Malware Analysis Report

2025-01-18 20:57

Sample ID 241125-fd2ftsyres
Target 994c8cd78ade26404561afe1bac27f5a_JaffaCakes118
SHA256 b8868d9b80874e8841ca97766a4dea8200553c1f86b57d143b092c22697945e2
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b8868d9b80874e8841ca97766a4dea8200553c1f86b57d143b092c22697945e2

Threat Level: Known bad

The file 994c8cd78ade26404561afe1bac27f5a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2188) files with added filename extension

Renames multiple (2193) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 04:46

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 04:46

Reported

2024-11-25 04:48

Platform

win7-20241023-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_neutral_16d100fb6ba2e40f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\es-ES\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMESC5\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341554.JPG C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Library\SOLVER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6B.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\lua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d668ed3da68376c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92ae7bc7fccaab93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5db44e360374aa3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..legacyole.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dc27035732ffe791\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_17013cbdbd7efe45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00v.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad4ac6158ec3af55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c0a8f3f379d7a62a032783cc4e04a4dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7737d227a0161a7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6e53e888c0db38ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smartcardksp_31bf3856ad364e35_6.1.7601.17514_none_1416746c99f84fc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cryptxml.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c3dcc9d051bd1d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\Boot\PCAT\zh-HK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\inf\usbhub\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a8567c41ca9a8cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_it-it_0d0562f18d10755a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-medexp2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_54b27470cf0113a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..edirector.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_58e8b1bdbfaa569d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\aac5817d96d0ddcffebc1c45000e9008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_rawsilo.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a026d78a5b0b2e88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.managementconsole.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_a724e6819edbc021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_11.2.9600.16428_none_cf8e2478fdc92928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e121001d2df929ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.1.7600.16385_none_656773dac187bca2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_06a50238f37ce6dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.1.7600.16385_es-es_181808c228b5f879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eef450c9582e4bfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b44416c7e9e09699\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2df1d63c5b9f964e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wsdscdrv.inf_31bf3856ad364e35_6.1.7600.16385_none_2c33389ae33260ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 4.0.0.0\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84d96624bcbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_de-de_34a4f72aa1dd0bf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dd46e0fcdc432842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-adsicompatibility_31bf3856ad364e35_6.1.7600.16385_none_439022b0fb0c8466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-708_31bf3856ad364e35_6.1.7600.16385_none_cec3ab1cfc826848\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_4c9a1ccb0f799b38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-getuname.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1d305cd009b24d39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bc3d05c5f545b326\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_de-de_391ee1fb79b65b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_6.1.7600.16385_en-us_667ff2e88dc1b9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_6.1.7600.16385_none_d66b4dbb52eb8cae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Calligraphy\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\38.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ad5a7223ef097d7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fontview.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3e26e65ef2564ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_miguicontrols.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4e9124dc5d37d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\Column.bmp C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5e6a23443d69bea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmhayes.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8f77064e151b8495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_21bf86a74f104022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_de-de_505b0e4404119781\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8c81a76a2858632d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_e6130ee51f4a1257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..store-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7be3a24301ca4901\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e59f39d49b771384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe,0" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GKWFVSVTOVYMISB" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe"

Network

N/A

Files

memory/2624-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 3c7e13a7a062b1e1953f38408688f6a1
SHA1 0d893144dd99a12cd7ee79b1ce0dcf4135c1fbb1
SHA256 f8e4751d4974dc881d7252698edbfc84cdb662fbeaca60eefe1ec1821414afe9
SHA512 63ed35f91787b1aeff93bb1160f71dc2c04bf0e7d4f019b1e020a67ec74d2810da8973f0715f2ecb663aa823a1f98216cc1af0d5837d02c6b7f75aa9cbe1c6f1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f4bac8a6f4f9f2c808fce4f5c36bdffd
SHA1 964f629c5ade401b8ca4217bcc4024d22d293816
SHA256 4ac484ce2d0bed1c766a7263d1f52d0bc2d54138d34f53f993d6afde0f124d44
SHA512 14e7872e0ed17d212d92996855abf188fa5e67ed4f7c3de116c756d82c62065aa55933c612cd650a568b0375e24b96445212e54075b3e91fc48d162817138c3e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 454ec8527be3463a551f46b4fad605de
SHA1 024ea00d921591688101f5aef51a9461f0bdfeee
SHA256 d1e74997f18efc353afcb121e9088f0f280ce4b540e62782b8b834fde2407774
SHA512 810e7f15f20ccdab579ec0ce24df4e386dc729cd0032bd0efc729735a1232080e863c3880a357c3e34ed9ad298e3b3c07d48b6d99f1846c8d27046ecab0024e9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e917641435b162626592608bf9eb93aa
SHA1 7ac2ab8e39d16fb7245f599fc69cda9c2c58cbc2
SHA256 b5732a5e415f52b4f7f300095f421ae99e30d7ffeed3fcc6310a1b406ad02787
SHA512 5258113e06bc16e4896da1fdf33e9b3310f5c09f44d026e3ac175d56384345c3e6385b044d5f94267e6e4698bda879d9cea96f56866cd9b1315ad39bf77f39c8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6dac8c86d3efef302ff85f7dc80881c9
SHA1 f65419b5844b73e5152dbf18ba556cb0760f5c92
SHA256 2b43ab2a19b3df087cafa432b3a43f300f5b75bea58c9863509de2b3d74ab75c
SHA512 90a1d62a42fc0390afbfb774db6508703cde23533536c34868c469470c3d072502c32346215ad6bae7034ee718e78c93e3d57008d54895262473f5d183f9b4cb

