Malware Analysis Report

2024-10-19 10:42

Sample ID 241012-hcddqaybqb
Target 38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118
SHA256 d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

Threat Level: Known bad

The file 38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2194) files with added filename extension

Renames multiple (2216) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-12 06:35

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 06:35

Reported

2024-10-12 06:37

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2216) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP10\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_neutral_7572473d88d69307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr004.inf_amd64_neutral_ccf1bc353e588fe1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc302.inf_amd64_ja-jp_64ee91a0bf7b132c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prncs302.inf_amd64_ja-jp_96eca15be06b1482\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR21F.GIF C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Media\Garden\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.scanmanagement.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4854051aac27e4bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-docprop.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f3db5ecc55a8b00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-print.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_de2b3645413da070\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e73ca319a82aa327\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_en-us_59dbfa16bb2ffc3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.grouppolicy.reporting_31bf3856ad364e35_6.1.7601.17514_none_4c14798809666596\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fc3e8ef154c20882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\inf\aspnet_state\0001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a7c01a54f64c21fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\1px.gif C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_6.1.7600.16385_none_d15bda804befe6a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_6.1.7600.16385_none_4839f5426d10864d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1586bb28001d59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehsched.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aaf0a6f1a2522646\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-7.htm C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-860_31bf3856ad364e35_6.1.7600.16385_none_2ade2eb0b4e1c071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_de-de_01cafd1aaa8ec853\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3cd2fdf38118421e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_it-it_40635a7b971bdb2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_df271c61ea3ab0a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.entity.resources_b77a5c561934e089_6.1.7601.17514_de-de_f86ae1339dc8ca2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.1.7600.16385_none_eb96e6f3bddd1fc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_de-de_61b76bd7c0ea4a69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..relevated.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27f1e5c1dca16010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.1.7600.16385_none_c8897566b5c070a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_748ac78a0b9ec06a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5aff93fe857d5dec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_bfb240270a830f20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0c71343af1f0dae1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_19679d1594ed256c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sti.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3dc34e91a9b2d499\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4e25f334cca9533c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_6052679946eea92d\TableTextServiceDaYi.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_62bebbcab4b3e66f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_6.1.7601.17514_none_13d71710bc471de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_730e5ef5cbd5299f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_es-es_664b4fcc8de8ab6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnin003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8726a2ef3c9e3626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21e6b954573c0a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmjf56e.inf_31bf3856ad364e35_6.1.7600.16385_none_ce1129352580b82e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiacn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_922c65d7f4aa7a05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cbe692400513bd7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_cs-cz_dcc5802a4c09b643\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bc8aa7bd88265509\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\4to3Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_176d81f80349ad0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.netcfg.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f4ee609ad8b50093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..achviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_27c3539041f8c017\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_faxcn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_75439eef85e28e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0b44891b985bfda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9aa28cb51f09c928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\406.htm C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68da20b6e9626ee9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-calc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7407c7c9a1194526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe,0" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz\ = "GJXEVPQMPNXFJOW" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe"

Network

N/A

Files

memory/780-2-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ee5052508eaf02a5fcf6c574a83d175
SHA1 29bda576d6c06f8f6031df7cfc56b5df6c42dddd
SHA256 3cadf5cca10ae2f3ccb227c09be5d789f1aaadb0ec471f9ad60ea511c158a471
SHA512 c28455f45ab22b02406f347c725d6df5167c54a58bbe11369ab7bb84dd677b393e9f9fbd2565cdbace4d7f6a54716cb88f936ed058b65f9060cda9cb96424f89

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 190a4d6dfbec070570623d62a05c7ced
SHA1 5c8cbf4a27375e75b5715ec5587288a97d78a2d6
SHA256 daaa944809817e7c5ef6f218a14663698715b984c07a6a3ac7d5ab5bbf479ee0
SHA512 fd2e60d417e5e19a48d22660db497900891bd3bf9b41ded5bf917b03d64ada3b32c239405be3804e328356fdba32a841424c04673d059473fe33135cfcd5da83

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 d2a12111f17006f3edfcb76e535b5e33
SHA1 dbf85b11ffc2e17ecee785452c68edb9cba6c619
SHA256 32cb9a0c4f83908a0bd5a5e5b5538426dd0ef0c1ef48d5c3b496cfdb48e964ef
SHA512 b26d476be25ae21309778f4a8281e52df7dd573df72afa151bf56c77e858d10e8af0457bb15b8e968872052d3c3d86701a05f34ef57a5fe9253f314f89361e87

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 e5ecc9ce82be020ace85b0ed66d05702
SHA1 e57291c7a0383ab2cbb4b2042280d7ba0cb4922d
SHA256 e1f18801a9a27f48b408fe1518e84b1732e9442ad522809fb920e2b996cef167
SHA512 126aee9892046160e31b96889d0359cdd463f86b39aaf88bdd1473e92e8a62726803118767cbc140e769cf04c4a500fee82be78d816fec0b6a899d66d29e8f22

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 f2b88559ca319309d1590e4d6bb0b26f
SHA1 53ae64d95c260cb884d4866f30da050f6813f95d
SHA256 80ec4c79918dd2ca47d0cb4c1769814fe0b7731c9c0351ba465b47de713d6f63
SHA512 a82d6cf087df6d59d39db77d6f8e10e0a8ab477c0595eccfc582f1b340331cf6e9f716404c7007e8da20d34b7b74aefe1a40c027538f1bfdcc03da030c844147

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 5a393b60f646b40ea984d00845073456
SHA1 30e46524e677f4ea0bd54525e82a3a8bd032447a
SHA256 cc947223f3bb56785a7e9d21e51e8ef7ee3cde874fe947995afa327be6df9116
SHA512 7109bdbf6c64283cab21dc8e6103a87f47c97c8915b2424515c7dabb5e6b060487de8f83141ace3ef4b2c69ca52ca2bf911d49ddcfd80564ebdf66e51773bc11

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 71063670426a286f78de7c68ea42d4f0
SHA1 7bb07ea13d3fee0edd9d917df64c26f3038a6f97
SHA256 045bd182d0d71ac5c311954bcb241f23b6b2f3bd8598c930b275cedf6d315e3f
SHA512 ddc05ed88ae862a77e4be6ed04ebcefebfc4004c3e5ec0c87654fe15f8cdd689d9937ba6102e90d2caea78c86910820f0880852c867ea8d8cd849a25aa48131e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 fab79b14837145456891c046957ddd92
SHA1 af83881460481db16b4dd456fbf3b535e5c1a5b6
SHA256 4ef2c3011a3b8d8fd9700d1a7c34d76a93ee8e8c25f87a2ca83e3b9b32e14321
SHA512 bdb241ddad841afb7db2eff03b1ab6944a04d4be8ac83ab7b1e973e1fef56b5142da9114dce607bca266173399c8d5f0ea873fe81a8c8f7c76ff54a629ecf247

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 dba5f4e597aab312ad73594b254330fc
SHA1 4010c2933263a6460acd0fe1c37234bc5b0304ee
SHA256 ecb68b3cb3807a9a47804e23771ef69985d86e137050e8662f6ef642886fe297
SHA512 a98659aecc3059b17853b6d2c29a7abfc512a0b77672c2c4188011f772b0aac087d18938c4322c447bc3616be8d12fadf997e36acc4f0a6df5e74436690cb45c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 ff984d660b76c40800fd84377364c9a0
SHA1 5a5f802b2e19c2ca47d6ceb8ef9e5c4f9ca40560
SHA256 b6d582138aed272658808055a54f2453028d5be42e567130aee1ced390f1a53f
SHA512 193bdd12056bed864ad3c1fdf780f67f319436f9a25bebe2437a9424caac587dc11252b24b3359bae6cc4fe85d84ede7c31de0945d30cbb6292ded16d59a41de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 ea041f1911dee6ba089961bf76405eee
SHA1 16be4d2357b857ce525635fd4f3cd527904d20a0
SHA256 4d360a932bf5b8a60189a9b88f018515192195a5e9dcfddb9be4c80ff8548d98
SHA512 79d2c522bf7f3adc6af7f4d4dc525fcde5aaabaa89ed4f240cdf43dd05231a14f9ea823c6f68f1198a8de0bd82ccd7ac1c65b92c723b68b723c0523c8affacf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 3c08982a4b2e1f3aa0b701abd411916b
SHA1 4528e3f9d95c01bace3da879df3bcbd6ae0ac10a
SHA256 98acaf8f18623492d781c52ca142622621550346983b81fe91f7971810efef2b
SHA512 2c4e98a2e4d54b1b4b71dc6e87853bfb6d0fb5bad1798b1176c530b8b40ab351dfde59263ededdff59db7e41a78738528544ae19439d388299faf099ba839a0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 f7284960f994f7b9eeb38cd4fb58f030
SHA1 1028201e24ee6e6c61908cb28ed1c22036cd4385
SHA256 1c98b52ad3cf3c4c62b1c53f86ab8652bd87783f118ebc2bee164b009ba1ff58
SHA512 fb01f880039b26d133c5de375454fdd7ddb99b864bfa16219737dcdbfc7dce054c066a9a82e11494062bd6566e5fa8e867921cf99fde83e14bb5d0f2a1d1a576

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 81747d000374d966cc6ad7d7817efc45
SHA1 7b06121cb3b92d0b0902873e5e9ac1ec1aeec376
SHA256 035a4142b60a2ab0bbb2d06cc1490fda1d643dbfe64145a0fb38cd71c497da5f
SHA512 6f2eeda1d412c11a12a91b148c96f4d9c0383a09a94b85ddfd57697808f4dcc840704c9b39913bcbd95ea82e56fa056b013ed4c0e32a9e50387125fda79b21dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 7e32f379ea6502587c8f16b822782319
SHA1 9a8d94b2b5eba43e4ab70271b04e4b3c8e32e81b
SHA256 7d8bac769c3ca85dfad56f0ea489712148b025f7d6dc972d3c1c862954dbff62
SHA512 8e0f27c9da6e60ebabdd3664b8ebee4cfe4ade54cbb06c8948fc418393c5dae21d73972eff3d87f161ee196d190d8d9427eab65c04e88159ecdd5452c7f3b3e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 7c666ff156d392ef211247438bc7aa26
SHA1 434eac29022d2297e4ba7c22fa5fa594419fdb63
SHA256 f79540a2a5bb7307a018f5a5edfe5dfe338ae9859f1dafb19affbd9470eb3cde
SHA512 4cfb42e18cc9e2e40f9978d9ad7c7aad5584685fbd9f7566beb65fe83d8284b76d904e8aada5f1473c4ff0c50d2e54d546a399fbede54758bc0dfaa3f3d3ed4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 6f523da27c161283d1f0322c3fdbb9f3
SHA1 71fbe193c0eaacea0a818925c014b8cfaded6f16
SHA256 1e776d2975f07d27fe510404aad0cef528480b5982f9418bd0b6f8511539a756
SHA512 b9ac749078004446800f45984ef2a7cab650ab9bf4cadedadbc47314f11647c7c2351731cbbac4eb82b3826fe17f6feab7d5cae139287eeafda4580ca9dccd4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 7b85907306d458d331a1544a63a740ad
SHA1 97290c948c1b3db9382d8a824a91ef3579c5848d
SHA256 e74e66b7300e38281740d6d2375f9eeb708966aa8d1c8e8f45e54467d4e7b164
SHA512 123fc57e58e148b9fedaf4f4d6f057a1336e83be48be3a7717449462665060c5012e950d351f756956ab38530cb37b48b86da2f2bd54b1af0b7ef5fe7cb12ab2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 14a720b820cc05e07be4e7c1924ad5c2
SHA1 f5e1bf7ce813b9da7f422c9b65229d5953033dc6
SHA256 be0b73e3bb5926c129e3b8d0aa5fbfa479c6b5ac3db74545e032c8b978577545
SHA512 b0b4d116c8267f0438629607ec705dba0eacdce60ab6c8dff2c071a8f712b8cd0acc3fc4520c63a49c2323ba54bba11e33f73daae6172bb527bbe1f8a53edc20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 2c013f671893c70ceeb326b622862a49
SHA1 c17d7ecd686518649985c94516bc2b01a791914a
SHA256 1b42a5fd9bcacff8d0dd225052b752e7a96d745d0e9632d58c9307701bb0da51
SHA512 d26c4a5fe268ff2329ceeec48bba26e3b6690f0ef80edc65ddc9965c3eaf8d483f2a55d6ada066fc2618755288aa839801c34728024dd282e919afd8d3173333

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 24e01339a4c420c113389f0ca7df5677
SHA1 3ba48002281a44a72ef3be9b5d7014d595292ab5
SHA256 a155e44b774fc48adaa919f19dd23bdc5f9034265228f536848106806b868285
SHA512 486df75446f25c30a37213d1ae3e29c8fcfc5b2f0f4e0aa68a536e828cd99dff20728cd4a4d4ffbb236192b58e35658851f7c5131944e11c80bc25d71a01e466

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 e7530091acbc4f4f590f3b923ccd2655
SHA1 19e58221ad3fe71b8d15b7c7cd9a8140280f7980
SHA256 b89bbbbc7428c6c26725f646c805719a4357ad4824b16cd5e9ecb75f5e3c47cb
SHA512 9adaabc7ab1b2ae44a6f15a0b6236bd7aaec398fc711201405a549b2de06ec239fcd2a2bece9ccbfb398e448e280933f64c6f9cbe99d6d6cafade2734c65924b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 64f02d23bcefbcd9c72e0524dbd8808b
SHA1 8beb4d585be87fc7e2e9ce93f0243c715d05e043
SHA256 9ca90fbd191787f35ea0d31d5f28235a31957db5e95579c7dc9885abce69714c
SHA512 7e4f9147155235723b8db0e7ed016016e47d6810cee6a85ab8af94e79d97665176ecb3a2d7ad843492aab0c2c966d1dfefa21db89f653c7461abf3514b0725d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 ddaba71f9f0f631b7316e5a149f95a0b
SHA1 23d072a8a110f0a586ceb5577b63c82395493a2c
SHA256 7cedf21e98c915cf479cf8fac2c96488e39c2e9b9051d8fd209997a4c5f358b5
SHA512 6af4d54023060ec2119180a5c24e7439a724e4618b74d768143a5cf97a2757e7090472e605192cedd8bbf587bcac58de7619c4abfdf0e5c2cf169ada4d74f9bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 52c58cdc2124a6b6f76abcf35796b175
SHA1 7e5754be95fdae38e25b558e54f30093e9e62b3b
SHA256 3b3b60c94b4bc1f5073fd30068f7cdc0deb60e837f04fe57162e80047e17e22c
SHA512 f62e8a8727830e2365a9f56895b137fbda702c717f3ad343a72b661cf6c40b69a71cd8717ab25b87c89994860052625e24b6ede1475546e0bef242061974336a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 8996aea5fdb740fded44696022a0d4b8
SHA1 fb77e5b415ea5820a608db0d82058118f1c21183
SHA256 bdb3a095e159864a1df0adda7401173a2062475401780ff9b1c43931bf0b59d7
SHA512 8adae966620a0a5ddc8c70f9800b70b797bbd5c1ccbb7bdea9897737eaa2dab79f08d90706a70bda12b1376462081979eb6fdf21a62dfad17be18fc4cf02343e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 bc6f2316676afabd8007a5fe041ac9f1
SHA1 580d2c54169221a1482dc050d6e978161f7aa551
SHA256 b17138251cd08fe24951105c1d7a9e8c96c5a22956bd00eece0cb45d83b41429
SHA512 55eacbb7f2ee5c85f746a9a4a0a74929400c84f76baeaac201bc710c4a58f4603d4ecb1bfa67e4398987c374d349d3891eae05275e07302d6e57723842a82886

