce41ae62800791884d5d85d91a80e5b8e0083daf6924f05d71e05d90af4d753185249b7f9d1a5b03928cef43

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 1c54b8c4adb33d83e681309e5b6c3b35
SHA1 dfea6d912b2f0109331b9cfbe385f0224ef916b8
SHA256 e8050603e858b9f98e64b0ced9187b7ec4cf3b41aff99dc402454001f0141a38
SHA512 4819c3929bdb4dfc3d56d8d6873e4539880385a19581eadb5060ac10b3be86689b89218df7543555aad893b2348221aa9ec94fbc9c0c472ea63e2bdbd9e115ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 d3b26ec1b890419ad71871392d90aa5c
SHA1 0837597ca33c4b31e8608413d0f01b7e727714f4
SHA256 035df2fb4ed38e8b228b59ef67293e1b79ebfd691f68e307ce9e12d856b88851
SHA512 68b392b46c6ea514580c92cbf2ecee926c24d97431e715e84d802dc8a356efa2b18439c2bf24b338a24f54c36598193f97637725bae25eaf855df954326c467a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 6edad9a0e9b5a88a2bf80cb22bed4bab
SHA1 98e238666839f450f788e0bb28ea6e6857bf51c0
SHA256 0d258c25d9996609cef3883e3f5a224bac1055f7fbeaecd773fe6b82ea22992f
SHA512 f10878b9e8b5f1374be6fa032b0be48748e259516c9ef2c3e1ed160d533399c3a8443733569b84bed3c7fee645392498a2303bd20e503244fba031020312931b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 3276017d652cbe7c896146f3f2672d4e
SHA1 73855fb47055dd479648ea880389bb0ea7ddbf1f
SHA256 4e48187ae23a7b10a4296079483762cee813fdfff11532d28cb584529e1d70a1
SHA512 a2daf2c9537bc23631f5dfa3cb5049e339d1f58c1b4f295f8d470c630792649f5bcf56cbc98e4fefc7853b04d5fce9e8066333695e4d436fc3acef475cd7546f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 8bc6532bd2f0e6defee38514783eafb9
SHA1 d8ef0f81897eb94d24450bc2e8a14925adfa786c
SHA256 ba87b31efa40bbbd8d2780f443fa30be1ab0890a467bfce1fc8a1477bc553e8f
SHA512 c031e86b35d72e6b3f998492cb839dc90c4e585b6c07c86011cd628ec3d16899b50cd0872b2b9b5e547db61ac6d18ebc43ac5ec4a4162d890d962cb9cd1e08db

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 19ef0b574b87bd08de2ad00f8ed3d969
SHA1 1774d893e8962c96a04577719384937e4e1f9c99
SHA256 45e7767260f51549533793294e28ac019e4bd27275375a4187f4f28c884e0f45
SHA512 638193ea3774f56ec6dd90a3a82680e0cc2db484fcfa458379bec4dc39a37c89c222e5b649f4d28b46b413161d2fc367b1b66ca1368f17a15afb88e2602e07b0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 a6357cf3d6d741af9d82321d08369fdb
SHA1 d095dbd87f8368c71efc463224ca514263f60da4
SHA256 3572d1673cc2212b5723e7c0adb8a9e48040aa5ea838b99ba9ebe34f2af06992
SHA512 d7d1225a2ceef159b2c2bba6e0c41baf814acb7ea8f507d854c907067fa7371d47588bf6bd72c5c593f087e9eeed955d1dadeb93b95059eb75d75a1c55666867

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 aed2e93df19170da6e74921160e506f6
SHA1 48af2920cf694982940e9fda8e5bd0041ad901a1
SHA256 58da2c0d19edb6213cd957749ea9849c57ea6a91e7527ba1e5d6b503b230ffa6
SHA512 b4745910026da10de8617a3145fdceca0f2704ea23cd41812bf85ab86e0d742de7aab3967976f2e934efc5623cfa971f6208c1327d65aeb1a20736e40bc765e4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 d71a54099351992e1e343ad15a722fe0
SHA1 c7c1da29955646768f3683e1b9f48ebf93996394
SHA256 9fb7db61414c5f4e7252063922ee1ded0b0c65d30600d8131d4d9febd845e3ca
SHA512 cb64322d0a617353174d58741dd81e7cdacbf2d2d86765765aaeb62a1ec8d0d334402339c47911694cb3084acd6701659796949e382474eee30b3cd47beb8c97

