Malware Analysis Report

2024-10-19 10:42

Sample ID 241012-q63vgayapp
Target 3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118
SHA256 671e240c5e237783d98cfd031782bd2acc38f79ad09b32e4fedcb9911ec34635
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

671e240c5e237783d98cfd031782bd2acc38f79ad09b32e4fedcb9911ec34635

Threat Level: Known bad

The file 3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Xorist family

Detected Xorist Ransomware

Renames multiple (2219) files with added filename extension

Renames multiple (2187) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-12 13:53

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 13:53

Reported

2024-10-12 13:55

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2219) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_neutral_26a79521b746fc31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky304.inf_amd64_ja-jp_1b1a158086a263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-a..gram-data.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_abc97db78f780e64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7c8814cbbac2b26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_b9c82ac6f7db99ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_42622b0d7f2efa52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_cdc2da7808ad189a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_e1d294682a365d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.1.7600.16385_none_11d4ade16b61222e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_83661b0cd6f2e9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_adfde4e259dba0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_6.1.7600.16385_none_33f05b889d506d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1e854c2683e0e193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.1.7600.16385_none_1ee66a1fe1e08c96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_53d1d4a8db7e7aae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_733e416c948a65d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed7f07959ef02f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_51b106148d4e401f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_810041d8c841663e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_083761eb9020e571\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7600.16385_none_8efe707fa1acdc48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2452b9550a34d471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\WindowsMovieMaker.bmp C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3e26e65ef2564ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7e0a31f5b1cdade5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_dot4prt.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4a9d2b6185cf54e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_cs-cz_9d6a12eb890b31cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_57bbdc9561e755f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_5961893bcb092ef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\d6d1ba722a664cd9315cb28715ed3468\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d6fb0e0623f41a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_6.1.7600.16385_none_e2ed533e1c868930\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d19e979ca36916bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\inf\ServiceModelOperation 3.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_44829d2719114141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a23e0ef0a4416066\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wcf-icardres_dll_vista_31bf3856ad364e35_6.1.7600.16385_none_6d023da984892bd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.dynamicdata.design.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc43ff8c5e3bd681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\4.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3f5831ae11c8f33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_de-de_142d3e4e8f7ea4a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6dce91c4afdb4aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..t-console.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_079c517e4822f969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.iis.power..framework.resources_31bf3856ad364e35_6.1.7601.17514_es-es_fb38ef1d6bb087bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b2dfec76cfc4a9c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..orenderer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4c53258288780299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_446c238c16b679e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e6a9b09156aa33dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..monitor-driverclass_31bf3856ad364e35_6.1.7600.16385_none_b5d60f222b50ead3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7156455be918602f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnhp003.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8efd7182a5eaadd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-lsa-license_31bf3856ad364e35_6.1.7600.16385_none_a14140fd75432ca5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#\13e78018da27a55f22b29d9ffef6f33a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET_4.0.30319\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3507448d0abf615b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_97579d95c8092c0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_es-es_28f5e81baa162d31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_6.1.7600.16385_it-it_93d4e72ed679bf41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aee2dfd6a72511e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe,0" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YAUJXFSNEZZYCNE" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 56b24ec340b599eb5173f8c1076d3f6d
SHA1 b73f4496b91fb34a22b16d928270ed9a59ab2e5b
SHA256 31e6a56c128df5b8113499e003685a7fc3142fb528a4bd89c59ef30d968ec438
SHA512 64decb283b94443d2ce2e046b26914a45f20ed5b87a2beb47da709fb1166c48be392f1cef965504bad78ae0c65d6d3161bfbdf776b5bd9bf9c71d610b68906ed

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a8964dc7d77815a9b88021ac0a67d246
SHA1 4f5dd6d0860e75ca2f4dedf6d9782ebcca87dac2
SHA256 623fc85e097be08d2569810804883c0ed0d1502eeff77f2bc4534544e8974d44
SHA512 c8c11a835e53fa15508bb651802076886c967091e3cc7e8826b1d1b70be89b383a50f8ffa835f19dc2a8c105e47f195db3e7dcdc2eee24e38178eb3f4d0e1fd5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f4bf9ed9ce44d6c2fc017a1f652f8768
SHA1 febea72798291f6eb657a405a9756ff1c22eb7ec
SHA256 098ed64faceb0443fb082ae582c41c8f4ff23a4b4abb62dfb9900d5785faf158
SHA512 d5fc48d62ff9c5c80c3e4c0b1ba24cbe796e015261a571a5084c5a7e4b27ab346a0ec0dd7ea465cfacbeebcaccab1d97ee62d32b45415bbc4e6c63c5a63a3fb1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 08cf650e00f491b3f852d6a5b3a7d576
SHA1 76f2c2c2de4a44acae4a0d1d1e8bde1450e81490
SHA256 627c8d4f95306f9b93037445d6b6689bea624870b6220c0ecab1239b65563c62
SHA512 baff66be66da5e36fd5a9b740719fce39a723138c9434cdf1166715d9c6dd90c4148d8c4f88178e4e2a68ce5f8f086236402438c5c60a5b247fad8f2a8914d4c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 6913735caac2c938f21ab722de79ee44
SHA1 3338e3d352057b0ab78929627ee3d07904bfdff5
SHA256 cb6ef949d55a4768fbb911e71152551189f2e4876171a42a39581a27d8c4a798
SHA512 2960aaf550174a6cd61c87b9bafa234f725d5d596035062239003ac396c3eb1b644404b1e102fd4c2285e22d48772ab0f93fbd338c64230b53c7157d32da47b3

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 1c017fc0b644cdc4dd223dab51cad760
SHA1 55ebfbf6407254b8e39055307d714d262009e3fa
SHA256 7b5f47a11389d4def86d61d508fb9654e0d2c3bad0504f47896bf58867a31ca7
SHA512 f17a7e2f531912a8464a449d808a23fb80a6666c4ff6110d65e1639bb81da2b4075bf6aa57ce2f8866e1aa9912051e2f77ec47ec5db49c7a6366a8fcd12a5598

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 80714a16b2db2ca8098207a3b826d0e7
SHA1 986cba599f74213eeda0b2f41a813908b4e18dcc
SHA256 559247355e5f8822488e7bfd82d21a99ccd80deb638d7eaa09101e8f046ecc92
SHA512 fa48ed9e8473a06eb78a774b2264a2cac46b5d27c8aa7171b094b7ab771e71da33f577a985cfb725ff15ed50aa19130eb069bf15f70966236856ec078b9164c4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 0ba6676ee3a6a68deb754f059a525563
SHA1 846117112c571595787a4135ce7df95569fc6138
SHA256 c21a1be497b912ed6db00a1827c10bb9f7d595765e6bed516424e125e8faeb1c
SHA512 ecc9e1f91093b185f9b2c2e9f70fb9d390d8d224232dfc6d691e538be4734645fcf7d40130b676764c4e2a9ac62756200ffaadad49d2165ab909816890c91b4d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 3fe752821272029cba17b5c059845b1d
SHA1 506bef666fcd2fbf84973962a97dfaacec042f24
SHA256 68015c80a4905ad48cc07b035bc539606b97a9701b93d98f2446a753185c0093
SHA512 27445afd50b4884dbfb06ef3b486719932b589fc22a0e40cc143d7fc0090bf59d972ebb75bf64ffd76df957a65b32e49971da536604cef4d64379c3e24dad81e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 a583de3d466870a6cbb5a57b3edd29f4
SHA1 8fde834b0d6453d2efb772989d76f4777458f45f
SHA256 f4602fed4f0bfe504618afac1f927b1eafb7362bbc03354e9359d92b599d83c3
SHA512 e37efaed7a874d4b6d8c4a71730b842b955f3a83227675813c906783c365dab794d580420b7f57faab4fd85f26342c53bcf894ed8437f1fea38edd8365b992ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 322a51b90167df31f14babb81eece779
SHA1 141a0a2a696acf32f381314a6dc0351a6d92872e
SHA256 7b5f26562710c3530775a04ceb51dddd9100cf8fc0a131174664ad2369a80754
SHA512 1a092a547351bea1f3adfadd28fd6916f2ebd2781930155369b1e1620788e6592a97f948e4152d4077a406dfc43407bc5846039f0e24bbe15229293ea37f34c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8a4ce7fd818dff25a67f73e5b2234c9f
SHA1 aa109446f569de613029a1530b2605c3cd23daca
SHA256 d5ad4041f3f3aad94e1142fef36a4dcf2b43767e2b6f042c1f201195660118e2
SHA512 3dea8f30e6df5711a67b0ad7c106645e2915286c56c66846637891d4eecb0ecdf050b2946a407d6725c309dd7e1d46e34abe5b035eae3b26af2ab102048b1f24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 92b3dbe00e6eac69245a1230d3d768b7
SHA1 5ffe927dc6cafedd77a5e7212f5cbfeb47fc6398
SHA256 6c3dd0c7301a012e25fbb681671e2f4713bf6c8c07fe00582348a1dbe3c1b03c
SHA512 cedc8692e1ee8275f0fcd885bc5cdffef20fc5fda46019abb7535a2001a181c46afd634af7381fee2676d9194090c208ff9009126a228d10f9fd29dceaaccb97

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 86cddcfc9e566a10fcd1c9209f0fd024
SHA1 4ee5e19f0aca6b88b58cba2179a9f14cf1017d2e
SHA256 a4652b3c83d2aa78f0dc7337e9a901b8ee08e9d138db5b91342aec9841f14546
SHA512 d1c82188cbcb73d4695b400ecf046c52a5d855a2f3e65f4560b2461f4d51d5feb5903bf1e85dd156dbfe29949733f3a7e520f0dac907a371929e2746b01f79ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 d922a3c7a93c17fd119d2b02296fe42e
SHA1 8b4f2359431afa8fa356f1ec9fa2be426be1c702
SHA256 8228fa42fb3f5c5fd99ccc1d7233307e2748fab90efb10203422b9c9b2f9cd13
SHA512 a1b74c7d6a85d4bf2650f084c0197d4acac2addd4e2f3e573b9c0949449278ca83c073f203173e0e918323d61c12df68315e0731faea68931dfce760b3a32420

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 e956a057749a43f79e7c974478f60ae4
SHA1 daedbf31e3721e44966e7a1a3e022c9608d46891
SHA256 8c52371a9aea4387bfe486a1f142262e9803dfaffd78f2dbe8a6c955f969d21c
SHA512 f5e6de5ad590a092d1420d512798a67f1f0849fd914ae3c72a0f6a4b0ff8ea7381303daf4a91a833808ffe3777148e740ecd7bcd6dd776ae396936d0abf3270c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 dd155d809d2c272a9f9ff36e16439d47
SHA1 131cc6447a484aa8ba6e1895f15ed7b0c12a0f5c
SHA256 7e06bb708ec138ba6b5753018ea37752f5d8c093a24c99f86fcee6e6fc6fbdbe
SHA512 3299d7be4df59a91a6cb31395d442242ec4d9830c8f39410a58ac66df5dc3a87c4b9cda3b0afb8bfb569a299f2961a7a3662264d8a83e6a8ebab225f82e40e9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 09609489f2fca906d91c80f002b5f4b9
SHA1 dc81f856d3225df31c482e0f5c2e830c1494ef19
SHA256 c4a11f4359872903e7d98e39ba4044c2689ba0465b0129d358c3a31746ee9cf0
SHA512 2a2476591f843802ab3b8b585d6d667bf4b69261ed889e953bf86c37cef6acc626f74732f60da329887600a3948ff81254aa57d6d11ec930aa3eb581c0b2d6a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 27d20bfaf87207ff0a5d0d52b4684199
SHA1 66cebca1a7b0d8daee67999dad4577bf867e2990
SHA256 3eafee0dff4d4e6791f750d3122e5eacbd4e85e6c78558307cf356f8ccb10287
SHA512 8b325f4020a0e04833649ec490fbd2ec47fa579076d5d3fe419bec1bd80ea9a9df1ff5f383f8a89254afadecb2c68a2a8d65e7b59d20b72d2d11f75c181d1fe3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 e31fb5cc8a57f13baee7dcc8bef2dead
SHA1 fdb298228f949b0fae901d4af1e8977b810ae565
SHA256 1b18bb7dfde22a224a3dc22a22d9e69b37d6cba2766634bca6e416d6e4d973c7
SHA512 fb61b224271d7b8b684a34e310cb2beb81d183ca87fbe50c5286cfac2ec876a9d50f83d13482c4a685893d4fca326b34735df4b5e1a0956e254a634f4ed60a85

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 66758dab1930874114751958db76f60e
SHA1 ab72ba20e96f73c85c4f28796a43a912018c8b54
SHA256 0d842a56c1af51a3e21b8e779ae5d6814c3f9763c836adcc95743f8833433e9f
SHA512 9c532e7e0ef4f7835ec5f69b6f8e944bf36e05a303d830bcecc7836328c394353817907f4a7ce91f1ca8b5441331bcabb12f8d53c6bc3a2a74afd0707df26408