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 baefa7b468b15addc301d13efabcfec6
SHA1 255dfd1187df3254477744340c763369dbaf14f0
SHA256 0a8110be8ad191cbfcc10a0d38b1a115ae2b03216c512512822b96dd0ddc14cd
SHA512 65e8c067e97c6da6e19db4e6a82378138dffbfa4a2a65b946f7bebe7d9a92a8352051b857f146d09efd6894faa8a809a45f8c657996908f53eecbd6b3771d111

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 f56d1e775e651354294ab72ddf9817d5
SHA1 fce0d0d8e5ee24beb1b306272b3f71da12eedc99
SHA256 dcae4cee65f82df3e9337c4ed264a0b7a98cde847112a223290a1ffbdeb21785
SHA512 7e024bd89b40d83271e76a446f732aac1999e7832cd385b1cb5cc3ad5e5ac5d245b1516be7eb1b91343019041a3275d272e60f31ae9f424400a22252334a8aee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 6b6788b8705380840c282f35ba3e1293
SHA1 2d84c6fd180587cd8d2a04d92e94adc0600e67a8
SHA256 651994886d686127d50b9df4a079bd6a887932ade22a03f16aebd165c8d75a17
SHA512 b4d9450f45fb6d7af9eca263fbc63c44f0ed3a4f241c4ad1ead01393f762437e255805c394844eb68939572d65ce73a8f9c4cb706b370923df50931328d5fb8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 f4ea1ff455e416382446a86dfa0a71ac
SHA1 2f5716f621e63c85f219f118bf8bf9d45a51f55f
SHA256 af2e637dbbff85e4fb325fd7a5e794f5d7800ebcb09694369dd14ed813a1a590
SHA512 e2c340427ede16ddee5f10fa85fed87830f858c92f4eff7a8f4b81f837050d1e42ece43a7899780eec873a8db988f9a10523e472ad2ff3d97001ffc66484264c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 af7269086d9c344987543fd7d7152c54
SHA1 51bb59e0eaa6839a68c79b929164e35571223cd9
SHA256 2a58e8ccd41fd392a2d7cfddfcfe37bd7f4e2e888625bd3e24a92f348faf6b2d
SHA512 8b33c294e7522960dee0bab8dbb20246ececea8b578d15251a12adb6f9e9f2ac44328ac8de575155abba55c83e3f60a6e20a41b16d49c1df67806efdc976f3db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 16b55298a391c2216b41f89a7666f900
SHA1 da79ed5f72a5dcbfa9a164f8da95b9588a65e681
SHA256 1c974dfea68c59f1a61eab6f3b6e2705760ca8f94c54e55b49fb5186f002d3b4
SHA512 0b7b1792ca2720fdd36ac508a795290996d2b16cbdcd449761d60238363ef42f33dd8c861e2e79da446683a0f52a4221595be93c7014b6f361adeb01ca246699

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6d45df4ea7a6926aa7c15ba0fefbcec5
SHA1 b246d80f61bf8f3ca00f2a6a5b229433d3d7ebe8
SHA256 a79f19f1ee9246213effeb86e533c8bcff8ef4ab827a8afdc30d5bfdbbc98b52
SHA512 d9b8aa9323bc988b404beaeb4580d68cc2bad72421eb4917f45f38692b02ff68a832dfb74c35886f6b7e43ee094a428d62d42b9b40e24426a5295712478ab856

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 dce1047b300e73de436b3d9702d7c682
SHA1 5208bc1125a205ffa4e025cd78edf46a48780ae8
SHA256 b58bf731eb4628abb9eb80297e8628b9d8329211cf8b3b87b83733fbb457f1f7
SHA512 818ea729bc16b55ddba6ad8700f3b39a7a6fc698e5ea1eb07abb446936f8e78a13862382bf91d7760b4363dec1b8b454fa118ffef33d5814187527cbf17a28e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 9780be72df9957a0d87f97e0fd386d78
SHA1 7639f5543c8d13d846186f2bb2c388a7fb3dec22
SHA256 3ac6746504383ab5a9f63e715ca3223e396a16829975ca02fc0bb862ebea7b26
SHA512 eca40045b49c386cafc7d9835e07d2fc5d776270068cd23994c3eab884e5a08be56745a9d2a1b4fdccc8ac84490c9280d6212447d41ad31c3b6bbe0520936bea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 aa9522e56e817043de24ffce2a49675a
SHA1 24eae5d4d5cd19201ffe4311607735d87e9d20f2
SHA256 dc4582625f803ca9b35e97eed0e44bac6b27770e2b9d791797f6ce6bec919b94
SHA512 c9d00afd8459d57fbf2c3b988275c6106cafc80f787f3eb036aff9736110f370c36e292a720cd3b92b0cbbcbfa2b067ae4440427090ea9d48f42a4d6ab181e89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 9cedc186f84011a6d2a63226f0ea3987
SHA1 6afd9a2ca22a00f658d8d872605c49933e938b7c
SHA256 64f607938bf9187ab95ca9d71a2e0b8d3d85653e966a8624098ba9c10756999b
SHA512 40ccab459742d6d08ce411bcafc18f27fc89162d5c58a82db13c4e8074cdedbc7467776d8040d7389ba36a0963dc4e66e11538e6f4374893759d816b9f335176

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 420586f41fb2e3cc1e34d82e918e57bb
SHA1 cc5fde435be407693633964f551549c00f838768
SHA256 073a91890e440d7b32a40fac53845200f16e7357734a1a10a824c640fb5dbca0
SHA512 6a541f19b96f725d743f15a0fdc3ea180a587d81097ab3da18d1979dc313902cd4d1b5b11b317b938ae70c4e538a0190f7bd40d03b141d89e9c02fd3676192e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 e89a9e50378ff099cd05f9c7063688fc
SHA1 0d50ed63d2ec1bef17eb5ff6b80aca8f56003878
SHA256 ae6844a51a5f2f1dbc9a62d885e9ae63962a7a007ece4b19da20d2779a51e0d3
SHA512 3aacc43d589b0f9ece36df37f13128f3a36b003539b04f4ecca9de6cdfde75454ecab94762b2f9e68c24f05e1b51c17cc2e333193bc1fe5552bc063e69fa72ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 8cc7f0813b49d8121261e59e9bbabae0
SHA1 4998263a7ba58ce9245a4e28bb91b9d4c09876f4
SHA256 114f47cfd50376c6efda322992a20f6f854932c546ff4a52fbc025ac8a7f1b38
SHA512 ca23a8b765ad944a533131a73ac45f88b1640ffdab72ba38e96513c79137b3666b9b40bbf6437b2c6374ae83a7ad0923220e2eab5445630007f860507be2a122

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 6c83b58cadccc9c31973430e81d6704b
SHA1 7c26a94323c0965b736b86b9d6cdb07b7383b043
SHA256 d927aba7c8bc2d4225fe9e60c675cb551db7e85af4c295c9ddb808e0d5a0fe4e
SHA512 e7b74b9151b32be426798b953d9d8332c5998d758a9d0941eab835e64aad1fab52e43bbfe7b685788505e2701b6b1bc8e2db2461e9c84d461d5b78146f3bc418

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 4b7cdee0ab598df7cbffdb553eb719aa
SHA1 7e7d8ac12d0a4b09b0b09a09596cc6667eb19629
SHA256 ba2b824c8680a3416337529dde304b6f4ad147ddaaced65737354819d1fed244
SHA512 9fb26cdbe5ddea90255141907b36f705d79f9e7f90d8ff10909611c1d9c53826d94bab50940c1582f510732b80f5549394c86a9df14aea705b539a60ff65dbc8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 3ecb5fdcefdd77dd1e068a26bd7e1d87
SHA1 0d47cfb18711d6152b848d692d6f9c40eeda21cb
SHA256 470be76ab8a8140edaa73a05eabaa99601e73c42c9d7d804becb5d33643b67c3
SHA512 1a50389033b416abb15999d71f92102442cc4edc383f97a8ed5023616bdaceb04deb03a16a8c589709e3f3e050ff5920d2d0f0383b0d34dd9ec3ee9865818cb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 613cee383b76e0564f831faee7784c68
SHA1 9dc40ebd45f1dadee1b52abab861f03329a3d86e
SHA256 3ade95c6d8a847c37b497acbc5c7ea090004d25f767cca8cb5dd5d0827174999
SHA512 2ad4746ee0481e0b82ea85f62dcbe911b3dd5f1e3ae539cd713737187f5f2944af178344174805d09a12c16ef6de7141ff7a3057284dde1d4fef021369ee8d88

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 a718ece47d04eb9262c0ff88730f80b4
SHA1 501b1bc291efc9c9dfe1cc2a46937f09bfa7726c
SHA256 030e1260f87d564b3c9e6fb9cf25edc1aede983b6ecfd82b2b4f6c2fc4b44fb2
SHA512 ab27c9b3acf71c5ec323402af3dee2f0548e9f64f6066abd2acdce9400009f3bc939b2591c92222ac5042a1a834b7c229b6e7b5ec3f1ac0293ae775ff84ef658

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 11df471326de6eb8653d329e4add82b2
SHA1 f2d0e73da505a1ea96ecf339153abaaf7a231cd0
SHA256 038182b40d9e8e3d733d809e83463c27e694395f3b31214a6242c4d8cd0baae3
SHA512 715066119d38382b7806491607c9220a13fa56d6a8556e91441159bd3ae04cf668bdf321f03c291b7f3e7888a1f46820cf958f29f029bed4a57fbe80050653db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 b8b7bdf5b085c741903fa825522ea83c
SHA1 6efe0c82f78d1b1cb50a722184be3dde32ff8ed6
SHA256 e5c886a88589cbe3c3306b0abb985d3a7f6fe153ddbec368cd06d81966efbe8c
SHA512 57fd0681bf3b01b67610abaeedd1d156ebcdfd3f9d92ad58c156475872018625a9b6b72896aabdbbe98390b887626bfd8333214f8afed3bf9413a9ae84a02e36

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b14fa5cfc73263fdc6110365d4b78e54
SHA1 463fd93fa39a8a88fa8895b427f24825fc861269
SHA256 063c3203a66a1955f31110b3eb0fbc2355a586ed22b59a050366b6da9a35138f
SHA512 3470d3d8788e8a5d77bec0692774ddbebd50c7613ff9f158058f145a16241e2e07b624b807d533a0cf8d1ccffe310b1d71c2b11ff31ede40a00cfbd39bb88905

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 2436a199327daa56718fffb60aaa9310
SHA1 2b2d3d4c730bcff3e33cabe0d2c62594a3431687
SHA256 c86467677f7be4af56db26d162e669d57627ee6a7517d331bbcf6b9eab21ba02
SHA512 912ef1204a59414455e424542b49385ce4bc02cca1398045a6372949c3c8898f2cb5c048c1816db6fa647829b1b1a56178ffaad8bff900a54b31377a90cfdba2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 b7aa29d71526943390d5ef3fe4159d8a
SHA1 af92585ae15b5b6cc3048f8106b23e027513624a
SHA256 f4432c0ab9d911f1f100fa1bd91d8de9fa67cb6deb5301ad09d43e1f725855f4
SHA512 ee683c180a7aed37dde335f44e4faf7eddd28e9bd3ca51f22ebf33cae6046d546eceb6d1ad3fbc262e47d09e81602938a38ddf63054550096435d4f636910638

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 43a135fe5444d6be443dd52e21a7a571
SHA1 29578773452d9b6bffe5f0f0593f0a91bcd76058
SHA256 b12a9732d305c26d7ec5e0e33979d5d022258b60219fca24a6a3017fa26c993c
SHA512 9f9c52c0e3f96ca6da1ee2b91777dd4a780b5c6e2f26462e9626d1961da8b3c2ecb62f32159cb9725a804de8373e3a042194bee6a78a875567069458f6891d03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 2d4eeeded6f36a5c92cad56d4f6546e3
SHA1 db36c42312fce7d0d3d0aeebd0e38b954a8d69b1
SHA256 89214f456f78c2754fdc87e8cd748728bce65c37282015a85791ce385a1172d5
SHA512 c0bb1d5d909e066c54efc4f16fe04eacb5b6f486f21de6cd56e7018f4d2ea6d94b346dfc2530ca17ef84ebd53bf721bd38893e7bf343310813d64aa5aef9ed35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 87a47105c2f3e8cbc64b10334f476212
SHA1 6e8efd8c99e7cf0e0de04788a38b3e07d2a7e3e6
SHA256 9cb13afa43ad62e76a2534adb0e6536d01e9095f185deabc9f1e911b9766dfdf
SHA512 6960475275023fe70d43c2517000545c201936e4115078b8798ac0e41a08669b5bb33bcc06b859e2a36e8e10f338981093e41b663fbef65584d51b4ef74d807d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 509ee8dc1c698a5858b1f12b7f5b2383
SHA1 339d9df78e40c3abb54cdf69fd1205276097d5e7
SHA256 2740284f825cb2cfca50047559b738d02ab0dc8c205ad1c3dadb0545211c36b6
SHA512 6ab2b900524e3e34b38fa6aab46791e96cb7b7ad5c2075915082432e5be9e286355459f5c09b56b28fe62266c08b02a8c546dfba848df11945f097667ee1fb5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 fbde99110a6290e96067639f1aed6b50
SHA1 bd282ac03fd582c554fcf4bc12852e119c53e79d
SHA256 34b40780b83c53eedc868076d62bb5cfff05f82446d2699caf9d844589fdd154
SHA512 a63be140165eaa2c19b21c5bc9848f8b5bf00a34675d965a9b5d5a1ce59d3533839511aabe906e7582ee0cd022b336269063027a6e5efc1c5c993f1537ff7cfc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 71bfb242658155bff22183fd9b7cd1a9
SHA1 8def653f3c4371aefa5fb95811b0315606c918d1
SHA256 e6b8332db07950f4481368523ae1a9267e8fc5ac8f3915f31bfbc26905eb8a70
SHA512 1d4b58a1cfcacf462d8890024a133d5f62f07492ce87904142aefcf2e2c34c5733e2818915549d381f1b7021a3063f54e6ceb9454937bc230b9bb137ac44bfa5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 e98b3e567836f34609433738b225b1ff
SHA1 f14b4455064cd41ffd712b5ebbd9c69d648632b9
SHA256 417055c7616e7c3d90e900b73fa37e135c799013ec45ad9881bdcfc293b26704
SHA512 542ea1075b57e9dafd64864e093d0ef43f0225b046cb3f5fc9673c1a78871ef351a098807dab883382436d8e1bea8e2813267f6169127275b6734454c0e0d223