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 0e2cf1c159475e13f49e30f87bc6c2b7
SHA1 2cebf117f55a0f8998c516e3814c9bcacdf11de6
SHA256 95cd08ddc007c7b0decdf4deb6545489b967e87c24eda2e3920f1d26f2c7a28b
SHA512 f3df895cb42280353a60ee28566e699a5c96c3a8f49d4411efeeebe15ffd6e267b52c8eb4f3b940cc289a806de0a2b01c1db5ce120fc1456afcf8dfcb7828983

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 d0704adf79b251c5310fa1bda9cf0774
SHA1 4a90e7776ea0a53258e58e81b6eefe49ae063e56
SHA256 9daf55fefdfa80ba83af7565ad38ea9ce1aa4e4c3aee7f9f400b7a77a4f9ffbd
SHA512 466a35fe15ba1a587247e5f3bf95b5fa6ff5357bed10ad167d79b12ea0fe8da2b79930a00f57423b448ad5c06a1dc6c00db1dd7063bea5f53989104bd5ec1878

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 808e0130065688116880c79464a42c23
SHA1 98bf089733f2a0d4a6a5cc84dcfe5e58202c324d
SHA256 f292c1b48cbef72398311840cf42ce6947d4acbfeccc948d3e39377aa0754c8c
SHA512 93be80de0e6dce8e3c4c97f3864575bc9ef1e3131be65eed6b33589a53b3361d5c4d2d2f4afcaefa4e65b750ce9f73ffdc9563787efc41c46926aa38147aca28

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 ee46b5e20ffbfe7712089cd3ec392871
SHA1 3a7c28b440567edd137be1ed37623d7fee4e8982
SHA256 12be04f00c5cfe5645225ba43e8fb98adf092817c1b8e49a088c4e22cf42f15d
SHA512 01959033634976bc9cf10807af55f68ea17ee57fcbd85111d1c0725e85627ffc60dc5d752e2f07be57cbf3b5d57ab4991e2b5f95455bbbe95d7b0b3279bd10ce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 46f3badf96b493f2ef3540736fa86d3b
SHA1 4e841b1c859bd6ee591e656e551cbe6963c78409
SHA256 ef7ccd3c0a68e4cafa354260661c830bc77e19a4b05394091df2d7c029bb4f0f
SHA512 48acb287bb1c2bfe40ea9267db345b137cf45c8e76dc4638c8543117f6873aaf837a229a8a7456dc4ef2a230f12afcb762de18f4125a5a7354f777c33ccc44ec

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 9a64b05e1beb88d25405351d36f82888
SHA1 12f76a73fadd0fe46ca4091083a5dd8c52f65cfa
SHA256 feec721ad6046ae87239f79c582d184112e101c2c03f92a1f10e8f2aeb15829a
SHA512 06813d0a6f8b2f34e1bc92bfb6726db1eebf417b92630e030d5ca65f357cd622edbea40ee7cb084f699d95a2385aeea45c04278325dae25b559611a1026296eb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 0831f74af9477118f802af1f42dd9606
SHA1 be7a5a5cf145c4d1a74efe27b491f507193d9e54
SHA256 8a5f9f181457d2ab9067cb594c3bdc2e74a86ec77accae884ae0d6b852632c8c
SHA512 02f2f639f79448a21bfe265bcb2b28cc175ee069af989bda74231430781d380e56872392d49bb2c676342b6df021f6983a5e7ef8f4041e7ef00ec2da32a6fb8a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 1fd3e4255bf3d516a1fb0d4303a85b6a
SHA1 e1476dbc9940b98d529dde736920ed7c605a0d93
SHA256 3ef3ebb1047db2a2343bcbdf01c6c7cd87ee67116c844af4322881874adb3aeb
SHA512 5f6a84ad64ec281362da2d510e11ad9b2ccbf520acbe1c91767a65a8fc2a7e4f43a721b25abca870e0092c802e6e6772da76a71afe9bf67e69b5a8a3d41e97fa