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 177b25536d7d93b97f26029bcc3f1ce8
SHA1 2df73389b4d47b722724451bb9b20bfa8e4c16ec
SHA256 aa93f5ec70cfa0f5e42e60078e1e4b6edf97ff2a21763fbe35a33c67dc33131f
SHA512 d839347db452d014dbac0bbf528b41384c30e0e842ca9ade43e2a4dfb93e6caa2c76e1e2ef56c35b609fd81973fc98f85b44f39c821489fcd5d66a385f5c6b1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 f9553fbd11bf7186ac5480178ee84df8
SHA1 ded28f785518c7029e56c6d62ed3922ace0ccb55
SHA256 8a633a6c1480e131a76034c66568a4bf91b7616437928bda75e362d532dfdf0a
SHA512 df110b2e03019d9bf928bee87c0a44f1bbc5d61d5ac545aeb18e9c1a58a0e0f242b722a4d03961b6abc16989b739efec763eb7b57f46ecb332bb9714d1c4ce31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 1e88c93207f4a29cb7bfe274ffa5100d
SHA1 b23c37e7a8177f55e234016ffe17c5d52edee49b
SHA256 5cee49584a0cc4d8b63de7c7a229d3f74073b890b08c3afbcc34f438030cef5d
SHA512 39140daad9046b3c1e5b6a424fb686dca4f584e7791fe93f67adb41415e0f83141b908a021dbabcb038e40e52711911290ab2afa58d0a555bb3bc05912427fe0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 b9fa0525d4e0e0bf59211992253aef77
SHA1 90184971a6598fa30ae081620ac54e66f910ea2d
SHA256 23bb9f4051b48413e1fa680739c68ba6595f4470b5cae507906fb5a8cf946a81
SHA512 7e2c60b36a9cbe4fbac058dd885f03e385b1c49e2cb43a5d6ad232d837838f1adb2edc585faad8d8ebbc2308fe71b604bc41209e61a8c09d862da40be9cb1d45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 e609e69b1be28c73552698d9550ad568
SHA1 9004508405c23ba94c1d2ac27f5fa8d85eaccbb7
SHA256 bd87532d0832bc90a219973d10eb161eed21a5f557789d5c5f89bc915b5d3c11
SHA512 e0ea949744647c028e019c6871afd31a3be900f57eab1de45349cf998cc8efff136f3d394729813a030fbfb083a496fd2cae5450fa06e604ad8e49febed4c5e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 45079a035e5b7f84d539c3c7bb93f5f2
SHA1 76ee9866aef8605d7658f4da65e72185d3760e29
SHA256 510358e61ad05a87ff3c16c6ba14faf972d4ecd97a0e5acba4eb3981be1e7e6e
SHA512 735c95eed9bf137795880b2ce337a557b30636ee0432503b20b9464141b0a66b8ff0fd9cf67634cda56b5f3a23253e7cdfa5531dfd47d894d9668d87ea7486ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 57f3ccf9acba4a3c043363c59f5bd67d
SHA1 db6784a60da66aef6c1b8c53be8cf594dbb9080a
SHA256 afda6652b2a9e4381d6346cd299f50d9073659507c737b92dec89c7c766c914e
SHA512 20ca17eff9e203ebcfcc2384a7a1fb401ca89a5983b4b15ce61f3957608ecb252c79973fcde917193365ec15bf63cda6c2b97be5f2dc689506f0b5df4232dc51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 64f60f73ad148a3fabde726f05993017
SHA1 a88379e7363f1357bd1968f76ca41e2198a3c921
SHA256 59061ff8b3c5c84133586d62c1a36efd8107c52f35fcecd55de2fb92b99bc20f
SHA512 2a4ea576e4d223296f25a97c2709cf9d99fb321e200a411fcd4d3608a32a54398aa3f2367ee3399f622409598cb95daccf633a31196564f0980404738c2ff2ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 17f7217ef5a7b0eaa051a79ace8de3e3
SHA1 494500652af50250b22c098f30c4a30e142bf8b3
SHA256 5d75361a08a98f85ab3f7a29564eea85d08ad29c80cf71d954cbd569eb1bfbc6
SHA512 8ad350492ec1b0150aababb8a57edd157e1e91be4f9f64900173eaebc9909b85e7d3330f05835d321e2ff4f834435b7331292554319d28c7e32b6a4bebdd69c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 98c2d0f4f0405c21102fcf75968766e9
SHA1 34705734e8ab185d05c96dcd5d4410ae2d997d91
SHA256 42fbf09077528eff0902248b07d64c2fd49754fee6e5d80896b1ca9761142bdd
SHA512 70bab964aa6a49e147cb4af69a10385bee8729b1da0e1663b83ef74906856840a6cb0ec7979112a1bc653a8e2721600edf849913828dd35ddb39f89b28aa615b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 a191f95aea36d2e6861181bf341f3f43
SHA1 c895d83005f072689d1c72719ff1a4741ae0dbd8
SHA256 635dce462e0b06965fbd1d6821cb37ab49e74f44667ecffec16b7c87c008f04a
SHA512 4025d95a8bda9d720fc3aab5dc68618a82dade00407fca4c2eade12a351681b457262a1c69404304dc298573bff93aa4ab8046b6368894693e77bdfd62e669bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 ca4fc0a5e4b9abdedfe9e0109191b6f9
SHA1 ba4db04ee351a2fc277e697dc7e2f5c9bb6d5d30
SHA256 76e0d0a14797a14cab399d7327b543fa2d7254b88cf81ff82b917b23b69b59ec
SHA512 d27a329ce3ddc0da851f22930895b054c87f349ee89c6d45d1685374e6c0ed62d70449fa70a271b54512ffdb3b82ee7bccc6553fc4e4cd4935f5bfb2b33b4dda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 38f80a55ae0828338a3a0f1ce29d1ad1
SHA1 eb71be5a1b39cfbad3b9cce381042d3ec39b486c
SHA256 e3c253503af81e40ebc2d3625785293e732277310cb5f0e7debce80e7b2de127
SHA512 7ab9ff6b44c8077aac5934e09207c50dade06fc753b4ecf016e987ac8a58ea2d7174aa013e55bd789be61d9caf8bd34aeb97c6d5e65141eaa6374c0ecc6c3195

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 596eee20827f5fc070fbc2ce1f523326
SHA1 fb82935aec28e82a87aa92b93da61de32bee4a85
SHA256 c148d76f7db6301045ed389d31a9ddeb98405b9506117bb2aa7088d305588c5c
SHA512 8a3f4368628da50d73cfe82efa7ee272121e5b12fdea64e8986d41f24159faf15bb286abc6b2a3c0fbe635bde678555187c9121642fa6f4d55a49c03c0179a1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 f1f2579c2c119744a4e1de735460be17
SHA1 bf8354fed5718255ce664808524f1b69f0c026e1
SHA256 09ce514216145af87d85837cbfb6899da019761b23261f699cd08d43b8b73a4f
SHA512 be84f21b5d4a63a0b52c11bbe1bb6bbf8138f2a7946c9c8007e1374dccfa122ed11c1cce8c965319d3e1dc1007b3b0e188137368b4f7cc3c28208ed4af30776d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 fa84ae9445d5f2a60a9b5e6296074736
SHA1 fa9e84e2774ced3d064e60650e97ebc450f2870b
SHA256 53c0976f3ec9b92ec43366683a5ac3eda9d8fa531b5163fef3785bf05ff84054
SHA512 ab19cdbb080ba6de8990c2b8b962a1e606f76294127fceed8a93d0919fe79edd2e8f590e9f0d57f51d3aba0b69de8060b8e77f9b5acb565d857bc651ccf38eb1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 24a521bfc2f41b8e41d3702cc2fea976
SHA1 df31e2a7072540bfd76a50dafeacd107fe90da0e
SHA256 e9e6f3b760f8740371deb65c094ca9256823fe9fe9dacbd25ae41deab728cd47
SHA512 8dcf268ee4ffd229ad407ac7c544f73017f614bea1e785f012cebee3c90080d10ef0683034e1fc50ff6dff0115ea69239c0254893b503898e8751180f21c52c9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 1510b094275c5d9c02d90a1580c078a0
SHA1 da0bc8622554881a75844ebd135c0a44ed332442
SHA256 d9aa8433fa1245fd2a9735773748032c6a03ef3d6db1775dcd58e8bdda00b429
SHA512 c3809425c80bfadceab5dd01e3f1f8c4ca55bdd6b66bf5eaf54d00f6738d19e48a6efcd461faf90aeaef8cd193aff4b2757afd78819a9ae9686675666afdb5d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 adad5696d27f5424c337648f93f53412
SHA1 d66bd9056a24aa4ea550a3a75aed5254287666a4
SHA256 67989ad6581e289a6913025e46313d8897977bd19f5e709e672162b0691f97d3
SHA512 f8fcd504b5b8a611bcba8a13a6b0cb3e4cc81cb86a57388972269e88cd3b88a40bd588767a14cdd36164c2854e6378ae6d9ff6e1248e49ab1e487fd63e679263

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 47d1183ea24253691821f98633e7a1e3
SHA1 7030f9913fb013440784f2c6927adaf3e2e26ba1
SHA256 a63dc47800831f5dd3c52adf0fbfcebf35b4bf1433cc3278f553a4b640ad7838
SHA512 7f6f0333bcf8abc7123d13008b11cab75082fdca8fd76137f9e829d64e9715a4e7a3d0f6266e1467b84424f06cbf2f77d5d9b26fe727b255d60d6b26531d9a08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 30e94fb25ac522d001b1b46054515143
SHA1 79e2167a62feb92d3896f1fb7c9375d24a70be5e
SHA256 86afadd850df872f9d49ef1abd5619da6cfa72d5a15951911008d57b700d457d
SHA512 e12b23f2ffdc4ab191e520e95050bb0b2b2634ecb9acbeb0ab3d7398fb456929385e53bc3f547dfe1479cd3331e9c42cbe53d5dcd3730b26c295590a25675bcc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a10e4bb284e120f434961847354a0564
SHA1 bbee351b2eea50dd3e131606194492364df6954b
SHA256 99c93a01cbf4f80ffdf4ad49d5a26983890e1ad0dccd5ebcc8146674a8a3971b
SHA512 36dddbe1efdf8f1b707b5dd43e257bd6b6354958d225d87ba763f150576f78f2edff23814eff47153e060c5396348a3397cd1cd4a4d8a5352d5d8339d0689be0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 3b2495aeba8939b19dfce87a97e17377
SHA1 995264adcceb26f6a701792b6bd5f682b6a3544e
SHA256 ba89eb39eac092755ce6f4c5d23421e26218f11286a78900cef1c966ef84aa0b
SHA512 968c51d60974d574f25f51221b609e3d8c5d918b2947160da210f56c91f9fffeabb70a328147bcd1b6de42050890167fc1af12a3a4c63d0c93454cc73df79180

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 e8088dc542d450f0de6f01c4af06e967
SHA1 5ed93a8869734bee42bd8b3502c81ef96a5f14b2
SHA256 2c7c4efd826bcdf8ebe0c05c5a3a164320c8adbc589e48c785aef868c5e0c1f6
SHA512 aa22db7ecaf5ed6844285a5f0a87a597f9aee2eda104c3ab8056bfd9e2a6b47b2597da993e1a250a2ad6f1eb3f4800245bb043da371a954d4682e1e2e539f072

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 62fe1bbf8a9c86b1a5c5fe74b6ceeee4
SHA1 b5d916ded3b236654d2d5830bbf7a0b28be0c526
SHA256 fe8f0efe0e1ffdae07459510c63187f15506c00ac32d2aa567f782c1cd06ed19
SHA512 7a5ea31e832daa5aa03f94bdf1778ebbef52383ef388b1ffc601ccc9a58549dd8e2297c011e125145aed90873c9da0972177e4aa899a43ade43ed6361381ed0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 615ddf96e1483299a1cd0bfa738f426a
SHA1 2a3c039b0c6257a96e14914e8024d7e4559ec0d7
SHA256 ff7cd6bea06121b92a860236a1e8f8f0b26deb9277acda553b6aa170dc6dd537
SHA512 1936a893fd2388d81f961fd073b39abf742c1dcc4639c543782974177611257a50d9fa042d36279e9a26d366eb92c79227fd7e3d244a4aba9fb59e01ecdd675c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 3ccbcaabb9a1af5180167d85efa98f60
SHA1 5288a8ee5487bc28df3ce8fc31f80337d381bf90
SHA256 b8f2c991d0c3f3457498268b747dfd23c600f512f1f53b89b9b6e1bc19dbdedc
SHA512 1c48f229d10e8270b65e727c59d6d0ffa9ea330ad0d5ad33fc5611b47ff02da1c17b2e1007e39cf5f004e48e6a307802eb44687ed887bc3e22adcadc564b558a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 6d3c9fa2b62bd75f74c57ac17be1734c
SHA1 788e6e038915fa046674ebaaba5486867456afcd
SHA256 714f273a58ae2fcf1ddc34e0a8bbd72894c12c0c11b6430c7e90826fab5871f6
SHA512 2b498b90c4271b0537f9773f4eecfadb9c57721ff9d5892c88f03d7bda08d61e15535dad7f9bf62cae37b79b35898801a5c8eee81007aa496ced4e9df88efbb7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 c7a44f76e5b395a619a5c652294b3953
SHA1 936504ac97559cc8f86b42060a948069039189e4
SHA256 f7990f7f38e78aa60e71016dee50b8f237231cda9757d2305f524f80daec3b17
SHA512 d7501be214668325292cee39c8b30629d6df1af01fb34be57461637ddf3d5f73b12e62597a61c35bfe2adf336285d449bf49ab950758d865bf469175b97f166f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 78401104046dbf438130364d1e51039a
SHA1 4b14f7f310e91ceefad315aa260f98aafd5f175e
SHA256 b31383b33352ca4056f2cfb50ec847bfecb379f234b7783b912d7c7bc0d7d06f
SHA512 55b3f31f72492e364cb8a676be1586348f9568cfdaf96deccea93340b220870118a2dac17a29295b54c3f4d4452cfed2ab755987d5182cb917b28f34b8f8991f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 389fba4728a7ce620c34f47328e4513a
SHA1 9217c3c33e61dfc65454883988e6aa70e889e89b
SHA256 8418d8694a94c94f94fb5f1287ca16da0791ad6b4f6d8edd94d53199598fdc4d
SHA512 6bbf2b6a8053e0fa7739c9ced745435ec00246dae816615aee16acce0a2c24d87170cb6f7c15977a3b028dcb9fcbb26d2acea651a42ac527f6f07daed30e93e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 9d82ba71c760a19f9a932a27d72a8c59
SHA1 21c6318c6ae4823605f0ebd6ee5cc62b7896e92a
SHA256 bd3a0176858e005588692dcf3e3a2ea048f220875d200d7282edbcf05c6ba6ac
SHA512 b0dda69f5498f5d1d36bdeb42fbd727c5263f0d1dbb8979e20f51a4800c6b316897149c605f54240d98f046e5833bb27b6a7eb87b073fa60e9210276db76dce4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 101a2f2bb0ebab873dc7f3bef9863718
SHA1 4ffba0dcd5b9ffbcda89878c4e0beaa399cde003
SHA256 34816a9dc13f5398a29e60d91d20e41f075afb6a3bb06c78e40767df19e15570
SHA512 11d709c6110ab0889e6e60f9b72d87bb45166355579c01e84addb559582038d35ae9236cd1037d2d4a8c42c6943a10cb38610c2c30087c65a2b3b6f29e32f1eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 71dfc7c64cdc0adaa367db1972d0d62e
SHA1 3c20824870e4aba8ba0434cae37e3ffe6a080748
SHA256 74a94400325b90d30f23c536fbcf6dbd6430726944bd0d6d8f5385a3ac7695ff
SHA512 5fef15408012e7965dc9679493a65b888736902506b85afe3930624b9ec429902db9cd5618c7c3bc64fd2fa73f3db181879d18f39b7328d652fcddad1190a28c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 c05aebb2e7146953861a3791289c280d
SHA1 84fece64baa3d1fbbc20bfd28bac307814e58c09
SHA256 e79719b7a1442eb790f008a50b7cc0a340b6db508c29170f96c33a696b972a54
SHA512 1d478e0786ec0f0332af3acaaa555b6d768718a52dcddcc1ba19b74bb6de0e6322ee91ea43269aa707eb5462190e98d5fb643c7c7747e639a637411298413124

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 69d078927c67438638579d7061da1fbf
SHA1 ad49ad415f64d98fb2619745baa4203e453a2224
SHA256 946370d30987858bf640bad58c9f385c4815c38c0e408e4d779ebd47a256c7a4
SHA512 05a1a4883cd99295a868587de9b7171c61be829109c5033db2c2531e9bce70c45233f1c2bbeafeb0b2f37f9ed639f24a6c3d8efbe56e07bd5f16bc696c29df46