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 019ef958d6e485ffb90ff65c7a1a4a38
SHA1 66caeaeca0d54a19df231fcfa00c43d599d4fe74
SHA256 af6dfd85a9b6bdcc68530d616b245d6593637b5862f3b6daa16a1bafee603864
SHA512 c537f618ec8e5670937e1d904fb5bffaeed894176bf611c92c4fafeab95bfc2dae46c93c6d1c4040ae90033bbb24d19940dcb4201569830047378df9546e21f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 c6636beb4e458ae87584640673b4e44a
SHA1 325dadf5fc15e2b08960a2a6382580b757db416b
SHA256 74e31612bc78be94878a8ca7527abfd3173209dae683f33d8112bce5377e060e
SHA512 aeddf1aa09a5eeeae85474c4116418f3b26b325d03c602157fe2cbacb736ccebd9fc55532d26e05c688e80d2c549fddb5a0ebf6c72e78e2dcdbdeab113806ac8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 69a836db9a89609c14ff2705b9825f16
SHA1 dff5da772cd1ce0c52e76638d274401ccf95773a
SHA256 614524ab8423bbd931d1f525a473a7e434be3689036acad25b196519d52c4f8d
SHA512 6304e76e82b6cdd5ab4a4516298220b23e6042616a797abca8099ee1807124e9eb49e08c0827454f5e643b293e5649a71d6b3e4087e41e701e74bc4e8f7fca49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6ec2083eae6d01a8e68c9d6f1efad207
SHA1 ac1385e1fb10985231ef98c74cda0c094be6ad15
SHA256 3a958283224de54395013cfbd10eac3f7d0ae5b7e270c66e8f7c14653b8ef667
SHA512 20c1757129834d717ed3a0e2507ca8bb95735bc078e5bfbd538171722f04e1fc734e5b98a27d901ed82fcc5ba6003dcc9cff3926d16efd0e59be39a976c1bcc8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 500ee5680477f4a2ec85d156362d61e5
SHA1 f42f7711436738898fb8582a7fb3bbca313b58d2
SHA256 6435d3e98350a877ca445116fc982b59df18c9c8bf2a9cec3918e5f15d0e9b0e
SHA512 2d9bf00088f947f8660d3548cec071dcd83473d7797e1c01555c0fed3d1bd542ecd4864d0d03468be3744270c0a9831ab53b0f15c4c3ed8161c80c2d6fd03c09

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 4106c3c6ca8ed4669fabc224c66e9a2a
SHA1 ce9e1b4e862db0ed699379e61b36b85b50a07af9
SHA256 300ec8aeea7e658544e0968d56465ab274543d9cd2623c31b821a45f633663bc
SHA512 8f87ae58932598064ec7a15366c313eb67a5025abeb09e2ff9c26f47f67d231d4bdb2a249c6934abc620b2e852b6516fb02662056058fc16d0225b1af8bee570

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a46eaf1b6b01e07567ca65d29449cc35
SHA1 aa492940e2659eaedd277834b8d90eb2b82b218d
SHA256 a6b800088266c799ae36d2b49f301e32fa24da2a9ed05c452e9d5a017d370b48
SHA512 68c538c1b6b51023502e3ff8ba91fe1aaf27a39327ed10967e20f2ba3de305ea8275a1ece0e755d7d5d8e2ed0b294cd51df2fe1ba38ac9473d70296a2306f6c1

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 99e7704afb7e050123f0c9b7a21bd3d6
SHA1 92c28dd36c68167b31d26282b03cdd483a68033a
SHA256 462ca6de5eb8f5546be5ef4014de1b970528771fa98da6e6899b47960217a0ab
SHA512 a8ea5aa09a970ae9efc35b398f7aa41be99c4ca27548a51bc2e216420b43662589e6217a8bba9156dc7bfef2f338d05e70d5e0a3339802aabd5fc9e8bd2a64f6

memory/780-8314-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/780-8304-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 6db99d1df393d7a67084a2c0160d6a58
SHA1 5011f5f89b071e38387de32319c6eb805525893f
SHA256 07f998a69a0960902da083cabdbce52600086f259e979eca16ddf4feec19d8c7
SHA512 66909332b1154a2e8cf4056a49eadd4610e7a95ba890e698ca49be0f9857cf65730712751dc3ced4b196e354e96c83ddd2c2a56655239de2d52854d972218ba0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 60ab67f9b776a7684697067c292e9bb5
SHA1 ebbca44ec73c6d0d3c587b6600185e1f6d9622ee
SHA256 a90324434911cdd8beff915385c492c8cfb47288e5c9626d92aaeabfcff16d44
SHA512 44de40c5292f2e6c86318f9af2bd856d7af3e3c2432db0ac6a1a5556a0c8c761cae15ab2e2835863ebaa4e3cbaa1df614e6095c6f23550f9a6852123045bbeec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9efc0acf68fda4ec5b17f6b5dd841e67
SHA1 d5f437a6fccdf937825b80acfd08d3f13191591b
SHA256 cf52101bfcd22a7e76872be349170826df267593ea84f87a2991e4fce337addf
SHA512 45dfbc7a3d3cbab9d22fe6a53c0d9bedcc0cdafdae96aad9a299b9e8a7e0de9364865bbeb4f8a175017a2126ba40d832f2c7f7729a8f048c2359fbc591df1ca8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d5e366806b979e3a33e2e12ddab03035
SHA1 936edbfff215a13fc528d7f86f31997049a3a220
SHA256 c5319d529667a2ec89fe142b69827d4700729537e175ed185adb945936271db7
SHA512 9e53353117d90362cb04663d07a44f4824952f58a80a9215bbc761ae4a91091abfea070b533193fdebf5c519fb6d96c50c4091b721e783d8e789755384e71558

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5eaee4d83586101ca94cbd6db23419ca
SHA1 fd5653258c2c7932e3b21b43b62895d5e3726010
SHA256 66165c9f5673e46189a6ae110483ca1f2f8982256c38ec33a5586e7e76b66ab8
SHA512 37982a9f3d21abae069b0fc9d10f3f8ecefe7d46fa99659ca9de628fe394674731452e5edae487885a05e19123f7f15990a6a1a40127ea7acef114084ffa6e5a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 7f4512385e062b8f6169e308de3f2519
SHA1 c6d872111ec511176621d003624adb148788bbf0
SHA256 7e1ef2719b5ab8640221112697806607bddeb2c47cadba01b968c87294b23931
SHA512 3cd4e005e07a9f7a4d3204c60ff8d6d007bf6115baf91c6adf480eae8268336ded6256a743c039f6c631776f41d42f5652e82466e1c1ace1f955147f0fa0b59c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 d118f5558faebacdef6d4f6800a8d8f8
SHA1 c491a38354a52dc0d77ae50706aac7fb412e7470
SHA256 1bebaa6e3bba24569c14e3f3b3d88b35d7b4b51b261dbc73fbc3ea9125edbe52
SHA512 9549ceaf47ae3abde83c1db029e25033d8d94908b92fb4bb20e173c739f3bd41b02f324fbb3a7551b3e158e95849768ae946c57ce5259313a5f68c45fe90ab4a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c3a6cbc73d2959018d1c808273483d08
SHA1 f47f5efa301e88d9cd7137c1584dad94b9b721eb
SHA256 ad0ab299d5b9e06fa45a2d3430300374a51a92020af46390aa10374bdf6ff6f8
SHA512 5ab4333b3adbc3f56cbfdcf5e3013b4988727fd7194e2ecb944fd955b8097614ef41c904b83feaf701d3624842aa69fa78e66066e9872cdc652fcca7cfaee542

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 a3a2e8e4018769171634369adced8d53
SHA1 8542679abb36379dd4c99d54191c73306ba97ad0
SHA256 891a38ae41ef4309bb412cb344cf9615bb9eba558e20eb66e24fc3e3cf96477a
SHA512 339e3b054c7d00f3c8262a8e28b726f751ac37d90490c9891c79b34d5b9882953a7dbfb033317c8ad27239da4b160f2363b3aadae695877d708b7a1ac2c68924

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c1dd8ad38d7a1f4613520f069f0d0646
SHA1 74132395034ac3decc4fb06279135417769cbc8c
SHA256 230157fb1f1d8fbeaad9d76575a074fcc0dc6004a6bb4fbf065990ffabe52ce0
SHA512 061e9fd698a2ce38a2b74f9480f4c8c65147e4aea70f4bac75f74a0c3529c4319cb2e6469a37c1335eaee757d08b44501cdec9b674d99c316cfa7cbceb60dd8f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ca8ec462edad386f065c26f364f6a0aa
SHA1 1958bd22de7ecea713e1150b3dc4e19058259682
SHA256 383cf8b387e7a871428e76d4c165f60876ac666f95fd9549aa92ff2a19cc8b83
SHA512 712dacd6a7afdbea862b52c7373148d833e832f28038584fb7dca2f31d6b8fc3a6957aab9631e990fdfe32a4e7207673da03293ae25514c3aa1a7f94cc1b130f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc570935f09863c5b030dc97480c530f
SHA1 8a723dbb7b77dcabd135e09dd6ac5a60535b02b1
SHA256 585af654ce19f1d03fd1086cbb74d095e5fe2a201a44ff3ec3ac1d35eb7c8945
SHA512 aaa326847fb77e37329f6d232dae8a7c97b61484296de6941a295111db650ca7dca6ce15ee0e802e731588e803fb1f3d7fe40183a83df701d9cf752246ab31ad

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 32491050dceb3e33a77722a372cbb8e0
SHA1 b31f4b75cb4076ea8ca4de7af2f705d406137210
SHA256 c8b12d34b12ed2206e24562e9d5e5eaf7db456baafb79dab5a299b23f8458df1
SHA512 cdcccb0bde6cf65ad40092edf33d687b5df808fd8a1272a46b913570b9ae2adada2434ca3f8db939b7d0bee44f7eb800c0495ebc33e62b1d39e448f7356d7f3c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bb6fbdffae67128f0c4d1acd64e52f96
SHA1 4d2bc7aba05c36fd1df6baecd3ed4cd292743533
SHA256 4f4d45fb2da2953cc003a51b7a0ea5d439c7fe163f90a703c446c7a9b702ae26
SHA512 8300d6e9bc28d8e61b3cf01b13011f10a0d2dc59ecd05032a14aab42a29af1e61af6ae13856c69b395d9e8689ac01f67bfd1c8b3a0b1e5e25c4d88b64d589d23

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 18d028b4888b6f6e9db8ee0f427854d7
SHA1 3748602bf75d436827e2176147e6ff08fb8f691d
SHA256 f4007d94f35fbc83e87bd2fa6f7dad1321e80db6dbbd0175abdeb530f56e68a7
SHA512 65155193b7d98183be24647d628ef9738cac380c988fab3cd775f89181dc5adff5fee1b1f6aa2fc43e5650f8e11b99e23c28e7382636307e361119aa871d773d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 21b2f81c7de3321ce7004af728d11a81
SHA1 cd7e72941fd5e7980e8c81fb8dcaad45b2b05581
SHA256 30a37cbe50c62b343f48af376084d51ad5f0f4a38bf0e21e8bb72d633a206fa2
SHA512 466a5be67281b38e9d779dd2f696ecb85618b000ee7f748cfe47ff630b7f9ef0d2a7c97581c4cc0c76e79e0ee640f684c26367aeace89836470c285de2a2a52e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e19461030bf2b8f5bb805b7431028e56
SHA1 d4645d105b9ef395d26b2e41cdec9af3279438c4
SHA256 e0cd484a0256cc274c15a855d967da47298a9f373851a82b77e0e966b3602b6d
SHA512 aa1d59368c1461f5c3cdb07565f8e7939e731b185ef5e540048901801e1e19b326a582b6ae3ca84d990f4f62bee2e4a7a7947135f966b0b2effc16cf569b8f80

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 eb84c814eed81f69ef49848d03420206
SHA1 45b76a995aaea76d9ba72fcdc8560b89a7b1a0dd
SHA256 d9fd61b1a3e5fc7f7d39a3b1bd6b5f8227d85b53786146f3960cbdf32dbb203c
SHA512 e3b5bee34e28b56e8581529865cd10747ea96e9be558dbab8136c0dcd1160b0ce2382ac51c1c09052536a969f1d03fa00a6bc7a91487cdd0f76d5e0b67260bdd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 7f92eeaeab07437f434742ce0c4f2827
SHA1 8edc9fd784dcbb612856ed32a28ee49d77267a9a
SHA256 e9e7c651fba92b26a74573d452b2dd9e2115ed06c411499e04445fd86ade2eb1
SHA512 7a49ba34fee8b461cd2e8b554a38ae8cc1bf69f0b616676565d061ebdf0827bc5af89f53161996f05974322c7e7b2de86e4f589252c09eb0dc9415b162fcb78b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3b7e64065cc1094746d92a408b05dffa
SHA1 985e0b8f5ddaa56efeb989a2f8d70cf81a1b7609
SHA256 f533c7760611fc66630e5ce4681fe9b57579a63eda2a311fd74ac6fdf55d2081
SHA512 83109513ffb1b3444869925a509b63313347e28a0ace4cd10cd9a2e7523af242fab28858d0f8829ed30fd83b052f0ed18a74712f5ca6572960351a10594565d8

memory/780-9165-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/780-9166-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/780-9167-0x0000000000400000-0x00000000004BE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-12 06:35