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 747e13ea6fb089a3ba2914b45b28c4be
SHA1 4532d14b90ce828e1db39e5e1b87f6546ad9fa70
SHA256 4801cb610d05685f0b7a77a87fb986efccdb58d818500008de9f56145bd28c0f
SHA512 aa5e3c21651bfde088ae6193d80e29cf43db978ae8c3316614a4d6d3ef94ae3656bedffc4c1679353010a5279e24a036ddaa57c65f6c06bb50c832a90dfd0ce6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 2b4e185ca74b6b9e9c183da8cebeb629
SHA1 b2be70a405d5d5c0e07c9a01dd4244af24428794
SHA256 ef29bb5605106083e8aa91aaa2c7107bbb7c0ff860a411b01e51facba1da42c6
SHA512 dbfeee012c43144cc6215b61ba6c8babc068452458032711c88b6bdcad3c43ff7c2c72152e38218813fe1a328acfba1da2f9bb08cadaab74664561d6bf78c9cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 6bfd3136260996b4be1fcadedf7ba956
SHA1 8e3579a3146bd6a998d57da9862ac733b449ef49
SHA256 147a6805a680a3c704230d529bdbee7e2b9ef946067890c76839fd57ee251093
SHA512 47c019a53554170d13991dfdc308d728f3f3c8780dfdb7a5baf805096985a0d2261bdd7d2455d13268f5d067b146b0ac34717939ae95952a3b3538d6cb22460c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 0344c635eb4f8f0a444f96fb732ec11a
SHA1 68195816f4794243fe40e214c2089490394d147f
SHA256 d2b8cf90d91a900bb39e65eef12f40742cf0a581c99109adf84f7eb72b524f39
SHA512 9088bf61991c25fb4cef58343502fdb3fb112b363093827b071001701935a3aaa73843db5b1cc9dd4968a604d584670a5d46f06e9e9d7697a4b3f2ad13a2dd30

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 ec18ec34d2775de5035a1a547ce1b7c0
SHA1 9b388126876b36589c92e94b772027fc0587181f
SHA256 2e6d05c21579ad90e669a43ec5b0ce9f97537990a159315bfbd79d78d4163e65
SHA512 224c4b1ade43254dd4745ad07ec3bafb59f09d76f5f1048a658bcd1377f30ad38bcc050a4b9fc01346ff79db00cb371096e8ea7931e5976e8e376613df3f1dd4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 104dba903479be2a4d294b55c5983cef
SHA1 68736d4c89c824413c006389304b61243281c393
SHA256 0664bf2380e95e178003a712e37b43d8a3657b12ecf1173626ef9b486a211e1c
SHA512 5e043f34eea147292371f705a1e6e90c2b71eab9c87ba7dc468a7518681230446accce1f9f427b9d60a38ebfabfdbb40d63d2861338488daf2e2e0500d79f51f

C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

MD5 a5dca365dacaee1fad7bf71616f1b002
SHA1 945e130554c72f66e7c35eefacdfcdbd906b0750
SHA256 d1ebf5cd38d9d01318991369e48ee0a7e8fd8d556ec43cc43c1746eddb94f17f
SHA512 dd049ed36843d596d390cf64da2a9cd62d57ee7d3dae4411ac55e43520eedb208b5a0e1a04d6a74db8e613ddaa23a222c82175b530bb047314d3173678f98a0e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 987387aba359122cdccec1d558c0124c
SHA1 8bb356687c121cbfe088c6b0a4e1a87bcf1e6be1
SHA256 4be404b06f7ca1375b468be7fd550c354ccc427388a948088b04791b22adbd36
SHA512 a9ed61bcb2f52e408af81e5fd974239bddaba0c4d111885efc64f4eb0bbceb57b95aca938ba3bc228f1427a8ec820a2e02818e4db739b7d6a5e56fb22f988672

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 fff940636f0614b9839a45b2f5a0f823
SHA1 a4cd6fe78215a22ef00181618b7681b8734469ab
SHA256 e27974840e9288408f9ea6f420e35a7c928934df23212f60bb6b7cdf958fc52f
SHA512 722499af140130d6ad970d9cb7ee1d158625f24dd7b409433d3c4f6ab26e9cccbd45de42d64b72e6a575c130c2b5bef5c95bbbc179a1cd549ae96cf616787f00

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 71521eaff49473105ad1479804f77afd
SHA1 ee614d2737d7f30ae18696f94419773c31245683
SHA256 18321d24132f57d63592ff94ad0318e76e2fa906fbe7e9a85403ce9031ac7f39
SHA512 d2583ae0dd345c1d932097d4c327df215acca8fd6ca3118a3247754dfeb2977cecdf1c3694ba08d07eb885658e93465f1cdc971dbafcf5bfd2e1ef944ca46be1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 cb4c4517f3116b63ed0936ddd8db58d6
SHA1 2f5d749fbab2eb2bb4d2547adace72180a3a1424
SHA256 d3e21d34f66f125016107dc24d9540b9f5d26ba969a36e89018d4dbe1a44f048
SHA512 d828621605f5c80767dab2cddd11300d1e9c5e5aa04d4d5d295fb252765b1723e89e4924d99639b8fd46ed35e5a9b324f9957e683de7aacb381ce7a91cbccff4

memory/2400-11290-0x0000000000400000-0x000000000040E000-memory.dmp