Malware Analysis Report

2024-10-19 10:43

Sample ID 241013-vh84ssxdke
Target 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118
SHA256 d016bf6e8ee34476729a5d7a8d33f068344ccb39141f3091663c269a6341d9f7
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d016bf6e8ee34476729a5d7a8d33f068344ccb39141f3091663c269a6341d9f7

Threat Level: Known bad

The file 41084ab3be6d49c1483b0b192de7f636_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2193) files with added filename extension

Renames multiple (2209) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 17:00

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 17:00

Reported

2024-10-13 17:03

Platform

win7-20240729-en

Max time kernel

32s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_7bb325bca8ea1218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_neutral_d7409fccc5ef4078\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\ppdlic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_neutral_93a886f96cea2847\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03df1be1120b3a1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_6.1.7601.17514_none_51f86252adc79b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d786c9d638c838ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_24ca1e2f861cc656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_f230138205aebc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3335316deeffe44f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Search\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\1px.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_6.1.7601.17514_none_48f4080a788fce87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8a7ebaf2c89bee6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\Help\Windows\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-858_31bf3856ad364e35_6.1.7600.16385_none_cebddca2fc8602ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systemcpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_048017f3b2c3e7c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_965074b94313e034\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_divacx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48f0af8cf8152af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5053116fe7b53060\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f07dc9069aae7249\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.16428_none_16675be9a7415cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fe564562e9ee1803\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_crcdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b101c5afe5ce5e39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a1d2e2d9caf6cfa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1fd9a5b2ff38869d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_it-it_70bb692c4654ddb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-panmap_31bf3856ad364e35_6.1.7600.16385_none_6932aa5f8078bf12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e8934bff7a284e2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_7.1.7601.16492_none_89bc8ef5c05582ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_21a924e803f68af4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad65cceca64de633\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.1.7600.16385_none_01d2f6f4654f7184\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..tigations.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_4a9432aaab5ec70c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2637f1a2904d46a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_89dfc03fa2705302\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a53a2767e448aef90b345af1339d4c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-ripbsyn.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e1659d4abad790f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f232ab0cfb511fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_43b532cef55e977b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbport.inf.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_eeb59bfbb06f9086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0000046c_31bf3856ad364e35_6.1.7600.16385_none_63b79e90a408fe50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.1.7600.16385_none_b0f9353ed312e131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d85d3818b1a2c5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9b239ff27d91974c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Peacock.htm C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cf0359a5e21313a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3030275c76e27695\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d83eba5bf4518adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..g-utility.resources_31bf3856ad364e35_6.1.7600.16385_it-it_83fa4a32ea43562d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39c8c211c8571ab2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_es-es_28e9f3de1adcee20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c11a4c8d1ad35c79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_185ba149ada3245c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8e96c1352b130cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\Speech Sleep.wav C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORQUAXCYSEZDONB" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe,0" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"

Network

N/A

Files

memory/1520-4-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 d27c0c5fe3e64ef41c0c03e28cbfabec
SHA1 2bf7c130c5d4b0990f465f54f19ea9464e2ebbde
SHA256 522804a9bc40d71d21dac4feefe348d63cdd7c16378823cbe30853138036a59a
SHA512 b95a755e9d6af1318757ac00ab98d6797ac30da652ba71eb87e5ba8f7694b570d9a7452536bb74bbbf3a2fe197aa7c97be9255c665a8eadee3c78c258fac2164

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 d746ee33dd76a5b2d4f7e78634a52f9c
SHA1 f54d42814d192d35f6fe15867a1b9d7bb707857f
SHA256 636ece6840173d9de081b2e54d4f421df907ccd93211f5459b9439cda641fb9f
SHA512 1ae3cbf3fad5efc1311e1f1c8293539fb0f6eec627a6673305d1688f59c95dca7dc1c4afbe169cdeb70e4c93acd32e026a3f71dd12168b2153dbd9265bc4921a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 2137f8f27b43f9a0d0cc84e9a97f089b
SHA1 88a5c795468b345a6c55f5b4485c2db097f40c00
SHA256 4d215adad6b8fabba54898957d75670d0a9823e756ab22448d32e276481398e7
SHA512 2bdd72a2b7cc00cda98b6335953f7302c99330835310eb2f3679d23f314ca588e01583372defee9f7818be42571814f66ebebfe1e3c04de0948c812481be1ce2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 a1b1ab47d4139d30f2169a89ba2ba704
SHA1 5d40b669fa236045363e763e6fecbbfa9bd6ef98
SHA256 06618c7f5dba84c5b889c9581aef76d2e97eda0f215dcb7bc045f7fe04c15578
SHA512 ad27e1a6e9e75177d69dcbd6b4b0bed04f95211b81c41e1c5b3c5c17ecfbe3e4aad8b5e0d4739fe207cecbf6fba068f695325c0a355e7e132c37b33c53d4ae1d

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 425f23be01c59b14b877fde097d23c54
SHA1 56125e16da2788df5d1495136daf58e772c72f6e
SHA256 8ec0f7eb0ca0dc54aafb8a48c42663acfe2d4ed2a10dc330f0ae2dd57adaae8f
SHA512 e429e02ed53a5d889ab0e0acd0db02b9c64231b4b476ee8079f4499fff60242bfdf5c80a52900f5902ee9d9912cd62fb858fae317ac1c3580f079d81caef3567

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 e0723ae2d9cc249d85bf1857bfcbbbfc
SHA1 b96e65b4c98c2286fd415bb8dcee8e3630bb14d4
SHA256 a80ff826344bb36e2f784dbd99877af29786b3127904a691772bda4f6de35582
SHA512 37e169013697ed575dcc1405caf174259cd8a8d31bb63706c8860b18cec0230f16ddea27d8ed90b221eda348902ff1372410256f875510051e50f02dcf7bd672

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 df7fd5ee94235cddaa8bc22d05b0aa0e
SHA1 8ac5303fb2ca1e8821d591d45e67243c8e7301f3
SHA256 dad0a4ab20ed2e95eaaa2699111e586b0148b638a51141079113b7dcc0687beb
SHA512 7839ac583b020031b38ca2e0edd6d2d3b6f80aa4a474963c815731a6a7c70583c08c423bd5713d095b7ef28a3c8acfeb027560be6d0435f494f0f4c99ccd2e0b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 68dc3c0ecbc6c9b6cdc1e34a7b3fbbc9
SHA1 22f3d7fa353dba2c859d104a30de9a14f08b61b6
SHA256 3101a5c04f78e629c8d32d18d21c9075457b49a0e5488854a7a6619209b4d021
SHA512 c9cf879527c7fffa5791b42c9893e3991ff218f2f7b933c368fea8b4d5160772cb4f1a8ad630cdb256384bf7a5d6fe261196fab492abb89393ffe4f657e98466

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 f7dbcbbe7bed6e3698631bf24f0c500a
SHA1 2c825feae02a76562d55f3adcc6301740d7ddf63
SHA256 81094f1c98059c8349e30dd3050ab74cc5681d923351e282cbf6c30a7606cea2
SHA512 ec79a621fba6fc472dfc102085f09c1ade04e955e5fa426e1bd0855341932b5a71fd53c82362c55020110a7f38c29c186652442445e225f2f8d8545161f1ca0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 6eb38eb39c8cd24928f2e5cc36503c13
SHA1 8217a6b18276854229b0139a787a08fef90d1c58
SHA256 27e61b954989cfd2c3ba01ab369d4fcb970a5a73892aab4b926629c4d5689a4f
SHA512 b7e7a44a073e058c821af2ad9a92153462e4ab49fae2f7ea235a256218c2c0a16b45fc1151619ae71866e0379ce53f0af3b2d7849594a57a649f9c54fcc5aa2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 683ff192c03fed68f8f43280a2b9422d
SHA1 2b0f14db778ab49d7e5a8b3de84b0cbc3e85e00e
SHA256 c46718d1d7375b7fe2b7d3e4b7a96e244c03f6616c6f066b13106bf261d54a2b
SHA512 41304b52b15e0783948389e9a3ae0d5ae567922e10a92192ff19d3a6274b820fd266b21a1589d4d081fbb7bc497d6a1be6c0341d01871a1e243bffaa0a60043c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 d5476a522ecb23a7df38850160ad6f1c
SHA1 7c73f3a02012eb0afc011bdcf9507aaef531b5ba
SHA256 ae2974e80460a262e46bd175fc06d36e9daa2b320df0a7501577307f4ca79c56
SHA512 3c2620b81556f3ac6e95decedfdd194d74566001353d1700eb12b3ba35181bbc15ca69c7248233cc73bc4061486442bd038f6e037910685722d789a6cbb016ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 2cb5d9171cc4080c5336b9a2d301ae69
SHA1 d21973db3c164cf1c857a52a9c8d6870781382a1
SHA256 f3ae87c23422f2fba25aae8a31c2dc39124e31d14cdfe8e4eb3251823cf8072c
SHA512 3476a97a039f584473c2f7561cde6e92ee6a8288d7f8e3a12b4fa03bd2f531ea875337efb9443f459d4f9d4c3421ff441f3b384d4c72293aa3369bba1117dba3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 575b8a6496a02dc4645487f46aba7d02
SHA1 13687148c270ec2e0ada793e3e711692753ff25b
SHA256 4f430c6ab4d1023759a841b377a11f6f26f4c09e334b3a520e50ed5593ea0f99
SHA512 504fed004c9fd26ab881de70dc3087a162d706ec7b81a80ef8ea34f377accd5aaaf136bf2329e3fc61edb956eda8e6e950166075efb1e3208c5e864c5e97ca6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 1c3b9e285079404e3eb7bbfab6118a3d
SHA1 32137a641ac48162fccafa16abb77573364269b6
SHA256 722b2c8610226373bc304fc8ce1769d3a20feeceb2b4945c03ee3702e507363b
SHA512 148db4b93d895d721388372da4658ed2bf8d79b2bb64e1af50d2b9838f274bf383679567e5202eaed21b948dfaaa89e4e3926a9057bf4a64cc7417622ea7fe15

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 4e80122ee34a330a1652a2824731fc41
SHA1 a71e6a979b79d3f4ff0ee1d473c0a09072e6808e
SHA256 0ba80a857fe04c5f22ac3fee3aeecc5e247857b1539519c9df88b12026424562
SHA512 48c912d1e99976e9820f5bedf1cc3f4d3d726acf3f3924350dcca91a1ee33624dc97b11c974552276483ce6ce9cd322ad74c9e94aec9e92ad4473d473e77d64c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 4f0dfc167f46a8a8b2fc402f12983a48
SHA1 39b93b53cfda812a84cd19f1e14fd2498ef8d2ff
SHA256 cc5aee0b91e59b06f5a58ef77eb803b7b952aaa7f272dd1682912a3234b16dc4
SHA512 414358401967a7d1ba916c5c1f42d236ea54d1e5a90902eeaab04be73bf4d1a86927c94ab973ffda35ad71dd0045b00c8fdca8d41a7f24bf2e935ad5d2e442f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 896bd25b4bc59ee91fdbf44546f28d79
SHA1 9f566ec25a8ec7fdaa24a8f23912846de90d536c
SHA256 d27f2f2d371033ed837a689998643e1af3114486d295ec5b6cafbb93c0ae5e2a
SHA512 1fff78ccb50678b7d2f522ba4dd73186f05c4d6f087bcddf7c318e2009680420ac083306ad6c891913453e648f122a8ef49a82ec79ca5983480b0410fa36fc42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 624b1adaeb313a2913213352e85eca6c
SHA1 46a6b760c4df79b6cef5d84c2296e10a07f0899d
SHA256 aca5946da28a73f98e5cbc00676c3ddfa523f3b7df6ccb12b4a7b81bb018366f
SHA512 546cecc68b8233ec75a76edaeb75d69b3b7a1bb73abd14523b21881d8adc0d69c60193f2c92322083a979d3eca12ffc120127bb3431dae30935121f6cce5ee92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 3cc0a4e78a8d728350a4566ad19af04a
SHA1 fb00a7b0cb25044f579d85725fae9c765b35382c
SHA256 105864d25d5c259bb6c8c7010c79217d434280f55ba730f5500e4bbba2c64613
SHA512 8ea7269737a31bfa620500ad3c228264b8e65587becd131a6671144bde73d3704431a651fc4f5bab1bb8bb71ae5afadc17bfab6d05f4e67654f78c02a4dccb52

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 dc88f4f7ba62197fd02c73cd79c5d588
SHA1 36cfbcc770347121c7884b029743cf22a584b59d
SHA256 53707fa72e035931d15911870c760e414307855361424b3ddace13c0f51de94d
SHA512 6a22c8fba8c26a56abf19c633df358c8cc06b9e4f21cea59e997d41552110ad3b36d913155e315bf58c752c1de01303299f39a13962b34e968802f128b73a660

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 8e6532c54c7862357078b9364fdeb13c
SHA1 970f0d69b405e5a243e68a292d64417fff1b8cfd
SHA256 45c96f0c0d4adf92a66c86b139ec0e0f1864a83a48d7366f7c8fe1261b1aa426
SHA512 1e078237f42483fa25364cc697b10d300def544d0ba12258e0ad4423894a758df2789b77f7557777fd55e0af93b88590ab5c737e2973ed3f1ed785828bb0df54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 7e942f798bf1ce8162897381f0d2776d
SHA1 97901ef30c370ae8b804a914db4dc8eda71a5c56
SHA256 8a332a7b6b5222f43d71b80996679e7ed557fc37c7bec7d891b9bea720022439
SHA512 a7e5df9bdb7eb00d3597b618a061d3ed82e5c0cd14936c6f6b5b66990a71dcf789e5980de3733d3c13649b20e8b8247d0d22995eaabfedef746325464dd7c805

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 521046d5586a242f09a89b96106b2990
SHA1 9bdfc060f5ab6d1bb8da710e742432e9791c5e94
SHA256 53754407027c1e949940c5b2bfc889433d97e8c68382b0deae267909f5787b09
SHA512 9358026a68694775e9dc8cf7074d0f9d1af4c99b08ac30575f07805ccf0080010f41578463636ed4d029a7af939036b63c31415f0e7297e93ddee46f957ec246