Reported

2024-10-12 06:37

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2194) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_bxt_p.inf_amd64_190858fd8e931883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_b74e18ebf47de72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_fd7b06296b7ac679\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\3px.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\199.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\Office.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\GenericIntl-1.jpg C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adc_logo.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_field_grabber.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-250.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBarNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_system.web.routing.resources_31bf3856ad364e35_4.0.15805.0_de-de_c49637eb4b11636e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_10.0.19041.1_es-es_0928c939bb6243c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\BadgeLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-findstr.resources_31bf3856ad364e35_10.0.19041.1_it-it_62b0acea688f72cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..b-onecore.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ada6f81e6b3e4ee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_9ab8b6ad77a0f77d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ar-sa_cca4ffe0a4320bb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\PhishSiteEdge.htm C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_10.0.19041.1_none_7a6e62f3d1012ed4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\aspnet_compiler.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_10.0.19041.1_es-es_3c643eb9361fcf47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\yellowCORNER.gif C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_acpidev.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_2dc158f3ea3b5e1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-bluetooth-userapis_31bf3856ad364e35_10.0.19041.546_none_49ae6b3d1ee49f98\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wwansvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_69422029c7a5ddb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3a90832120f5eee1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-aspnet_config_b03f5f7f11d50a3a_4.0.15805.0_none_d420656a722da15d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.0.19041.1_it-it_86693c124478b0e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_10.0.19041.1_none_b00bcb3b56b3d8e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e02059b17bf58185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-directx-direct3dxof_31bf3856ad364e35_10.0.19041.1_none_0947780ccbb7832c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.CompilerServices.VisualC\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..urepicker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_63f174ee1b82aabf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..x-library.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7466a4da79c22475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.19041.1_ja-jp_106612f8f3499f3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..nager-wmiv2provider_31bf3856ad364e35_10.0.19041.1_none_355d7508b926c3c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directx-direct3d9on12_31bf3856ad364e35_10.0.19041.1081_none_5cedef40815c1bb8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-xbox-auth..er-client-component_31bf3856ad364e35_10.0.19041.746_none_dce77f197a18c065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..filterwmi.resources_31bf3856ad364e35_10.0.19041.844_en-us_127c9c347e0b8d02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-qwave.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cf2a156f938d89f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.19041.1_es-es_59a95d95fc1e22b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deskadp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4b635e8cb1d44a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmic_shutdown.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_7a63570498e46ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\SystemResources\Windows.UI.AccountsControl\PRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_es-es_887348a5de2bdf45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ndis-implatform_31bf3856ad364e35_10.0.19041.1_none_0bdc3b0de33c87b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aa918e999f1ce45c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wstorvsp.inf_31bf3856ad364e35_10.0.19041.985_none_9ec3d9e91b3d1b4c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\Registry Editor.lnk C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-webauth.resources_31bf3856ad364e35_10.0.19041.1_de-de_b74f76ca529e46a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-system-pr..s-systemsupportinfo_31bf3856ad364e35_10.0.19041.746_none_aabd78350ebd2c5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-updatepolicy_31bf3856ad364e35_10.0.19041.1288_none_d151217748726e64\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.0.19041.1_en-us_e3c0770e5cc46e38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9653cfdb8700a93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncutil_31bf3856ad364e35_10.0.19041.746_none_a4807aed01fa99a1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b9344561b8bc947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..r-aggregator-events_31bf3856ad364e35_10.0.19041.1_none_d9ac6899995149f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gc-kspsvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_dc08fa18555f7cbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_687c6aaf86e0dde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_10.0.19041.1_it-it_1b4aa0ae53b97035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rawsilo.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa22f366e0b7ae5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_usbaudio2.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_e5c3b39c21db854f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_eventviewersettings.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8647f28424e8a741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_400082b9675631be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8a1148293141e096\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wvms_vsft.inf_31bf3856ad364e35_10.0.19041.1_none_226e9b9b5f8a0108\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e1cdf177fd76695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_8d4d91b02544b48a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b...appxmain.resources_31bf3856ad364e35_10.0.19041.388_en-us_acc0f7e0a560ba88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..-core-cpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_b92556210f3ca005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz\ = "GJXEVPQMPNXFJOW" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe,0" C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\38d9aeda5745ab2d524d8f29628790f0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4152-0-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 1ee5052508eaf02a5fcf6c574a83d175
SHA1 29bda576d6c06f8f6031df7cfc56b5df6c42dddd
SHA256 3cadf5cca10ae2f3ccb227c09be5d789f1aaadb0ec471f9ad60ea511c158a471
SHA512 c28455f45ab22b02406f347c725d6df5167c54a58bbe11369ab7bb84dd677b393e9f9fbd2565cdbace4d7f6a54716cb88f936ed058b65f9060cda9cb96424f89

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 190a4d6dfbec070570623d62a05c7ced
SHA1 5c8cbf4a27375e75b5715ec5587288a97d78a2d6
SHA256 daaa944809817e7c5ef6f218a14663698715b984c07a6a3ac7d5ab5bbf479ee0
SHA512 fd2e60d417e5e19a48d22660db497900891bd3bf9b41ded5bf917b03d64ada3b32c239405be3804e328356fdba32a841424c04673d059473fe33135cfcd5da83

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 25b4898ee8cb4ccc2b08615b21bc3457
SHA1 3f305f8e2b7f088446c7dda9741206ba8c46c7ad
SHA256 86b2604f7b1bbe39ad86f4430704a9c0c75120cbb14577d70bc04c9ee9142df9
SHA512 9f6882850bee902f7534a2f4d9604c477b4c1fd2c324493d1acf4d4320362857a8e990487fb919b8b2c6bd2303ab110e9210f4f8cf389c2b26ae3873db993df9

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 ab0201ecf15512e92347962d12dc0b0f
SHA1 e10c20e0fb5425d2fe989e52e641a3f1e8fb42ef
SHA256 432e2635a7b7c7aff8e4380729f335ad627bdaace88b69ee21a0d439870b534d
SHA512 0e4bdaaf40f59d7490cfd5f7e65b53c42adf80ca6a260adf9e1a7d0b75397ee5243dd3566b2b91e0033bf6bb9a1c2c93532c2eb01cd839f406ccde873ae2c406

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 34cf301703656c0b1caace668555f692
SHA1 1692262f37db47eb719d1819f184dbf3c23b132d
SHA256 fb267455e0f166c8275f12119283ac0a91a2cfca7fc73f32082d083facecdb80
SHA512 9d9cef0705f274ef5190c075fef170da1bf6deb475e9f40d45cafa11254a507c7fde6747e842425aca578698959bcb677322782f3165ba0d6a808752c0f14a4c

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 feeb7afb8e2e5cab86b59e9693516a08
SHA1 3905bdc7cf362955565af38f3304454e72ccc7f1
SHA256 dd4e187bdf7ab4c9102ce05186262b9d14effb0ec88520ddf1f50b0009b65bbc
SHA512 a5aca4df0b5b74bf6de1edbba395b3dab076f4b184427ff13a832d3701907f4808267f6fb620ec69c9cdb132249a2311bdcf24c128f6acecb3169cb65cf40917

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 7d8b81400645c29b047bdf4519f2e310
SHA1 a94cbc69b57837f0ff94d877e9f1e7f94e790dfe
SHA256 987949ebb7795faed52ad905227ce02ca6d7aab52cd148b3766fa043592ab497
SHA512 f9afb13586fde97057f642db6c9403424c235a13790ba3efd3e7c8f28bdff6537b89c567b51ab4be9bd9191bad0ed8e085bf6cd8f0830392602a6db7de0937cc

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 e297e0d6ed974633224eed4c2587efbb
SHA1 6beec1dcff3416a19672d5553f61ae222d93e405
SHA256 ea61a43f556b6e2992305b02dcae2244ba538b4631d624641c6cfed20e2e63cf
SHA512 0cfc63f6af417d96dd26bcd67e36920b83df6ff7834b2675b4c6ef83a1514a69a1f20d5aab97d43a26467d4c6817b5d1bebfc734419c09f9862e8f09253c01f6

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 f7053b553a0db85d94f43ee7d97c6883
SHA1 82c4daf100ca3a54d0cf35241e5e147c8eca5cd3
SHA256 8c1f5a82c59673b38b9e6443881bf707b313e687d326f39abcb29fe12596b5a8
SHA512 8b23ab55a699e7fcc652cc393be09f03e2691cb74c6d670756816d3bcfe9b4e36a7a5bffe36d3423833689c50e286f555156d066289a3b81ca5a338483015055

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 dfec802308ebf1c8d33ac6431e19a3ea
SHA1 9aae1ce4858807f66b6e9f4b830524b2b5882ebf
SHA256 1df5021cd8b724569805a9102daeb2b6fe7aa193ca1cc55814c3d309a9a19c83
SHA512 40f0d44ca113636683b7367d8b299fc3ee3844c7d651bb15b72adc3185a70993c8a2f273558f4652ddd6b2929ec74832dfbf20c124766fe848b2b7b06e948081

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ef139168d151d9f9106afd6ccf15da88
SHA1 16a8bbd4d96091ece7124efc191e9b74e40491bc
SHA256 88ea9c7ade77fc0640e0b8d51c2b78fed5908b632c285e2a24725c6b99d5be1f
SHA512 5bbb83b9d48ec408a5a762896a54c2f96a919be9da5b7d6a451fa54b37b84036acfef796cbf1fab5e0c36860fcd7e154fd7879c0890892813cb5eb8e73a5b897

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 eb3be1261fbcb707568f8dce93fe4f7c
SHA1 89cf098abfe3f5203c51bf30d93248d5df469f00
SHA256 b5efeccb0052043b91b32f9cef94e1a5d4a5eafcc69b4b8ef31e2172fd68a2bf
SHA512 70e0513a0af2b69c8046bd6b046d13199591b252ccd811b3394d068cb65e1f5bdad3173fc82c8991bfea69320cc6f9218e585c547327ae80d30c9581a222fa7a

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 f78fe70eb3ce46192e0c4bb3c5d98e05
SHA1 0149647e37f821c07f7516b0f5212cc3ef52dfbb
SHA256 60562c5488c7b90d2fe668ea9b8268e4a98a4b5d36f040fb28b60ed7c550dd68
SHA512 19ce6d9a2d0af08027bad60a9df994924d650a20575f62d887ffe1d41f0c5eaeefc561f84989efdd5b766b3c4c9fea6c0c75ca8dd6327fc417f0876ae3a334e7

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 be445c6a8d302edf36aa981d82df1b45
SHA1 422484f3e514d7e913c87a12dd9b2ea02911090d
SHA256 0324cbe05ad0fc8ca469429e7d3bf82c1fb627f6ae71f303c69c9d544dee5b0d
SHA512 9f21d055de001d3390682807ec25f48b050e66c602a00bc6b53290fd6d2ceb95c66968353ac4b1d13b3637e53ad284cac0eb09d546ed7229a48fd6987c9dcf1c

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 b75bb7a39a76a30648a1ff3245b23fcb
SHA1 301ae0ee24968a3f516a3aea9c8dcf018ae2d588
SHA256 36c690004e0db4d25aba9a4a74d84f29e88736ec1d4571e6642ec85d83628b46
SHA512 100ce308387c2c6984f8ca3e44db757c1aeac3538898497b22983378049eb78e572ceaf368eb522f7456f2909834b7c6f82dbe40d34e996619177f1d7314ae62

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 bb43c481aff6ca0dabcffe32f247d413
SHA1 a671e6c5bf56badabae84757db862e878c14d0f8
SHA256 0c0a13dce4b2510672efc9a1b68d7a4d86d0c6bf1052dee04f052c2445c9fe97
SHA512 64342f46a22cfa7bd72928f3b5ee2c310af792e79ae99ca00a1e39d8b37bfebd69ff3751be59699358641770a518a25188c6257c2eb5b2d6042db68ff72419a9

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 2f8820644aead551d1827640b55c7ae8
SHA1 3cc58d9da12988d9cc78473f1001fffa233aed2a
SHA256 03820ea865ac52daf4e7048e344f88a4804632f2fa2ce3cf99fd0165a038cfb4
SHA512 6f99f3c9d282ec0e80e09ebaf08bc0f6ecdd93b34f07f1e62a2ab46bf5e3609efe541382e8ce65cce9cf369b670830eabae3fc46ffa47fa0f548b3140053888a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 893595374166913093323da602f704da
SHA1 163e73a6b21fe0e65384f8fedbc5bc738f10cf03
SHA256 f01b31f0926b5ebb52d9ae2a929717dbfe4f7cc2d62e153668e27cbfbc9a56f9
SHA512 0ec20a91c06ce9b54b413fce3991047dd298e6593cb4a866c2b5e217eac8b99bf57e158c6dbd10ef1e18b840c266610a6d8100cda94ac84d4da070f29d10f18f

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 fb042410ef1ac8502d42a28d62cb0dc1
SHA1 ada63d5289561908591a80c02e36f9b4a5649f2c
SHA256 59aac938f89672e8f7f10a551c4f3238a9558e3a161c69667be2213aa1dae728
SHA512 b4a7d393351e44f51c58f994db691114157a0cc09ea069594cb974fdc4c8c09d1691bc51140328ade53d7a696c91cd3eda8be621b20941fe09556110e0d9b4f1

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c158712d4fe7ee6063381b1f378cafe0
SHA1 3a2eba692e7d63569f5422b403fd5074bb8089ca
SHA256 873473628c689ea278b60fe24d1de7788c379cb1cb6279b4c789deb9af095765
SHA512 037665e529888ded4aed7133023e84429e6594ee67d69ef5a8cd06e57a4be277da1c02f7131eae902eba2f8ae6311ea36ef624bce27229bb5ad09413cc080331

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 ad92e58aef99448724f93bb774a8a34c
SHA1 c30f44c3bb681c1e7a7b7a4f7080c86af5dda88f
SHA256 aa1cb720a2972921afb8d832197f2268d2621795e21c192cf11af010ea8b28bf
SHA512 5a7b9761c5a85e9385c9b944d69a91305d052d07d3db74cf297ed714cfefb971b8cac1e4035c0abca85ecc65e3295a5af0c97828a109542316ad9e18e2231802

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 291194c499bac4d3f29b11b80e8f2e2b
SHA1 912e82d7e720908badeb275b9b40688d8b9377f9
SHA256 eb033d1e418c163edf045cbe751274519c14b254abe225534bba854b519cd992
SHA512 6b58bf7403ce22e99c811cd33b870d824248b9e05d577a6f74309449c3a50d3aafd6915728ad9bf796cc986764e6416223cb5df8ab9a314f2f5b58c941a7983f