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3cb1a6cd9242044ceda6774de6e16cd0
SHA1 eff9649b7bd1bb606ecd233256dbd299a50c776e
SHA256 e128dbe766342a77403735390b210ec2a14a96ec33cd8935ebee59681f26068a
SHA512 4cecd9787b4755612c7d6ec7f5bb665216a536a857c96d3c5020b6c5b67e6844c24a7c44f085164d4334b53db3d4e7dadb8caebca07c018e56a178f16201e55f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 279395f39db17ea35046f6fba51bdffa
SHA1 fa2a54fd1b68005799c71063c6f35ec79a367892
SHA256 0158fc5e43b2e57e778b2e55fb21cfa4e98cb5240733c596a7295b9ac1b0e871
SHA512 185d1ba0163a031ded8bb7c4169d0858a7a8cd8e108ba1a364dc6fe242b790133e6b5c1dfa8b4519baefdcae33405ebe05ca54d38e4868142ee703a5e078010f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 dfec36a0a72685bf8108046cdce82000
SHA1 8c40f47e68a9d5912c5ef623689977197a813f2a
SHA256 a07f3d47da40aa6e07b1e0ad9e844e462890316a1245667fcab8580d9b43d26f
SHA512 2fab1c9c46097f80d92285a725c2e5be8b1c4889919ad858351aaa2efa86bdff2f8bd8b82ad249168a8d9d830e9ef06b442fa2adc124dff735615e3120e3b809

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 610015305248704297ce3cef5e73a1ab
SHA1 11298dea80deaf7e01c583b450def1667b079ce4
SHA256 56e8b8d76319eaf88c2413c50e01ac36e0388d520916ed012c645f3940e1b885
SHA512 d56b2bbb52f6ba9835ab7744a58126e4fdd5e86a7e23d05a695b89ecfab63f18901e938a4438bb815625d270ddb87e1175e682469e02bc613a2e181a6e8c158e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 90b47be3f03b2913bce566367ef06537
SHA1 7a57f8c84cf4177e07c3b1dfd85d4b505217c2b0
SHA256 5dad93aa2ef7fda32ee8dc9a01e018fc724ac2ba8b869195d8401b6f3e9f3b73
SHA512 a51619b4976f3e12e37a4779ee4f7ae620a9e5067469ac15e896fec410fa35c09932f1baddb8d84ed0896852864f99585003c0fd0ac7019cb8c36604598a86d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 534196153fae493cb9d4da60963cc069
SHA1 ee2c8f0bb8a2571cbab5a1290a8a13da68b9f219
SHA256 e23ce4fa90291d1cf8974fbc65cd2bd0bd251cb34e633b8d97ba39651fac232f
SHA512 514ae8a73a3bf973ba60e3d1b5a4f4c130d759409ab9554ab2d5fc075c9c725db622f108a354dae74653f3fbd1213febca9b23f3c2c1c0997f5f40a412f69888

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 649c6edc9e3402404da1c9d0105fa19d
SHA1 58110f7f40bd1833c648af1159c674a83dd227cd
SHA256 e00d35f152aeb0185caca2e686fdc5bbd4591695c6c825f6d82de1006c9b54cb
SHA512 8e8a4ef03970a856e3b5d26715aa0acd1820d8b36470a3320ba7b962dc8058ab0248f6c423975cba79b09feaccf562f13268ba602df18c366b11a3cf96840614

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a3d2a13821d7df9d85ba89c45ab979ff
SHA1 43827a2d6a3bd9680702f8e965822f5eee066a85
SHA256 60630801864e167642990f93fd640b7d6e25578d10e3d811cd35a00718497a5e
SHA512 e205e3442cdb7090f5448f9fb589beac2234d36f5ff2524044b69ab1af34a9f385607f70a5ed0a1f08be17ad467bab720fca0a0bb9497c8c90c30205ee47ea30

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 609b8a230a311b7d7a7d0738a9fb7d14
SHA1 fdd5cf6e332224d3081ea39ddfa97e89551ae647
SHA256 5dc6f7585f5e94c15a202166c78c95e08f97401f5ef37bd56886b2e3cba7ece0
SHA512 33332ba66ba4e054eebbcf9fce257aca7fac516291f77fac0f98705c78759405868c85955c6e5261cc48177062f1e2803951837f767a8def49684f023dedb4a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 32bc12fb1a2a746e3a10c76c464176af
SHA1 5a1582fcb66b21ba1b62f62f8e2971e7608f37f5
SHA256 5236968035aeeaf5b575819b2c94aec8af098f686b80339e530f2d2fb84a8b03
SHA512 fe249080dcd56aa51dd5eb26f930fc5559beea0186ed2235d3005e6b5ac0869a1237c211be31435d8d56f42ff41cb384367a37d7417f4ffa40ca13ffcf016890

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 074cf875f5a13034f323c50331100cb8
SHA1 f2d4fcc732cb49774fc7cdaf7d46963df505ff7f
SHA256 e06b9770bac42777430af86b313b3570522ceedbfc602c4d2af0f511fc96d2c3
SHA512 6e2409f906c6558690d4c9ca2839e62fb33f0c435a4011e3849bba2f3052623a48c0e8ebef0b3496e39f017f87f1c4696ded0f4deebad6660ca419afad4cc942

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2881ff84c2106d4bf9f316d3a9fcf6a5
SHA1 60db9fe3906c9cd03d189a0af9222771458aef5a
SHA256 555c79b951c598176705eafe49062576b976fea88324449027de5a6228587728
SHA512 de7c14bd9a113e9ac8de5c3dd3b617b6f4e115080e584e59b578ebe5e1df68de63259917d7c5121dda134e93dad8bf70fb61731a481d08e981899f5872df3170

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 10647c42ccad32b98abdde7f2c3e2e1d
SHA1 b8bd97aa9a32a253d8aee4d6a26e49afc9a01b5c
SHA256 68eb3e410399590ac06cac2df2de357fe582ece04d33cdf554256157a73556e8
SHA512 80b3c7d1063e30a6c4c9b69ded3de30a02190066553096e492164024831836a0cf226f0f3afb174dd870a421b0b810a2e9e113a5cbf0292afc3e71ca8beb185c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 bb84c9237fb2d742484ddfb12435ddf0
SHA1 40261156cfcabe7b2fe9aa01e30e3662de182c19
SHA256 a5a883e51fba8d979b9df07f752928027a98334ffa4cccb97f8ce5a123f893e4
SHA512 d688cabe519eba38027e32315c8021ca4dc19bf858a112e2d522766d897986de3bfdb591a67f6b23d7f79ed988296aae63b0e572f25848812b76ab7aed02e4b7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 8bfaee9a92b9adee93011123b6053d7e
SHA1 c561ac7777d6bb6bdb8b192dc16a982754b2544f
SHA256 bd8cd78ef55735e7581b77b6420e547bfe164c76677ceb6802bf65db20d8080f
SHA512 4c6bdc4301217f311437a5fc0726bb4a6413bd7dd5518c85e422a0e33973bf11f8b31a76441f89203ae81287b51bebb6865a962a39971666b6824a5456f98b85

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 13d2ed4461591e2bf3d2468bbacec0bb
SHA1 7955060aebe6489def22b40126f1981657fe28af
SHA256 7ca84120708b1471fa59cd6ea5f380cbd2a68c70050caac9746fccf9eab1e0c8
SHA512 0266eac9d17416bddd737bb00f7448f463bce00c9261965a10c64797c445dcc5c4cacbf80ac1abf0a2fe0a7f78bf99078855bf9f8a2a220ea3b30cc61ee988bc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 3d2bd36e4b5eacd311784b263bfad2d0
SHA1 5ef7fac83f3e3171f9c5091bfa011a4c17f02ba1
SHA256 bb9cb48db83f101eb8e42999fe10c483ddd937225080098c3ed6dba3a8b64b74
SHA512 08fc97537ddefa80fe1615950969c0774cd8bb7ad7ada3f45ed9c226c390a972f8b58a081d26aaf5a8faa48e691a3b2fdf68a897437077fede3196aed8d630d5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 70834545f35c89299f35866ca5d06c74
SHA1 788014ddf8199b1ca0494db252350561b7df1e61
SHA256 9e250a4185c97f2ca887ac130f76336367c1c4f97cea789b2c00a42120a5b433
SHA512 67cad31d45a0be59e32984ebd9ab488ca7bc7f6fa0a33df1a8a80b8a8601cfd1104e37f7f1979fa2c2c5a9ef6d197c10bc73b5891a512e488d50256312a8a983

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 589dad413fe18c4fc83aed51be27419d
SHA1 6a1e3ba4de34432bf7a724890937c12bb35d5577
SHA256 a9b568e854845776fd727107e98ec0759c8ad519e5d8dcfcd2dec36288fcf99b
SHA512 98315a8b6be00deb97e96bc62e49b88075b3c94433159197e8dec6f967cc0bb5e0ad250240a6c760d5ea912e2556ae3cf484f414a6a8c2aafb8c48a8066e665d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a5978275fcd1e73b2551b12d412f5f36
SHA1 6a4e5d4442cd792ff4878bda6f176e53ac3c12ad
SHA256 82a5d49a4921bf6d514d4152922a58cf366c789b6220ed04785812ac5bdef849
SHA512 9d5912eb6ea18af1a8f24849f0bee3076fe109ecdd92ea7e8b4256fb99dc072e30fce8291e2f36e74ee275e48b3fd3a58339593929deea9173d7f5d7c68459c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a95d634483bb07ce59bbc9b366e3d5b5
SHA1 62087319500ab9a6456943b137db01f961e104a5
SHA256 7d5d9dcbb8c4abe8e1b93934f72e9099854e0abe5625fc77fc12c596362b3945
SHA512 4b36c349a06921fe4774821f6c639174a86d0aba51d64522e46d1f088541744d68ec37ff79984829083fce5badb0f8ce3924dcd90b037911b746c5b395851b9f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 6a087d2768b22a79d83d4e02d4a6347d
SHA1 b0245daf68b939ca67d9dda005139c53d2fc8408
SHA256 27d6e66c51f17256899a951d59f5b830f07943ce7207111dfe2e72753f32068e
SHA512 17d670a882016ffbf6320291b9e35ae335eabb17163951f533f7c73377e5f1789b264f79271bb17390df4d08594fb294f0a71d6d74f09aa8cd977da6e2750aa7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 060190848ae3385c809a04b6e23631c2
SHA1 7ce5a1c963a906fc430b543ba269c8f2a549b7fb
SHA256 c5cbb1e00571f70102d3c26271732117b2f8af8b03ab8d82b66eb6d782f3c54d
SHA512 1dc327cfc5e4a91666c40e0dbe1f29ee60854c0b457b68b5e4aba397fec85651aa610971b97154720d2ca7d0771e59a4ee1faed0d112ce14db3ff4cc82fc73a8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a812e6c9024a016fff2eaf0b52977497
SHA1 36bede67deea9505fe23a4ff5dbb05210bb8c0ac
SHA256 015ce02b75b140ba1a55374924914339a8695983398aacb93db1fc81b2f24c2e
SHA512 fdc44e50c6e54e85f63f4ac00e2b650b1fd26efa0910a53f54820c1627fcfbb607726a9f0dcd3c6d3862ec3ce5fadb3db1be62acf208b7ba6fdc98ecd4f5838c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b386d9ef3afc1b0d87fb111288f0a588
SHA1 f79158197943aca05a935e656a8dfe223b3e148f
SHA256 ea076e16d729ed55ae99fd35b73b707aefafbd42d2de72ad49d5ca3222ffd212
SHA512 a3e4c4540e2cc3104ad6f7ae6dfe019a373db084c8e8d89fe9859f50d5aa7c88927c661bcd2106dc70cfd146f6343c9a2cecf3b6a869a9494ec14217e043a21d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 0df8bb82b920ca406867e6f7f2d07ba5
SHA1 31c889e02cfe7a00c19328f7da03f97cb31f5611
SHA256 ad118ecd5512186671a4219457a997d3b246d27a3f921004db75cce8fded9e62
SHA512 910ba746e0831ffcd6882155c3353399470da17d6553938aef804dcc37d572db380337e3cc5f083aad7c50e1ec5224ec3e85918fa32acb37027c0f1ced43f7b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 639bf073b6c3d3c7a731f81147f79ab5
SHA1 91c4f909e83586b7ecb4d179baf7bb6fbe24b02b
SHA256 dd6bc779eff348df3b8b21a25de2c6a2e09fd78d11f88ce1058b50b8eedd1602
SHA512 96a6b3e45eb008a860459846f3eadc349c7a9e30910c95baf367cb2a748d1a180ae2fb7908b0b70b063276c2147f5c9fd2b3dd084c5d381f209631d7f5f43a43

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0a49713cfca3b65ac60f07188fac998d
SHA1 3df0f9247dff907abb266e0c9be638e99b2993f4
SHA256 927374e40bb72e4fce3ad7b80b37f00a955a2c275616f8017eca84c590d0c506
SHA512 abff0c0da03deef25a9a858dbe983944729697a995fad9cff21f37158a145e3921299c2a8f57ed528521209b4bae631493c5ed5436ded63345f004bc142ec368

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 4f9308f9733089f569d1d9c05c9b98c4
SHA1 085559e194b96be85ed6caaf6f973ad4924741d6
SHA256 fb3d6eb935bb884245ecc852fa03f64c1bcee703bcbb05077fb6d974f51219e1
SHA512 11808ecefafc9eb59cade71a674f39d77c7e8fb57024dc9bc8834f2504d4945780f9e764ce38ddb3cbff53a1148a6918dad6d302048c18db1b74c723c424f36e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 1fda1663952614686eadaa284703b633
SHA1 511f067073f2cd76bb5c213d0d30398aa056d8c4
SHA256 2c6ad24bf5bfc377dee4f1b3c351cb329f53f64c86448049dce9841fed28954b
SHA512 b5ee7641802041cdd818ca7e6a0b3a8983322e2120df551037e1719f955b4e719c317be05a0575f8ef2f3f11f44842df070b8111d5021c1f34fae6ad7d85fefe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d7110f8795641860687aad9dd1d08405
SHA1 4c24cf6a75d0a54276b14bc0d8e361f0301ecafd
SHA256 fafe4f51509a5f8b859e39a738f3949fa4baec2f816827aa816984d5e05d781a
SHA512 b3e5bdb3cb179a800fd7a5aa26f195699730b0fa4708c61a03cb095ba23518dfc1a1a953e89aa8a3bdf092f5a4e525566b0886711af9b0baa8e8b59e4ffbdb18

memory/2528-8961-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-8962-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-9204-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-9205-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2528-9206-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-12 13:53