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 38b6d5e7939beed72b5b2a61fe45acb7
SHA1 0ea7c2426c9a9a5aae544a79a0c976c375e998a7
SHA256 7f4b119c0e8cf06a74b2f542405cd5ddb1d11e30a5621db51e3f6f7ed522043b
SHA512 08062f5669e8e7d563922c74c1036906bd3dcf7a1b9b17ee777ae90a356e9985a51f9c7f8881c2b2ff1e4f3102e35a7242913f909d2b239227c41ba19c8de14d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 85632a56b7a11f3aca563f7d3cacbfdc
SHA1 70b7e0deb6a4a31cc1a747d52491ce287327491c
SHA256 e50e2bdd51ac4183976db38abd4b8b32925fe8c72521db41e206a2b9af34df9f
SHA512 3ee1357e43547309419473b886ba86698f7d968b5955695a37a66bbee21a5cf1f63207f9f959d9939d4c5cdad53b9e80d1ca46ecff3355c3a3f492776f09c8b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 a3a2e10be1cace767167fdc86028f40b
SHA1 4e63a02ff98ba2154f9bfcc8cfec023d574625a6
SHA256 d294c58ce5f105b480074b6001ada3e0d7dde60c4738283d78373fa7d89868ef
SHA512 851553a692a53757500bd1272c0398c656c78321ef81018f588164685ca272a5036387557750c5c6833af5f9f374d32b311bdb21dcaa335ace71c103a06ec542

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 6eac328a479019a150d1223a2c5959d5
SHA1 b02238f01bb742a4ddc29dc216d6524d4d3b3bfd
SHA256 d74c78bfa53e715a7ab3c26b4a1fa726bd82d89e0187ee8bcdc55a86e9c33604
SHA512 16a1f6a69bab04c9f8049289f6e11686d10b7a935ef427a4cb76dbc6096f93ce9457c765b9e23bfe9e80927878e27a427208e9b7c3cb9b5b3a264f1a958f38c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6c3022fd14d6f2b2559adcfbaecaec2c
SHA1 8c9d1b038a26cd81fc8c90e0b54739fd2103e768
SHA256 c326ffcefe2efe4de962d7b04ed8de44db7967c0fe1324a156ae1f549c3b7f8f
SHA512 ad069c99a07362646fb1d1ef3737fd6a7af89cfe6f307ba56a7ccf84ad0ba2b692e1a7a48c5c1a8fa62cb233104f3a7f0e0a724808f590fd20d1883f47879ec8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 9aa075008cfa8360c2e54c844483400b
SHA1 56eda9b5afcae4529631c23c83e69f19e0d1ea35
SHA256 51de88b33d2c4d6685bb0cb046cec20cdf61f4afd415ed4b23d82de03ffb98c7
SHA512 c6f5caf88910c5626cbd306003c9e8fb4f0ab9e1b1e86b7a9812cac37baf4c46581cf3cfa58dc9e9c8e09da565883d06a327c5cb3b50db349a1c9b89c16562b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 51f76db7267b5e6394acd4b44fb4e083
SHA1 e5773eba4cd1127fc5b91f1f3a778bc614fad7e9
SHA256 7945afcd1789c1ce8ecec182b85d76d967c7660eb228d7b80e60654baa1b1d0e
SHA512 ae31c83ee3a8d4a29c1ca7271336866c67d4c77536ae448e29f6bbd239f39a7f775dc5efe3bf75157af41592915bb09aefe68b4823108edf9b3733a6dc54ba0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 d9c25fda1f8551a5c6a1f1e634a1ee4b
SHA1 f7df03ae5302623eab1de70946cad0d2d31fe120
SHA256 1130598f72a58b27b19a8071acbcc9728d1aa9974a4ecb40795d8d4c11a2f8ac
SHA512 abf3686959007ae6cfb3b32d9a1474cd12eca53e3db24648e31723a225cad5ef3485d863b2302e0fd5a480263f47ba6c3b74bfc96338645bc49b0c578fc3d316

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 7b1c45723b7429fcc67c5d74ec249e15
SHA1 3e81e5b1457b6ba176fc203d97f83bdcadebd58a
SHA256 e08ff29e3f429cba6530af24f034dc9b958134b654c073257d327145a211b86d
SHA512 5184fec554204b040c850872acafa907fb23ab3429efbbd01fb765a82cf653f888442a951e006e7764c08f9ed96e344274336c53ea8641a09f6d7a0ae2b8c744

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 77dca660893cdf64760af020f9b3c5cc
SHA1 1a0cb36e5eb1663b3d0a5c726cc1e7caae949855
SHA256 54ac309536f3241060244efae73b3417b43029b9262840d52ddbf7d3218f36c1
SHA512 ae9e276b442d4b227e879c7ced9e1a9a7923d1c9faeefbd22f00145e89899ebc64754ffb8d9fcfd5fdd1c108ab3dd5a9f8ad203530e29a3bb6793d46bec3dfd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 52f9d67b57fb5cf1ea30545552b804d2
SHA1 935a1e9fccc911af8c7251817bc6f22fd2adfa42
SHA256 c020112381a37ca0952ce42f8bcd207646c280f36d54b4c5bab2a3c33e005e0b
SHA512 45dc5ae6d07a2d298be872b3ed83995ee1ce4dd0d2fe641b454b4c6e4a3211a131df3383e5fdc3ace82a80653e98d66235efabbf00c0da99157bc040136cd108

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 31a4ca6d8d5f5530dbd550a2c8f8d0e1
SHA1 88cde6ebd57878ec1c4cd783f9f9c63a1b2bab33
SHA256 95686454dfd3b354dfaaa4a07177c40258331f9ff5c345a92a60e17feb415450
SHA512 d8171b0d609112cf0d9bbea2e2f09bd3c822a1a61ed09332a0122ec974af29029b3cab80db4aeca221594473301b1c301c0e8aac0dc94e881a5a18afe7a26e6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 109adbaff54cfbe3ec7d98963ad193f3
SHA1 0f9d94b371dfcaf2feaaea428d45b7558463af84
SHA256 2c33a4af66ef72734fc882126eb0168eafb0c336ce992bd575b0e8edcb0bbd45
SHA512 6cd16a63299db9f0fac79902111360c46a1fc59ad5b97d538c30e403b6f5ef7f455010a4b6c381af737c384cdd480c39cf9fddf194f8146305046a2c11731c3c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 4283732b8800e7bfd70688b4e11c2e94
SHA1 b7c54bbe0fb7d895d6a874db564e1e21c724641a
SHA256 3ccc6c2486a55ab0f38e2f70d397af7666d2a21eb0c681b9561f101f3d3b7739
SHA512 16120657ff72aef8cda5dba42085498449136523ea72667cf69fc13e9b64a66cd575bda5323fc7e58e3080694cf9e89e9da2ed05ceab10a4fd88974d1d38017d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 1dd39d01de0ce8ebc65631dd47cb615e
SHA1 13b30996d98b07205c5953564380f21ee148ecc0
SHA256 de43c8347b75ef953b1db1d350df694f0c19da48b685c48a695da7327b162ab1
SHA512 c92ff662f775e1ca6a059ded56b6ce52601049ea42509aafe294fe9164d133bd4768364a82cd947a60e4b2ab0b4bef3f4610f5831e95fc6a1c8368d0005dfe3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 4723c74935ad693bc90941995806ed47
SHA1 febef6b97268ae2f5a88ae10656e8bd46e7575a5
SHA256 d1e6dc171f389f8a08892157d77099c8cc76f9d388356c52e9059655a9450133
SHA512 56695f50d30f93b374ab2019e6ff098caafb6dae712e944b6cfb830a18d510a88ec5d96a21479673ec253ce5c7aab7a8ced27d279e229803fa60e3cc45e15871

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 bdccf627f9e4cca175962686069c5a53
SHA1 f70736cbdd145d6945068b28db44ce8c964036a4
SHA256 74f51ea15780fd19a3066e21bc50a7ac408491e84111817f5e8708ab35414522
SHA512 2582dcf81a5d54053cf9bd4b7e767fa18988ec32e96bb1550ea39cc77d7d660d973836b7b30d30cb37d95e461a948e34308259a30222a8ec611e0d6981d49040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 004cf380a04f2f73ec650b5f9a21ac3f
SHA1 eab91d76e8b631e22de88461d8f2e8e85cdcc7ab
SHA256 c3a7155ea2d6a53dc9342d7338fc84ff53c5d2ffd9687a7494ef44188b036d8b
SHA512 4ff9efa6f3413803151b83a4daa37bac7fc378ceb490bced8e0265d311a445a40573960166e5bff9ef1ac80ac64274caf50ecf380b396b38869caa24c5badadf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 4b6ae4c427072165dd689a1fde60dba6
SHA1 38a185f147c22bd7f29893ec30e1056a994500f3
SHA256 fa90a9fb0b56c7ab6f1c87e2e6452cfcce10cef5c916ebf2cd578ea484ad1ade
SHA512 875d3ac0f016688e657cd7909f02c91a8288bd42c2c2224b843c81205c153477b7a9aec7eca30a07124801169abfb59d5c48776a4e8dee199cb05a65e06dc02d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 c3c4f23b4b141f91e591a458cdd0c660
SHA1 e630c2a43c6c8186a947fb6e60ad934b8789e289
SHA256 1680f6f362f2bcaeba44f5d9c8b785c9e2d131455822d4f947385a91f2912f61
SHA512 c7be56db2de2a1dd8922994638a14a3c0bc1fd3da50112d7803ea26942f0bbc77cd62a35b90334e84c2719a30348af5bf4732339e74be03b22c86b24f2389533

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ad267cc8b6ad586057b7396ea5c2a291
SHA1 68aa012f86f40a84e93013bdf16328177212cee7
SHA256 550655b6bf3137171604a858ffb56dede36c5d1d46b203f3acd56280c8907c8f
SHA512 8f1fef934c0cca7c7b0836647940b2bcf7f00b3ea2757b0cdf8345eadd874798515e55f159733c11d3bf28c430cb1dc57f5d0e3508b3026d603d4ae661d3e0d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 53041f2354d33887f149abd1abe14aa4
SHA1 98d0a200bf961a782872e33f194f4614a69e02fc
SHA256 dc0a2558c2476ec38e4852cd5a564d0111ab53eb6a759e7df7236ff4b55f61ba
SHA512 964e572a7ddea4d54c2edce5fcf7dd4b5cc0858ccef8cea203b44c54fefbb73bf07f627c71b677ee2c31894c32323a3c3b1eed541878b052447a08c4c902cd71

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 60bf26e3acfcc73b221988d274353e52
SHA1 f09da5f2e21dd6b0b95e3987a16580f6740d5583
SHA256 d962c3ee13d13f81e5f32bea8810986368825e5d19c1bd1ea978eadf0786b2f4
SHA512 828767d3fdc1252b7831a5edd869147eadcdbcedfb2d21e0f4ea4d2f3a821fd6d4dca9a3c0954c85736728d78aa10265351e62905a1837f356a6ff548ba4c091

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 407993d97ec35ff3a46fee89690799f3
SHA1 fffd46e8d2ba3cfd1ab6989a5bd291ac3b1769f3
SHA256 cc965bd9124a3dfb846202a996ab0259418abf2bd41eaa550dd82d7101e7b327
SHA512 c326245a223138ef68e615ea9a35f75bba532fac770b5f4a93aa3b8e1add571d5bb0666b3885ef264e2d88a1711974fab019257d915010423e109c3805f7e0f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 3c91856b14a6a49484eea84c0d36127a
SHA1 174ea95b3e25538428b5d1cdf17a1e2cccc9a563
SHA256 29b09d0cfe14aa739a0b1dd2decf7f5a52083d26e0db1bab3fc5b3e564e629e1
SHA512 c26af7b70467421ad307ffdae0183342de55adca3552821942b12109d8bb591a7bacf9813962b096546a66d1f9c11d6095e3c94df151877bed6a4a8485626d60

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 cf01112d28bc65e097615b5f0beb7a97
SHA1 7d758da2da9f3877a45f504cb2fc8cd8bd5d68ee
SHA256 c2c4fbd02957d98fbf56ac11a029033a85394412159621728a5a2937dc1541f2
SHA512 57bc597be4fb259afe00e57bb726a641709d62335ffcabaafac36bbc78e7c0510063f9cae3be8269d7fafc3fbe747063133f4462b9ab2a4b4b2ba53bb39da19e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 d3cb854720257bbb203b7c74f95de211
SHA1 65a6d6345a7d3d43d6093a95fce23d07ae4c2808
SHA256 93160bfe8ecbd34fcc0408f3e15457dea0d4276d00b10605bcb59dd92e47c9c7
SHA512 d55dd9c3523a28c09001c836e88280e9ea14833700d9a1eca0cd5eae47dd7ca2e0e2be2da5c45fa0c0414bb209f190724585259c002b3b13cde26b794e59e53b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 d29de6008fea1601482a26cb71f9f4b5
SHA1 43a304c34fe8e6128059b04b32ea4468f4e75f42
SHA256 04905a97d42ff673b7190bdb3810e754b3fec30d812f243d4d42789dfd9b9cc0
SHA512 8774f6e1c7cd57e49ea289e76a2f2d4c6ce1d18c204329ee59a430b8a312eaf6aa6e03695cafbf492ae8ae3efd9e7f48f1153bb7d7e7457cd5cbdd5a29ffc61c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 3d99d9deb4c60fb20a00faefddd739e9
SHA1 cb219266aeb5605ba2ef5620bac72f8b4478aba0
SHA256 274af2d7fdba3503733698611ef4dd35f8fdbe910ae2da7f558d30fe5ad0303e
SHA512 40d42de434d90be629b9e404695726d2cd7ce9f77373ebca1364415100e209ffa23bef0eaf93f678b34bc181e286020ffe4cfbd688185c6ade276126a07d2a7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6a1ee9b3c7684c65efd36fd5a79b471d
SHA1 a89f7f3faf39783570e1799d5bea5e0a4dc89784
SHA256 60fcf7e07df9cb1b8ccecd96f787972f5569854ceaa031f4069514ee8a7d59ae
SHA512 a6d19858ad536e153003ac04a5d071f98e0af31566424fbacaf9d2316dc182652e12827999ee57ed878862c278fda98527544323e7188eca71ab35c536b7698c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 419c198fd7c05eba5b4e36d11d161409
SHA1 98682c9019415c16450542aef4e5054f4c253465
SHA256 9e01bab6563de30d1a85e9340cad415cb4c636241e755cfdfdbf5e73e3148d82
SHA512 585de625256b5048f3ae1b2fd88db2baec10ac01cc853c676aeae34b1a6b225c71019ce2bd35c3955e8e9350eba94f27d266ba104f67ebe6d2f9e5a781d52cf9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 8f0e11ed79bd739ffdf02226182b44f2
SHA1 e20be582ebaee9188e376f3baac24f0a8bbff0fa
SHA256 4d185d1bf5e9bb70dd8cd1304b69564b7b77e107dcd43a5061cd0be08092621f
SHA512 39419c6665c6cb00e9932789f6cefe2b5067887894a42af9fd4cf1e5294541379372049b529dce5416bc94018da9c679235094150cc07f7cbde55c95f7e083d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 039f67c8bc3ffce9907305591a4c8e16
SHA1 dce0f2f1d483566ab928ca9e78b6058eddc93572
SHA256 aba64c5ec47b508086f5e011d965a1334287466bf924ce34852e7cf229449dbd
SHA512 db934e86e88995b5f7ca76b90008ec07d5fe47e3b5f60eddb54e22abe306a468512acdc98be0ba8a1fe70b23b79394ca154c05caa932387bbc06516e8d93eea1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 82f5dd67a1e54ed405f0fa9a1557ade4
SHA1 7bbf7a2727b8bf91bfb5778b0304407e7246056a
SHA256 d407b3010aa7859577a037d023664b765db4093a098dce1d2fe6b89c23d19476
SHA512 c528da4e4cc717d186c6dcca7818abc049d775ea310f63ea0f718f2d4a306de71f9f2a27696299e20c59dabca564e788f32bcaa8a8f92ee124f31530713c69ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 47a510792445c4caa83e96de25c5240d
SHA1 6d08b572ffe81364477c0f4be22b0f010077a36d
SHA256 697f830a2be44020ec5cbcd16dde1f9a7fb246a3c816599bd801fbd01db73868
SHA512 6fe6310b4f205691ca916cbc5cddde866582bef3978fd7942907deb49d5dfe15785ee902ac58e27fecc448f644772e59c98fc2fc19ec9f63e8d197e94b87f1c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 25df2c4b7085f50d0bb3025add39bc80
SHA1 e485baa251cf92fab36ae1b86f03bada704a81b7
SHA256 7ec0106285f049798dce6116f08b990a9015fd6ccd258a848170e21b17a0ca6d
SHA512 340928437756fe5be825677949201de405045cae4075bcad6778727adc21b52513454a9dd6bdb7f55af1ab0b719ae9e01c87a4668bed6dda9379f587933d967a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 5893d6cc104c8efd3a44c1d4320f3a42
SHA1 3c9aaa8be2c58d03f0ea66b936c7d63f85a3b83e
SHA256 bc8db85330dbc2d174cdb026163c1d9b9b3c5cc42d07368e0cfb874410574196
SHA512 5e60f1fd3eec02822a6519eb7629d35da83713d8c25d2c86fd5783e83c1e6b21f1b6200db0915fad7f7eaf593af8e25e28eb2803253b4534755a6173f486eed3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 9f95ff6dd7a6938e07f9432df00c232b
SHA1 7ae2c012453e4a0aacc59b2b4e1f159c1248fe67
SHA256 a0f627264db112171b510cc77e8562bbc5a015bfa5be32b0a55c92e4e4a3031d
SHA512 d95a623f14f3706140c2ea285b274e6d640400546869e0caf82ae35d52fe4a9bef412bff46b0e36f337666e52c601fb04da9e72c9646c910b19ccccafeb38a54