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 869b13a54d398caaab35f014cb4ab366
SHA1 42012e38cc4acfa16babe7bbe2f3af59c6350d37
SHA256 1ef343b14a0d53b27733e7567e59227065cbaeaf3585aa65171901023cac96d1
SHA512 9568568db5fceb1ad977053aba424e1a5b46542847516d92bc009790fb6db4b89f31ae6053392ba472ca653e4e6944cc18895d0dd5b3d5e9c524a14c7dc049ab

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 45bb129ff78e4b5380f96c8106f7cf3c
SHA1 e4a62f04922752b8d6e75a0583f674fd6b989310
SHA256 a9281dc1d5839bacf5cfc601d2b1067c5360b8632cceb6b70d059ac38a2f6eda
SHA512 2d717b994f7145224ad79dc58afe7d7f22e3bed96bd8fcae304a3c62ef47b709c18da317ec7c1e6eeed1ee7849a3cbc80f324570c04ddccc6b86b0276a30dac3

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ecf71d9abc8ce7f9788f658736146881
SHA1 ba06547b5eeb910e1fc69086fa688b2fbdcd3c70
SHA256 4dffc90c3d76b50c37648dd65ba50ff49715c138785f2f93b3ca30e45a0f4eb0
SHA512 a00ed42c0b0b247ef04b10ecec60c2bca30830efeff46660b46fcd0f8265d830cf760db91c22f74d45d5ec48e3bb96e5ffb8a0638a88fc916f3b27c1b50555c6

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 4a23005ac0257b2091bff515fc91623a
SHA1 704deefa073b48e66068e0169da8c2f98779385f
SHA256 72cd5ea21e58e4ecb04e12530aea6e7e5e96f009fc06ddd6cc6ea6aa7cc0bb4a
SHA512 15d911a3702c9d0f6b1d557892bf587b5d6589236eb450a0031e9ccf3a0f4d212c3556db3a26c9da35693c80c0f5734bb9b31717765828fe5da8f9a2c330d7da

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 6e106a2786adfca5a5f85405279d2fd0
SHA1 aff6642df31e25e7a8e5161325eee0b6b2485a9e
SHA256 f5231ade8508547d2c72b596946d406a6c43a5461e8c6dd9848d86e428a8a449
SHA512 537794848d84f2591de12a484f88ce841594dd27f2c11003d1a4f9147a3800aa93eacec7399abc5ae5d121691f22ed91621343f81d91587d0a815a0d77126b17

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 57eae7d4c55baab403519175b60b9f81
SHA1 dd7ed0bc41ab05f1168376b96c4cd130c1709728
SHA256 2ac738bdb692651b45aa9efbd56e7d55e038390e695353399ab0ed9513c93f39
SHA512 78ac1aca24886ba9786f9adf6c31d46b39fa48de6441c4f55996499413b4b965842375ab6ffb8f2a8344fbcd1a06ea0389a13b30f6cda63620a30900aa33ad00

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 2368b9cedba6dbab496386547f5324d0
SHA1 e3ba3c502c0971377ce024e06135a23bbf364368
SHA256 ca5edd9dd1d0151431bf9ce940ec03fb9ed9a40ba52fc529b37119404c1cb13f
SHA512 57d88b86eeb14e7e39e751483e24a73672963cc48cf4d8ad49b02f80174047f49ab81044e2c380fb44f2195b9cd2c3d8b29a8ad6c3d1798078d5b47050df0a76

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 11bc08802793c49c7d1abc4617b34ef1
SHA1 c904a73faf24d154b64f6c0ebbba3f4e84c61c6f
SHA256 567bd56fc8c37ac9e76dad25396bf1d510160a0dce27c5df99a0fc7ae1f9c5ff
SHA512 aada0c5de550308f02a3570ab52de31de3b5ea19fc2aba217196425f75c7379bf1c54ab6d8c39005297e4ccf6c503e2de7e2021ff9a7f5b8e79d85b5b61bba98

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 606fc87c6e8cecba85341e8ad4a5fd88
SHA1 6a8f2948d7c57c7195789b86fb8a3f74f7b0cdc0
SHA256 faf0feebf9b392072941014445e97c0338be52d02fa76aab0c3eea066d6426f8
SHA512 6116695b7bb5a37d6534c287451760f245d04ba4dcff76340bd7b19d042bd2fa5e1ab44c2824159898e3e8fc6410aa102f9d9d4f56d17858444ef532a7116973

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 268278742c21d529da291f6f20dd4677
SHA1 5c7fee053bfe585cfe57d5c013805eefab326926
SHA256 eb1b9e3828c3dc7d42dbd12b6289814b7d38f3e16ae06450c65df687b890f7ff
SHA512 43cbb0101ea69a003bb7e8bf2c863c12e49e5a436c738276778336d1b5f93d63be9d2315741f581a3334b35061c7dae1b979a3416f82ae2889773c0d9006f7f7

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 b5007a100d7a83cfda1ba3022ddd2d8c
SHA1 77be4586255d1eb3d2dffe55c713efeac3583c15
SHA256 97534f4a25a4a2140fba826bb23ff5d7900ef554da4bb14598091fa030fef258
SHA512 7180d4b030c99fae41801e0d45082ec2650664976fb8e76f74174fb8a503f71f8556f18fe342e749095ce152ade76bce188d83e4350f29ad5968184efa932f41

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 360be9f21b32789b82898eb4e079d961
SHA1 478b76e45265078c28cfa5e86afd0a21ee7b5f60
SHA256 f5298671c7aeb41c75ed2ae40b3d375a7ad7c2ea0af555d917e16a844d591c67
SHA512 0680cf66056c778c3a34c7854608885149730dd824c96b34ed4b8e5266142305c8ed15404916852b95c24287a5f8ef62c3029e5146c5e432d60ad1d9d4f5d6cd

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 302065d1d987eadf6d5a6b003ddf2050
SHA1 8091749a4b402fdb77377490b8d7ee9d5072e774
SHA256 403f5be97e42a399d16d147cb1e741291b6faf940048e230f0c317d4b30f326e
SHA512 7e8c5c9061ba9c302128bd7d7b272e4712a818cae88212aa4e9a4cc3b109e83479351071470970aab97becfd5b8586b9ac5235afc8a36839a81223e91d993d45

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 082fb6176d4b0a11a068c70d6d0c98a2
SHA1 45889b71efeefb124aac61a5f48f56685f06ea9c
SHA256 04ca0294775d2905d0fa68c8ea306b987b531e2643ce56cb42bf8146a5f965b8
SHA512 dff6e565b381f0041ea0e30e09e09ed7afce1dc2ce2be99fa20549e2b366451976692ee502614e744642e0a73415c11041f6cabc9690d83361aaf91f511e562a

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 571d5c9397069fd32638d4bde3396ba7
SHA1 7b85521b3fc934e3577216a8f82649d189ddff26
SHA256 58a3113d66a40a2775c150d4948b64b9eb4a6239df2dcf2e6ddf4e5bdfbf0258
SHA512 36719f0b70fb8b4913aee35bc6cd93e3fa408e3e9074e0f26e6cfd4fd429600a1f9f005ece33ce38eaa9f340004a9e4372619599f621569108097d550f32ebcb

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 c100047b84911b111213714c2f2cbbee
SHA1 1bbf3631272e87eb4acac625be67b5bc0b43697c
SHA256 3a5984206bae021b3d2010e3e66f41e964ca43596d703c1125e7034f59008bc3
SHA512 c61455204183738b87fbfece3cad53b0aa0a7c9355609d190d4b037b65846fad229b7edbb043f2105756778525129a7fb87f73a6f41c1c691609c812fe61a649

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 5411bad0160c7046050b27ea58277672
SHA1 ae5bec22488c41640023356621197b37499cfdc1
SHA256 fe54b174fdd952a1cb8c38f5cca4704badf99ba19048a9f3339df925128d3701
SHA512 d8591252d3eb71d232db8adb4e7d7dd817bc9505dbd061cbb84f550a17662c8b0379dded07cc5e714c9346e107858efe14e392299c1b687c4bdebb43f84a7e71

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 ece95a8aa7061e2e7c04832a8195d2e7
SHA1 89bb28a3e34b07f4f38ef6dc9576226164e5dbd1
SHA256 d48d7db763c4145efafc9f19df24ffeabe2191205425ab2f0cfd400286251049
SHA512 d978407ffbfe7c975a9b91eb3ddc951d8c27db667cf188a50688d66a70ddd7a7e3816a88a85d1a05137566a7d26658f00239ae8c84ad973921978388cdc9b6e7

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 0ca99331f156d2447868f7133039234e
SHA1 37645df5f6436e7dbd02e6f52002267edc25e90e
SHA256 5b8b9baed249978359721d3340704662b682df4de5f58516e1783339d8cca7ef
SHA512 7ad0091e736914e2104c0bd5407f40cf7e1ca84fcac3644ebf4aa027927f3ff82be7b35653fb09b40653cf04b11d850cb9560b817c1ca929af10f96aa529c0fb

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 b951703fe29bda5973cdf6caadb57da9
SHA1 338d0772329a3c7c2bafc42a2a83784c7c83df14
SHA256 309a5ea60de10d60ab0ea38747d626d783feddabc39d47e18a4f65832ceaaf09
SHA512 17e576d1277ad935ad5515f5976594af8ff8f393fea0c836877bb1f2768d4bf6870f460ac4e070a1e2f3119956ad2843e73cc182db54b528279a6592e3113251

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 25b17245f1aa9a02524258c13922443f
SHA1 111533b78c572d355f9fb9f2345a93d637daf52f
SHA256 ce22bb6fe63895fcc09d7dcc53f8043f78fb8f68681d3dd323ec9a3f6bb5e3bb
SHA512 6d72b68ca0d1efb0ad28727808fd6cfe3ae84ea89ce55c48ed9f9140d1cde68b4bcf370df82d5d96e5a68c29d75d797b6554cc9656ae7dc2303d788a2cc58ad9

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 44806d00fe4206213a711e9b8325a351
SHA1 ee7e1355fea1b0e8fdd1f3d173a5e857738eab52
SHA256 36451d15904f6042d09727778af8e9bbb5fa01cafd9e74088c6a004c02c578c3
SHA512 741347f88375cee534a073929942c3118920b35158c242be6a92b3f9a1b75c32855da465603a38755a9278a195eb6ce6650667d93246878cc4484811821987de

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 60715b862df2218d12c536862263c928
SHA1 f4b79a501f2ede7496cb801a19c8792dcdcde7a8
SHA256 8b8f55a391b286450688f8cad4ff0bcab6d5c9f1563230e01172991bb7380f36
SHA512 bcb11b1388f24d1359692117193aa9b8bb15a60cd47b3eb3dc322cabee58e768e73360cd317c9119073237d9d44fc1cac9160e58722494f85445f2e23e27030a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 7fd04ce517bd7943af188effe50dcea6
SHA1 679852f77368b2784a492300509d22c9845cba95
SHA256 515127088a08427407db5ecc216a7670ec11ed6630d82cb95b5860b895fb5eac
SHA512 3ccb402c43ae5ea3a53154e9d32927d42a478755d5915e6f6ee0e164d9a19ea96e4c9718c9022d3a2c3998be1428b49e884a6a2a02733bcd997e5db06098c70c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4b68f43ebb62660360d4cd50bbd7b7b9
SHA1 38500431b08506b7cb37447d4eed7ae2515ad484
SHA256 0fc101466c3343e0a74365afb238d8ad477ef4aab4d4cb279134fd59b96940c2
SHA512 fcb8d41e0e198beb37323daed64f532d6129642ff62327947c25c1a12e01bc669c09a4477a401657bc6dd20c52bb472b838d3a93fb05fa60cec53f89892a3764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 364c45dbeaae5eb5c9909564b18f63b3
SHA1 0f9d5aca18915f11008d9b3b22afeb2bf8203f7c
SHA256 d88a80177770bab555f98b7aaee5a2a229203df771bdd9533586dc1c89752034
SHA512 5ce6761a1079802a8d10c612429dfa7d4d8a7a229359ca7d40d27b57771cafc4996e939640162e91ab5cef9cefad6d9cfd7651b63205d22df2c5fca88451ec86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 72eccd93cfc1aab518102b92b50f170c
SHA1 bf0afed61789f971b7671acb366269528c7d7244
SHA256 c7191372821b3f2b7d8da401250068e3dd98f701372be9597f2b204154d9ba7e
SHA512 7d032b29b20f7534e8b71ee782425190c544cac7995b0208b78077f474bb9b7905d479d8f5be1397e5cd9ef26dd42af24a4f1363a2fe50136f23730548be6166

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d473a853fde41db2dae6b5d499d1fc3a
SHA1 c66b5bd1c0b64fd72f19462bafe1edbe712158ee
SHA256 86726777e3b10b3fba881db6eafe4e45046f7040494445667000972596f160df
SHA512 07e6f9e2b585cbb61662c91b038c29c04ac634561587d92bec7d9e1122195e6c468b7dd0ae19e884260500438787e829095d8e41cd8b20f80898277b2f6d42c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 54258f820bbd49ac555911027d780021
SHA1 9a7edfd1919b177a827ea035e92b6d3ed1feba19
SHA256 7c23a4e1ee1654f2998fa83583f6af4dfa2db913e2ad29450e360372b8343451
SHA512 c7674c438cc334055e082d4b7a9aa71b5b65f06568e1d42830809c126e9be69a967ea1fcd1183311fe6e8e3106c0348154200022e3cdd1c35ac2605d555cdf88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 8b2a93ae028dcb123f99e375088f1858
SHA1 2541952c331bb49d55fe84c67a8b78180d4da9ee
SHA256 7895b212da1f365efe97850cfa19f487b9b9371df144f502577e771dd2c5571d
SHA512 75d84c22a98e2b2d35d23edb3c70295bf45a72f7095892e46862fad6e7456a22b3a40c04c75d550e1d3356fde547d90ef0303870acaa80dc29dd885e265a0e82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 936e6a72c86edfd822ef52760bf2dc71
SHA1 6421f85eb4835eb28063c9313f11c8d84f5207fc
SHA256 b7b3065303e7c932ed7fa260f7c0055743a37c06c1f4325d8e62d5ddfd652fec
SHA512 6ca096c98c6945b8c3dc752f8085555e70f332d4dbddce6064af34d6753c3197e578750f23fb163f8f701a061e1c3dca579301513071528189aeb386f563a9cb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 32f20d9bd7c825756b89898ed5549c4e
SHA1 b510feffab77a07435ef25de7a4a15a2f8820102
SHA256 22f0092aed231b3ce89539ec00901ad805e93ce535b624b2c44a47c02c8bac3e
SHA512 caa787167ccae15f9b66fda948d6b45d9429d8caa6235d82af873c4a37d90bf17bef277beb4d6680d6706123d1d0c141b7b6959165c44e067139a2cd54fb22fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 01aa439998084bc198e4e30b8eeb7bcc
SHA1 90d1a1f5f4255bd8a0c9469751b695b7ce0821e9
SHA256 ba03e80aa8448deb091610df5b7ac3c872a4c70c541fbc7d58aa926865ccb016
SHA512 6a1e237cb44c9f1e79214e263f62722e247954c37c4d19b9f88a4325eaea718c4df57915302144b603e7e24fa8464b5d5f8c7987709399521113acf5d1e834a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 87b6ac82d93dadf13f82e01a9b6f86fd
SHA1 b39702ffa85c7382b6bfafec0396b9b43d6f520b
SHA256 786613aa51f257903b1e66cece5732541aad77a862d53217f3ecfffee4b69e97
SHA512 f5ef8f6f8a21a7e02c3afd6e8f26dc17d37cb5d8d2ca0dcb8f8545524521765e792c9a3d8a4d2552943137d390fbe7b8b2df75d4aca3e4318c5d9e21934da535