Reported

2024-10-12 13:55

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2187) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_3e3f05a8a446e75f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\errdev.inf_amd64_616c5168a5b1807a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Spotlight_NFL.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-200.jpg C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\AddressBook.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\EQ_ThumbShadow.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\173.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-48.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations_retina.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Campfire.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow_black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\HoloTileAssets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyCalendarSearch.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Sun.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1202_none_24329c73afbd2316\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_10.0.19041.1_es-es_e3eb892c41a08d53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.1202_none_f2bc4eeca2f84338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wininethelperclass_31bf3856ad364e35_10.0.19041.746_none_0329353d97fc76a1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_en-us_000773442a559e16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_memory.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_6a7e07da6f5fa09c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netvwififlt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bd7328257614add2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-management-wmi_31bf3856ad364e35_10.0.19041.1_none_a755ace56bc1bce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..communication-winrt_31bf3856ad364e35_10.0.19041.746_none_dca4b5461dafb31b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-networking-hostname_31bf3856ad364e35_10.0.19041.746_none_cfe6c8f530a665ae\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0fffc68b9cf11728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-management-ui_31bf3856ad364e35_10.0.19041.746_none_85260db75eb98bb6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.546_none_71896fe5367e9aa9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-400.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..migration.resources_31bf3856ad364e35_10.0.19041.1_it-it_2d60e4a6e04ad9e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.546_none_98ea17fb77c6ab43\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.19041.1266_none_943a4986931bd930\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_10.0.19041.844_none_582a1823c0e0c0be\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mrt10_31bf3856ad364e35_10.0.19041.1_none_21edfe5eb0956c62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winhstb.resources_31bf3856ad364e35_10.0.19041.1_es-es_926bec5a01c349bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SplashScreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sensordataservice_31bf3856ad364e35_10.0.19041.746_none_dbfd31e3890afb72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\jsc.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-http-api_31bf3856ad364e35_10.0.19041.1_none_ab9d4a833ca9604e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1266_none_c2a2211ad648e627\Remote Desktop Connection.lnk C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.19041.1_en-us_7cd59418f708faf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speechengine.resources_31bf3856ad364e35_10.0.19041.1_es-es_d8e72ef3aa195922\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ba39ff76cce58da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-radios_31bf3856ad364e35_10.0.19041.746_none_3ea2e277b12254cd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\406.htm C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..direction.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cf976879ca08827e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.componentmod..notations.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_48df6cede5e85063\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_699a0ca245158f14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\INF\TAPISRV\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mmres.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_d823a029d21badfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netrtwlans.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_eb3def706e85dad4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a0362413400ba95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..t-resources-mrmcore_31bf3856ad364e35_10.0.19041.1266_none_6a9928134b7702e7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wab-core_31bf3856ad364e35_10.0.19041.1110_none_d4444277335707aa\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\defaultbrowser.htm C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.868_none_cb09f56af1e015a6\3803E232ACAB2476E81BC8A88D5B231A677DA3BC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_multiportserial.inf_31bf3856ad364e35_10.0.19041.1_none_394a82fcf8d5bc09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_10.0.19041.1081_none_92239f26290c99df\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-whhelper_31bf3856ad364e35_10.0.19041.1_none_2741e98ddcafbf74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-c..experiencehost-user_31bf3856ad364e35_10.0.19041.746_none_a5506db9e54cd669\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3efe39982df48a49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mff1be75b#\4364afb08a160ec916d9ec14a6f5b435\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_11b986c43525f2ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..k-transformers-core_31bf3856ad364e35_10.0.19041.1220_none_e0f5f5b98aa564fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_it-it_f7bd7d909ec25c0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_de-de_876dbab28acc30b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..pwindowmanager-udwm_31bf3856ad364e35_10.0.19041.1266_none_fd58f14475a94352\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\Snooze_80.contrast-black.png C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_10.0.19041.1_es-es_28a5c7cf30072db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Printing.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidspi_km.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6a061045b6e0b13f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..gureexpandedstorage_31bf3856ad364e35_10.0.19041.264_none_7a563c0bd85320cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.19041.1_none_8ade03f009f66b38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..d-library.resources_31bf3856ad364e35_10.0.19041.1_es-es_6ae4d7bcf65e6d70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1uoBPi166dn60J2.exe,0" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell\open\command C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\shell C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YAUJXFSNEZZYCNE" C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YAUJXFSNEZZYCNE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3a5ed23192238ac0491adf5cb46b183a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

memory/1528-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 56b24ec340b599eb5173f8c1076d3f6d
SHA1 b73f4496b91fb34a22b16d928270ed9a59ab2e5b
SHA256 31e6a56c128df5b8113499e003685a7fc3142fb528a4bd89c59ef30d968ec438
SHA512 64decb283b94443d2ce2e046b26914a45f20ed5b87a2beb47da709fb1166c48be392f1cef965504bad78ae0c65d6d3161bfbdf776b5bd9bf9c71d610b68906ed

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 a8964dc7d77815a9b88021ac0a67d246
SHA1 4f5dd6d0860e75ca2f4dedf6d9782ebcca87dac2
SHA256 623fc85e097be08d2569810804883c0ed0d1502eeff77f2bc4534544e8974d44
SHA512 c8c11a835e53fa15508bb651802076886c967091e3cc7e8826b1d1b70be89b383a50f8ffa835f19dc2a8c105e47f195db3e7dcdc2eee24e38178eb3f4d0e1fd5

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 8361929590e3da6d43ffb9e9e8a0920d
SHA1 60668fbe4f1d3653bb34c85ce957157e8f829826
SHA256 6044a1350dde5ce223580e1505b1230be3c92cf6ea43964f1b5aad5b7d9e6e3d
SHA512 20519f4e43de909cc8d709944d4dc5e4c7f01b5a019c1ffd99b183b0027d2f8b8ad0785262107217a408586029675b71cf9322f408f449d6fc55d177a329367f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 78e816c0a0b94bbf9cbf0f10057e8397
SHA1 b6f7ca3ed3388562393d9159dd75cb6265164f7c
SHA256 24f1edc9365d070ded38b8735cc411b6a79bea98ca02043f57341d02eff1d7a1
SHA512 f3ad5fdca9c136ee72580431e41095e567f0f3275be2ec92e5a04d158c13e0ba67e6235bf6a9dfd9ec0ff61df58d956e8dc8d11fda28ab21d5195db1cf064c57

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 71eba15f06ca0c3eadd878989fc7703b
SHA1 a547acff33f8c4d3fb4dbfc476e5c300bedf5540
SHA256 3f71dc3abc5d47bf5d833823f23e284274f2051f3ef845f8cd2622931475b2e6
SHA512 74d8a18b6c5b2242310c512ed368a35d5d3a1f6dc6a78cfc0cb7b747046c3cd6ff4e6bc1422d0540963035fcff03bd59fe1840a79da1579a1e68a91dbdd68b78

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 5a1fa595aff50263a07d4d35547b12b1
SHA1 cef7ff817153231b13dff39a5e96503ac5b24130
SHA256 03747e80491d6a69a708cd27a1bdc8a98da3d45b29bf031f7e2547a34cf1f4d4
SHA512 6f77b5373f210c65d79d3fb02dcd7ae28de8df82c2f35ce308a9b0e6da374d13ca855f49d32c9ad7df9bfe1efd8bfa3d87320431048a1dd0bbfe06074561a899

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 953c1b5389d826848db846ceaff2df10
SHA1 a8d8028abef83622146e81c6c13f51e65370d5b3
SHA256 86b9925ed01abe20ae7f4fab11c691b771c50894b810e7a46bffc06154d23944
SHA512 26406beee481a14cf3776230ab7b0c2b228720c6ca7b796d8cc3fbd2b37e13f13a2ac561e895dbd36dfde2985c4b7e474b577b6b4f5608685082b89cff4b1199

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 a102dcd0bb4c71ba8a6021a39736ebdc
SHA1 941bc458da617c4194eaa195ab532e143c90790e
SHA256 c4fb77acb24b739355b987b2deb9fd7ad29a7d462cfa8d497e50de545786b38d
SHA512 b7b0254e965b46a3110e23a38411af454db8c0f7d18093243b35456a69d23f66bd0aebc72fceb1cdc9cbd50a676ee32c1ff372ae63dd0ec349fc810953fdc045

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 d97e5b5f4dd25708d07abc298ac3c4e4
SHA1 96cf189becf31b798370b1674a0c39d829e7f05d
SHA256 1336d2a265eb16f5bb130fe6181dcba293b93b0b6fe8083ed3de837dad924e44
SHA512 ffabd26df31486731138a89eb13f5fd256cfbed080c29c0a3e39b271c9abe3c12d74f823fc469630dc3ffa30115043dec852976a6145ca08a277f4cd21a8c52d

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 5c36eb8e1e3c51a274dd33726c9ce2ed
SHA1 3e27098284de75c4abc6c150856d59d0e81e4749
SHA256 445425f8b2f1c0b4a430c5f7b5cda0bf034cb5d5d40d2ea71ee6132be15b67c2
SHA512 51e1078028e2257454c1d428a7fdca04202907b19ed7cce27d464a1295cd2ce9f1f41a5526e564148ff1eaf1a752659df303be34ee4f1ac6e9fd78f02a1eebbc

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 b823bc7713f8bc85cabedaed10b69df1
SHA1 3c500b975775c54455493366c528ac0d3052b5ab
SHA256 7c98fbede4cf6fe3e67bd491eb3ee0ac52b1ebc86d2e364d51f00c80c9b01701
SHA512 9ef1ed5656048d075a610e544c85faa69c2e9edad46ea405bc9a0b6b8d09454ec8115c57d12aa8e5e0403e56f4d20caaaac455d9704e9725e34cf96bab1ad591

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 18a1859a3645ee2afc3c8424aef5c461
SHA1 db873e012315f4be043f81d4b2eb4384ef1ca1bf
SHA256 87a96fe60d32d389144bdd4cecb4f46652edb16150c0ad668e4e5935b3423706
SHA512 490c2e721fb77f5d1913c8711bfd19fc93ac26e06901d16304a00653bf53680e0e9246b83de704c45d37d736b3cdba857eed9f2d51ae218d28d8e4cd541b1c40

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 dc421225f1d8046d140b2b752e101a35
SHA1 b8da9a39e0c72b81223edfb1bb29df639945ada3
SHA256 85773c0027127cac95b1585c4e599a591dee5984d51e505e8e1e6c6bee8d2306
SHA512 dba2de1be803b30ee03dfc92b6707001d340915db1046d7003c453bb55f32104a392c732f1bfe7613cd8628039c11dcb10689d5f9fc394b73c8562d49a9a4002

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 5e90cd797860b05f9c20e69b7a9fabb1
SHA1 96a241140e5e8a7337b974b46945aa965dc00a43
SHA256 511a01d0c32ec09feb63acd5686e6f08b2dee6ca449c1019bae973a28a405e77
SHA512 b5d06bd0fa0a2cddfa7ca97949420624d1170c6267d63bff96e29f520150d5aa866faf91d69a803534f05c2a526099eadbe9419349c6ddf4f4999b05bf4d8221

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 d6b8311eb8e880f92782a98038291af3
SHA1 019defc81853ff7c2c3306da0a351537f3e1739e
SHA256 981cd1ddd553e0360ea59eba2c77e29d91773077cfe18bb1249d0738c75b9a2f
SHA512 c9a330895607d1326330dc280dc6f3f794f5cf7182ae9b04a7544aadd620a497ccc90177e5fee6a024f401ff23f5a1e723d7c9ad7643a4f46ea5ce531f5e2a66

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 18bec145936e95982af81be238b5805e
SHA1 f4242e4048b9f947de7aae41617149a33f0149b3
SHA256 15dfffb2a1fbfd946be39b854d8022450a131b144b15176e9fe8595f76b68fbb
SHA512 fbd1439d099b2d095c18899895ee1a84e5967d555d66b384bcffaa869a58f671d95bdf46a6bc6bf3d80f4a753d016fe0e93bc857b0dd2bc49b006a2aad824ce1

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 ddb45f7ee436b94fbe74740fef2ebc9a
SHA1 c5a8f2bf9ac5c95d1dbbb636e3ba08bff6585198
SHA256 86d8bd053f75f4feaf7a89a1a32cfedceee727257dd2e26e508e761ab9cf0f71
SHA512 cfb5fa9bc8147142e69a89ee1e957fbb5ee27a31e941f60ffb60b22ef1569ab3ecb7a12e18bd4a36b8216cb45e26ef6de7554847b370b60f1a934172177d1139

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 0af68ee7e1063e727784b4acff5cc75d
SHA1 d9296e5806cf367405cf61dd0c48aa573519fbff
SHA256 302d9d665ad515ca8cdc3843ad747bb4c2b8d6dd007af0fbd8ff0a4fa3ee724a
SHA512 9e638f71316148ac34b54be48f41242cd4f32b3c6ef5bee2532718a390f2b563554d75fe4c6d39ee6c57329a7a9fdb7f298d00182f7e50832a2a2a2c23a68042

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 4252602a4490d129c6a133f98c0487bf
SHA1 4c394c40f09b0439773503e5b38756752f6ea257
SHA256 b89c230f1786bdda8fb3a27f50d6e8a46188d725378f9d05133b8235a31de066
SHA512 53cc2af0750f42066bef2382d439b239aa555c2ddfdc1d1119682ed2f9dc9e342b4d96bbff0afa4e99d3c45d589e21d1f357576e17d7939dad10248b21da86f2

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 6102bdca90f523768eb9693c82297fad
SHA1 4d01cf3d9bda61d756ebd66d53b2dd08d5f046d3
SHA256 f3f86791d0b81391123356d68ff914374a03f67b88e139c83a99823444d276ec
SHA512 9183b801bb91cc70d453b297f2dfaa604c468d2fe8bb2ff87a55d50af9413af9aa60ba793dae4d09faf53159253518f65cc955dd4a7e906a528e2875df86b99a

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 44cf12385c144ac211598e5f23bbee86
SHA1 dd123a678ad0b6a96cab21f0783a00c33f39a601
SHA256 495ca5b5f29921e262a82ebbd7ba78dc0e15e793a707ffd99345f230774c2447
SHA512 32d583d79a06a5f178e61ed769977d4dd0fdf0307117c7cd4ba632179f05b1510f0be3b108e09da462dde2a33be0502a0ca8cd6aa002475684113bfcd9d30898

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 bf8832b43dbef65ccde88d1f6aedd120
SHA1 41911006d8d8b1d705e383bd5d785a0832302781
SHA256 41fa6d80fcd5ad5963ffd5295d6f53bcd5b641d2e7dd2d4d40d7c95c47595e38
SHA512 1c7f93aa2fdb989eb31abe49a60af0faa723ee352ceb078b81624318578af69d9096307a824feb26af66ca8eb9a06a6f3e4885c2e7f0c9339362a7967953643d