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 8db1951323e5a5397cfe179b32c17868
SHA1 3884c546f5f2044e8329b02d58b89a3467958969
SHA256 b4e946c464b8b4ef0ae171dcaf2bb2fff5a6396342c851db28a6e277abc875a2
SHA512 9f69cf0b4653479f70e3ed21d8291d7a68f443d649285725bc91ee89dd64570cb7e82a4868270b96170ae75bed6677b11725faf96af123609d13331afa7e084f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 311e8897088191c9cd6bf86f51ea3ab6
SHA1 77240f2405709224b5b616b535a4aa03a412e39c
SHA256 880c8c342c19eba95dd0819dfdfabd34c03a37a2ec04a33792a8a97604a9e572
SHA512 cb5f5941bfcaac3af597c3bb7e4c511c005315f99639a1229cf865d76294bebd77d9780cc52931c130e4cfffc66e56eeb5c1f29a04b283c38f900893ae27cae6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4c7bf4220c71a959ddd158ef021fa57e
SHA1 8d038046daece74b51c99ea38631e07fb8e0abd6
SHA256 f7ab8cd04f957b9dd1185656a903c4f8e917f527471722c690691362791cb5c5
SHA512 fe1f2f85804e825c9180ba01a34a180c7831d979e2555a3a5c899b494efeb8e99928cfdc8967a5e0ef1e135ede1cf8fa5186ac473fcd8df9e241b1b58748fca0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 dad3de0edb747b996c1d07c02143d8bd
SHA1 8eb3899cce1df55dcf51b61177c5699e2a11521d
SHA256 c82fc7d1c270b1975f39cf7d3d9725c0c74cb1b2e8a31718a0c3c3b97a9f148f
SHA512 7849c7cb8e973838de870387eca3213af0c3e23de8aa7c8457e36e80d8848a4c78473d3818674e313224a5e7bcc4ecb664412366d7986ae370c8cdb7b8fbce95

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 68459f615df8e7d7248a9a073b76cab8
SHA1 2ed8f590362685f0d7320f40c7470b2f20585227
SHA256 6808ba0eb7cfdc1780bc7f48ef0846ff26f057afde67af59aa8ab96d7abb6b9f
SHA512 5d93f7e0f771a618fd8f8fe8b74d48594e30f082c927cb5a7b69400f69e6d051d8b376fee41e18a5b527892c0d4bb6f0823761e7a6c9ffdb20963d77e0a2bce3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 81fbb7ab23f23787af40ead269c0eb51
SHA1 8ccee06de90cf3011688bb7d4d311035463fbf71
SHA256 a400c4588a7113b503cf1ae8eb38af5f389d2843e8353acbab03dd79886128e3
SHA512 3d3fbd67aee7f4c0509535a74fe059ea15b636586a600d9476727ae37a0001515ccc9ed926e7c457b1f784c3c46b8b628fd3697e819b1e944e679f43fa44c010

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 248211beb5f455bc1b066ee277ebd404
SHA1 f8ded7d351fad489665d76a921641571a73f86dc
SHA256 d3ba0df6ebd25e00d445e8041b95841de790361e4b42c46514e3bbf878c873ea
SHA512 5550948cc70bd57ef0258b3d9bf6602a6a53c813ebe5380e615e77a87f31facde5f502a1349e35ff773094acc416bbfa6eac7a004d6c72524c65a36de4006b1e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5ff770b8c59c83ed2cd519009edb3179
SHA1 d91039836463da40761ab33461295ee6c4547c2e
SHA256 a638c49b97cf53089efa5a4d369ad83dec00becb8240b8aa0bfbf156ecb61960
SHA512 1025b8e110fab999ddb8a43188aa7c367d4178280db91a8209971b48df388f3bf9c557a385858950cac6bac688878a9615fd5d53b32639fc07839f48f1e5a734

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 0fd2a8adae74e716aea7e8d219be7ef3
SHA1 2bdc02e5bff0177a8ff74870cdb60fd37ef8d29a
SHA256 ace53d3c502902ff6cb2846c1e2fe3d5bd24c98a63d451d17651f2f4556c7259
SHA512 e399cdd6fd92b7448ad912cdd6c16a675ca883b06b72492887638e4f7a759ddd6eace3741f533e0b3a5773ca5eefa752773235415ad8637c5de61e18262eea88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 b0e4b86bf068ef42a00d15f61301d2a3
SHA1 8f321a35872b44aee7fb4cbdb958f8bd1d9f433d
SHA256 b080aa328f6360ba3c80507d1b5677d6cf0aa0c18352a4e48a7fba54f5819a5f
SHA512 d81c65f9c99b1815c035a38c8ba06b21f138c92d9e591fe6303dacc4478f8b03a9ed71a53dc10d2b75ee7bd91e2f6a117d446ae587f7986b74004f47c15e030a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 87dab104115f5f444537b4b7974ea0c6
SHA1 48707878c873aa5c9dad94a98e65642456056bc0
SHA256 0238ec18e261836dfa8c03e5aa9221c547b661730e8e9648a9e21840238dec9f
SHA512 fb6699a719cd681c132759254fceb41923ff6e227df92b55eaff6c82ebe3232b86047a655151fe2c1d228830072dc3b7168179c81fb1081b43d6a53eebb5067b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d37b559e4a3661c0cd2907a05e7ce89c
SHA1 5d41ebe3b67a2e9137c1f35ad5ac7448c0b301b9
SHA256 fbefd7f40f9248bff08b490ad467ee986949714dbe13ec1eb366a39639bbc8db
SHA512 9f2e8d2d081638651b9000472e944f878259faf64a9cc27472ad802f9a3ba8ac6035ddca40befb46aa59ac2a552ea566e8fa34dc8008d291aeffbfefec2a5e20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f6670bc357f96471468f6ef962415971
SHA1 f6ebbbe0954b336ab0355b3c386640ab81f0e786
SHA256 a9ec85172e3edf677e000880a485814f52ebee81042db5b727c5596fe8fe4386
SHA512 add49018a4019ece500ced0ea770edc28874e429d172157d7f58bd7cf9deaf780bff720993208d17e38091bc22cfcfb8c823b0658a0e81082131b2b20480b28e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 838faba3686168db638b1e744574a4c7
SHA1 46936b483487bd7e77c2d67a79c371ef736bcf11
SHA256 e836215e54eb22e0da4fa3c563e930f6f54eac3a8fce93acdd10a4974d6054db
SHA512 2f735fb2a9a41a9301fbe911aa14ee07cfc68f57e3951649198ed292fd93dd14955727284144b1fef533f8effc27b5ec2395f61f5abcec3c146ee0b6c2b39704

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 23d8f7aa77e0edff4ea6d2b854527c4c
SHA1 06319903dd4331d7ec5a783f9ff442172abbd79c
SHA256 390b0af89b8704508b671dc191a9b0aed67ca5c4fb4af720b7c60e74606fdb0d
SHA512 8728abe4f1e392e9ba33132fb8806a4df38e64bf137fac9213a238915602c7127f1cc5bfb5458efdd5e3f13e6b9df8d27ec1e5d8c2bae4881e9c090e9d7aa715

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d14ba34d3b9c06d486d9d68eb0f8a29a
SHA1 dbf6752a44cd30d4edd3f71a87fc91c18cf6868e
SHA256 4fe3258600bb20ede72a13ec635bf4b5ad1ad2d2c664390dbfd66bac2da43bc1
SHA512 0883f02a822a5554a7ebe94444f99b26d3cbe8f1972b7cda61aa57f93759b76647072a9e5b7d932635ac967d5847c3a95711bb49414c176d947a946d82a3bfda

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 4eb60fd541155290a5bc17dc9224f3d8
SHA1 0f3825bc33467b3d933356d329a3310edf408e43
SHA256 2046b7881b9f2e18d5660277ae6428a197ee03b3e06de8a0dae2ad06585b1127
SHA512 102b01b17fd15e695ad1004a71b08cf03143068f2e97f8821cc2497ee0ad4e804b42cca2274eaf6bb248c60a19a928d2c7b1e971623f168396a2a83f4b2b30f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

MD5 03ceed9f9648969a54a5e792cad9590f
SHA1 050d69154078e5857588e1042018c63ce2072d32
SHA256 f6beb5d78bfbe3a5abe136e1da7574411c266d35e86b437354ac4a2e79bfee55
SHA512 91140bb32f00fb15b1a2b438dd700075f49cdfd4065cd600f1e00c5135d1dd9b485fd2aeb71a0cf6fd972f4cce671e1a86cc2c7be4f3254cb3dae4d0f12b9162

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 00e1a724bf3835992e0d802d4292fc63
SHA1 a71b96984e5cc115bc503aba9b0ee4e946ea19de
SHA256 7cdd058c3c7cb5e441ac5aed15814d8c938d6d7527cef40c6dcc10799347539f
SHA512 de00456f7f55daa3bb8863abb38d053f580699a59778ee35de1061254a25ea78fcd3f331e5b88eb933c54561338a57e1105d6cb4fb8bab9a153971837612eb45

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bf0c7437e245106e3434b40f02cd718a
SHA1 86593cb9fa4a8791a4dd9038319f05736ed4fe7e
SHA256 e781d39d15d7e529a72737614b0939a9d2846d19353084f4bc37f017a9168fbc
SHA512 3f0cdc539a1d10acae476b69f3f320af0522f0c0aa60931aa0597aafc04bcd57e74671985317dddaeb04d3742658b277089448c5312e410feae97ffb2a49b560

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0733951ee3c9b0420096ac0fde5184e6
SHA1 a9aac94b99520ef6b48dd485fcf7add70ceb56d7
SHA256 1d7ba1f1fd6c0cd1f5d8fe77446167ffba1b477133d83b9176f122394e6ea7e9
SHA512 2c8c1f5ac318da5395a05ffc8a6bee86cb8566969901eb1f32b59afea55270483d17cd7f965a80141607f28fd18b1de32ab23546e0d07ecaf15ba68e10ef7c70

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c2fd1092163a154d29c0779de5a4b1f3
SHA1 fed02bbddefd365e84b657f4537c2d825e93b640
SHA256 14a1b849c3b1690013aca4bf24f881710df7691e9629a3e2228b52797fd0a123
SHA512 a4c3c79f13fcc78920c53955ec96bc4adc3a30bda69b711033df2a92524256609498678f3475e742152626124afe96e275d832ee7c12fd42da97eaff68019119

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 52e8c0eca33f8d7554a4a8457f6e6f42
SHA1 cc7feb528fd378bb6f347bf469be37f2d1aa2aee
SHA256 18c1a6c742f022b99efe631de63c70f84b6a2c57554cb3afe5672b57a11ff345
SHA512 45ee4a5364e4efc96772bdea3726abe78905c6ffe5ebad0029a50114489b4e81b246c4429704a357671ce18066afe42fa77bc3b62c4375f960c304449cc496f6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b1b9c0811c2c1f90b491d086373c87ac
SHA1 ec64b5d3b43d0a5839307828fa01627be08e51e5
SHA256 2438e14178df83b0ac1b811cc921f20500733a25adbfb06460739eb2c2fbb4bd
SHA512 7a7935c8124e16fe81ab04834c8ddf6567dc90e050e798e3b0cc0a5f49e5126f91e7fab44c1db57be491072476ebfeff09a8b666501f363a828d3253ab013ded

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 86b12c51c40b4fd7d5032b150b029bd0
SHA1 3cdbeb1ad4e27eaffcaaeeca41ab89b02822f492
SHA256 df762539f37ea111be7013546a37ce8fb577b4fe470e72500f7c2f358f0d201a
SHA512 c11e12ea7d8222d10ace491dde1b402bf3e09bfab77a619701076f6d96a839d68924c8780469daf100f63038edbaaa3c0ade1fc9346f011acefce1fb1d6bb685

memory/1520-8955-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1520-8954-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1520-9187-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1520-9188-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1520-9189-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-13 17:00