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 abc73fd1739294541a0eedbda1947fbd
SHA1 d76bf01d40e7f3e9d94b421c63fa0627b3f020b6
SHA256 0ab098936435752743f99f8e5e00abae18220b7c2e7a3a8b8ee0d3c376148311
SHA512 9b6eec9b04cd15f311eb96649abe17360ec5889f09703fef659d1b5f37a52690253618018924d12b927b302cca0740c0c9cc769a5498a3b6e11c329b056fc398

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 aa162d6ac90ceb744840cd0e7660ea94
SHA1 bb03403dfe06c705fec0289e720adda2df59bc63
SHA256 08d04c32bb375e11c283032c842847ba2ed3b835dcf6d274b807bf4a1c4ec69d
SHA512 5b655b7b4aafa1b8facb4b06d70ffa43125e498c636f07c653cc89c3efb0970907a4a538e6e612fd26dce37c64f8e0cae638dd917e44ad668580481d41434fe2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ed5d7983fc4d34d0a7cef5b165b5d162
SHA1 e97922aad5832c4e2a56f1c0a2faecc501db0bad
SHA256 4c593f3a32b408ddf9191a65c457b7f39d563e5f03261268af697dba1a976d9c
SHA512 a64d6895d1b6bfac27ae4e1ccf6e4f53d0743fb6576cf2e4b03a3a4e819079ca85a77aa2ed27bbb9e8a489ce299081569e8d85d80e247e4c460606f7779ba7e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 18f836967aaca967cbc52c2f12c800a3
SHA1 8d1570a0a0e2c6e2c10d35e1680db831dd7d35b8
SHA256 407a9503f536e73c45c7e4fe1557a215c929fe8911084fb548cb1950bdb18a81
SHA512 8ba5043f52092d1469fa49e85fdd1bfbafc290114e5deb88e0e7091e1d4d2d4e3dd23f2fb507d6117b8a5504a6e19b43da1df5518e3e8bb8df3d2f5bbbbedf49

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 5ab57d9ce3d0436de22362b8d1a55266
SHA1 a50660dd6ba0d12865cd932b9dceae4005fd24c7
SHA256 3656f3d18c30fd33faa2b107f6e4e4c39722173d30910ee52249eca769d8bb8f
SHA512 1cc778aacb1c206ab0d5e16f7c6305ebfbb29db606109351f3f43c1093eaad215973b7369bfed98bcc1644e51a2c480c4643f52812e76fa751c71277ffe94e66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 209ac3e693c7964b4e5354a92750419c
SHA1 9c1a5f0e482c012f376fcbe854e6fdd018379311
SHA256 817555d679b07136b710abdff23cc7555c0b198b2db9a71bfe7072d8d7aa72fd
SHA512 49a7e33f370bd4964ff31afd8bcd4fca4d223808c0d257ec4c1abbfd4e4b29ab15f8c9f6a3cabfb53811c9a029a8f4b65ce8d002584a58d432fa478e9884f6d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 8461ba2149268806ac1e74e361f739d4
SHA1 c089f911e68014b0572d2b854922427e3e8cb30a
SHA256 90d3291b3bc220612a5c05bd96b1145d507de6321ab71fad2f6ce2bef8545db9
SHA512 215b27a66899f0af64497c9556c293149c4e7b61f578ce2cd3ab0a823e26d47295e4a69c72dbef94a1bc53a52fb2b39903643247cf935e3da5de32094b8e55b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 8866f1e0855ffa593c2090789b9592fb
SHA1 4181895744a7b441d2d93bdac8d46feb211f71a0
SHA256 78a81efbecf006febeee6603385e6cc18c122d49cd9c40770e7df2c748adc3e4
SHA512 d67f284c3063a266158108710a394b743f93a59b7294a1ebb7f06f4cf017eb9e72fdeb3a7fa84c8623c3d3666379eca826247de0869c22af98d3de6856afde05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 34fa8eb96861dbd949d777de1149d989
SHA1 69c0d16c05a21d2afda95f4fa1774c13da8c6591
SHA256 23919a17bcc4f7fe0af9716ce4b91cbc6d492a29807be0bf54a51ea1ced2e01c
SHA512 86bc67e9c2b8442ff3c82b331d0b61fab2acc80531e6ce30b98db50542e5859a3f96a2426b10deb5b84199b653f5a6f899bd942a8251c772fede78e1c0c02d30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 21661972b3f97be550443aeea4bc88bb
SHA1 02cea3114bcda92584d3cfd97532d11a7cabdf27
SHA256 ab9a94c3ebb9ef72633de39916290de822a3ff36bce1f3fac65d986edac6b929
SHA512 ab989ea11aec7bb85a94fb77b513c24eefb44be009cfb43f2474f58152aafea8db0b3b04a49bfc9d95a17c9b5c1fa30f872ff8355f2dac19b710ce88df9ab958

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e0c1da56c834aab6dfd88b63d3b2fcfc
SHA1 32ea4c7d31892d4ae0af119e3f850ee1b6f10382
SHA256 3fa6704013c9582c93ed5ce6ccc1eb3ca3604af129cf869250dcde0d2f8481ce
SHA512 96a6d2123ddcdbf79a9efc31d4e2c9295b9b180c684913374586500e38827d84127f62a5e5db0ba9d9b28a54aec7a45f737128721b68da6c14271410ac87b558

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 988c0147a9bf1e60ba48d380f46dc88c
SHA1 5f21fc234143919c0c18715bb6c9f1bee3d1dbdc
SHA256 da919094fbdcf2f71a09213b80a869d215f2c372764c61097dcf58f02d977b32
SHA512 fb6d2e7804ddf3e9ed008ccbcc87c2b2084df5c6ba9f18b01784e530f945d1f72c4f968c6c170876a26ee2f46a83063d2b18eacda5f31cb1385feb396832ccd2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 9b5b6ce85234e422041535114f051945
SHA1 73dd248a172fb24248c8207fe554bbed63ad71d3
SHA256 70b8ed50a7212bead23cd8957a3eefd667019ed102fb1aa3e03b96f010abad0d
SHA512 7b46fe561bf54dd4b9663eb6ae1605cb99f02681578aa2d69da3c4ee3c86c43f9f305473a18301e8bef6276f54bfee75068463bd4a8abaf2aae68e7d1b6b5b37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 55e9f865de9393d01e97cdab045bb8fc
SHA1 929ee5f82b6e6c3f9336e4715ddf83c0f5040a42
SHA256 814565a09a975b92bd8eeb8017ae2fd33d41f50d6e004859982e7cbedea22108
SHA512 240630e5b0a27acb07f216cd599140c96c246e6642d5254330e762f89f82d33175e2e23fb726f9577614571ee1c162737b28390f155d66f5d89766c491e0e239

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 c00327d8356bf46632779b163d3e61f4
SHA1 320046e9bbf75d14c18e35d19d6237496de86068
SHA256 d03ea2fe40fdaf7470fa1fbf01052de2c7673b04db1618e1787565a802fea00a
SHA512 72e8d8ed8c0cd4f5d908aaadaacc5c14ac7c8484fa70c58a391744766f90be5f1e000ec1faf2a98606745b64e6d52137db374ec101027f2b2fc95b87e6debb80

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f509ef34cac1e01b03dc709c0e14e207
SHA1 3e89fec86852cea944915f732b3970cf887be9be
SHA256 1064f76369903984a89ff735fc76252d3330311ea72bef0dc03e0ffced33992b
SHA512 7cb07c6179f285d7cdd9a321e399a3bb8bbe6f17c893dd7aaf21d09f3b10efa551d0c02f4678902c8ca7d11a158859098c74cdd6589a41b8c4dd251d2e6e4674

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 fa6952d1f7b82a6127c2c5caef5c9f49
SHA1 0eb97b07c8fd9e930a5422e7736d3bc47e0f59eb
SHA256 5160c552f9605e44503823efa76d400abdfc96ded48958539bf003bc6adcad6b
SHA512 7d38fb35991aeab6d0a7859457dca7df364541417bba2d7290855ba265959fe5afd5ca4e3fe410c2159ea06cafd5724c51903651f016a792370bd5f108467672

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 21db025f89830b3e6569c9f28595bc73
SHA1 8ec6ebcfab578be4326657a94aa6a41e394741fd
SHA256 329e6b1ba5b36fcfe7f0687a1fcb0ad55c83d0af2ddfdbc3ef7be7cb349e3cfd
SHA512 1697ff29603d72cfa0dce012c2ed312a3b691f3671d1523cbb2f81aa0fa7817229038011d289878a68242fb5a46bfc7d1541869c25462a2b6985d97de72680f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1a9b9cb8dc1641f340dd75325a003800
SHA1 2965310e41909c8bdf66a4cfc0fe142f175158e3
SHA256 1ad872e2acb7bdb601a9e345126a08a1ae5bb8a7bda6d0a3893694038fa1fbad
SHA512 ecb3a88f2f93e2dd8062518d377ea7c3dc744e651610bf8ff1486a134394976330a3b4fd6d9cbcbc0b9a924710c1445302de7c202e69e6bb3785661b2df0793a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2a206f4c65ab3cb352cbfc6480534650
SHA1 7af781cf43e737ec5769d135ffc55490e9f7e7e3
SHA256 194a37d7ea7ef49dee8ec545cf03ad0de110f985a02d959fc24d3afe2baac5b6
SHA512 0d9134d11a385a83902a0ee05e526c5fdc417a04bab8a269c59da2e91a3554855de6aaf0592396ead139625c48cfed65104115d6a98590d03e368d28ca7da1d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 76389c9ebb4adfb72ae8874e0f1264cf
SHA1 60347b664c9249d3d9597a77f364b14cb30231fe
SHA256 dea51dc20927b4f9e4019a39112b1e612b7f1b63be935251780ef366065c046d
SHA512 d2e359e4c670c56b4d96e35d3bc9585451b17a7c5b405207013845f5f799810b1428e3d584dae304dd13015c13fa3b6eb34779b97a0c7ce1b58fead6d4d88710

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 8ff1ba69c403e56a179204eed3b290ac
SHA1 0b0bbfb8d34ebd43606cc4b0df3d23c051b1f24f
SHA256 4f261c4018a8bcb7e17a7c741a79db08f660b245e998f493b76349b29711737f
SHA512 542d2b0c17f9691dd9a5d662bb22af2f7f9811874b4b2dcf922e172d90ec3d40d23d659160c4e8a8c266c86e20b2fec64711b4bd0eeea457e39d550ea991d9a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 a3e60d76e1441f908603c8637983f358
SHA1 8a68edc8dfbd44e6c97ba9a0562fc7dcd64f441f
SHA256 da2835be214a7e817a8e57e7c9fae889a072b31e2558171f69014bfd3082e9ed
SHA512 56d70c9497cd217ef848739e1fd0a6f710d13799d354b214d6fe0c865de9f9c879bee46ed001a997becf1355dd2ba49ec00370fbffee89c4cfe264f610775c68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 a2cc2d060d08630835113c1d895c4e83
SHA1 5066af214311bb3c0f7277b4a8da31ec9c5909fb
SHA256 6af465dc3559ae36fd59bc5cb02c841ca8835cdcb632fc3de5c4a20cf30736c6
SHA512 cc1fc97a809431b6b0b2fb3f65aa7b6fabfd3e23970863fd90f1ee65bdf7bad2a603704e273561d2525761079e1b7d4ce1157898c484f4838608eef8048d89d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 c19f7df8637d15bf5a18001626f006a4
SHA1 fdcca7f96e38f0f22d4a2d79f5eecdd2ea53441d
SHA256 d1dbd58394b283585e8e9ae80f0b33afe2d9c10cd07e563fc7748c0648222023
SHA512 f0b4737eed2c5dddf99e7365fed05c49c9aa6877a1811ca32cd084d4eab159352a605f9d61d6a393ce42ff0ce341001a4f38d64cbc77e30874af6a86739f9937

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 bbf841622ee77dc7cc3227a136723fbe
SHA1 2b5ef452769e22c5156e9c64c4923de92f50515e
SHA256 9244c4288edd411f257ed38ac959becc4dfde85848f8cd984fb4d33c0d1ea8e2
SHA512 e338f8e7e27679a93b4a4fb22a1e1593684a89aaeb2c5c62a88fd08a2e554a575953bfb9960167862b525101d0920cc1ec4a6ee1d6372259382b9c6379f1bdd0

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c1e3343ea0fb95f910e134e8f2339ce1
SHA1 7c0e451d937dcbe53f40832d6f4697cccba59dab
SHA256 b94dafe6e4a670b2cdbb4f6498f16c91e75b09447fed025302e72eda8941f6a7
SHA512 47c255a946cf02b22165f094672326ce161b8c732083060397a7295d28183f6ce672f5435663d116848be1f969f37a4d88b41eee83ad3434e9ac43e0bdc49045