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 9d522b1a7f3729b1ba81d4b031580591
SHA1 f7c5ecd95317436873862ef77b5034b85363d17c
SHA256 aecd43b4c7b6e558595b5132a10a33017ec57a29a27589d8203105566da65c70
SHA512 0e92784a82844172df2174595ed228785ffafeddeb3238cacbdbf9ecd35730841130ef165b95c09c083e174f1af85a6900764b9439310bcbb6b504b55fe3382a

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 0af5371405283336585157d93d0f1721
SHA1 0d369fdf1ec81f4e09859c1a8f15ec3944d2560b
SHA256 b3bc3c83d33940a920b62887e5f107718f905f94f44a55bd567b2d7562d2abc7
SHA512 a81b893f7aba7463fbf28135760bc9eda2bd92307155d3e9ac9d2c25627386cec66307d1f866209940541c4f09943899fa93abd8ab466fed154df52edd3dd2b9

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 3955f60d3736eee15e7d021b60dbc153
SHA1 ac348f46fca43c8ac8a23b74b06f21c9aedf03ff
SHA256 c88af592c5f3f819ccd68941c7fc2c7f0842b7a4a4b91a4152823f1c021f07ed
SHA512 59ed06f9f5a3071d406c234d6084362f457b503c61bd1051d2b9d667c44d1c870de4bd7e34ca0782ae82fb66f15acad4ebb7596258b4d38958e2ecb954a85da1

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 381a73920985bd4e23cc6b994f171470
SHA1 5bafa4a58468da9d960ab46ea290f485e65b9cfb
SHA256 4564f64d1e6e646a5ffe7b945937dc1b3cefeb5682c61b001302b2240dd11504
SHA512 7a2f911c1172c11f78fd4112dfd11ff2986de23f39753faae0f55299ae2974e53a4096a9dc1daab76d7dacdd77629e7c191090c9e8cfc83a944cfc8ac71d3245

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 9c031914d661971452adeb99afde9bd6
SHA1 83af72241246c3ece7639fdc51a2fa5b1d847907
SHA256 6c04e0b99cbd5d5167eb7822a71a83b2635143d35c69814f076d423e0e221301
SHA512 8091faf7eafa0cd880bb5425444d9e264f0e3ea807c65d869f7f799fbe7d7a993cece40485dad2048a119bde5635301a8239738f876befeb2cba5f9d568005b0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 8b607d04ec145a11ef1aba172138a647
SHA1 1ad839a97fe29fe9d790126fcd86c022d021ecd4
SHA256 33c0dd1de70328c7cb79624f5dc9f11b542121ddd01a20e0ca9dfcbe5e3cdac8
SHA512 b9ebea64f559add6452a531fb7bdfdd441540865212ee6eda32314d31a73c18b72fee1eae19715aa2d82cca03ef8ffc94733b563fe617b5463bf998f741a353c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 88be8eeba8328bf5a158819602327d6d
SHA1 2f95e87f477ada8fd17dd34d7ff2e1026485059b
SHA256 11d87ea9a3f57a1927bb35881490ec617f068a2ed7d6178a3845c78c3e82f17d
SHA512 73768e2fc75250e99fb40e5c63d69ba1fa088bfe94b8810baf5b57238bcdff99f296486b8013fc7b97aab9cbe8122cdc95395a0ec0043777c94b5136dc7fe746

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 eabcf18e6cee3ad79e6914fbf21b3df3
SHA1 77f8fb0f0d436f00c40046beafcafbfb1b52cc34
SHA256 317eb46ba786d5e3e650d267d6555570203da1fe40fbc4a4ee2fdff8215b990b
SHA512 b9ef103181b081f7ddf51078ef1592dd98af352523d30f60aece9cc36c7a0818cdf8f9c6564f84f505fd99ef15a98405ebd88980464b2e8ee6d5f80a88e24fc9

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 d7610408be3ecbd0418465e11e6e45a1
SHA1 5d3c481018bc3fb97de28e9e0f2d85f713828a35
SHA256 c58792d51a8bf0a43414c3d443cd03a746098417cdf8c9e3a3dde243e7af6dd1
SHA512 f40dab3b435d06aed488d958d9c3fc1d6f89be9164f2cf836bb24147c1dd821d226a77ee71e7450f8141acd844d3c42a93901473fba5e8002c2314937803c9ad

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 7627b7c116574646db3d255e360960d8
SHA1 57578b31e16173dfd27c2720afc07f70e8aca834
SHA256 4bb0c9f27432e65614d563a7756cd370c8d60a82285bf62f77c90f57e2a4d314
SHA512 48b53af22a26047c6c210804eed49861e3fb50eb6ced0e76843f2116bc8fcb1abcb94f53830ac60369d4d5ea363aff7c60800e983b27b095a54aa00eaa3bf64f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 850fa37f0f4f656473242705de1a67dd
SHA1 460dbf755e68a16ce6e64379308bd8a7c755d3e2
SHA256 43ed60d2c6063eafbda6af82fcd3312ec1b32be88ab5eb625a292330550536e2
SHA512 d2639c184c86fc3775b8ffca25351e296e9fba080e349b739df2f5db9564eff9b5be3cb098f04c7cdc6d38b1dece977c24d5bff5b3b62351e896fbb5aa32971f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 7933f8efd9e8fc1161e7be4b7b4a59d9
SHA1 59b2cf145ab8d93dea0d170ebfb4ef942a28fe37
SHA256 071d83492f73d89fcf20ca661cc0c06f7894457bf8d1ba4c65424d526f0fd52b
SHA512 43de6b6f13c7e174e081f3da49948ab95b657c4a890aa3384b6c0db7a5ad470eca08b1f248a015777b6e680b1aefa867824cbf81051bce24391d2476dea484f2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 551b7643e2313da9418fb7d5c28cee13
SHA1 4f0b29c067031a0981c8bd11693a4fd0f99ce153
SHA256 4b7262baebdf262cc044a1c32ccc3d16b2f14aab38bcb7bfcba8a477cca342c4
SHA512 4c7579115794015fbab6a8d37480017d153a5d355789516fefe12c64ca7c1e000553558ef8cd879230dba3cf5004908e238054cbf2169e21e906062776bc32cd

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 c189d4c9996bb91603caba9138bb2291
SHA1 6e433e6dc99c503f0341ad37d4275c8a19a57fed
SHA256 8d5355bbfd6beb763162ee9317be9d65434a3a4f4c5e09c4888a11b2ff20038c
SHA512 daa6f25f32a0591cef27b537f031c3bd900e9556c15c9fbefa69fa49c7f00613d874b59fb0902cdbbbc4a1f9c541c02a490394645f2c42a5686c3e600fc02ea3

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 0bb5f20d3363d912d4b65f0a5c1d26ce
SHA1 6a3e325ec63118838faed09d31918b24539c798e
SHA256 a806b3abca50e17ef28b224bc53eeffb14d4e5d4c1eddce3f7ad93c3db40f1ff
SHA512 f653ecaa50f5d117575d814b56a8e03fe1c94df48ea64452cc2e590a4e69fe49ba7570a20b7755e1ad7a4b32386ccbe47ab6d3f45b6f80a598b33cb89636dfa3

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 ef2684fd36084582de803a2c53557a2b
SHA1 8f3211c4960447e3d2445d14eeeebaf19cd949ba
SHA256 206374c5bfd1a51964fb28b40765535ba93f548d3f6ebf9a87424adb3c49ce0c
SHA512 bfff61d2e50d4237c535d26e39ef1ea6cbbc15a1a8abaca095acaab495fc234edab6c44ffbce066404f37cfb57ddfe2e743adc0ff04f8c09ded5e6f6d3bcb531

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 35fa54d167a87e67a9ec4f665d10e659
SHA1 972c0976b5c4afe03ae31f755bc848d72e1d33a2
SHA256 76433fe5557fbf8d8bb2930d7c04944a46acca628732f66ca59c79400354bcb5
SHA512 bc8f71c6649446b99d2251d454c7199c203a9f7ced030b4cc4afe76f85c4228d4beda303edae5be1af4784fe8ff4226abb9cf7b365f5abe4af9609bd8d28694b

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 7f95d43f4752175b40107050c451c468
SHA1 8fdd965449684e2ecf810d2e1e91e4a7b8cad122
SHA256 694ed7f197668a4c1398d8692f24708584050f9bcc5af93f56a10b5017ce5f49
SHA512 900e03f87d143ee81a8c7e6a82f53042796e39c26f49c174f22a41ddd3ad5ff3f1bf366ccc65f362c6358126710f2226bbaf53a9d3b985d5db8d5ff82095f634

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e026ba73b224656205f47563b67d3b17
SHA1 3030b379c360a58fc30a4be73172c8f02304b937
SHA256 06ccd846cf256851eba072a97041c62463f0ec3ff842adef7810b8b302146bfe
SHA512 8cecdb69c09b3362f822b4c93015cb4bfe44b61bd5ad267b0f0a0f60a79f782e8f7139b309bb858933ab2edef9dc143df48f117d3b7576ca06d5f3e98c84e894

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 5b707ef20f65974c042cdef299c4d8db
SHA1 18dda92ef6865ac86369fe25ad0290cf91048d93
SHA256 88cd19bfb83fe7c522284baebe49086c3f8a1651805cc40218fd1df45638d095
SHA512 8ed4b50528f757df50697888c60551a592fec50367cce9b3ab4d2dbdcd607846fb632273120d75c28042eeb8b87df3aacd02b5b8c759b0dc9e4228f3d66f1345

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 9763f1de8a9a9afaf376ec3a87a183cb
SHA1 d8a6e45dd891c550406100b51020d3c15cb977bf
SHA256 434b3dc18e3ce2f315b6ed78f2859e3a25da62739210b8229513e0fd4183bb53
SHA512 7403dfbec9093c2b96c981dd098ce869c9604fd398491d5bbe11055c036a70516c2f4f8d0d51c639ad9646417c5faca3e406f5c9f0a8da64186c946cf0beb7b5

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 1d225d3e9835f4264fafdbed29db2901
SHA1 11ac70458fd920534394089c1cee5761d0f99aa9
SHA256 7f50d243ece70f9a0b5bb4ac84e3cd6ecd767c08dfbfc60860e0bdb4d5aad9b3
SHA512 416c6b10ac586f4da936d49c6bbca915ed7df80e25fdc4bdfe0a403010800a38ddc66dd39561aaad510c2ef721cffc5eceac8ff9ab8daf50e09721d9ba5b7f8e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 acf895797b24a543ea2194be1030e0f5
SHA1 33e1863f473447ffd666dfd270fc67b2ca9d8c1c
SHA256 027c03286e8060a7f41062b425a0cd71152529f410fc09dfc9585391f917522f
SHA512 48ddbc4018b2dbd9a1ccd35b0ac80cebc3d27c52becf20dfeef0fe5e69b3a3272bc679f7a0f2aec952fb0b22bbb78c09641db3e6688bea03fb50c899a1c18636

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 8c76de4c97fd2c789e35ea2a4fe052ad
SHA1 23937c8e668ee907a665893b72fd5c7edec0cdc5
SHA256 9c4599c3b6019d0fcc12ca6a98d08f5885dbc6b6cf7ced431ef3446bd7a8b7f5
SHA512 e4639efdbbe178079f947fa5f0e5a46d5f39191b1004745d544a034f2e34fb81ebda5c210f23a31ed89b37da9c0f45ce3adbff4c30428c678499fcc29eb4afb5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 10e997152f8e72c815f952dcdf2012c3
SHA1 90aed80f7fa40a5b81eea8c22abf8f0f2cc8b528
SHA256 feb8f533de95242e8b40bbeb94576efc09a9942bfd352568166409664e24491a
SHA512 c1c2a55ef8a59b71d97dc215770cc9a46753e7a71453f1c8ff3bc2397d70a2469c310e9a0292f466049dba7212fa5edd9b7987de85901e18e3ff10a0b229f6ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a2e96d43f2e3c0c67e7de1ed9630634e
SHA1 859b0b55b52508be15ad793307dfa5a41aabd9dc
SHA256 6e89b9792c1fdea85bee0baaa8fba3bf2398c5b93f0dd8908b7544e41d896626
SHA512 ae0f1b0df5d75e9a49c4f3c8db07b21a95385d20bcfd40beb01d78d3e9771d30fddd2abd8251726e366eed3a2d915be1867260cd93ba88f2385ee15025628db1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 68dbfb5ddd60bfb807535069da7faf78
SHA1 7b4b5796414dbdf6c8b967b8c448bef53da2937f
SHA256 28c22de42f4eac3f83b7550f786cb09131e4b9d1721a3ccb45fde121ae7665c1
SHA512 7a9a90cbb9d527f16dd9de5a8d5adf057eadcd20e45e5d4244a7ffc5c3f17b15fa6f009996799759dc16724fd31df7675bd796d461f0e9c04df17e41967e94ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 a148b144826ab026a91abde32c97388c
SHA1 a00024bfba06c9b542723659959cfa6687fa4f2e
SHA256 6289c5d893f6e14b76d446a75f4427ea71fbda9d36bdfe1205f256f94ea91db8
SHA512 6a72ed0f021fc74da9305e917c548a434e794f0b817a92891e9b13bf5c61b6ad3465daabaf2d9ff7286509ce34669dfb9f16d8789e852d7aab2c418f27b83958

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 05cc71974086c2db6062e51d0acf2f9b
SHA1 c34765236874b551d0947733e3dc16be5aa7ef22
SHA256 2949d6ce9dc9a8260b233bdb35fc6e2c2163df4d13d8d4fcd7bba9dd37e67aa2
SHA512 6be261d2c83ce664fe4e3d75135276a56514b987375aa209b3e3e3bc9939485b1920d1d30a2464fc00409146f01f99c3e059243eedb735a850ed2b348c5e34cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 bb46206aad846e03824455648028245b
SHA1 268594ddf328167e07fc1a9d97ca0ddaed0333ab
SHA256 511750c2762d05c326485386e516df4fda1ed207c1b2bcefc7154b0fe7d9a9fc
SHA512 c7023511df6f8a3227905b01ea63ec3d6a613ea22a928007b46610ed86fa6d02bbb8c5785dbd6ea6ef7ec749c9898855d6cf527054406e1f1167c0e49903cad6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 7721e33d854aebbbb690a6c6d66ca83d
SHA1 1d9bc4ee7221f1eddfa5743a8ff8e6cfe5a8cc5d
SHA256 bdfa81d4dbe1e163646cd77cd6d048ca8d522394a74650eb3ce597bf9484fc22
SHA512 6525f04983ef8c9796f5eff760c0acf6c0caa7534802c1387b52ac395ff51d1906715e24b9a43ca23435e3297af946848aa8f3e10bad9975484125cb16d374fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 9dca0536d60ca8ba345655c6b6f46bef
SHA1 76873199e79d8a6ed46ae9316d4c1ec8f9557afe
SHA256 1b7d63caf406e035416e788a0dd65f4d2de8f22e64ec1d92732c5fedcc054cb3
SHA512 2cf561f99000312e3d1876c91f2f13455ee9e20d56ee0018342fd990e45acec6f4db6bc9a667e65c3dbaaf57d559fa14896816c40a5cd7b6baf07bc0e2ba971d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 3740bfe760a5b05f3e6e9e84966fee1f
SHA1 4dbec0ee74ea235b3985436cd3c61178b62ce380
SHA256 23a92ac9b47c04e16e3568b54de82756fe7971f90fec24ec33139bd07f77c649
SHA512 a5a33b47d0f5845fa473e2ce2f9801fd2e68b8ae0ed150748b1101e1da6d0f4494721c60923045de2383174c66d79e5314062a2af2d8fc0b930a0d3658040d8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 231ca683c0d7a87f30d0a273f8592f5c
SHA1 dd8c8ac04e68ceebeff66375419710a8305d303e
SHA256 703be5d4f62bd8b03fd05c131bdecf3a4c269ca87ff8f91b779b72f68b31d7ed
SHA512 117219844663f85fc405287813003b3cdbe73f4819a4bc6ac85ecdf00c4ca483b8a7f040785747a7e77a3fb28f155347f6f79bbb0c6b64b6f061323d654db883