Reported

2024-10-13 17:03

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsynth3dvsc.inf_amd64_1a08a3b6cd493e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W4.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\202.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons_2x.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\SoftLandingAssetDark.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\ImagePlaceholderWhite.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\3.jpg C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-125_contrast-high.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-pickerplatform_31bf3856ad364e35_10.0.19041.264_none_eecf491155b193cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\500-17.htm C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..randsleep.resources_31bf3856ad364e35_10.0.19041.1_it-it_f5b981a11104223c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bcrypt.resources_31bf3856ad364e35_10.0.19041.1_es-es_2e1f803a732cf01d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_10.0.19041.1_es-es_3a8effd9560a36de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsdashboard.resources_31bf3856ad364e35_10.0.19041.1_en-us_f7e7f4de797fc24f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_fa27bcd27422fca6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..itybroker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0ff5d32a69147f8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ion-mfcaptureengine_31bf3856ad364e35_10.0.19041.906_none_d4f48bdf30d21e3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..erservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4c6476011e83dfe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..cesetupui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_56961a0e15460059\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Assets\SquareTile310x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-newtailue_31bf3856ad364e35_10.0.19041.1_none_6754931ac9bff51a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-opengl_31bf3856ad364e35_10.0.19041.1081_none_83a2dbec3e867e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-imagesp1_31bf3856ad364e35_10.0.19041.1_none_9a5903c09209a3fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_301d4259fd80f0a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1266_none_9b77d25cc7b8e67d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.546_none_1940aa219780b314\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Device\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-internal-bluetooth_31bf3856ad364e35_10.0.19041.844_none_539fca50063617b4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ececcfbf6bb1cf51\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1202_none_fb3c6d3331975fa4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.746_none_5b105a4c330e01bd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.0.19041.1_none_083e5b98dec1caf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_10.0.19041.844_none_013070b40ccb09b8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.19041.1_none_e77543382d72effa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_1fee12ede2c36631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.activities.durableinstancing_31bf3856ad364e35_4.0.15805.0_none_90e98990329eb40c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.19041.1237_none_5f00842b9149cc7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.264_none_97d9b43333298975\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_et-ee_1ed1a6cac19c067f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_es-es_3d00b44c36ec5d33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.1_none_1b68aed5d36bd3af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-win32kbase_31bf3856ad364e35_10.0.19041.1288_none_233dec521bed18a8\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-wmsvolfilter_31bf3856ad364e35_10.0.19041.1_none_0614bacdfa299676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_es-es_f287c4684874aa25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-npiv.resources_31bf3856ad364e35_10.0.19041.1_it-it_29f108b2efdf7dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ewall-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f92f8955f4897f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.546_none_5542a2e0ec3ac491\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9df1b34a72d7faef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe.resources_31bf3856ad364e35_10.0.19041.1_it-it_40b665b37e8852cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.746_none_8a469514405342ff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ndisuio.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_0e3433aed88157f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-globalsansserifcf_b03f5f7f11d50a3a_4.0.15805.110_none_15cb7b4c9783c801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-xbox-gamemode-component_31bf3856ad364e35_10.0.19041.1_none_3784423c35f2d5cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_307d1165f6af7cea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.0.19041.1237_none_77b29200e9d368fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-luainstaller_31bf3856ad364e35_10.0.19041.746_none_01046694fb7b57bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.1_none_0d51a8a399d5452c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_es-es_81e2b73dd9b1b23f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d7f0ec96be8b1a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_it-it_c04c880458129008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_10.0.19041.1023_en-us_7aca3dab28c636fc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_10.0.19041.572_none_69f868caef559c22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-adsiedit.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e5095ae3d0c233ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORQUAXCYSEZDONB" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe,0" C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/1200-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 d27c0c5fe3e64ef41c0c03e28cbfabec
SHA1 2bf7c130c5d4b0990f465f54f19ea9464e2ebbde
SHA256 522804a9bc40d71d21dac4feefe348d63cdd7c16378823cbe30853138036a59a
SHA512 b95a755e9d6af1318757ac00ab98d6797ac30da652ba71eb87e5ba8f7694b570d9a7452536bb74bbbf3a2fe197aa7c97be9255c665a8eadee3c78c258fac2164

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 830ba4a9133bc9d57432ea361fa92734
SHA1 2ebf3bec2a06fa5da3d97345b4f3ec43772953c4
SHA256 6ad48d6bda72cee242b8a4938765a90da04f9622cc82b4c6f9e4d96a3c012b84
SHA512 b3d7d6d55cebacecc7a61efbde8662c2cc95f1b0f9818562f75e5a2a02ea2b4787481031ba8637797dad8e235c564da3307c11121a18c14cd8e6f9ef77a26f50

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 e5f08241c5874748003f09bef88402b5
SHA1 a0ec9d3a2789ea32d1d8e0ca0ed5f245a46bfc14
SHA256 fd87276c92ec5f97964248f9c48f4b2c90c31f66702500cf90a19bb13c08dd86
SHA512 c74ecb1c02eb7c91e31e2525235979604e59cca19d710538a1ecb009e5d71bd9434095d10e5593643ee341ab0fb23f1c8eed0d7d716aeefe811fce7046354886

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 21928b485968656df8789a92df50a94c
SHA1 d4dd35083f187b698de4278f7771a94b9c5a3fb5
SHA256 741168329da026d00a87a5d5e42ba6cb0dff5e176849e4df355de8954a7dbb71
SHA512 7257c0b02eb82235eba9136cbd8c7828a199e565e02733e5daa81f108f1040e53ad48df3ed31fc579452607d456ad63e6b1e78425ddee0abbec6f23f5b72e386

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 a0baca360b44778551ad29b211c80fb3
SHA1 58e83746ef69e0b64d5f8de7dadc0dd5094ae731
SHA256 0b2f46c148bb83b7bc4b272d7ff21a050732cb311788b3891dfdcee08e52ff23
SHA512 e6690f65884258aa861c65786fb144be9205a2c5883d22fb00c72b5f0874d80dd6907f3b8ad84300d340660e44f5af9b090a779b4a7e47e35baeea75937446f2

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 f18619451b49991626fa99034da81ea7
SHA1 334f53c8786dfdc9038e6a4cc3a8fe1e05740fdc
SHA256 6ba1e3a1e9b3f4c79bfa15a2df2f1044968213afbb279f0b22c79761d0c42f49
SHA512 d42f72816a2209c24f412def357f509e5192b58a8505a8c254c96af5038a5cfcdd9a7487a35622b9962a1fd754db1e473a404ce188e610a47820fd0be7f1fbf5

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 f6096223b3bcec904ca25c9639198803
SHA1 7ff2a3dc057bb101249828afb7c5dc241e688889
SHA256 d62037844e461108dbba112d1cad9d664e54c4ab4e8dad9122ab1242819feef9
SHA512 20a3e12ac9ef96a64afeed85033c379946d08ebd376c684f9eeb8296a063d8999aa89d6e4478fc101e590d17d8992ad01fb8137cdff01fb5413bfd38af171c6a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 ff01db01b7295cb54eb9f19ddbbc411a
SHA1 19ca94b59cdbcc6c61a0c6d35723225bf689cda7
SHA256 7461cd11fdab69a197839a726707197da7657625790fd7df3cab188070217880
SHA512 2a2b8a420291202bd2c7e8984b6a4a592adafa8c4efe99bf5804c56a4046ab1afa91fa13450ca47427791f6aad729062a5901513725e4b2f98a71e6a1d723ec5

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 579a7a13841a7aff49413b005f6f0bce
SHA1 32c3bee4d17da3ac5411788d8dd518c4d5278613
SHA256 f8b08cc4f60e240a4cba99d9bb2f11638abb1a3d3b7143db0a007257e0daeb0b
SHA512 090cb31e74c5f08551e1c1db6522881eace108b44c99fc1287ba75c6158892cd297f92bb6ec8fd71d3107cbc53b0ac787d010c485f7efc1b012a05e7e27f1c3d

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 087aec4effc2562045b3f2c32fdff193
SHA1 2529c94cddd715771b23230eeb4e67be9cce9c95
SHA256 2b5eba7436cfd02f14da37e89cbc3b2fd767a92a9763977a530d3dc2838ed6d5
SHA512 cbd22abc8059655e0a44d70cae224beab64841ad767f42ebe1fece4163ba92291319a839f5c0bc139664c669a5f51ece30a7101dd42e42a9b12ef0973ffd62a3

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 82bd8a472cbdc3246e30736bc852a8cd
SHA1 a6c5aedfa896fe6363a5e1ccad51f89302ef5b2e
SHA256 47088619f381193e3a917107596abdafb01107b6375079850f83502c3c06e095
SHA512 12baa9d625ddc40ab1996f9eac5bbe42b78ab2396f408bc321e6052068c71f8bcc328db56a0dfe1eee4fe2036c89f4f8d85b2de6a652700bc6f7ed8de292760e

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 833105ad2ba028608a049608b6a4acbc
SHA1 b972b6db25dec4efd73ef8e328295a279e5e9caa
SHA256 974b7ac0aefa2fb903ef1e6cce661bc545e1925b1acc24fd7613a5b645c008da
SHA512 4086ff2c9c3808c023c151e6eafe655f7d077d758cdf4d03b3ecbd8e9b41b7b75e5c97034df25424841cc3c929bc323e27c3907e5ea061d06a22deccbcf2e6c5

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 12f70614eebe97609dfcae010584a55a
SHA1 323ff4d9fbee32aac6672df94b54cb4bd419a377
SHA256 e51ce9bbc30e308adbc1f05b72bf2e13f707be7ef2d6df8f467d1e3522b8c060
SHA512 e772ba1619456f90b6fbb6ca2539b6f1045c78036c1004d2099a989cabef41f930bd294178514fc10cb2a523bd2028836c98e0b9c3ea9820568b8c8946e4da9d

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 e35b6073f395ca902d56af873cfc7b62
SHA1 da54901b2e55f2b97cf07f1292fa550e38765b4d
SHA256 c310dfe4433341427cd988034b3171501ef2dc82c9f218f5346c9253bbe68d0c
SHA512 099d0681af16f33d677447c52ddfa62e646d20642db159af86ef8f65f88fb3f316c3df0b89a75d039e44ce21260295502c8bd8347d76a4108a851574c07e45f8

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c067e6343b0a25246096f17f5a0f13bf
SHA1 aaff54a2bd2a6f94b0ed4cc7090498aed9f66b11
SHA256 01f8dc6471daee60a9787e2958a3ce23908d3c115aef6e03c74c704fb0fabeea
SHA512 1624e01bbb6c6fad5b1c3d8fa24bad5b49b0224f5323c6a3156cb44c79d1124dd513bbc3a1dc8f727d30a29d9d71b798016940e5d3b2599f6e912b51bda9fb51

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 37bb2fe3e7a25c5eb947effa4ade80bc
SHA1 7d176bbaa219ed15f4c6f8e60252ef5b197c5b00
SHA256 48e83950d34251088bbba407a6d7eb1950dceb86c62425896e9aa61ed830902b
SHA512 da2ae08328d6fd5e4c6d418044c8c69fe17922f744a512f43606b85aadb1f49745e3f74e1c589fa49a69f64b1180c560aca51c259fd50ac71f0d494843aecf0e

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 d21e30cfff30bc5a2ca313df97babf3e
SHA1 258c31cea6116a57ddf1974b04c4a0eeb015d532
SHA256 6f19d00f2711b3337390c7f15f7b201a37c47d301b8cfbb7d344f837e949ce59
SHA512 0fdedb911320ce259d12936d4894f4e08f32a95817b71275a634699b032e45db964bcf83d60d47c2e90f7e06dffa6e865b92a93608856a01fc4951fbb88967a6

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 78918c7e80100a8a8f64b4418fe20344
SHA1 dc261d179780d33e81e8fe71be6005c66dd60023
SHA256 b086e5e15cadc518168a23f00b8fda769288e096d38deb3565c501eb0be61e91
SHA512 3f58430a6bea33deb29726896c9340926f77540b3065491029990a170f026c45ea85b04d71ae2bb305a9bbec324c315b665299413ecd39d07a59000c65ab6b62

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 3f25004c5f63a93e0e58b07f6d474213
SHA1 c4802ac77f6772ccc71bb5292d8b919ba178f129
SHA256 d93d67287c0f7da191fa639466c52cfcec148ffaa6c1859aff4ba97c33976a61
SHA512 26b48a723feb9ba389a762faf32a098f30841c2d2a3cdafe0b8a4121ba838e98e58ef6773767a8b3b8eadf17ee73dbc94c12ef4185a10670e9d287b7f9403b04

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 a58fdc983b930f47d1f3dfb2d8445e22
SHA1 a9a6a407da90d77e8d493de94fe50d7e032039b7
SHA256 c35696d2b895aa5ba79a1b185ed73252f40412b0b29f6a77794906fa0fa6840f
SHA512 e78bb1163144508a87a9acbbd72418927f370467c1e02af33c96f9019680b413daca8c3a704f92d623b1a7fd14f3aa812c92b080a65c3078ff2997045b6638e6

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 2ee1ae9ed5a95eaf4cc91a5a6fde0ccc
SHA1 7b0e7b80407ab570246822b9acd8346e4b9dd5bb
SHA256 98ac5d46b1058b565db8269b5b5bf165e68ec9f9e935c436dd79bc5eb047d8a9
SHA512 f21ed4c0b11e11231dc52203f5f3610909fe7586c40c839a3e1467e86ff60b886b00e363fcb6b974367694a0edc3cb475a682038060d7c13302bb7680eca8a37

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 32163a7dfd6879f80909e4d74a139a0e
SHA1 cff5db2b1ab83764ec1aeb6c982a5320c120d7fc
SHA256 8e85edc27a90ee5d30c2553d4ad790d4b3c706f578c122265fac7f86e0a5f721
SHA512 45ef10c743923ff106da19d3a42ca8f8f704e85e567757ad47531179b451372b000b52470a07b2df6541e692719fd615c4b01ee91395231b378d6b3d2e0dab5c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 dd7fa1b146492ab918cf0a7b8fc7ed9d
SHA1 fcdf969b7eee5c8bcabddf87662a1407a8990461
SHA256 7b91d59e12f45bd529d4ba9961ffb7e80c49756c876f58f43b3046e9046f7b21
SHA512 6f9d364d87efea7e03b921babc25407c5fad099e4977d3e09b8b148f421dff05565b972f09a55fb335439d30bf2b6eda072360662ee9aeb1f2d1358a66a4e827