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

MD5 7ab67d95d987839ac8cc61c16a195232
SHA1 d6c5ca22122ad61ef2449b2a24c445177d078034
SHA256 1f9a33f29d7752fe03bd494643adfa7ddf62b0bb748c7289ffb9272d12805f1e
SHA512 6fc385397e09c89ce35d7a3871af7d4b9dbb682715dafbc50587bb1da616f7e2f6b19d0d0c9871fd5b4c8ff0aa59797ed847413e34f5553c901c142eec970b9b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

MD5 2f9a3cc20d91363a69d5b81823e8b97e
SHA1 20bdf5b7c1e9737b3cb886e199b44d9545f3b56f
SHA256 e538ab05fb9b8f417bacd10f7cc3e34b35333fba297c6aa3d53c95a4d5a32238
SHA512 cb72c261a4136b13bd5f95a9357f150e5dcdc109efb8decaa79011db47d1cbe0f38495fe3691734f65d9567470111b1104df9660473aeb2304a579c275076282

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

MD5 cd2075203a8b4be29a1fd2825bb1a442
SHA1 736bb4cb0402a7f41e51eb082f031b64d31e0c34
SHA256 046b0c2e9e7e510b48878a5e35353c1fb96c40eaa7160173b226c94bc00b4ebb
SHA512 6947091297112466479d327d904795d139efc9b807b9590ec2d9eca3aed3b569a7d3f9fcff8fe233a35b3911ea0bfbad7a296e07d773b7a75bc91ba4b0e5ee91

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

MD5 3ecbe6038ec8ecc7afb5b7559c675e04
SHA1 25dba67a9bf2af772649bbb05a0f0aaf8d0bb34d
SHA256 7f1be135602a062dce01ce19632858a819d938ad626aa70d170173bf4c6fcc53
SHA512 87b3b3f940ac749c720996be97574fc78ec4185210ca37a04f90a69173c1dc87f0bb5283ce301db4558c33a4e961e89f96fa05bf568bcf459a3381a062e1b625

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 a525275e89cb8f1f90b93f0c1f1a1ffc
SHA1 91ea71760aa597358c90c72b48dd1ed781fd3ff3
SHA256 24144109fe4ddeda2357c6bf380941589aa5ed5c94bc942406f533ffa2161c93
SHA512 b560de7b4aa4e05472af97a544fd2f23fba4d72e3c08013ad4ba3e0f039e228fd81d8383f82895c0dc207fba335176bbd23e8d68ecc8cd0bfe97da8b1f858646

memory/4152-7164-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/4152-7177-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 6db99d1df393d7a67084a2c0160d6a58
SHA1 5011f5f89b071e38387de32319c6eb805525893f
SHA256 07f998a69a0960902da083cabdbce52600086f259e979eca16ddf4feec19d8c7
SHA512 66909332b1154a2e8cf4056a49eadd4610e7a95ba890e698ca49be0f9857cf65730712751dc3ced4b196e354e96c83ddd2c2a56655239de2d52854d972218ba0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 60ab67f9b776a7684697067c292e9bb5
SHA1 ebbca44ec73c6d0d3c587b6600185e1f6d9622ee
SHA256 a90324434911cdd8beff915385c492c8cfb47288e5c9626d92aaeabfcff16d44
SHA512 44de40c5292f2e6c86318f9af2bd856d7af3e3c2432db0ac6a1a5556a0c8c761cae15ab2e2835863ebaa4e3cbaa1df614e6095c6f23550f9a6852123045bbeec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 a3a2e8e4018769171634369adced8d53
SHA1 8542679abb36379dd4c99d54191c73306ba97ad0
SHA256 891a38ae41ef4309bb412cb344cf9615bb9eba558e20eb66e24fc3e3cf96477a
SHA512 339e3b054c7d00f3c8262a8e28b726f751ac37d90490c9891c79b34d5b9882953a7dbfb033317c8ad27239da4b160f2363b3aadae695877d708b7a1ac2c68924

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c3a6cbc73d2959018d1c808273483d08
SHA1 f47f5efa301e88d9cd7137c1584dad94b9b721eb
SHA256 ad0ab299d5b9e06fa45a2d3430300374a51a92020af46390aa10374bdf6ff6f8
SHA512 5ab4333b3adbc3f56cbfdcf5e3013b4988727fd7194e2ecb944fd955b8097614ef41c904b83feaf701d3624842aa69fa78e66066e9872cdc652fcca7cfaee542

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 d118f5558faebacdef6d4f6800a8d8f8
SHA1 c491a38354a52dc0d77ae50706aac7fb412e7470
SHA256 1bebaa6e3bba24569c14e3f3b3d88b35d7b4b51b261dbc73fbc3ea9125edbe52
SHA512 9549ceaf47ae3abde83c1db029e25033d8d94908b92fb4bb20e173c739f3bd41b02f324fbb3a7551b3e158e95849768ae946c57ce5259313a5f68c45fe90ab4a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 7f4512385e062b8f6169e308de3f2519
SHA1 c6d872111ec511176621d003624adb148788bbf0
SHA256 7e1ef2719b5ab8640221112697806607bddeb2c47cadba01b968c87294b23931
SHA512 3cd4e005e07a9f7a4d3204c60ff8d6d007bf6115baf91c6adf480eae8268336ded6256a743c039f6c631776f41d42f5652e82466e1c1ace1f955147f0fa0b59c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 5eaee4d83586101ca94cbd6db23419ca
SHA1 fd5653258c2c7932e3b21b43b62895d5e3726010
SHA256 66165c9f5673e46189a6ae110483ca1f2f8982256c38ec33a5586e7e76b66ab8
SHA512 37982a9f3d21abae069b0fc9d10f3f8ecefe7d46fa99659ca9de628fe394674731452e5edae487885a05e19123f7f15990a6a1a40127ea7acef114084ffa6e5a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 cc570935f09863c5b030dc97480c530f
SHA1 8a723dbb7b77dcabd135e09dd6ac5a60535b02b1
SHA256 585af654ce19f1d03fd1086cbb74d095e5fe2a201a44ff3ec3ac1d35eb7c8945
SHA512 aaa326847fb77e37329f6d232dae8a7c97b61484296de6941a295111db650ca7dca6ce15ee0e802e731588e803fb1f3d7fe40183a83df701d9cf752246ab31ad

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 3b7e64065cc1094746d92a408b05dffa
SHA1 985e0b8f5ddaa56efeb989a2f8d70cf81a1b7609
SHA256 f533c7760611fc66630e5ce4681fe9b57579a63eda2a311fd74ac6fdf55d2081
SHA512 83109513ffb1b3444869925a509b63313347e28a0ace4cd10cd9a2e7523af242fab28858d0f8829ed30fd83b052f0ed18a74712f5ca6572960351a10594565d8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 7f92eeaeab07437f434742ce0c4f2827
SHA1 8edc9fd784dcbb612856ed32a28ee49d77267a9a
SHA256 e9e7c651fba92b26a74573d452b2dd9e2115ed06c411499e04445fd86ade2eb1
SHA512 7a49ba34fee8b461cd2e8b554a38ae8cc1bf69f0b616676565d061ebdf0827bc5af89f53161996f05974322c7e7b2de86e4f589252c09eb0dc9415b162fcb78b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 eb84c814eed81f69ef49848d03420206
SHA1 45b76a995aaea76d9ba72fcdc8560b89a7b1a0dd
SHA256 d9fd61b1a3e5fc7f7d39a3b1bd6b5f8227d85b53786146f3960cbdf32dbb203c
SHA512 e3b5bee34e28b56e8581529865cd10747ea96e9be558dbab8136c0dcd1160b0ce2382ac51c1c09052536a969f1d03fa00a6bc7a91487cdd0f76d5e0b67260bdd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e19461030bf2b8f5bb805b7431028e56
SHA1 d4645d105b9ef395d26b2e41cdec9af3279438c4
SHA256 e0cd484a0256cc274c15a855d967da47298a9f373851a82b77e0e966b3602b6d
SHA512 aa1d59368c1461f5c3cdb07565f8e7939e731b185ef5e540048901801e1e19b326a582b6ae3ca84d990f4f62bee2e4a7a7947135f966b0b2effc16cf569b8f80

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 21b2f81c7de3321ce7004af728d11a81
SHA1 cd7e72941fd5e7980e8c81fb8dcaad45b2b05581
SHA256 30a37cbe50c62b343f48af376084d51ad5f0f4a38bf0e21e8bb72d633a206fa2
SHA512 466a5be67281b38e9d779dd2f696ecb85618b000ee7f748cfe47ff630b7f9ef0d2a7c97581c4cc0c76e79e0ee640f684c26367aeace89836470c285de2a2a52e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 18d028b4888b6f6e9db8ee0f427854d7
SHA1 3748602bf75d436827e2176147e6ff08fb8f691d
SHA256 f4007d94f35fbc83e87bd2fa6f7dad1321e80db6dbbd0175abdeb530f56e68a7
SHA512 65155193b7d98183be24647d628ef9738cac380c988fab3cd775f89181dc5adff5fee1b1f6aa2fc43e5650f8e11b99e23c28e7382636307e361119aa871d773d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bb6fbdffae67128f0c4d1acd64e52f96
SHA1 4d2bc7aba05c36fd1df6baecd3ed4cd292743533
SHA256 4f4d45fb2da2953cc003a51b7a0ea5d439c7fe163f90a703c446c7a9b702ae26
SHA512 8300d6e9bc28d8e61b3cf01b13011f10a0d2dc59ecd05032a14aab42a29af1e61af6ae13856c69b395d9e8689ac01f67bfd1c8b3a0b1e5e25c4d88b64d589d23

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 32491050dceb3e33a77722a372cbb8e0
SHA1 b31f4b75cb4076ea8ca4de7af2f705d406137210
SHA256 c8b12d34b12ed2206e24562e9d5e5eaf7db456baafb79dab5a299b23f8458df1
SHA512 cdcccb0bde6cf65ad40092edf33d687b5df808fd8a1272a46b913570b9ae2adada2434ca3f8db939b7d0bee44f7eb800c0495ebc33e62b1d39e448f7356d7f3c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ca8ec462edad386f065c26f364f6a0aa
SHA1 1958bd22de7ecea713e1150b3dc4e19058259682
SHA256 383cf8b387e7a871428e76d4c165f60876ac666f95fd9549aa92ff2a19cc8b83
SHA512 712dacd6a7afdbea862b52c7373148d833e832f28038584fb7dca2f31d6b8fc3a6957aab9631e990fdfe32a4e7207673da03293ae25514c3aa1a7f94cc1b130f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 c1dd8ad38d7a1f4613520f069f0d0646
SHA1 74132395034ac3decc4fb06279135417769cbc8c
SHA256 230157fb1f1d8fbeaad9d76575a074fcc0dc6004a6bb4fbf065990ffabe52ce0
SHA512 061e9fd698a2ce38a2b74f9480f4c8c65147e4aea70f4bac75f74a0c3529c4319cb2e6469a37c1335eaee757d08b44501cdec9b674d99c316cfa7cbceb60dd8f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d5e366806b979e3a33e2e12ddab03035
SHA1 936edbfff215a13fc528d7f86f31997049a3a220
SHA256 c5319d529667a2ec89fe142b69827d4700729537e175ed185adb945936271db7
SHA512 9e53353117d90362cb04663d07a44f4824952f58a80a9215bbc761ae4a91091abfea070b533193fdebf5c519fb6d96c50c4091b721e783d8e789755384e71558

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9efc0acf68fda4ec5b17f6b5dd841e67
SHA1 d5f437a6fccdf937825b80acfd08d3f13191591b
SHA256 cf52101bfcd22a7e76872be349170826df267593ea84f87a2991e4fce337addf
SHA512 45dfbc7a3d3cbab9d22fe6a53c0d9bedcc0cdafdae96aad9a299b9e8a7e0de9364865bbeb4f8a175017a2126ba40d832f2c7f7729a8f048c2359fbc591df1ca8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 f3733ead2da8ec7307a0003dd673ba8d
SHA1 ffa41e5d1553ce39257a89f455c625b6bba6a297
SHA256 eefc312bc64df42e05af2d08d898ccc271223ab62035157078e590035b8b2bb8
SHA512 54233f26ac88839a35a2db7e91b0016eea9125df273e79b8675b1bc920ebfb08193e5ac91b023edd60e35e9662b8e68c45136fe374fdeb99ee831e45a9d15755

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 f8c2fe1f3790e6c4315a161d9584a40f
SHA1 8af7736687a097f48d822b1c3aec86e3387cf952
SHA256 604895a0926e85b43d1fac3af312ec0bc95270e45dce6acdb6c11fe0b924d476
SHA512 e5990a2af7b3f91e71a43da3ff000788b1fb01890e864d89f095a74c5bf6ca2cfbc91d2870e9c6c76d44aae8b1b07fafabe563c8961e3543abeb9adb266b9a0a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 f92a0acd570ed1d32e21a5343d5e87e4
SHA1 9b7c07400704de55d5d5cd7b5084bbfde2c8f316
SHA256 536144ae29d4f9fbf894a3b9c76e12fc105e09370a94d8d972b423e6c0f33c6e
SHA512 779bb45e71865efa4dbe08b239a5ed13b9451ba496ec6f673c16d14cb8034f499e6d24c8effdcef892ee72aff5712fb372866a7146a8d434422d0c6ddc678e8a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 0d2b5cf53272ceeed193e7c93b4afabd
SHA1 1ae4a307f5aa6e37a23e6aefdbd0f96b11379860
SHA256 b84a881e3bd7a3afea8f2fb84b0becaea421339a99bb3e92d3d9f05d60d30944
SHA512 b834599d7b0d5f9c739587ea2e836ca50bbf0cd40b08dc398e68147ccaf642cf5215c11755e27aa3d28f100db68c58e6c018631ef4e4796d9c9b1211521372b6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 bf49a7156215fcf317e7e852c3cb89b0
SHA1 15a3b4f7b87bd5a9cedc8c2d1d9dae55994aee3c
SHA256 aa635b514967ad50dbed6217e4d7a384acfabf7a39a425bfd38d140ca526785c
SHA512 2a472cad7136dc5e372b32d6d7b77f96a6dc4f960d68e6c2b0e2599f53a2278e525a0668d0ad2780531ad3d06af70a796347f0ea1c4f797f1587bcb4bb1b0354