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 86057d43966cde14c0eb5389099428c3
SHA1 88d21796fb6ff46ba6d75a7ca74b8f9cf201e3bd
SHA256 57552183216e3e8b67c8aac77cd45fb74ed0597dced5a13d969466696ec6480d
SHA512 2b2dce5a4f630dd62049d0d4ff3eb6cfba5198d7428b0bcf278811aae0eee02c5fcd4508f92e8f7b897a1528fb5a07ceb828bed5cec81a0a65c2c8636b1ff76f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e3eb4e2e87004491b11c9ef6a3bd0424
SHA1 8b9be147c50ed7a00c1c20f685427d7122204630
SHA256 4c76d47653f719d112b3456f4d0f1bedc323d50529ccbcb172e41f52f3a323df
SHA512 00c63fb88a3b2be26fed19f1df25a8c6d4a71b1ca59933782d6df84460d34a77542689c5870dbe9bde4b1d4c26edb079edad0db6101777a7ce22ce5986756169

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 2f236ee36ac8cb0ed5374b3b010e1862
SHA1 33903c712c85db4d3869033720a4880628fc2756
SHA256 3ee267e7a3c4f05c11f1a17b0b7567ece6ee01c1988a407bdfd47c1ab34643c2
SHA512 3c2cb4a7d7ea5009dc8121aaa7705e17f69014eff43ec4be12f7b31c54954f5e31dea0c1b8ba8013a1d97d9eb9ea175480ddbdc18dc01715169d6d91d1ebeb30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 1baffd8544071c05e67ea6df1113d8e9
SHA1 fadafa6919e12ff8be451118f4dffde2a45eeae9
SHA256 dab2c7afeed74cb93daf6283b0448c1eccc55b76165b8d9bb94ce01b9a33f176
SHA512 dd298efcd98a1e9804c6f27c4a33d5c32c0fdbe66584f73d85d66f61df1d400b37fc769b81229574345c1a1cd99f0a45a638c9ac1855b72286133e1173850e1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 570c52630dd53839c4348ed3697b6baa
SHA1 e078a7b7816797934bccb6c30a6482b1499738ff
SHA256 18d4c5e8b0d467c3fe4e66b802ecdf42ceb6f388381685567160948fa366e3de
SHA512 d81b2ddb4374c0876483978d3d102e6b78d79366cc7932b527ac9d68c0e0a7f09fad124e958d55a3c052cc7365e344f95be43d92a698dc8070d09e000a89472a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b6b8b8aa272b8a0650bb076d0f6772b2
SHA1 445b9e6c6008d0b32a906b490d012fc94957b532
SHA256 80621e0397527c07ae3bdcbf164af30283165f655b6398b13b8e135d477859f0
SHA512 bf54615fd7a0eb496acce47262fcac6f7fd01fe85b6ac382bb38231f694c9fccde84c8c7c7f1f68fe5d13ea560274f159a4f8ad21c449f17276f20135c877434

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 1a8cc44452cdb026d135147f3379abb8
SHA1 6f096a94d16cdb03bc2c91098a0fc2d43eaec950
SHA256 e01ad5b460c73f7a4221b5f4488822758cceca004caa8151b047be1f51e06dbd
SHA512 642974dcaca710f16a57415cefd0de49542ef3b906169aabea99e0fb6aadbdadadff30f2b641bc8f01a38d9baaa4044f5cbfdc55aec4146eca40f68b43b3ed00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 db2e43259f33d292ef918a92430a77e1
SHA1 a88fc65495f6929728a2e769a128fd7a22e56903
SHA256 5d53ca418c4a715283d4e72a58c0f3d3de4091c20151731f3210e8be1e64ee0a
SHA512 70d7ec582bf1248779b58f579d867d33f4ee49555e5a24233612f1962571bde6e13a39dfc6f4281aa995f30bfb8ca2e8bf83f52ca2ac27dfd6cf4579de44afca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 22e45a14e33be5003228c8df5c748e75
SHA1 7ed27d766c94b1a4a1b03f1c04789b3b837bb4cd
SHA256 06bccc49184f860563ee0fde4b1a01caff56aadb3286d8b130d5c420b1ef9fb0
SHA512 9579a516330ab0abd0f14fb46d78b868f9a0a13a8961d0b4b408d9b3ee154abcc5c3df39afc844760bd8dbbf759eff7807dd9d50d30e1c79b69e3308d1e9aac3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 5305665a36a65e8957c33f73ef54fd08
SHA1 69241377d92dcadd4c62cac54ad1f35569e2c31b
SHA256 66c9eb84428d2886c90ebcdd63e6ab93eb5f005da4241be286a9775b4662df16
SHA512 169bfded1e27f61de6b0af9bc160ea7ca9e29e7ccdb744d279e4ea4cf7f5ef52fe5c6e26bae14260739a39cdb4d077aa860522fd4fac7f1aa20b7f7ff35f31c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 e1155ff887563ca093767a439bef2f97
SHA1 606a1eaa6bc14d2745ccd318baf3db3e7cc723d2
SHA256 37062c21ca6cd5682945e4a05175e43be908c6b66bb224288850fd816d9ab24d
SHA512 6f319ec4506799ab588b8a636f412d9f705b64da28bfb44d9d058df14fe90596a34709cb34b75cf1f870b2d1bb623113ddcc66389e3bc5ca37aa432b351c31c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1b3ed62d9e8bd398639861c6ae9a597c
SHA1 fcca3f9151f415f3ceac4bff6fcd1a0499a58b67
SHA256 39cbd5b20a1c7420e8bf5e35ba44b10c1efca801a2d2cb90eb5d6102bb9b7d6d
SHA512 e6ad147e9d86311076cb6c109cd5f5138c5702c0d3cc463ba107b6de0b08ecec982b9a1e38560c05648438d589ad93e34b01f3edf4c8e1218c473c9eb42ff278

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a1dfaba96283a7cd5d70be916cc31efe
SHA1 12cd1f265977e8ff02c3c732262d529297198728
SHA256 2fd74d6d85fbc080b4f8040c52538020e3b8c1fb3e245972bca46ae230df6e86
SHA512 b898993fb28823269bdf79bbddf7b375c058c02567cdd8e19f37bf909be2debf9943c0f9d5c31ec89f7acde3239b864bb38530cb41cf630683372599cf321817

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f9a030b2aa9a229c81f9b88a0120e9dd
SHA1 c677bf1e908822572d4d26c7f1261896a254f1b4
SHA256 3e4aa2938bce521be3eae4791fd249899b8df6f500c7e0588711e3f1c3c8435b
SHA512 760a63cd89d2a8475e62b2d2d4e80c36a5660fd0529d57abd4f73c0312043d6e20260aae4b1c5a3a86aca76f29d252ea6da00c88dbfe54d40f9e2451db23f7c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 58b2044341b49d6d540050aa21a1003d
SHA1 f592e2bba715095c1baa550a6b33bfe596358212
SHA256 218315b9ea1057222bca3d2f9476cb3a9eedd1b351087e5dbab961a82474102f
SHA512 aae39b33de075e3bed993e1f0d3a59c088d455b53e0cbb67cb01562851a2d25e154e0bc45e28d6f6c7958e451dff0115d2596449ec01884e84a8da68b26c06cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1fb872efb255c0c512396e575d320ff3
SHA1 9f8d8b983ca2eaf5593c672ea446cee85202af2d
SHA256 e261623cd9c79eb048994a1b4f8af54da9ad9bd1259a5148b8ba38612810ea2d
SHA512 571d57570353207b1d8bd30966bd4188f840719f994c8f67220fedbe4ea768624bcbebda00468e881d38383fe170f5604bf58dc1d53b60adf4d330ee3bb699b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 ad624203f075caa4f953ed6fe5caebfe
SHA1 279bfb91f195336795d29c7b733ab4db7800df6b
SHA256 7760181fad7578e741e893e7974b83093e9240906fe1e17968ba8d1dc3b29300
SHA512 a2d7067212b1699e1232eb947d878fa2f910af803c6d3f0018dc76cc0b0a045051d69f19b0db529a5811568627ed86039aa2a1aaeaed0c11aa9c7ed51fe4f8fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 29bb626f26c6375d81cfc885dfeec184
SHA1 521768e8e017b6936c8c24815b3744c32a83401e
SHA256 435c771e5dac11e6a8b1c75291bac55835f70e8cd3e823519ca3af9c3fb9b90d
SHA512 6d614e4ffb10a3b96c428c733aa61126bfa0181ffe156cef4bbd00bff6964f56db107f01c88675718821f341871a2dbd1039a3097267869bf7fbefd05a7f4baf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 02c0474f918f273be520e8cf49947dbc
SHA1 9edddb59533e78ab9eeba1062375f790a09a89fa
SHA256 6a99206a37777a1cdbc5557a44116d9504fd58cdb6ca8277f9c2811863cafa3f
SHA512 87826c5468febcb14e67d7eea460361da859868fc0cb572620bb2a4d45e60b9dbfccaf4a684dfe0ee0f7e47b07c566adc9d413416c29d62ad0d405597e5daa31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 a525e7eeffc86a8159aa6d792b1a3e14
SHA1 fd4dcc55a95ac69f154925c0a721358cb9576971
SHA256 2c13990dd5ab883cfb31f04528b38206a594be67ff4493ad3c7049705c6c2aab
SHA512 3f034de59524f9929f95cf8f0e5f17d9529c94f2679ad8403fa55b89c05c8aee81bc042f922c8b0aa55016d98159564bd6959de329ef241b9bd651f59a8c2b45

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 489bab9ce7400a97b5a29062f19002ad
SHA1 b663fb0fcb48b31702b7f50cb6c2ae806c827b65
SHA256 14a0fcd96f639d7bf24841f4fd5df4fc50d8b209fc0eaae83067b6e24c92194a
SHA512 9283084d46555819430da02cdad4af56eeb9e22367ab1bdc044fcd9c87be97c1d5c6e8eaa1ee2c965d6af7214b2f10da9b86f553464dd2c57067e00f4e7e51af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 4ee9e3f5af7d2b4e01d453fb342dd4a4
SHA1 e5b0512e9a91a555f0cc095af4b46f5a7348afb6
SHA256 47995807ed2efaa2d66b439accea13e9f95335340154ffd1fec3c756989c3b51
SHA512 02bcea79b7d988096d79a5d1f060aca387c9c85cfe34dc318b58732165dc674e741ffae492856b64cd5335ad1b65b9fde9b26d6a859d1d9ccfee12d3f045221f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 25b38c93ffd0f106bb7b86126780493b
SHA1 b3b89a842f15ba0e9cfba19591f5c9aa795e0253
SHA256 48383217d10b7b7219331e9bbec65d72481be147c5e9a84ac34f627f7582a58a
SHA512 e528e912a8d5f98938983eccb01e33e31e29eaacf9184378926e4c9e04457005f07cfc377123fd6d0e73d9d1f0bb93912c2eeef79b4ed7cff88bdeef634636e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 2b0b3f1522d79bad006cc933089afa3e
SHA1 750b5d5e336a09b80b5c94b9ce7b9addd32c3e5d
SHA256 e2902ae27759feb1933b75c1c76a4456368ff60e09d5cc7b15262412e50296cb
SHA512 edbfdb3129f5402c793ad681077b285725bbe46c56655b8f928637a52dc27881a5d5c13af749ae2c6b5aa636b933461ec591a2a8852094c92a1e01c1db8acb19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 c692b6eefb1fd6e6948c09557a5fa9d1
SHA1 4170c8548bc25c470f81536f019739bf1f3e9694
SHA256 62346667be851f67c0cbfc7d787ffb4be8cdeeb4960c41c7f726c5dbb9cba3bd
SHA512 991ec4af1e2dabb96c420c37247536725f87e1ad809f44df27530f6c3b29dc741c56ebfb22fa6e8b2e5b16145b410d43abc8a81bdf20df21c796f6b56b7186d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 a33ec91b181f43efe33cbac6380927c3
SHA1 99ef90a2025f8d731f7edf39f08e8aaa717f25c9
SHA256 419393a50ec92ce2c24eb81f6f5e57c69cda3c67f18b9efa373581bbe1d9eac7
SHA512 cbd6f5d9893a0d6a5ddd377d1717aa0f9c839d82bb97c20f3099fcd1d3a10282c9872a59944cf986025bb590646efb38647698ecca2e99ae469e678f1244e7c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7687b54cbd50265e92d8e7b07b27b145
SHA1 2e8f2a2a996f6a40ccfeacf967257d4541d457a1
SHA256 94eacaad59ef6783930e570f80c1c426783cbebb40efe799530f6a05a27fface
SHA512 74e8b26b0bf4ed97d8a83cb36d30daef544b3823c6bbcf1ca9bc6c20181e6aa011c4cad2a391f90acebbfff60273fc9cd2037240bb98eda9d5af338b68c11544

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 972e68f3aeac437b52123fae1065a39d
SHA1 456273c406cb475c07ad6b4eb267fd324da55bc8
SHA256 b04595bccb11aa7e19281fb379c005fabae3a9bd07a3275490d2badfc4ad0ea3
SHA512 f11595bffbe9ffc9d59caa375b66ce661bc9bde089fea35cb1ab7951e8841dc7da3b45f59d90d61a1fe7d16d6da918b23e73c03ac15a9bc06e5f06555ed43da4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

MD5 79cda236628e1f42ac6f6ec7993ca855
SHA1 6c18291d4a681934622ab02d1dbaaee4844f41bd
SHA256 8e0c537671d959c9dfd6a58d76ea3f0810db8616129766e49c39a206f2bf1fea
SHA512 d52577334f0e382dd8003fd20b75c73bf633208596e6e076fe7aaedf1cd9807ac01ec650185fcbbfdc43b91399dd5d60dc07a2a184750da72b703270a436a14f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