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ec60da4f3171261301ff1f008475a3d1
SHA1 effc954e539baefea14bf5fa8498bca7bad5f1f0
SHA256 d2413a9bcebb50de4aaadeb972fab00fff774f96e690d8973047e4bd706f0074
SHA512 6d3af71101727f1c3c9ff0a7cf06bd6edb3d2dd7280a1890c4f4a18405b9043266081e0e6921c09cbe9a01c0601da9b26daccf6a3ee6e368f704aae54289a253

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 97159f55db20ef92744306c08cff1c0c
SHA1 76edc19171d303c5685dbe435802ac92d39a4f25
SHA256 a433bb458998dff192c237cad40b928e0d7b36342c4b911c034f061936781540
SHA512 93d00567ea7528c09b9d947494fc4a3ebd90b32429ba7d305baed8bc0b0e03d1c7c73fb8d405c769d6b73e1a9f2f17c8cf1dc5599b13bbc7b5e5d2b9e1824a0d

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e35ebd27a1509174192c9bddf26911c5
SHA1 5f6231be6d55bf109e8aa2a4486d7ba3b1477f51
SHA256 9057943bba8df28e832311ec6c14377d747f8fac610015c9eca718646ca7df74
SHA512 dadbd47f41f1ed9d5989ee0000a8d3bcdd7282de3e969e9f5307a0e4f101edfa716d979df143a8ff259866b45f2280dda1edf6d7e4df620c07aaf6c4062f5292

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 f8e45fe6adb9ee981751508a62887685
SHA1 422170a6731939170fbadd14fc99ea0184e66f8b
SHA256 47a6ee3f9dcdfe663014183e2b62ceef57f230c72d5a20f0d5fcc8ff80720823
SHA512 d1d67a01ca58deec4d5122cdceae382563bad0fa4c5ae00d552eec10ea99ebc103b1630f85ee3a76308914cdd39e58f62be531b839466a4db2d38c7a1fc523a4

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 273e4baac0126f085cbbcf0a52e9cb67
SHA1 27ec87c8d10d368a5b7aca0ffbe3ebcd191c64e9
SHA256 389a4ef5a1cbab435ab7f2c4836b88d4f15dad879ee4911195cfc6119f689fdc
SHA512 75a471744b5b5709d747c626dcaf15c086e170b05783fad45206ec2c5e81f22f3080f3f473a30b5ec223f9a577a43c1d8fac8e4504fe2d70464b4f8730031c65

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 c0bee552ef99b5603c2aeeac5b1ae3c1
SHA1 dde6d14660fb9b8b1717c6e7ca63ff5c93d16ec6
SHA256 af5ece8ec0b4ce96cba84ac74a959160d305ae4932b55ad4102d3a12a0fc715d
SHA512 70fd477c7b7fec492042f9d449ebfa8556ef6d9ef560a955677bf376b6f9127a55e25b01e0f1450d6e891387a5455eb37a79bfed9e432e420046961744c63742

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 621339e9a9b610d72bcaba9f0b8b7bb7
SHA1 95636d8cff23e84c85da701814137d6738c3e08b
SHA256 358685ea7ea9b26309b93658ddcd39caccf93c03d523972228834e8f313ff34c
SHA512 c849a9d8ffc5fce41f5181081ff457778a2fdaa9578bcd99b6b51bb8ef4b2e2687f93d0158c551722975c84280aab482857a3e4c0d3203eea00e1c77c6b00f57

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c5c28d4976db3d8ef210028a48b2a818
SHA1 043c43f22f5b623886abde0e1cc274c01c68a044
SHA256 0b867c213a7b69c90549c940db6a0ae69b0806b69b4a6aa85160dd4a19aba7f0
SHA512 d3a8edca0cb11a999e2e4edf2904ee3ea94730e948089a54eebc9966c534c7a0a1ebbb425f9ff6e5a3d3d9c5f90fb8a7ed96abf164b0e850626a1cd492989d85

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 dd3cae33f7428249c9dd15b3f398b011
SHA1 06a77434a7664fde1fadaa48ddeb5eec6575e930
SHA256 93939b9a09d5ccadbdde36d56e5a763ffc0fee5ee297bbc802fcc10918b11fe0
SHA512 a8d415bccb0e7334ad540ccf21535a3d5627120910c3bbf5ce5c44894d824d77d1e1c558eda44f342080dbf84c19b80fbac573cbe96bd13b049823883fac1542

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 53e12306b4a13f1e0320e9cc894c7466
SHA1 bad5b0f114f3c920dac91edaf2c1ae46ae3c9d96
SHA256 a6451f9a2accd342c93de2998478028b843c51d4620319d0ae74fce5fc6a84c0
SHA512 4131101f58b7cfd124e3641dea4a4966e958881c6aadffee3eb48fa033d4e79bb716f4989cb0cc9c5b3e2ece86d3146ca94316c23b5bc37971f0aa9cb6448424

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 33943b88931e60e4bc6724edb9efde23
SHA1 2dbd74e31bd845db15722d1dbf60f808b3db133e
SHA256 169aabda0908c61ce5f124e51ce7bf4c8d65509d9e95ece8c386d99f6de636b0
SHA512 1f7c2d73ce2c73c7175b044a87d00d43270b227cb5870f64364a8c39d0715913da6539c7707469cc58ce0314a6100f23fb07b99da5008d7837496f2a6f04fef4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 52dc4e259b0d26d0c2a5dc27eff5796d
SHA1 69572bec0c62e74c97b2340b9eb7e4781157c14d
SHA256 9e26511a5c0d4a08227969383e9613bfcd2af180c0b5602b40084885c4550148
SHA512 d196f32fea0140f729a196d128d8715d0dbe45218dae26855e779bb350b37cdd6386a8084e1795f546c23273380cff31495f7b813ce8a23d69f38101b7844b03

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 2d62362fc477163110d4ae00c7ad8b77
SHA1 22d4b6642a2ef997429e48a265d1f407dd41ba00
SHA256 2b3156cd8784f4b108b131f479cafd7e83580c88b62362a0a953401a870be968
SHA512 19e26b0a37567f79d8fe3de8e8c2f99660d57ce02b98df17823d5eed0ba5e6e4a3fffef5dddccc5ac4231b1bc1df1b7a288ab2bf84b96b35bf640bf064d23402

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9a802f2488baf29fb382bc4f9a3e5d8d
SHA1 14c1d8528c5b7364e9839fd85bac820f710cd2e8
SHA256 7285c95e569d2ac55bff4a8541eaa0fd65acd3eba212d669462a9348c28d51a4
SHA512 07df270b0f5451bf2dccc2df898c26dc54305cfc5a4638b1da00bab28a04cf1fead0679fb4ca6ec8918e6e1c8919bc9ba14f8dd8aada5c784700f4b2cb27abdc

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 415c17dc6994bb825077698eca9839bb
SHA1 b6b2b3aab19085fbfcc90bd191f533120eeda2a8
SHA256 b84b1270b182965e625cbf0c30024e96a62a4268035a173fb7717526a3afbc34
SHA512 e15ad23eb137bf8cfebe4760c5f5da37b8ec77ad70a4bc0635972bcc65f314fd53d4f484c51be571501dde9aba11a42a3988accb585ea4b0241606808c1746cb

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 06d7dbd4e53f33721947db4c1302f7a6
SHA1 bf0036831fff9101288dfb89417381f16c55349d
SHA256 7dcbb17579fbe504a55a34221acbbfc379e4dcc586873917ca4cbc9e4fc617bc
SHA512 1ab95d21d51dc8fcd8f97f28b8836168c82bedefd75bd2d5f3114cec8b7d3eb4c3d29b3f29e14f50a237458a02b1fdca0dd5890c50a093a3bf8e3adbd74e366b

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 5c1bdd263c6b58b7f26163f85b3d83ab
SHA1 99339b023269825af644f21f9e58084271acb856
SHA256 e58cbfb6be1b6eb2b536e90f87009ee88a30f587701a7e38ed3bc12a03611757
SHA512 56deb9ecb39d2500b7e2e903c51cdb7c0b94cf4c6f61d3c9c0d7d0e4399b22619249ee1241fe9ea966db543528851faf47587c3a28a8c5804ed46bedcda8cb6a

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 33b4f4e5e398457accea0c250e00afd9
SHA1 37b323301a3cf1067ea9a8823ee0ca83115bf197
SHA256 c7f10d9d8821eb7d61575d313bf368ac7abdf3d4ed2c8c2088ae67e933b8c6b6
SHA512 7f062276eac3b6345c2c07765b33ca4c6b400cf4dba4262bd8cc00cfa7c19721fcced93570b9ca20368fe0a8e49be3a71800d9033f4c6d02a3fc736198f9e565

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 6e2de90931a1072a0abdba66a3e1cbcb
SHA1 fde06de427204a01ceb5158fcc4c0acc55ac33c8
SHA256 94815f92c0618fdd512f2a05edf0308ee3b4c0653b1dd5013a1fb225e189c0ef
SHA512 fcc55915a58bf7a6fa91e12a8c57c13a9e9779009675770cf54d0a028505343932c4fc32e5ef1f08ee6a1e58bdbe5f55be16ce67aba35c489938c626f1437bf1

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 2f6b402b46659d337b3694478244d0da
SHA1 6730d4a655497d11f7e2b7055e2e7b01df562a51
SHA256 660f34d9b799a62c420b5547f26cc7c8dfb7698b0d00589c68e60726af2e0497
SHA512 c8c679ed0f1eb5b0f579dbf6a3a1189de2d39c40f882178966349c4ad630216449435d2598a68e3fe6e644a1eb1b24179596c13f73eefe39c0112c2b32e46664

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 5d0949a32c23e0e12a45affe84f4e44f
SHA1 49c80436e1318a0792d3e32c7b3766ff598ac1ef
SHA256 0d459b471fb6007552c09f55f7a61a1ce772325b7e75486198d2ee72c6470727
SHA512 fb4db542a80829040edc734fcb5f1ccbb4aef7f2a1efe18560fedccd971b94bd4804fbab67f1ff2e44466f5b20949a2edefa59425d68e435a73a402af1331787

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 0811e7b17bc9c5fd056a243df5f2e43e
SHA1 d558066fa2b86a2c18d904404ad149f58d8624ea
SHA256 98d52f0706fbaa6c61df7842039dc8404c768f422e60ae29b97c1a4ec9d80114
SHA512 4ed177280b6a6bb5917c1a0a0d4cc2a3c4b35c3a5513e7f3352503dbab5d5fea00482d0a752f016f89a50285fc6717ce0d946cd7954c489fdb2349300be36bba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 42de1c0fa28b3e00fd9976c2f512c202
SHA1 3a8773563088d17b42d050a436c2be6be67ce444
SHA256 4a643778ea62b6b697dfd1ebcd1d4c6e6bb0c2f0a923a2f63eae2a145f1f327c
SHA512 1ad62fd7037c773611547dff8bca42724e6b8bbe58f680a9f6cc4cadf0c4d288ead0ddcacfee099048238985b1b658ff4ac32897c8e59ff1c5d1bf17c32b6fb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 ada2bac539a008bf026c968600f31d5c
SHA1 d4fb66960a518f8c2da7e43d19c2ebb02e974c66
SHA256 8438df5d9a03317557eb84cc601628ca0fdc487e6066b50b3c048e3a237a1ae9
SHA512 103e6d26539f5781b17f8f37618e16ad7996d2b9ba03a0aec04b168a17d1dcdb8536dae6ae54c0dbebc87efd9dc3f779e7301b1ef2cdc294ee845a5f68e29c19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 eadf761d84f689906f81750e67251232
SHA1 edd88e04cd971025ac9372a225792c10d9e2381e
SHA256 db734b96297981b56991870c6458ea07245dd95e5d114b534d6ba938ecab3d65
SHA512 6ccc58d9325156bb317b43c27e2750485bfc5ac21c92d50354b9204db75e2848b64d89eb2349af392dadecbd9f1c93401d395edb715abf62cb97b79618742f3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 0bba8880dc2a9434f95dfea38858544f
SHA1 3c2628d2bd5e40f6172edc0c087ceecb8a175cd5
SHA256 5bb7b106480c5716700f3d5a39e7fdc2137e1bb02aeef455ff3e6ac5d45d8e18
SHA512 98e7f91d63da62337be9bcb7ec54ede996566133b40c276f1353fe4ced88af0ae8c35d75f7214cbc07a160c05f8cd3d219e9a40ca9f5678919d8fc79378e5b84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 230b24dec031911844833d679bed87c6
SHA1 0953c8232fe2ffcc79904e482b709d7c142c6d58
SHA256 46036787c5490afe6c226226d4b667e64460a34c6412224b4ea3fc653f0b79f1
SHA512 5c236f669ba9895ad17cc88ae0ce1c1af18ae6ef3894a02c8e4c35ab53b0c917595a2ac6adc4925e1a1e11ffac300ec7ab71ae26ac97d65439ce152e9f0c14b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d87abc3bfe1ad4040b0e88b9b45d9e91
SHA1 b66ef6cb69933de603eaaaf1b6b3f51858c4f509
SHA256 7d506b1837bcffdf0178bf85ff0c0e9525e47e5b2378aa9d0dc901bf9349d49d
SHA512 2889e641f711e03095d9a1d61033dd3508d0f25b46ae702e99e0d547ebf388235c897bea0a1af788e1472157dc0cdbc8ec724fcf4f1f260e83152ba069762dd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 3a6cacdf883d128e7d2410a4ccb41e35
SHA1 00e67ebcc11c1e7cbf79cd598901f15d7a3d7143
SHA256 601de6e8b5656bc7011ad46b0ba9c5e108b65c6791d6e0ba79ce94ef846c9b76
SHA512 9b201e0bb1f8bb79e38091e73b29865c86353860485e1f2b6de4f0d2a00074ba84fcb6ae3e4d8356180be16e5e553da60994ce3704bdcda71292778b7c18cdda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 f6e88ac76a453d35727faf56cd042f8c
SHA1 3cd584c2f649874edd9a64919c20df56afb40dcd
SHA256 eb395b8b43d72e232a901bd88c9d067dff90679279a4b7b172a38589b327d1f2
SHA512 ab5a9933020fd5b8801d87786ac343118f1c65f838e3302812da3a0d31a83866ca068f9feee2ff77aa730ab647d54f0abd9ee50ae66d8d1466fbcdd519fcfe29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9e00ea326a9227a4fdd58a35c1ed3dca
SHA1 550dd28f7f827e69cbb02e32c4a21b12f42ebb12
SHA256 cb1a9c2cee6e7af118856fbd53960d0682b6f511eb6c9104aff0efbc3d45c8b9
SHA512 6782e4d3f142b8afa55840e99b65ec3e4b175ae5a8a46229e2f2a9d33ee9c0aa3357a99eeabc422eff6d5461922732b17c9241223226190bb956453f7bc581cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 1914f75d6f5345df619b824f558e1402
SHA1 b28daf10c2b4fd771590ead0c1f5fdc0cc56ac78
SHA256 d658c861dd3ca169c4fb00e03b30da0dd1fb574f94d8eaac0a79de651ad056e1
SHA512 75e073dad2cdf4def997a97e5b776f00cb9d492887b247a0e6c66013c3f430179dc8f85cee873e2ccef3dbb48bbe9634281150b6127f427b5bb875f2af032908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 1139f124f40c618812e7f75b5a36b5b1
SHA1 79a9804331d8a351cdb168fe5219e1b66de498a6
SHA256 a0663e15a9279a74b481ded41b75b92a75284776249928905a03fdd438889fed
SHA512 afc9e762b95aac4e619290528b88614903df80d6660cbe042d0ade1dcdc577dcf0d4d7d2ff5dea948770a040736d2213da91a7faaf293b68b37783d04889bed7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 3ac1a27a11fca5ff40e16277cfcc0196
SHA1 ccecdbba8f0e1f48ef270eaabec41cb4e2f4a3ac
SHA256 48dd09468849ac02b36df2067cc653558101868a796a02abaf2cb270328bd858
SHA512 17734b2d06a9137f013e9e49067791049bd535e542178a85776473cf06a460cca5ad48adc1e7a68b5eae9527d557fd2bc8fc5ea1586f3e9b961b2ae308d52505