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 9323151503ffa5c8ad122c6de0393e54
SHA1 b95f57c6f0429232df39ad01f46287c431fc7f08
SHA256 840c7a1f11b43dbc04bceafe9bdd747bb833e064a5d74804bf24d2d426abada6
SHA512 6c289e001f7b75e8de87cf1e8e4a5229984a9d6208a37d43d80ca25d80fb40590d2cf5e02924d9e8162ed070e7bfa8718b671485896cf448ecd85d5cf97316fd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 e0ae916d8725c920f936bc47f6b3ba8f
SHA1 6e3821cd9f3b3f914e0db17ff49fed57764b8ec2
SHA256 29990a64de3760bddf9db385564fa55b0f99f10a74fbc21febc9480c0f68d5b1
SHA512 f6e063a9293f5546fbaabb0523e9419f37add922f064f2696ffa6cff463109e8265a965d561577240a3f7de7460425ef580b700f77b672615a6388f93e4310b0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 47be01893ddc8b8d7994255f5ac9e7d4
SHA1 fb3f8537f7f6dd3a5ac41e9266156d834df52543
SHA256 a5859dd8acb3d3b0d98b698205221dcea0e0b8e93f46a9ed7d386d02f3c5e210
SHA512 fd083cc8a8d6b99c0489446f08d7a533376c05204333ca3325551d56a79bdf45f33d46f144ebb6d544ee578342785cbe80197fc360bcc509bda02f4d07e4566b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 334ccf8950443619458fd4fe9c4a996e
SHA1 4e2fc7268eb440cc90be88bc1c6cb64611283245
SHA256 f47938c28dc0824f3e6994e24cb9d56e5fc12c0b75ce39d24dd99ca149cd2e5b
SHA512 fe916bc1be596924233ea300c273ba11600d1a5e2dfa96cbdfde341ca1a07c212097b64e4c5bfbc986be16fb68cfa2c7414eb2171439aedd037a131b8f7c487c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ebb39518fdfbe31a8139ad88999d1a6a
SHA1 f7ca2fbcaafccc4d863fe112a7e73ca505892fa9
SHA256 b0fbbce230d40e4476ed1d59b288f88c189c4dcfa07287a67590dc7ab5039900
SHA512 885a995c6a64f65122145999bee4e3a8dedbef6e954b5535c024d54c77e1e0ad5441b41f7728543c428acfe9ec5cefa53187613366ff1d0e6d3a6f8b07d9477c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 823b0ba905697ba3c9b57d863b37debc
SHA1 b8f41d160e0ef7f5138eccfc0c448527db49e03c
SHA256 65c01e8e1fe306fb7d8a828f710f084acb5706290d061b2bd7b186db7aca7eed
SHA512 6ae173a41a00f72658d3289f805b155ac510db68a61916260c1fddb3b43ab0281653ac12d3fe298087bc862b7f02f93ae0235f82beadc18e21d860b0f0bbdca7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 51226f9d11e97ff52e56703ac6500bba
SHA1 09d996416e31bb1fa1682c95f4de9a0376295755
SHA256 00156a9c0ac7d76f59e33964a4d4957158f6f13975bd5fec9d0fb87b4ab50a7a
SHA512 fc0c32d8c212eccdbb0330b5d83e06caef3632ad1044acc6f16547a3db1a14631047900497e93aec0afc76b7068fd1a5315a43101940a139981a1f2000db5d4b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ffec32174a95c05251fcdc51f5224c97
SHA1 896bd699a496698764489485582b6a348817be08
SHA256 80a1a9fb26e952cd656135357556a08883e4e2d5664a8fefe913765a66229244
SHA512 47025faf5ba8132d68856982ef1d0458578305079fb9d022032d378112053c559bb270333da58b4c36b1e87e1ab1ec75136a55ae6e09fe62280ea5dd596eb069

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 78a8a00c50b5529028bb9591766b945d
SHA1 e31a84927553c36c7d9ce07e0ab52e137efab271
SHA256 b5e6ddde4d0dc7daf41c740df69cc85393f3684b942814e05a523d3b8904ac16
SHA512 e34617d7103f9ac0c88c477b96e1f7251a0110f3fb4762288ba309ae90b0a4baa67d5bdfd28c5bf029af1d034e572ce66fcfc356155d479ac1aef6c76292613f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 ecae7ef9c1a86ac263f874d298fffd0a
SHA1 92b45a2cf24a644f956c9146625e7831a305a8e0
SHA256 150f4f2594fdc647967d3074320602e33ab657596cbec83ccdf69c027b81b3a0
SHA512 f022311742ec80ff23298c283af3303e726ee3d4f4780487531d468f808cbf74ba94401091792c82ea2c29a505a8131e3e4a0e648a4cb81d50d4f54bd728201a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 fa05b645ca36cdf53c67c1e51f8ea57a
SHA1 02209f69f214c066dd2d05df76490b99a8ac997a
SHA256 bd791f10df40c528446485f6da5b344c6202f6801229bc16e3ba7596f2289f03
SHA512 c50cbf8f807a5faac8c190e27ef5bd0b2211a63e77452c0b305c083f942cd5990db2931c4671b903fc1b036a7c159690a8a9183d2bd54b0f2c456bdb54b74d3c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 5d37d31b3c69d9ad556cf4207ef2567b
SHA1 d41f60fe6e11ba7f1b262f98f6f42df49ecac36d
SHA256 b02d2e41fdca15bc5de1dc9be7da3fd013958a122f38a71b71b9ff28374e53d5
SHA512 066d96f5fb1697364e281c56fcee5fbe8aab5932462993f5e8719fe3468d9a7239ada1c8955b4d6747774e17cb6109d667c66314c7a8acceb683ca66c9a5b33c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 bfabfa2599edfe8f0bf3d533d996dd39
SHA1 2bacbaffddfb6730f71b2c30fc3356c8188e1d92
SHA256 06ffc43c18ec8429767117416868dd20e16df07a39b60a059a416442743638d2
SHA512 98274341f863c29b88813fd5ec15032881c431d2b7bd1040968e0c54b101f1947dd937ea05746f299593c1cf37b440c948be95658a7b3fd0c3ab74ce194a2f69

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 e1d4d8e2a9313a4c4556e24087df1121
SHA1 8d36e74b78afb936ad67aae62c1f933121d3918a
SHA256 a05d33621b75fd7d4667cc02b9c0d8b86abd4823b14ae29ba2151200e2a09012
SHA512 45f4ad7e64acb110fafb76ac6294ef92230bb4c7a56b508e614d51783cb24de6cf78400e8bdb5bb691515abbda82e911e69c1ba09d21706a48609875ad85ec98

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 0406a86fedfcb73569aaa3bb4b197d5b
SHA1 70d0b7c1919bbfe7b7b91c1d6308a4b01c7873f7
SHA256 3a247a8f0cd3646e3fd7146a0ee019c2d2048aa7977469449736475dd60da6b5
SHA512 cc732a0961120d674bed0c37471790b94453f9ca0791e7fd3b512fe58ad56aa59e76862ad77dddfcef41b4dc3c74e50cf1f2eccf0ecaf8c4c04ccb78aacbbc11

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 7390c0630e70d2160ec66a7eaf19a285
SHA1 5c0705311bb201f3e93740365f4069cf4df91b55
SHA256 36bf78fad37a4e6c82f9d965f17095286c27a84fd9bb214d792f30cd28411dd5
SHA512 89605bbd5b388ffed9c729cc88acf6b826fee2df861bac71ae346f111c8114ac61d8de2e7f59e1b23db67cbfd330551dfebe5a2a1ea97f5cd88bcde467d43b11

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 ea6bfaf5ac52c762bdd5ce7e2c93115b
SHA1 7cd31b0226a81964e620375bd8961be1f1a5879a
SHA256 182a942e2ecb7aec501f6174704e437ddb0c2d6f947199521418a70223b41d91
SHA512 28a41abd5f0e74a081a74afd4e36960bf2acf28eca9e6f7230279de8d88054262acc5072159c73bc2ce2a2f52599011be4218061c02b984cbbd3474843060035

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 2fa505216ef60b51fc500f12e566baaf
SHA1 aaa1916a8aa515996d6d7ea684f134cbac25b93a
SHA256 6d41a5be1171266f0de0016aeec537dc1aae31c165a435539b5250e73dcd1b48
SHA512 286b1b23e884dfc2fb75af3aa4b3c4513e1deeb5e21957189b669e04255aee0114c1bb5dcd86d3ac8c248414e24bdb9d196657c410e25074740fd8852bd81437

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 c5ff1d7d3779c84a6da3c39da71b494e
SHA1 9949566e272fa60379de92e0d1c8b086d034cb42
SHA256 12341ff33e9549faf9507c2dbc4f837a5f1507bf9e7590219d76bb07e53cc011
SHA512 a42d8f91bdf7b131ebbc16d777c27b457b2b3f36c24fd51d05e1c791706a26bdb85bbe78be771e71e13d1efa1a62eee1a0daa914252f43b0c6bb703615ac803e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c6b6420f3320f6606da263b3bafc9fea
SHA1 7af2b352fb605bd5b7fabc0a353f32d1ba2ef30f
SHA256 46d09d13749027de380c1647c5b070115ba72f6a113e9c103e3f4f2294814a8e
SHA512 b5816d847194a4f911f6fed2f35623661dc8991f8621d8a0aeeacb153fa01da455824c6781f00ae903b4aed2541d89d430d986410511252e2f03beccaa7d1f80

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 23d49a360fd899b05751d676cba11dfb
SHA1 c4f2c1a08c2322fd9489c44240aeaa7c51c33222
SHA256 203248ad2bd4fc678376d51c5ccb82e9d7c8e3f4fe5a95eab5f6c96e39c55983
SHA512 8531feb9027bec9b2873768ed728f6a634268eebfbacf3d3e99b749f79dbf4f636d8c4ad8b1a96b5e2ca6de24b59bd3e3c36ac36d9c9c74e7d7ef135a29f0f00

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 b7f25cc5d33c57d8a5c3d532cca5fe92
SHA1 d595c7ba8aca34eb441f88c287ac1658ec92d073
SHA256 dd3d66089276b16f9892448b3a92650bf02a791c58d525b9b14f9e5204cc4b49
SHA512 2d02786c9c1dda227821d3f5bf8c0aaad21abe8ad150e09a99cc9248493daf99adc53fc93a4a39dd5e3075d54237f99131aea4bc25a5a8f138f47761a4b6177a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 ea33eb69a7c0e434054b097e7e4749cb
SHA1 4bccd25d5aaaaed16a0300825321400b6e89d6e7
SHA256 db2adc732c9a2d7fb142c84f8cd3ebc3f091c2f6159606d4ee31ab77186b486f
SHA512 e6e6161f8fc8eff5b80cf6068950a5c22ceec6ff739c27ede71c36c8b1d143aad592a93461c3e3130caeefbf4cd82b730d84193afb49313bb51e0ebc0b8b433d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 36e69316cd3b3e880a43766b1030331f
SHA1 8c3e057ff44044b354c1f32cb581472d9fd41763
SHA256 608a96bf3296910aa875f205fe316f767c6fab129eec4d374ee2f07e3e479a9b
SHA512 13e6cc0bc4840a06c44fe448e576a1d4bec17e8ab3f9d14342411e491b5672b0bf3546cee7c27eef099a5016798a62ca54e61e5c15f8eaf7fecfac80078c725a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 7ff13c0f08c8896dbcd323ebeff5610a
SHA1 3d6d483d9de45cea22ff0c13fd35ac83443aaac9
SHA256 4c2175d011ec4cbf6826ff61abb91bca19c72114e85ec031a75889c0382a725b
SHA512 0bc3a006128dcbc426af44f20fc0dacd84d5624bc11aa4aabe45af5767885fa127b54520d01f0f047beec236ef67aa2f6966bae853b22ea97f9f9298527f6fd4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 7764fb3cd0b770bf069680422a730d81
SHA1 704599c43ee14131e702410425a25ad8fcfe0c8e
SHA256 3184ebe0fda0c65b05b77de0b1734ff449f716a5767f38c654b07e60cac01c7a
SHA512 058237c3a40f09d1a69d5f4a85370b6e12968d7050e57c6ac9b60ea94a602c03cc7875230d8790b0d196627d5dc1a4add9657ecdffdc8f7a347efb24d0dcde54

memory/4152-10893-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 e61ad8fdedc5a70e593e63088c9b52cb
SHA1 d562037b44e6b2d7c1b1f88ad2a332c3b740d3fa
SHA256 e48916e6cb2b238bd081bb841a72bdc62375b6a15b7a182574cdc3c7f73410a7
SHA512 4f852d8a2b724659efcd6f97c76da0c9efccbf25d8fd6f317547c0e1959a9e4565c0707fe1ef8fb9f238564b36b77850be5e1bfd1b2d44dc4e4b990139938f3d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 5248c2c7ca8667d527a9ab9fdb6ed36b
SHA1 464c4e615b45bc3fe2cfc79bcacf4434299e5bc3
SHA256 53c7893646e8bad6947a46d6e7e6412e8f72f7eacbb1abdbcd8b3b73db6deb1c
SHA512 4de760e9c4e55198c003de0d32a273c7069e25c45b0a77042e62e99adc6c302d75793b723fa6a5349b33c7766f6756eae8746aa8812d90838e0331a1c134e4b4

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 68eabdfefc76721953e07ab2af95c80e
SHA1 cbacdce119f890f58b316ec418b7b7a088806934
SHA256 e7635242a3302462065702e3c757e70d3bb32b3fd2e3e40e7dbf3fa38d4ef395
SHA512 1da19e016c0a5aa7d357a0af3177e53dc7d4812f0acedbc061824074b79dd5406bd4e09041a4a74fccde778a3c38007fae38411eae6479b27403b428a85e36db

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 77718655ca116bd9374aa124df4289b8
SHA1 dbddf5b36910d4430710f4b7aa49703077a74352
SHA256 cf9af1255cf77ef780d5c5f2ba25b2d54ca17f462773d246c1c2b42055a43f3b
SHA512 40323660c3cbcbc0482687cc4f8378ca3ce86b10efbb7a144d1cdbe4b31b1133ff3ad05e626636ac86b009ad6ba665ce8a2ee25553e6b7986110a99ea69f7d0f

memory/4152-11274-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/4152-11315-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 2e61b0a1dbfa515b2560489089ec0927
SHA1 2e6fd30a26e66be98d84b7a107b625d170ce0cdb
SHA256 a2d9e5ec6d8aa07f8064beae9105e554f86b4a412982868c296db98296091bba
SHA512 3fa96adcb4676fd0944924a322d13fe77289df9e4dbe3852dedfef9b5318f084cbbb6bef4c9bb5488906a0cc95acb3acd91fb7bde6ea13cfe685029a0dfdcb15

memory/4152-11320-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/4152-11321-0x0000000000400000-0x00000000004BE000-memory.dmp