MD5 53c711a8273baa211c4f562b5084c152
SHA1 01bd7fd0a088363d1bc319dea97a0849178f5e5a
SHA256 9e8cc2fb1aa3499c784eecb81517417d2762ae6102760c3b43b729f3e4d96dae
SHA512 aa7bb3ee903334d3a6b9e9997325f7e97270ab43b8c91fbb7e9c411591c4ee7ae496efecfaf84c48fa92f98fd3644fdaa456cabc40a7a4aa52d9f939540f1e32

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

MD5 7a2ab80284ace20b2a094d6c755aaafd
SHA1 a3b8012aa110422537b49ccf150aac74809a067d
SHA256 f50de385f4c3b815d66aea35427c72a424ba7004d57a7a2acfc06e036c554e76
SHA512 aba425f8b05ab5c4dbe7beb83523c0cabae229601fe2b5025600163dcc80f943cfe24eed68a550a52dfa07bab701bca05fe39633207bcfeaa272feaab6c8dc91

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665714398674.txt

MD5 7357b238a7a080e829a2b9491486a167
SHA1 7c3947a665a93452b8fa79c76e80b3c75bb791e2
SHA256 819cc3e4bcc776c99c9cfb1ac7364cea8c8c85d9045dfe2f199adbed42311102
SHA512 2870cf3df7a4dd4b6b41828392d56cc0831def8741c79deca0b7fff7a006ff90726c4bd64bcc86612838af7a6588ae0df032b1a162f3c5fa9caade7e0e0c750a

memory/1528-6451-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1528-6452-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 1ce24b70a53243c06ab3f0e15fac1d86
SHA1 e3837974421fc7038aa610a83d703d4c12a76b53
SHA256 96493a45c11604075c1164018e6cd949d59ed6679b42c9b41d8ea86392a9cfcd
SHA512 9355fad48319388e7ab6c8084c088b2ebf5cc4c0c6adcbd6af09fb0b769684b7e5387043447811920350f997dff1fc3fa786a27250c7bfa69cb8710974066c12

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 32bc12fb1a2a746e3a10c76c464176af
SHA1 5a1582fcb66b21ba1b62f62f8e2971e7608f37f5
SHA256 5236968035aeeaf5b575819b2c94aec8af098f686b80339e530f2d2fb84a8b03
SHA512 fe249080dcd56aa51dd5eb26f930fc5559beea0186ed2235d3005e6b5ac0869a1237c211be31435d8d56f42ff41cb384367a37d7417f4ffa40ca13ffcf016890

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 074cf875f5a13034f323c50331100cb8
SHA1 f2d4fcc732cb49774fc7cdaf7d46963df505ff7f
SHA256 e06b9770bac42777430af86b313b3570522ceedbfc602c4d2af0f511fc96d2c3
SHA512 6e2409f906c6558690d4c9ca2839e62fb33f0c435a4011e3849bba2f3052623a48c0e8ebef0b3496e39f017f87f1c4696ded0f4deebad6660ca419afad4cc942

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 bb84c9237fb2d742484ddfb12435ddf0
SHA1 40261156cfcabe7b2fe9aa01e30e3662de182c19
SHA256 a5a883e51fba8d979b9df07f752928027a98334ffa4cccb97f8ce5a123f893e4
SHA512 d688cabe519eba38027e32315c8021ca4dc19bf858a112e2d522766d897986de3bfdb591a67f6b23d7f79ed988296aae63b0e572f25848812b76ab7aed02e4b7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 13d2ed4461591e2bf3d2468bbacec0bb
SHA1 7955060aebe6489def22b40126f1981657fe28af
SHA256 7ca84120708b1471fa59cd6ea5f380cbd2a68c70050caac9746fccf9eab1e0c8
SHA512 0266eac9d17416bddd737bb00f7448f463bce00c9261965a10c64797c445dcc5c4cacbf80ac1abf0a2fe0a7f78bf99078855bf9f8a2a220ea3b30cc61ee988bc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 589dad413fe18c4fc83aed51be27419d
SHA1 6a1e3ba4de34432bf7a724890937c12bb35d5577
SHA256 a9b568e854845776fd727107e98ec0759c8ad519e5d8dcfcd2dec36288fcf99b
SHA512 98315a8b6be00deb97e96bc62e49b88075b3c94433159197e8dec6f967cc0bb5e0ad250240a6c760d5ea912e2556ae3cf484f414a6a8c2aafb8c48a8066e665d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 6a087d2768b22a79d83d4e02d4a6347d
SHA1 b0245daf68b939ca67d9dda005139c53d2fc8408
SHA256 27d6e66c51f17256899a951d59f5b830f07943ce7207111dfe2e72753f32068e
SHA512 17d670a882016ffbf6320291b9e35ae335eabb17163951f533f7c73377e5f1789b264f79271bb17390df4d08594fb294f0a71d6d74f09aa8cd977da6e2750aa7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 70834545f35c89299f35866ca5d06c74
SHA1 788014ddf8199b1ca0494db252350561b7df1e61
SHA256 9e250a4185c97f2ca887ac130f76336367c1c4f97cea789b2c00a42120a5b433
SHA512 67cad31d45a0be59e32984ebd9ab488ca7bc7f6fa0a33df1a8a80b8a8601cfd1104e37f7f1979fa2c2c5a9ef6d197c10bc73b5891a512e488d50256312a8a983

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a812e6c9024a016fff2eaf0b52977497
SHA1 36bede67deea9505fe23a4ff5dbb05210bb8c0ac
SHA256 015ce02b75b140ba1a55374924914339a8695983398aacb93db1fc81b2f24c2e
SHA512 fdc44e50c6e54e85f63f4ac00e2b650b1fd26efa0910a53f54820c1627fcfbb607726a9f0dcd3c6d3862ec3ce5fadb3db1be62acf208b7ba6fdc98ecd4f5838c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 639bf073b6c3d3c7a731f81147f79ab5
SHA1 91c4f909e83586b7ecb4d179baf7bb6fbe24b02b
SHA256 dd6bc779eff348df3b8b21a25de2c6a2e09fd78d11f88ce1058b50b8eedd1602
SHA512 96a6b3e45eb008a860459846f3eadc349c7a9e30910c95baf367cb2a748d1a180ae2fb7908b0b70b063276c2147f5c9fd2b3dd084c5d381f209631d7f5f43a43

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a95d634483bb07ce59bbc9b366e3d5b5
SHA1 62087319500ab9a6456943b137db01f961e104a5
SHA256 7d5d9dcbb8c4abe8e1b93934f72e9099854e0abe5625fc77fc12c596362b3945
SHA512 4b36c349a06921fe4774821f6c639174a86d0aba51d64522e46d1f088541744d68ec37ff79984829083fce5badb0f8ce3924dcd90b037911b746c5b395851b9f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 3d2bd36e4b5eacd311784b263bfad2d0
SHA1 5ef7fac83f3e3171f9c5091bfa011a4c17f02ba1
SHA256 bb9cb48db83f101eb8e42999fe10c483ddd937225080098c3ed6dba3a8b64b74
SHA512 08fc97537ddefa80fe1615950969c0774cd8bb7ad7ada3f45ed9c226c390a972f8b58a081d26aaf5a8faa48e691a3b2fdf68a897437077fede3196aed8d630d5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 060190848ae3385c809a04b6e23631c2
SHA1 7ce5a1c963a906fc430b543ba269c8f2a549b7fb
SHA256 c5cbb1e00571f70102d3c26271732117b2f8af8b03ab8d82b66eb6d782f3c54d
SHA512 1dc327cfc5e4a91666c40e0dbe1f29ee60854c0b457b68b5e4aba397fec85651aa610971b97154720d2ca7d0771e59a4ee1faed0d112ce14db3ff4cc82fc73a8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a5978275fcd1e73b2551b12d412f5f36
SHA1 6a4e5d4442cd792ff4878bda6f176e53ac3c12ad
SHA256 82a5d49a4921bf6d514d4152922a58cf366c789b6220ed04785812ac5bdef849
SHA512 9d5912eb6ea18af1a8f24849f0bee3076fe109ecdd92ea7e8b4256fb99dc072e30fce8291e2f36e74ee275e48b3fd3a58339593929deea9173d7f5d7c68459c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 8bfaee9a92b9adee93011123b6053d7e
SHA1 c561ac7777d6bb6bdb8b192dc16a982754b2544f
SHA256 bd8cd78ef55735e7581b77b6420e547bfe164c76677ceb6802bf65db20d8080f
SHA512 4c6bdc4301217f311437a5fc0726bb4a6413bd7dd5518c85e422a0e33973bf11f8b31a76441f89203ae81287b51bebb6865a962a39971666b6824a5456f98b85

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b386d9ef3afc1b0d87fb111288f0a588
SHA1 f79158197943aca05a935e656a8dfe223b3e148f
SHA256 ea076e16d729ed55ae99fd35b73b707aefafbd42d2de72ad49d5ca3222ffd212
SHA512 a3e4c4540e2cc3104ad6f7ae6dfe019a373db084c8e8d89fe9859f50d5aa7c88927c661bcd2106dc70cfd146f6343c9a2cecf3b6a869a9494ec14217e043a21d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 0df8bb82b920ca406867e6f7f2d07ba5
SHA1 31c889e02cfe7a00c19328f7da03f97cb31f5611
SHA256 ad118ecd5512186671a4219457a997d3b246d27a3f921004db75cce8fded9e62
SHA512 910ba746e0831ffcd6882155c3353399470da17d6553938aef804dcc37d572db380337e3cc5f083aad7c50e1ec5224ec3e85918fa32acb37027c0f1ced43f7b3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 2881ff84c2106d4bf9f316d3a9fcf6a5
SHA1 60db9fe3906c9cd03d189a0af9222771458aef5a
SHA256 555c79b951c598176705eafe49062576b976fea88324449027de5a6228587728
SHA512 de7c14bd9a113e9ac8de5c3dd3b617b6f4e115080e584e59b578ebe5e1df68de63259917d7c5121dda134e93dad8bf70fb61731a481d08e981899f5872df3170

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 10647c42ccad32b98abdde7f2c3e2e1d
SHA1 b8bd97aa9a32a253d8aee4d6a26e49afc9a01b5c
SHA256 68eb3e410399590ac06cac2df2de357fe582ece04d33cdf554256157a73556e8
SHA512 80b3c7d1063e30a6c4c9b69ded3de30a02190066553096e492164024831836a0cf226f0f3afb174dd870a421b0b810a2e9e113a5cbf0292afc3e71ca8beb185c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 d7110f8795641860687aad9dd1d08405
SHA1 4c24cf6a75d0a54276b14bc0d8e361f0301ecafd
SHA256 fafe4f51509a5f8b859e39a738f3949fa4baec2f816827aa816984d5e05d781a
SHA512 b3e5bdb3cb179a800fd7a5aa26f195699730b0fa4708c61a03cb095ba23518dfc1a1a953e89aa8a3bdf092f5a4e525566b0886711af9b0baa8e8b59e4ffbdb18

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 1fda1663952614686eadaa284703b633
SHA1 511f067073f2cd76bb5c213d0d30398aa056d8c4
SHA256 2c6ad24bf5bfc377dee4f1b3c351cb329f53f64c86448049dce9841fed28954b
SHA512 b5ee7641802041cdd818ca7e6a0b3a8983322e2120df551037e1719f955b4e719c317be05a0575f8ef2f3f11f44842df070b8111d5021c1f34fae6ad7d85fefe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 0a49713cfca3b65ac60f07188fac998d
SHA1 3df0f9247dff907abb266e0c9be638e99b2993f4
SHA256 927374e40bb72e4fce3ad7b80b37f00a955a2c275616f8017eca84c590d0c506
SHA512 abff0c0da03deef25a9a858dbe983944729697a995fad9cff21f37158a145e3921299c2a8f57ed528521209b4bae631493c5ed5436ded63345f004bc142ec368

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 4f9308f9733089f569d1d9c05c9b98c4
SHA1 085559e194b96be85ed6caaf6f973ad4924741d6
SHA256 fb3d6eb935bb884245ecc852fa03f64c1bcee703bcbb05077fb6d974f51219e1
SHA512 11808ecefafc9eb59cade71a674f39d77c7e8fb57024dc9bc8834f2504d4945780f9e764ce38ddb3cbff53a1148a6918dad6d302048c18db1b74c723c424f36e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 3ca9dbd5fd320cec08fe9d2d99d42471
SHA1 032b295a405fbc831cd7db3828ed64c5f73626c9
SHA256 852caaa2fba241715605c30f6006dddcbb8da874315442cc5d5139117680ce40
SHA512 3fc6c0d5640d806ddce9c2c44ed8d67c56aa607fabc962e6c2b882b23f7e1613156637c0d1edfc3d8c257cfe5c6913a6012f0b43b0545e63428eea72b5df5934

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 222406beb8b0eac4ca75156a9c0cd013
SHA1 74ccf7e388f94e0b93d605093d894ad20cbf862e
SHA256 a1dd8dee724a50896030e9fa056bf7c223951fd61eeef251c6167dfd941922b3
SHA512 13c0bc3759f34731e12907049efd1d2c1e0c52b68b655811e2ff83b9f6859445e89b3d8238455adfab02b9efca33dfe0351d1e493c2ac902e115fd6770401b2c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 40fbe330ae841e11dc7393e3af106f3d
SHA1 a578eea0b33c6373c28f4e42819788d16cbc95ae
SHA256 1d0e9e7af9b20956752ff83d4c8fcbbfff367f1872f2f58e80fd0e9bfc6653d1
SHA512 e1a7478138ffe526285ccaa2c1b50cd7e35a529e5fb3e10ba874a0131ac916b1493f0f00a263d478784b3460ebc8a426b10fd6d8b39f542a6e37533a9daa6068

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4ff726e869506484fc248b8682ba5030
SHA1 323444331aaa5616fcf4a7fa3538af6de1726552
SHA256 e40563535add0c600d0af4f5d7be1866a75c953d8774d4f350591f89847cc9a5
SHA512 a01255bb210b5387b9298e3d0c91afa1ac5294e55a34f30152998a38288ca2b796b6ccd003a473806ad36c404c8f5940a293e43350193e19feba1de77c43c4d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 f12423dc77cfe3f5b9a29d636823a840
SHA1 7056c83dc7b04a28e3d9940adbd7f43b06a70145
SHA256 df180789f1a0c782ee31000807f0f68c815fb9ea4d34962a3faf49b13f64bd82
SHA512 76d1b56d7e52fb41a2ff8b327bd6d46d1cffe164a3d56b272aeef5116961561a8b8406bb8eb20f81ab58387ee3b5e50935d5c1aa1ff5d1e9505937668ccc4144