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 be8ca65cea4ec7427953cc25b655807b
SHA1 e3659e0bc7aef071ad4f17b3d529f1c75da5f521
SHA256 49c99106441a40b4ff089919440efd78ec3e62c6c955e75197c8bd2fe83c4f3e
SHA512 70cff6425be52b00a646c895694c1d51f1a49326f528085926947c4780e46000b30f1a7da78962462486e740ba0cc322a66513af8c069f9be1fd8b05735729da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 f41a4045ab9cbdf053d19ac07abe7c4f
SHA1 75df19e8b74c20ff5f810289f3bd2e11832dd336
SHA256 250eee58329ffe2cc3a77ce45dc7aa7d122bd37776895d54476897e62bb91354
SHA512 06a13d710c9632bf2dea269db3513af559efa372474afef18845872aa287fe13ff94c2623ebaa08dccb4739089d6a938f3148411195c666142d494eadd90e51e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 842db9f5d7cb70610ad030ef262e84f4
SHA1 a324c9b65fe7efb87d95245979c8d989fe557f3d
SHA256 4e01cf4612e482bb6a096243a982592a31910e804ebcdc87a439892d9fc51508
SHA512 374b946318868730ef6d66bb3634e930760ac91df307c2e7045f40e69d7a7d3586bdec1293f6d6cb28e1b9e96023db33e53e8cd4b2a244424bbbd3dae37dcc23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 e82b7623d6be33df407a2d728bada63d
SHA1 e2a6f1ab1b51af14889ac1f9b18216c4138c2805
SHA256 7be94ec2a61c5fde2cb3f23975e25ebde438772a19d84fc6253aa3c14d7c67dd
SHA512 f28b4b5b2480cfb9b62f4286114352091d1315acfafa6aa99d613e2d6a167695f7fd98f6f512dc67ef2dfcb8ba09d9000b3a5a2cc2f9ecedac615888a24b23d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 3535ad0d8ec19e486d4f74bca7d6f3c4
SHA1 1b35d6de2ecf07dcaeee2a21232c5c7589e63994
SHA256 87802e89e0b6c5e147a015616f09b94f14c3b775e11d826db6b1817b572e7964
SHA512 c70ab3b1b2d1dc90cf227fc821a6f90ff65b536bf723073459753df487df8cfa7b864468a1908ed4178e80e96337280e3da7c6f01e5c7390fe6f4f0bdb2e1fe1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 82190dfdb56a34bab9aa1a3b87ce28fc
SHA1 5e164f966d29166ad3768235cf3cea888a2501dc
SHA256 63483bf7e2bfc5186caffcb332ef802f16b79958add3c99c21d7caf567fe7677
SHA512 1a599f52ef19e0c0788a25c1dffa9ab21e35adfe3980aab14dab8296a4ceb6254661719e69a0ab07b7804ad28d5a40ba75cf7bc4f30757d5f14c340e1f3fa9d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 4ff9415bf7dedd53a7d358ca2548b73b
SHA1 c8274a8fa3abbd0e9f9def032d0b139bce98d006
SHA256 62e8ee6955997d714178a52f82e9d0f8e77964b18dee5b76d96f15994559b90f
SHA512 1aa856d076df405fe8780f9286260971dd473c758876542c8ed55c2a7dafdb848fd336d264e44e70d3e5ef7428e956827fc14f2409ec9a448eddaaacafda2753

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 db1fb919c2cf7950e82ba3cd6841bada
SHA1 27d1b0e979ed6b96b98090ec3ce9a54bf1a47354
SHA256 5a7b503cec71b1304a9d9fd5068a9c9b42cf66c3c8968865f1071dc4a50ad091
SHA512 4d6157b6aec58f62c1fad5ad8918b01986dcde3f278276d5c0091ded1bed1b2eb1641b9fb9d972bec62eab913aaafe46ae80adfb1219a7a313c880063387e250

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 421982d65b98867f2dbd04dbef16383e
SHA1 26536e14d236090efb3823fd9e529c27febbefd8
SHA256 d366fa3415006fa7864b4d3d5bbf11979eb3d91d67c009e3256cbba86697a897
SHA512 0fc077ec11e31bf57d65156ed12caf06fddc1305b4cc50c3f699a25614ec027e6346e0aeebb7d7931d739ba6361f91566b499c83d609502fff6d6bccdd63fbb8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 ee4dabe33d22961daa408b4f7f347e2d
SHA1 b96a110447c368ac4110a0d70d72633824e20055
SHA256 e01a1168f18ae809daf850f2613d0550db10762bf8508f2980229cbe49806ab9
SHA512 2d093ba687ec582492e77211b7311243bddf04f93518b703c3f7a1840137e0bcce3e0b8116b74c79185739442232513d0e4a6968ea5c9b6f3a7a26042923ebb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 4502d7db45c3cc14cc53f67f205d8854
SHA1 02139987afc97bad938942f5f9db80a25fa065cf
SHA256 8f77ad5ca42cd63cedcac827ae8efa7cf0a3194f91579ee68c9aaf122b1e8154
SHA512 746a0dbfe8c2fa92a57e2790973cf81f70ee501d0e5a3816a3ca0e31f6e8ac9cdaaf92fb4efabae0d8ff8b9beecf8bbc793eb626862214e3fb4dd77ae0f7c7f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 eb9a304f785e0523cc27d3caaa1bdd17
SHA1 207619318fae781c0286b8de1d727d4b662b8cca
SHA256 09481b78342ab5fee9ce6986a325dbca04d3593a566625f2a40562ff78aed991
SHA512 60af19b7956481cca63a6adebe694f7b23a2502def173bed5f7e2c773250bc7925aae50de23e5e6323f5f8bc4e0bb7b90f8ac2fb6f22c2075ffc81416f3bb1e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 ca700afa33132cb5eff3f26ca89edc7a
SHA1 95c26624b65d2aa34589760543368d3cd7a571ed
SHA256 7805e1780152b4599ee720fa53128038537fe43f29ef462c22e24ed78af2e3f2
SHA512 dad3bd190c17f5a0b551c272fd8b6d26860409405d06a016de78f499fdf2121acbe986becd5548692decd1be8962e90888fe625a2bae985201ac9f25dfdf410a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 86f25551c7e342891480559dd1cf646c
SHA1 75dcc2190d4c7241392495b89fa7104939fac526
SHA256 73884893fcd75179b9032ac4421b3f3b1d9d852ef38989790720973cf61dd867
SHA512 c2cd003e34822dee5e1337af3618ca79be74e03ec34f705391a7d02cae093cf51f088d407ba808462a83dd3b5d66a3f2506b39ed1937e809529bb03033f50744

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 9c9ac39c14ee6ddec9ee228bce232063
SHA1 71fe330d4997150eeb34701c106bcd23c6881cc8
SHA256 c12c85547f6b665a906ff2ee6f94974e655d27d462d2c3cc4032de8147dba966
SHA512 dfcb5099627f7540d736a2d43d46043df1e454af9bfd1fbb42e399f70156e5da3138c1ba70a0c662840494abaa14adc2c274f025bafd69d4ddabfad47cee8d18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 55aae99bc643aad1ced001ba4375b42f
SHA1 4afd8f841e05f52a35687079a1417432ff72ed92
SHA256 6a950a649ec7ca64ca20a8261165c15e6f503fbb43981e6c963ca58d7495072b
SHA512 3f312719c1b31c05ba3984fe5775d027a3391ae57dee64c29c65c8947d8365d3183f7ac46b32bd040e37c4c7d9aa4d5bc59ccc40d21baf2ff9f30ebabd5a1d99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 c9c6cfa650690cabed9addbaef417687
SHA1 87de30364229bb0b346f2a35146ae7338c3e90bd
SHA256 410bc48c26302f68e27ad629fa37b68a53ceefe6368d73a24f1abd60463cb606
SHA512 1f77b8bc7dde3814fd51be16b764034170b1ba1f8595c4e3811c95ae3ef33f69b360b20c0c6035cee0498987ca8628ff2f708a845afa5c3ec562f00bd011b248

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 7610bdc0da8562ccbf6f716f3090991b
SHA1 9427cc977a68120a34c8aa4ec61e9cdfa5ebc1f6
SHA256 a810e9685e2e3557661e2b6cf3a412814c109967ad96c352b2911df067dabc0d
SHA512 bf0758ac05d5d3112aa07637f05fb6c49b9d918439a593ceb533843c46edbab5d6395f0c2cb0be61d556f56ef4b2d148a602098eb3a884fdcfe1534f86a9b8d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 077599c343b089c8d9ae2f0c53b0336e
SHA1 c19108d6e3a5799f76628eb5051965c5ae75c837
SHA256 2c9a759f778b8c3e0ce732c5b905c94e272385fd168ee8d51eb249b9783de205
SHA512 1a813c91fe781f60dcd836352789f65665b5779a53306fb560ead8af97a900ebe78a0e63331e0bae9349637acc6dc8f23bf7de2263a7a9904282b1c4e1127b3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 8ab9379a74847104c6276dbbd3dc5929
SHA1 8ad90cd5361362cbb9a3f06f34486681aed86ac8
SHA256 71f83a340008e1c70d6e4b467593e1e1e6c249d01025667f6e410a727ee1bc9e
SHA512 acd9c2b4d4618faa4bcbbef0c29946b892f5b337b3be78ff617d4ef01b954eb14cfc07c504662c2f5e599aee8e117b9b0585ccec995afdd6aea9bc316823517c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d5541b58d92730670d06dd3f52ddaefa
SHA1 a8b2a5493b5db4f4e1d6924eb4ca06ddfdd3f2a5
SHA256 6a60e2b8acd002ee4708bf17feaf46bb2b2b9ad38db0aa17d8165b097a14fb10
SHA512 45ea364e348f97f41eda27e0430790e7301dac7f636f6dbca04040fd7d13efe4d13c0d72eb4fdb069ac5e6cfd7df34fa7d9d03fd8dbe8ef94e2526d51a36e419

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 c95f78dc0111b43ee31620252d168c8e
SHA1 e87fd79bba2c7b7ceb0ce69690b8e21365a9e217
SHA256 1f01fd031f42224449d87de1f1059bd177cac0782e129f9bc3e2ce0689b2c701
SHA512 f4ef9e982dfab04c6a8b2a20b0303408d04aa5a6e3faa164759de5d8f2aa96d1ed1c43fbb93ae831f543994201203ba456da79cb102ef197adb893ad171efbea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d8c6711e34107ba80c5ba399d86a6969
SHA1 ba51349370fc47be6c3bb0380b704bda365ff70e
SHA256 2dd2e6e59ae5849fc228fd69861cb983b277532ec835b2663901adfe2caa17d6
SHA512 a841870a6bdeb3f4707f63c1270a8ac147285b1025d5352af3581f102de1d05cc8b08708cbf2a77cd45dade78e444b737e335482c3eb593fafd7c4b3b606300b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 255ffcb80e88071692ca679326d5f148
SHA1 c4767f4c9f82ba8b0545596b02dd42ae74174240
SHA256 ef705fa51de5a636149e65cacf0f4f0dac9b89ff21a60505a18b8e686e2bf1f6
SHA512 60c01431ff336bf71f1cda48cb0004fa7f6aac00c8073680d8b08acdc50bea3c47c3b3e00608c36f379b3d7ddeac8a80383506f4aaa5017605179adcfac7eb54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 24cdd62003308967377a44218394ea87
SHA1 9a927739b716d05e6d770f633b0481ae234efd18
SHA256 ef42beb384b22628e27310f5b95629a9ce7ab7e60480c5285f24fef78c251883
SHA512 d3c2c94e5ca9fa701cea952f3ae3900abf2d4384c042c950eb6847f8d7d204aba2cc6451e2910101daa9a7e27893fc35a637e6b2cbd79631c0e8aab8087c8818

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 487467aaa847f0b67bbe33ca2f61d1e3
SHA1 ded2fb42875803759b095356767c967eb2bcb85c
SHA256 8d4023762da72b9e4d84a36cd394064060dcb1364df58e89138153b62f660ca9
SHA512 062fc30ba59634b793a008f90aee3ef2049b774d68540a86e8f2c1a2677218f93c2f135f4797d63dc7a4c5e9f3664932c72b96f81d03027f6b592ce4fec36b8b

memory/1200-5968-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1200-5964-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 71baef781da30f99283b6cf43a03e7d7
SHA1 479ab70c505181edcd23a49f395d33d3618afa4b
SHA256 bf3dd9252eb895ef6ada87ec2f9681d8775916c93cb08a1312dc5acb7355aa21
SHA512 c89a569c52c8a8ccc7b318bf77090166e8ce1e1d2aa28092f8a9acff8b816eeddec8dbf4ac29499d055a3ac6ed120f5314d42c7a18443266ca9d3c2a96a13041

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 5682923152279212386485a5d266cf02
SHA1 6a1d051b50ba645f22bfea32242c7a10ae1bb10d
SHA256 d1159b5cbf0dd272dd4decbf723b6e34849640d03691c56fa78d8c13d8554bcb
SHA512 15727fc3dc903a3dfa2e4d1a0e70d04f9ff8ea2309ffeb19b0828b1231b16d21c946a7cc84e9df10168f3294a3166a2ea22dddf0b6a2336779b4ae49f2310419