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 33a7716ae6ab523120e431189dbbb7eb
SHA1 9859439271221375efdb4eee348fa629ed8dffa7
SHA256 e8aa40eb9e74017891813d5425e4a10e8c34a7578c17d618b3ce3e65e5866fd0
SHA512 773d5b7e1a62fc43a2939a6deafdbc7739a90f9c1eb91341739ac902bd3735466f58c656c7fc1624054c339dc7927bc7bb4c37c58ab9eb111aeff82ba02d46e9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 2352de953d3b6bb063f918ab01c92417
SHA1 eead07073d85397aeb39d65138ddb34cb4ce93a7
SHA256 6f22dd2da4524ed9d482a0e76f33e8ac77f65b6d0a97ef90400b25ee641b74af
SHA512 58b74584bad6c4fb459f810ab62cf41b20b1559b60fd4d4ba6d4aa2976e770e535b854490491960ce5019375a73a8fad1814dd5e803fa0c3e55c3a9ff62073d1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 1393bde73f7ff58c13c77d506be071d6
SHA1 d514f569ebd298b65d6c9baa183aa236e73cff6a
SHA256 45c60eb4ef880cd581489f3ea6d21f4fc4b726f5b8c801ceab181b0621e4d446
SHA512 30b7e1b40ba7da19167c606b35299d48f92db2a622af8d145661edefaf8cd9467545070c797fc2740233e357ca976026462f8336bc22b55f66111ebdff02ab03

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 71994f71a9ad35ba6939e97599fa04d5
SHA1 2aa5d89c1acebd2ceef5553689e00e54d2f8e326
SHA256 f270902ae00ec91b26bf50dd9c5aec96d2089815c9c1ed0b4d61f5f3bd028823
SHA512 099ab6317a75e256ca9f18ff4afda1b1431fd00a74a2a25bf5c57a9f326cc21019b63d666cce41e6ba57b535d07851192c53d3246dd56afab95ca31dbf415d20

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 983e938d5b23b37b70d3adcc422b6e21
SHA1 987b771304e0d449d54b7e2f04291c9aa5dde1cc
SHA256 05973dc112f0b431b68b82dd375feb8aeb5a2c87d44a7d481e29ccf525f640f9
SHA512 7dd70dfb368c2fd444b33747304a053989b1027df389aedcee64d0ac680c432f5cca1ae1a0af854e3bbf904581ca1265c789f7e862c0f857ffea5d92653d7f0c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 c0a90ae137cbe413136f31bb04c7f4e7
SHA1 bf1cb25aeb7e785fd5e2c4e35cdf67b46fe0a942
SHA256 9a5e42031232990050d806e70bc9d6f1d2626a66074f6d6dbaed33345a7aaf53
SHA512 12f01d52588f3864a6cb90abe6acc13aa13b6da8c7cb9624a181671b2925229a4f13a1ca3a103844d092f1d0f7d17065059268e9fb01a4d944eaa10e64062d3c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 8962e5cea52bae6d9d670a67c92d167d
SHA1 330862154bb1b42b4660fcce904af3a5d9ed7ec0
SHA256 2a5dd021f32f46a63b30473fbea7a1cd394c8cfe50ffa94fe8010150b07be79c
SHA512 f836dfcb0c1052dcd2ab9ecf4e4e8203c2791a4d6dcc31a5c47c444e4ba8ef0b45e76aada68a1f66eaad3ddfb9cf37bb9dc3432c2316fdcd786b29d73ebdb5da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 ebf4d4c346601d0dcf51f7117b5d20f8
SHA1 12bbbb583939e22c3c1d8d7b98a0b2b5f7147914
SHA256 1c45ea4f1671356a276b290cc21a9e6ff001dcf519d2c7eb7199d6d1840137df
SHA512 3cf0b1226f36253cd7c67ba8827c2d7fd63e7e09fb140def6fa56597e0dcefd6102d2612e2ddafb9f1c3175a0046c8bc988208c307acf1f13a4c30d7831009be

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 6a180d94f26072ccc1f414f81624cfef
SHA1 b4f591e1843cfb46ed3bd777c06c71a170045481
SHA256 40c9a817c70ec44fafaee919803eabe8d2ec0fa95aabc5fbd5e0f04e1a7ec9e6
SHA512 e714bd2a1ee472edf024ed98e7178b20ac0a9a9ebf4bce4c5d31f1c354b061c2cb6ce40bd9ca795d9fe748bfe0e3bd62fd82228d3564067496b0d3382307a500

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 51544b81064a9ec3c9bcb2e0d3c3e505
SHA1 9d6861a98137d14b968699fe6b182a8841df5410
SHA256 e0eac713b703071407ac16c43de8e7243e9fea97cec9605e8755ec93a3b89d98
SHA512 009618a5e88ecbe336cf0492c8f2db54820c53f5dc9cdba8eb6c384b9eb8f6aa63b892f153f50f4c500c256713b199af843f69f85572be0701934b6ccf546fec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 dafd0e212655328023ddc22f5adad7c6
SHA1 224494df302d0ab5a1b9361161b40313fb4de73c
SHA256 1f36632ceb5ba875bf978aa7477155302466437cface76c9b6ecb882a74b3416
SHA512 405be74faf241074aaaefe750437ce3c83d03d787599ceee7eff3bac1d85316b6c0058ce9524c5172249f9e086cfad8a57ce19a5e030f12bf2221757781c65c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 bbaf5ba38904b72990a8f09bff07b1f3
SHA1 208d967e467f20fc1dd0299f9393f28c4a3fba27
SHA256 a49fb94ea31f4bd2ba4689c2f90fff5a3352b901393bf3099df8568f7e4ca65d
SHA512 2b04c1082b79c57c65611f8bdf9b41288a2ca978fbead71c57f7127013dd0beeb1d71bcfcf894a61da709c831f01f30107415c9431348855616a3f68f64bf6b0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 a746fb60635e8935e80083f2a78e9810
SHA1 a4636516e95c1e5c7a9f2ec81f5ef132358da615
SHA256 0320653f9e55160198e92300c8cc5da3b876b6020f858217e30ad24ce9baa869
SHA512 b91924c1cb98797d2feed02e01a1bc3a6fbea424b4543a5e8609d3aaca7c65bad5ec7c5b5c7144b16154ebd321893b187d97f522207daf3b4f5d7fae96b5251e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 c9be3d041253bed5f80ecd42a50bc6e1
SHA1 2a48fbfcea636aa644c0137c94d8f07522ae8cc3
SHA256 658f1fc011c857a19903788194f80d927f15b73cb7e65e7102ff9ea2739e9eb4
SHA512 48864e86e4e3ae4941b5f95b0ee5cca01fae882f52a42d4103351665e48a35524f59bfafab93b57f5920162e549fb67cd089981c0219aae10bdd9a3468b4a3df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b3b176b3b58e68a355464eebbb989a92
SHA1 cefb6da6a56aa06daed240161d0e5faef43404ba
SHA256 18ab3ee65adfb932c20025b3af72126092fbe2df9c85b7c1833fcb90557cdbf9
SHA512 901f6396d33d874a0aa79e7ea38a2386901215dfe02c99b139dbc03fc5334a08190c252a8ed7f0317da8a8a473835acc5d2bea64cf55a91fc4449002469691f0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 1fe1abfd69d2f06d09bf8837fef45476
SHA1 0b5d0d2ce0db7cd48d83d58523ef0bcf3ccc7b84
SHA256 892a0a1affd469dace082ee3891715a49f4c6bc6cc6990a15e3502be50168766
SHA512 96ab9376fcfd3c27daf047b52874881ae975e4ce758d685c79ffd0b9204391c32da6993fff7a4dbec2a089f0b7816bb6a560d65fa5f2ef265f982053eb0c7a5c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4c5c064d383a235f338d85848bb5e6f5
SHA1 ebad6d88259e97845ec682868043e25232649633
SHA256 369762e41cada9067fa2a7eb43b0d2479ebf53db61c9c9e81a5e871fba530273
SHA512 f2ed3b0c3c6378b0782992b77467a3fc0367e7204b2780c17a63859135750fad53116e31436b96838032a953729e10c2349f31478c7032925c7ce769bcbb2755

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 0e5fbd8b873f35160263bd7f6a9b5ba4
SHA1 651ef301d9621afb6490e2986ccba82bad84a615
SHA256 755c4d62054f86fdebaa3bdd5d105c4264ce729470461cfa98a916e69984aaab
SHA512 213fc2d8041ad746a8b9f402f1b96999b7378b675c6555386798fffb9890c43d44da903e71f3edc6805f186714fbc559156e0b5d7bdaa570b8a7df8f58a7be87

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 ea5751253f695ced432f8664118b5416
SHA1 899bc80baf796a125a5835677c92baffab37bef8
SHA256 6b322c37087880fa3df6cd9b33298cd3c66dec77eea3dd831dc037281488ceb8
SHA512 0bc100faf4ed745c90331f343ce6000a449ddd2f85dfdbddd1f00dedda9328667de25359ae454446a374b84f85331aed7f7bd1082c3ebb2e474058136f8311af

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c15efad0b14e313967a03f13c3d4fb09
SHA1 cc52d2163f39e4fc7208ff3e8bc793309666977c
SHA256 9488cad588b1fc45702a1c76da5461de8b2d80b94d731b767448a1ce5443c473
SHA512 d9f79912349147feb4b6362a86775a8fa462f5fd1e039ec1f247f9ae5d74d3cd521380808f73f244f51e53b00ee0e98fb9345f19657a5c535474f595157a7092

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 b7a2161881fceea80ccfe5855ebe092d
SHA1 ebf8d4e59e4542c25a4d829e400030450a7dfbb6
SHA256 b514e7f6c35bb63d83d1dd35abfd1ba022ae3b1b455331a0328e6b1388f4ea52
SHA512 ae7d1e045d18db461296703e2377f8c2e3b09fd5ab201d36e721b41588385f1a664dc1717e837400312237cba9e42342405522debae54861cbb98805bff98f67

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 f577d6f36c0b82fc08bc4a998a323553
SHA1 c8440ded6679661e56eba5b354235421aad8df43
SHA256 2020c8fed6230740ff3864ece8c3bae4af4e0063a0c03deef091504784dc9c3e
SHA512 6efc22b565c338803b2ded4d2d18bd4bd5c8503fa56b35016ab2bedbecc074e249e2751d3c6626cec7e1d1abbc5540fae8bcf5811918fcf256dfab5e5e47cbb2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 cad512bd3dcf4a88fb9b38e914584e89
SHA1 0a82c2ce6cbcc234f3b2b91e2cbadcc6fe24682c
SHA256 b5cbf7054c0a09944b08709113299c252788c28471bf36988fdbca8334659846
SHA512 31fe25ee614d94cac4f5ef3e02d8039bb45a1ebf6d8ed9b6b183cff70a5bb2a77e84f9edba7d81d3413f9d9387d62365c067e48900e261681de6c5a90b664b21

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 9dbd1685d87db96dd342af33f045160e
SHA1 42dd532ac4b3b51f5b3fb146002a7ffb94b4946a
SHA256 2ab378786e728b614f8e810ae36c1709ab22af9565886275be2e5db995cd3fa0
SHA512 62c202ae0d9d922dc42d2021ff4519a3fdf47dd763192a8bb4a7375e36ad4fc2965f3be9cd9ef8d95299cb779e1f698c752e48eca211c301ad63a37277be3bcf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 bb3060fd4634e9dbafcc6247e4bcb1dc
SHA1 d77ee71c27f4ad6cbe467cba619a0e3b1bc61d3e
SHA256 68020ee6b35423e01046953310fbe0bc3629f931ed2766fb947584a1428adbf1
SHA512 f872c1c55d2b4f2df9f6bb5d796598c1719a29038af5c2607169f1617569c61069ee615634a35b2c913c93a878bd4a0ee7b17142e4f8e60d5a5e6efaaf23395e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 e03f3abce94c35a758c13f41cbfae07e
SHA1 3051d3ce988b7c30cd9151a14709936ed979ab5b
SHA256 b322b9b4466699e726609572ed75a9a498b4cf67a4de66be3bcf83aaef2435b6
SHA512 c31759c7e5908868355f2fd7410c6a23e5174e4e0ee97a373d13e6f09bc2c15cdd6690a4e68c061a85dce9dabb21386931f212067737c285d987ab40f9d5320d

memory/1528-10546-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1528-10996-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 29a38dab6c7d928f98302bbe492a434a
SHA1 03b3c81b98a887669340f4d263a500fd926df5e2
SHA256 139f21a06de2a77b67ba8d518b3fd560e7416edc206c14f6b0700a37572af002
SHA512 4dbd2b992305c6edd85baa5e0e08ed131063f8ee5dbfad0a096aaebf139ea38816793c342e72d342612bc62081a3f9efddf4afd13023d632aa77a7a74bc722ef

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 84ee4d5e737d96495d4edbfc6dd0b114
SHA1 ebd3049b5a90e32e63121d2eb1d1ee8915fc829e
SHA256 489dea93d18ea7ee5dc1055dccf95b3b6901322269b2c6e8f4d7fe5e2c791f43
SHA512 61e5265969e4e7f7841a089c18c804bf22977cba848b27ea4d3357056de09e04b7a2cd590bdca75ac0e9dfbace3d1900b43cb1dfc726af6e3112d0baac5150f3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 1e499b716513df7d754937ba3197d9f3
SHA1 ce528f47e2f1e80d50d0cde0ee145241a93bd19b
SHA256 6aeb21aca60b17707e169f770d715d4e867fd0292a907ee01045846830f12e3e
SHA512 8b5139661479f9a84796e1c3aab51c021d886d49bcc22794e21cfa8cd181abb0fcb5aefceaa08e4c5a3d3a6266cbb34381f3833869747362b12e7e4b886e21b1

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 7c113325d568b82353068c3f103a2390
SHA1 78d8522bf5693b00f0741d2feaa1ddb7aacb805c
SHA256 d90d7ab9da7283bf76ff36961977c2ad7385d60588853544da72c2c15ec98d1a
SHA512 4f11900bb132f96ff13eedb5704153f258d8e48a553c02a0f6226f137695c4044afecb9df98a1d27c6185a62332c1ea4b01fa7f1a3254e292abfa19c6da5fa2f

memory/1528-11329-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1528-11330-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 88a78e92eb4eef9b7819e1293a505a96
SHA1 8b1f10a51c949768989572452224ef9a7008324d
SHA256 30ef2cf2b120f9117bb3aec04aee2d85b4ff8cdc193b9032d0525d233d2b8e7a
SHA512 16daeb2b0b6ad94303ad379ec79abc8fa1214659ce19db39b43cb8c7911e822ebef8a093bd2c9f4a783c5418cee9e747c6d4259410d5d55a32bb98ae1877d85d

memory/1528-11335-0x0000000000400000-0x000000000040C000-memory.dmp