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 7cedd92402daf4e25c76e38e603f1dd7
SHA1 3810312cd0860b6529f7fe73c223f5b78988de91
SHA256 73fbfe84990fa9a5a8be2e3d9885c0b9e68a2bc6ea52dab6aaeb753d774b36a1
SHA512 1ef6ce31d388eecf378dd7b696557a40cd99b52da8a4a2df6f06ade415e52e7acee8892eb9afb3f33dee53a40e245cfcc095836612a3422d5621c2dfa8ffe4d5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

MD5 c301ccb9f5a706bf3bb1e2c1d9373a15
SHA1 4f994e266255123d20ef3c423dc171eac3e83557
SHA256 19b674a30ff5322522873943cba3a23b487df089c944f177061d331e463c1640
SHA512 798bd78ad61fc852f1f6a544f5173578388d7502bdd95f4a8e82518f1610f77f674b8ca41ca19385513a78d96b062c3c392e53c59fe641b88e88b3de9237061b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 62ce0da5ac80892fe539ec83fc545e05
SHA1 c0840f31b410286112ff3d63d2ff6ae49f099977
SHA256 3dd4095bde67466020172405c09a81cfb6635ee52abe2e1c43775e1d8d83c91f
SHA512 4e77ea23211aaa0287fdf3c32585c58c079cdad9cd931a0b7c74b0ed8afb49a579bb2fff2dd2a4944a83bde676adc2fc4549cc51db50c4f62131b3b820d4ba02

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 dad3de0edb747b996c1d07c02143d8bd
SHA1 8eb3899cce1df55dcf51b61177c5699e2a11521d
SHA256 c82fc7d1c270b1975f39cf7d3d9725c0c74cb1b2e8a31718a0c3c3b97a9f148f
SHA512 7849c7cb8e973838de870387eca3213af0c3e23de8aa7c8457e36e80d8848a4c78473d3818674e313224a5e7bcc4ecb664412366d7986ae370c8cdb7b8fbce95

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 68459f615df8e7d7248a9a073b76cab8
SHA1 2ed8f590362685f0d7320f40c7470b2f20585227
SHA256 6808ba0eb7cfdc1780bc7f48ef0846ff26f057afde67af59aa8ab96d7abb6b9f
SHA512 5d93f7e0f771a618fd8f8fe8b74d48594e30f082c927cb5a7b69400f69e6d051d8b376fee41e18a5b527892c0d4bb6f0823761e7a6c9ffdb20963d77e0a2bce3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 81fbb7ab23f23787af40ead269c0eb51
SHA1 8ccee06de90cf3011688bb7d4d311035463fbf71
SHA256 a400c4588a7113b503cf1ae8eb38af5f389d2843e8353acbab03dd79886128e3
SHA512 3d3fbd67aee7f4c0509535a74fe059ea15b636586a600d9476727ae37a0001515ccc9ed926e7c457b1f784c3c46b8b628fd3697e819b1e944e679f43fa44c010

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 248211beb5f455bc1b066ee277ebd404
SHA1 f8ded7d351fad489665d76a921641571a73f86dc
SHA256 d3ba0df6ebd25e00d445e8041b95841de790361e4b42c46514e3bbf878c873ea
SHA512 5550948cc70bd57ef0258b3d9bf6602a6a53c813ebe5380e615e77a87f31facde5f502a1349e35ff773094acc416bbfa6eac7a004d6c72524c65a36de4006b1e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5ff770b8c59c83ed2cd519009edb3179
SHA1 d91039836463da40761ab33461295ee6c4547c2e
SHA256 a638c49b97cf53089efa5a4d369ad83dec00becb8240b8aa0bfbf156ecb61960
SHA512 1025b8e110fab999ddb8a43188aa7c367d4178280db91a8209971b48df388f3bf9c557a385858950cac6bac688878a9615fd5d53b32639fc07839f48f1e5a734

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 0fd2a8adae74e716aea7e8d219be7ef3
SHA1 2bdc02e5bff0177a8ff74870cdb60fd37ef8d29a
SHA256 ace53d3c502902ff6cb2846c1e2fe3d5bd24c98a63d451d17651f2f4556c7259
SHA512 e399cdd6fd92b7448ad912cdd6c16a675ca883b06b72492887638e4f7a759ddd6eace3741f533e0b3a5773ca5eefa752773235415ad8637c5de61e18262eea88

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 b0e4b86bf068ef42a00d15f61301d2a3
SHA1 8f321a35872b44aee7fb4cbdb958f8bd1d9f433d
SHA256 b080aa328f6360ba3c80507d1b5677d6cf0aa0c18352a4e48a7fba54f5819a5f
SHA512 d81c65f9c99b1815c035a38c8ba06b21f138c92d9e591fe6303dacc4478f8b03a9ed71a53dc10d2b75ee7bd91e2f6a117d446ae587f7986b74004f47c15e030a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 838faba3686168db638b1e744574a4c7
SHA1 46936b483487bd7e77c2d67a79c371ef736bcf11
SHA256 e836215e54eb22e0da4fa3c563e930f6f54eac3a8fce93acdd10a4974d6054db
SHA512 2f735fb2a9a41a9301fbe911aa14ee07cfc68f57e3951649198ed292fd93dd14955727284144b1fef533f8effc27b5ec2395f61f5abcec3c146ee0b6c2b39704

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 f6670bc357f96471468f6ef962415971
SHA1 f6ebbbe0954b336ab0355b3c386640ab81f0e786
SHA256 a9ec85172e3edf677e000880a485814f52ebee81042db5b727c5596fe8fe4386
SHA512 add49018a4019ece500ced0ea770edc28874e429d172157d7f58bd7cf9deaf780bff720993208d17e38091bc22cfcfb8c823b0658a0e81082131b2b20480b28e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d37b559e4a3661c0cd2907a05e7ce89c
SHA1 5d41ebe3b67a2e9137c1f35ad5ac7448c0b301b9
SHA256 fbefd7f40f9248bff08b490ad467ee986949714dbe13ec1eb366a39639bbc8db
SHA512 9f2e8d2d081638651b9000472e944f878259faf64a9cc27472ad802f9a3ba8ac6035ddca40befb46aa59ac2a552ea566e8fa34dc8008d291aeffbfefec2a5e20

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 87dab104115f5f444537b4b7974ea0c6
SHA1 48707878c873aa5c9dad94a98e65642456056bc0
SHA256 0238ec18e261836dfa8c03e5aa9221c547b661730e8e9648a9e21840238dec9f
SHA512 fb6699a719cd681c132759254fceb41923ff6e227df92b55eaff6c82ebe3232b86047a655151fe2c1d228830072dc3b7168179c81fb1081b43d6a53eebb5067b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 23d8f7aa77e0edff4ea6d2b854527c4c
SHA1 06319903dd4331d7ec5a783f9ff442172abbd79c
SHA256 390b0af89b8704508b671dc191a9b0aed67ca5c4fb4af720b7c60e74606fdb0d
SHA512 8728abe4f1e392e9ba33132fb8806a4df38e64bf137fac9213a238915602c7127f1cc5bfb5458efdd5e3f13e6b9df8d27ec1e5d8c2bae4881e9c090e9d7aa715

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.EnCiPhErEd

MD5 4eb60fd541155290a5bc17dc9224f3d8
SHA1 0f3825bc33467b3d933356d329a3310edf408e43
SHA256 2046b7881b9f2e18d5660277ae6428a197ee03b3e06de8a0dae2ad06585b1127
SHA512 102b01b17fd15e695ad1004a71b08cf03143068f2e97f8821cc2497ee0ad4e804b42cca2274eaf6bb248c60a19a928d2c7b1e971623f168396a2a83f4b2b30f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 d14ba34d3b9c06d486d9d68eb0f8a29a
SHA1 dbf6752a44cd30d4edd3f71a87fc91c18cf6868e
SHA256 4fe3258600bb20ede72a13ec635bf4b5ad1ad2d2c664390dbfd66bac2da43bc1
SHA512 0883f02a822a5554a7ebe94444f99b26d3cbe8f1972b7cda61aa57f93759b76647072a9e5b7d932635ac967d5847c3a95711bb49414c176d947a946d82a3bfda

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 03ceed9f9648969a54a5e792cad9590f
SHA1 050d69154078e5857588e1042018c63ce2072d32
SHA256 f6beb5d78bfbe3a5abe136e1da7574411c266d35e86b437354ac4a2e79bfee55
SHA512 91140bb32f00fb15b1a2b438dd700075f49cdfd4065cd600f1e00c5135d1dd9b485fd2aeb71a0cf6fd972f4cce671e1a86cc2c7be4f3254cb3dae4d0f12b9162

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bf0c7437e245106e3434b40f02cd718a
SHA1 86593cb9fa4a8791a4dd9038319f05736ed4fe7e
SHA256 e781d39d15d7e529a72737614b0939a9d2846d19353084f4bc37f017a9168fbc
SHA512 3f0cdc539a1d10acae476b69f3f320af0522f0c0aa60931aa0597aafc04bcd57e74671985317dddaeb04d3742658b277089448c5312e410feae97ffb2a49b560

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 00e1a724bf3835992e0d802d4292fc63
SHA1 a71b96984e5cc115bc503aba9b0ee4e946ea19de
SHA256 7cdd058c3c7cb5e441ac5aed15814d8c938d6d7527cef40c6dcc10799347539f
SHA512 de00456f7f55daa3bb8863abb38d053f580699a59778ee35de1061254a25ea78fcd3f331e5b88eb933c54561338a57e1105d6cb4fb8bab9a153971837612eb45

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0733951ee3c9b0420096ac0fde5184e6
SHA1 a9aac94b99520ef6b48dd485fcf7add70ceb56d7
SHA256 1d7ba1f1fd6c0cd1f5d8fe77446167ffba1b477133d83b9176f122394e6ea7e9
SHA512 2c8c1f5ac318da5395a05ffc8a6bee86cb8566969901eb1f32b59afea55270483d17cd7f965a80141607f28fd18b1de32ab23546e0d07ecaf15ba68e10ef7c70

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 86b12c51c40b4fd7d5032b150b029bd0
SHA1 3cdbeb1ad4e27eaffcaaeeca41ab89b02822f492
SHA256 df762539f37ea111be7013546a37ce8fb577b4fe470e72500f7c2f358f0d201a
SHA512 c11e12ea7d8222d10ace491dde1b402bf3e09bfab77a619701076f6d96a839d68924c8780469daf100f63038edbaaa3c0ade1fc9346f011acefce1fb1d6bb685

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 b1b9c0811c2c1f90b491d086373c87ac
SHA1 ec64b5d3b43d0a5839307828fa01627be08e51e5
SHA256 2438e14178df83b0ac1b811cc921f20500733a25adbfb06460739eb2c2fbb4bd
SHA512 7a7935c8124e16fe81ab04834c8ddf6567dc90e050e798e3b0cc0a5f49e5126f91e7fab44c1db57be491072476ebfeff09a8b666501f363a828d3253ab013ded

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 52e8c0eca33f8d7554a4a8457f6e6f42
SHA1 cc7feb528fd378bb6f347bf469be37f2d1aa2aee
SHA256 18c1a6c742f022b99efe631de63c70f84b6a2c57554cb3afe5672b57a11ff345
SHA512 45ee4a5364e4efc96772bdea3726abe78905c6ffe5ebad0029a50114489b4e81b246c4429704a357671ce18066afe42fa77bc3b62c4375f960c304449cc496f6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c2fd1092163a154d29c0779de5a4b1f3
SHA1 fed02bbddefd365e84b657f4537c2d825e93b640
SHA256 14a1b849c3b1690013aca4bf24f881710df7691e9629a3e2228b52797fd0a123
SHA512 a4c3c79f13fcc78920c53955ec96bc4adc3a30bda69b711033df2a92524256609498678f3475e742152626124afe96e275d832ee7c12fd42da97eaff68019119

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 75be49804e2856f221380d6b489e32d6
SHA1 17c8cb67d689a9f2979b7f2683cf7aaa641919e8
SHA256 b1313c71a6633252faa1e33d64dbe43f80523d5777e216a1b2d7937d28c9c0a5
SHA512 d32b14cc92ebeb8b8f6f0ce318b811551d4438aaa157e1fe6ecd6ea9fa33e19b9449f7293c34d3f4cfc7fb99e5e87018ae304e68195d7b4e2aa30906b6ddbb92

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ddbf4ad2989a38f83089b2d1fe557b71
SHA1 2c35ba7f86c2502162b7645f516b197d5c5d8043
SHA256 9fef7a1ef37ceec3e3a8285cfb1ca7d58db5a1efaec36beae047dcb21d52d56a
SHA512 d27ba4969cc84bad9bc9e4dbbfbdd3f72a7d1c66ec831c6872a7bc2b27501779e9248e357d1decee46392664a1225c9c37b884e1ca1b0990d055779cf587e558

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 7c21d58024b36a406abdfb93a42d1a08
SHA1 5f68570e5ccaf791d7a5bc77fceb90b39988d286
SHA256 f9c6dc1b1db96fd88a9c0d4830ba4c28ed2702d4eb757fb3c9e2be4897031515
SHA512 f1b7a4b78e8dd2d21d86ea9ea60c28707a219dde5d024a57c5a279843902c7711ecc11ad4d91aca36a78f641c28cfacc7703d938915e67f1dce12a79821e93be

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 da844b738d20ad30bdec2690c6ec8cda
SHA1 0d2f2d2595a88565e539314e41767e19013c2e51
SHA256 211dde4a46b18235082fc9dd1ea67040a24beef9b6ece8244bedd1533d235596
SHA512 c525b2c62f590a0a7c773dbf749fd82ff37f52d91a4ae55a55a5947e033be5bdda0be9b2597b8ec4e062cc55b053c5546c0c1a938c1af4f3ad8e777dae0fc0a2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 f54214c3f1fe5b40d7a0b42bbba88e74
SHA1 515f24448f75a694e7af247dfa292b8205764af1
SHA256 2cb2650f47672690af425f155839bbc21bfdc2b5e1c69a0942d0ae125278b6a2
SHA512 744f460802d2761dcdd8d8b928e8b23b86c2e04a78006413be52c0e8820104d828dbf2a472cd39cb7523b0ef044ad855faf8acd605ac6b82809543ecf578a153

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 10cc5aeae9ce05513d280961293c5358
SHA1 9ffd465e985246aa61b8697eca12a974bfbbf759
SHA256 44d6d183e9d6e74e5aa9b75447ba24590c5ba148521177912d95a721ec78c739
SHA512 cd8ab94d4a16efa0f743db7e5c9936de9c56fb0001345937fc6492e8ee6902620d8c6fcf2337cc71c7118461b1e207a8a572ce48e9b9e23554e270177c789037

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b25476d1b0af0f479573c3fa3ce09b74
SHA1 680b3508f2a77f92fd940acee97c31011db5a7d0
SHA256 524ba7dee90aad4c5cfa914d0c128bcb3c84070c5d7da104036ebc0903bbe773
SHA512 608246e72a73764411a922afffbce928f44b775580850615b6b6f3b19088e0b7a6eb42fed62325c7dd322c4b3a99efbb720f3b4ed6833e473f5d6180bb84c02a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 f420511ab5f3fd9123fc1545aa5e4e77
SHA1 044af1c6e883dfe9545e46f2763b5647dde8a9a0
SHA256 7b3577af6bcc32041452e67b3b9134c1afff9ae670ffe4a6a5eadcd6c4337997
SHA512 59b8596a7eefc3d80644616301aaffda7c27e0054e48e250ca9effbb938fb63a2fba2e96cdbeae81af9736597a5ced054bd4056974367413121e342c332e0d10

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 638f6c336d8bc2d4e52eb5e0dd1d64b5
SHA1 6b610a511ff26136a9589e5cb98b023b9a3f15eb
SHA256 2279cb61755dc2016f274d8349131df91fdf8c525924e7ab22a7b57351b7168c
SHA512 618e9e1f6858a73bff47290ccafbeaa97220b8f04fcf09235fbc98769277c93ea6a5fd15a7a227e7a5490edb854aa3bc4357799db8d944e2d7a4945c17f8c2da

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 8cd293f5055a51d45fa854f2e1037645
SHA1 8b4b250b74af6442b8c123b2a2de0e6acb1ba961
SHA256 0e006300e4a35e625cec111ff55b27ca561a60e16ad02ae0f8247f9cd5dd2cc8
SHA512 58be088fc00835d7faad5f375620367ca4eaf5f27b1c4a6b7a75d54c868c42e377b7c4e3e124893b7d2ce60796df3a97b4918162f6d6687f9af2acc8c25ccbdc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 7c02412065899b78c4092bcac3de79da
SHA1 ce8b9cf18a52a184559d310ed42efb2030bbb5da
SHA256 84d6b3a2aa3fff8a9d60fb435797df83d7faf1b01a56e58bb0ffdc3f1711913a
SHA512 fa70e874526b126c55b88048a70682d92978c9388b768ed62bdcaafe35e8fdb881e70b9f85d3cf5b8209c51ebca930db29459fce5e7ea700896f54aba03ab747

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5b0413d5dd3716eadd04784c9295bbc1
SHA1 c08a93c3eb5ebc2b2c1d84bea21e3049c8730d68
SHA256 dfd523eb06cd407d18103acb3adea3b8430e75e17a7297c09069d8f8390d427d
SHA512 b656969f1632202e7c8f7946a7a54f84c875b93e0cc717e7a3218d1396f88307a96ce6561d8998e3cd36ac9f50dcafe04eb946a7abb78385687cb9139b8d9868

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 e23334db833ba431b6b404a13a0ce4e6
SHA1 3408483084214a26a3cce04edfee01dec6a0d699
SHA256 f7fa93b419ffd161b4a8db6aa47d837e694fd8f64c6c0e2c47debb72483b0a5c
SHA512 e90d4e6cbe38e4cb4b7a2c385e3ecaa908ff6fb6ce9fae6fd54842b89ec05ab4b7d4df643228f38c51ba507cbce5d1897cbaf1b9f9f83a64d567312e924cb8a6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 da66d5422e92cfca9380bd1bde04ef4d
SHA1 0e2f1397e97424fc04b386a3d0ef5cc837cb8b82
SHA256 8af155b3e86c309b6d16470f4e45c8c886db0c3fbea526113470a837cf0bcaf8
SHA512 3f7731af30a01785d50e223dd017c95044f95a5d3652b4677d26c9def08d210a566f171990e730c14275b6f344d753a21c024d9e42b84bc9afdf0f77781327fa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 bf9d17f55a85901a699de914810f3962
SHA1 493bc2916f314fb256d282f60931de1ce2b970ee
SHA256 3406d600bd74a533d20b17344b780997ac2d8fa0563185e59a1c648dbb421376
SHA512 69f2b7d9aef56ed33953e8258151fc189d9aaa151765b379dd06e548b5222b4b166615d509e8ba5476e2410f7017ef4889ea3bf86a6c87e29a902c1272f84a55

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 32c12060ba7d0091e7906cef2da1eb1b
SHA1 6d3654dc65d9fafb20496a3b6ac5a2383c696951
SHA256 8216d00cb027d2195104e6e693207bd015d1f095368962955c601deaa3e90f9b
SHA512 e942c86b482769cedf274255af3589a7ad2db53bdfe8083ea6e1b2572926673108417bca63b5b8b1024b644ce9d9fb9ff729364c7f99f81f1c85c33c42975b7c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 4ac92ed52f3894ca43556dfecd43700f
SHA1 bbb562dda4addf009314e815ba6cadba13b58d5b
SHA256 bcd8e4b3b685bd55e15da5587e32b684f4bb8383cb755385acebd8b9ac92e51e
SHA512 1a9b5b536e15192ab28a34bbe3236eaad74189dc0ccfd7ae170ccc40253d57bc317f07157edaab24b856a8cef59ed8bf33d83e186887bc134b4471f045e40692

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 d4865edc049f13736d008ec522ebb457
SHA1 6f05ff8222d693e4787d9a29501b81eb50bb81a7
SHA256 91a4956db43f585377096ecbaedc7cd9834c60b3b06e14d742ffbe1d4f97ad79
SHA512 2e6b5e4fff83d64110744efe43baf32d4753e37f1793e67a98d1ada72dcd36690482d98124712a1453ecef1f29d9097477309a8f3987ff5eb5d7cd572d2cf4b3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 d449cf1a833f0273484b01ae4aacabb0
SHA1 5f39cc57596f43a92f7996e496fd6bddca14c468
SHA256 43fbab499af3c68d0756b5281355ee2603bfdc211d00fe31beadfa903dd09997
SHA512 fcc3ddcb2ccac0a4288c3f389b9e98cf488fa78d45571693cf12fbd913733ae221270c7c3226da2f47375a8004c8aaa212f647f7649a57b082a472f0648475df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 43119bde3d518ff4274be1cfe2a4e703
SHA1 95dd26e41110af075a3ecd90b79c7423a3549e5f
SHA256 d07e63ce160c3dfd059fe1b85affa46bf09b77f37b6d7ead59d1b9a1f6009415
SHA512 7a16e66255fd944715dd747de2aa9a3fb1e767097566204817b3abd55b29674b6ad3c3d6f77162db6171843c62daa71bda14a2d8d91c1d60e63b5bf3b02fd800

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 43f87059d7fbbdf3352582e8f56ffdea
SHA1 ea4ebafa19d65fb586ebea00e27fcfec4b3a1d72
SHA256 392a1e5f22298c076227856a199b7325a5718d21a5af89e9f4ec10f541f4e690
SHA512 82c8a94cfa86097ce2552d3ce8b9c67b495a93de5a79cfa6c01b336ad3e3525a19f98eb4b87b2d52f721aba6dc8b1385a15a9294ed499e7c717345eff07fc1b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 b9295f44f341ab85071b0bee1dae6d0c
SHA1 c127d83ceffc54b928df5c8348cf64dfe865e54a
SHA256 be3778db85582a6a9ee1a0284cc20d35a9d2582bc498aa4283f9f50c2afb268c
SHA512 a239550d59f1c30bfe8fdb1a5130dc84494e1b9cfa9be0212cf393ebe55249181996bc49ae46b6e716c009dea2dc1ad964ce70eb0b69dca68fdc2668f2d14c0b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 6c00eeecb12371b6c3c780e564817057
SHA1 6dc19e0392866832738232153f60ae91aa2954b4
SHA256 63a4bb67cfe8f6c2ef1bccd82da5ddbe986ab7c5352221d97d9410c83d2229ae
SHA512 5f642a53d7d02f0ecb1955adcc685e23d1f51ba399e89bd82c264ebaee179972e06a1ccfe0c0ccf4e640f80d7b9aa2ec7688b66a5f1a520f0d2fd0f8aa3188a5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 3ef4dea7f2e85ed0c6747564eeffe02c
SHA1 cdfe9d7fefc527b1b534a35cb7d729594f477032
SHA256 7ee24835cfa06e7db87174c6c2ad3fd4d6c572d6f77371945a2051e2a7b58b20
SHA512 f4e68c0bef3ec1969aa95514f087b7974f6350ec239c10613aaf6671ba3395372102b56e883f31ad9b4fa44c79511c686fd7a5e22479da8b0a83dfa334630509

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 2e228f04ab80f0956c6fdba17f259050
SHA1 95e6020b4521631505a618a5fcbfa46404d6bb89
SHA256 ec21fe5a55544120a0d10ed86ee5dae13f4b00ad5e4710ede1e95ca9ade3cc26
SHA512 d6ea70d937b8de8ea32f9725137d34e6a6ea3eb2b0a90662cd2dda0d7640a2ba43ff9431a4142a8d0aa2fd8972c0472f9dcc38bdf0d71575dbb3961d4bfd8978

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 b140bf2e57fbd1991cc3bd7c831a740a
SHA1 abb1a74fbf67df9ad49d06f79662ffe5630bdd5b
SHA256 4442e3cabeac97f057d80f1cadab7115a810b3f2d155634cada66a71d1243f77
SHA512 65985b234056de4cad59c49103649cf431b76c1a12ed8174d73646d1fd29844c1f530563928ed3a324f92dc4aac3b3925c86fba8b4cbf3e68f71cd2c8b763458

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 c353867921109d82749a060da50f9e48
SHA1 19fcb1dffdc48764b12865bb68484347a1852fcb
SHA256 e7ec7cd09a909c55ee35e1b4928e76131a09f892fc985c73c258afe9442d53af
SHA512 60e9e3ca5cd6d8efde8732a969a274f40691139677544c3432823813024dedcb335e1edce23696c7639f1f5f7aeb69cb4a3192fc6c34d2bd42caa163099df9b1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 6b095d059df0b9cd2485072c7e5f2805
SHA1 fa5d9fd5f441917ff9fb8eca884061da223d3116
SHA256 aca1f790107ee511e6223c1432dd3112f33fc176ca7b45281e87bd8b91de284d
SHA512 895968c2a3551263ece28aac31a9409e91e751c2af99325aafe9196660ab635fbf830895c9689ec543f646ee601f5a123e290aec640acdd81b5e4266da5c69d5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 621656ea073087ab88df72c466859cfa
SHA1 58f9a460ca90f4727f641f9169b8669fde65797d
SHA256 a792beff305d2f63a36f948676ece512f6858d40a47fdedc68b0a9ba5df9028d
SHA512 dcb36b513afbe44ac7b015ccf612ddbd7c2bf9d9b7ca440ed9eb82ee07fc89a7eb51358e2ba68389bf354d3d81f533ef170357f959a901b979c7a66206dd9fb6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4771a53f3685b4d066db713dcaef2df4
SHA1 5c6b564541d9666e7ab611e517f8724a2bcb8e8b
SHA256 7bc8aa9ae280091f03bee8a3a2e5f1240cd274421e437ebf4a50b63df33897bc
SHA512 db3d9103fb9d6a5b64bee4c358c29b85d1ae27c2797efcb09a8657dc53db32fada76f87e0324fb462e30d782703471ffe5565f9f9045311a9ebcbc4fadfef890

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 91125bacab5bdb799e3a618ad5c91221
SHA1 a610e92fbcb1c81d72c6887e582c01942a508304
SHA256 584ea0835e2c81fc0c4cec7daaadf9f6e1d77fb59bff6b15b949237ae5960bc1
SHA512 0c089fbad0654965f99a8ad4214cc825d759e1d29f70ce8a69504d334e09c495f479c3211d2f61ba9e757a747e8dbe03fda47d264076707523f8b47488e2cf0b

memory/1200-10579-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1200-11003-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 b365208476a40a8366bd1c3fe2602b16
SHA1 fb347d4242722806edb542d4d6aa7b91a48cf928
SHA256 b4af462cf385d095a1001c5452fcd5c8d682a4d8a97e52be9014d44b6639dc1d
SHA512 a0e2f839ec41bbd5ec48ee5316f00df0734787c36cb8bc2530dc67cdcb59fd4e5d9d49dc89893acbc44be82b0347c0241a263b647ee3770844d291565c5a38c3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 db3ab06a0bb7d17d0d99abb041159d7c
SHA1 39d1495e057d99eb9dbb6d41d340a3b06bba0302
SHA256 67d0d4a34e10f80c587fad7922ef1face0cc10d0a269889403ef7714a3e64997
SHA512 7b87a2fa213c48f8cd6568bb3051b1d9e4c6b67b0ae5180059dfa29231e08f8f462a56b343aa6ed5d106714774fc3234d2bce9165c6074b83840b3906c7b36d2

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3c7c8e6e31ddbbbf1679e488a3fd69aa
SHA1 9bd0090793eac90253ea6f71047136305a3d7dd0
SHA256 0754a00de4a3d4a39aa526c476023bd4d1c39f19947e1c089309542929c447fd
SHA512 1987a5bc4373d3c0baa61f9833337c246600c7d73b670b62f73af401242e3069c140c47633d90c842542b0b1e8421f3d11527f6e5345b70086426d234236c1b4

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 c50c53d5a0471ea4b1771e9967fe441a
SHA1 a096345ff75b76d1faecfa2d754670971ddc8711
SHA256 7f124b2557b09d3d1c11fcb500f8f7828b02c0a8bc469e72bb11618b1d3d8351
SHA512 344650f4fa3a83c280cb7b540659f8d91548b7da7446b4b616d274f9ec2375eb88a84d12a45efb3a50eeaeaacf26e66d05d58874cbb90125e87d070936ec28c0

memory/1200-11336-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1200-11339-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 5f63d6e9c1dc2f6fddfad3a3bcf74935
SHA1 7305aeb9ae05ac5c8671ced73183697fbcb3afeb
SHA256 f86df116da2ebf0281449708513bdafa9bb545e3cf5c8a48cbe9b1d27f6c8f0b
SHA512 c1bad11088509ccfb8196fb02e029db5506f866f4322c9aba35e090b7ff0b6865d08d34a2db3638f8545f6ecefab66d939cd24fde0a46cfa38d640da44baae8e

memory/1200-11342-0x0000000000400000-0x000000000040C000-memory.dmp