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 156a8444120f21aa9590038c9c04a773
SHA1 22bfcb764a66273d8de299c7bb3eb5cec7ef361e
SHA256 28675389a2536226bfc0404dc777fcf05107bcde98b8529a62701676234e66e6
SHA512 2131e49ebeb99028a3de523578394aae43b95e84df35ecb9999ffb97250c59369281a9e87cd6e8c37df15a1f7405ad8fb88c7a2b879275e27686c9a7fe87e6f4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 6d933852dffac2af4f7dd5e1968f2390
SHA1 c127dbc532b11efa1ca07c5c563e33c4641aef9b
SHA256 526821bbe177aa1c54a70bd8c8bcdbcf442f109638fe9fd1c62fe03c7fef86d7
SHA512 f0c4a0ad2ad90c334130c086fa064b646aaadc1d3d91005dea524d124c6ec40a0b3900a54826a4a57c8f821cc5011717824145d935f9a433600f0325afb4d57c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 a9acd487d192dca8664deb3521fba723
SHA1 66ae9cf6e3567a546a5d984ef510daaa13daf62b
SHA256 ff0106d7341f6c9e0d260728d786961b049f758691990c9169d537ee40aa6d8c
SHA512 5422f561563fd07d7cd8580cf7d8594b00b932f2781c3e808f9913f8739520e1944d439f7df7287c5dacdd7b4eeee87d170e05594ccecb8941b1e72fa76d06d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 2c5881faa7f51b0755052cfcab757e08
SHA1 f6a6dfe6992381e40b628a6a9966431d48483da5
SHA256 b151097854167ab639d1b76079d430c57439a27a4e0a68dd18bad231f39c0736
SHA512 229f9934e3fd2e40cb93275e19bae7202af8793499f20f7adf68dc7c2986299acb389a8dfcf7bb0a11ecd6b82915b0960a22294f425c8748192d864a28040c2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 56f8f83210b2d039ac24b87817fbc53b
SHA1 b89230f7bf8181ce914fb89a8eb3f976c93b16d3
SHA256 2aab9fd75985b6805d2160e484b9544b0fda37c27c9d46660a4a2aed16c608b5
SHA512 f4d7c773a0c919e4f3d201cc254e0fedb1caf506318c61290058973617d428fdd3cd584542a4713f4a235c16a4f5bf97577cf4c55d072af8de6af5964ab32f29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 6e60ef81e01dcd99a14d24747cb25154
SHA1 de22741c9bb857b97b3142c4df4b4215859513d6
SHA256 45d86577574b23bc8b3fed208800a57ede12c1cb10b6ad82d20453f4a04d9df1
SHA512 00ca8953a4c848bea203050258c50471ac52d5f840dd3c9f21e800c1d4b30a910412ae025c126e7a4f226c7e34ea494740e750a70c7c3fd532ca22a26453ded1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 48207db5f8dfcdab9a4525953fcfe9e1
SHA1 dcacc87aa620cb65768361542a4a3911f20293d6
SHA256 91c952e47c1f8759039568f44970496835ebeb16ec05c68a41ad1fc536f5c238
SHA512 50886c566c0a25060ab47cb3ec4867653b04a459e90c2c6fc0c3f7eea9ad3039c2fe15eab71aa93335fed6812c67cd4d335c31d43f14b87a660b77ee2b3fa750

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 6f0d64c0da84c21eb667a4d1b4ea2bbe
SHA1 47c1450c89687115ac7be6f6e142dee00071e73a
SHA256 c5a92425990425ee8f21851d7f6f4b19eb53b75d6b259943aa28211121cdb095
SHA512 c9a7b39b1e4c837be0405ae3090da48239daa75dc67c4db3d677b77210cc0246b29e88f8ef4bbe7126424ac64ac8617cb9cce1cc63b49389ece114f7fe363484

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0b726bc713661f2c362b09bcbaaddafa
SHA1 225e1a2042c6811d97e15f7ff6c7e55d2e032f89
SHA256 5e8fbd833e6746a399622bf59d0053b9426005c50f83da962f68fe36840e963a
SHA512 8c1a98453349927ce5b9ef8eeed553d2043fd38aa76a21bd020ade005ec204b3c8a9ae949495d8a968745f0a6b4e32a878b62a5cebf57dbafaed76b721e0f2f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 378299bbfc086de8b3fcf88b2f3f692c
SHA1 5915093418cbb7de8d482ace0c5a0ae2ae990064
SHA256 f5b6c021bb4bfc4659636a3775b59e8f8aea73db6bc7300ba0c7b68a92f2162e
SHA512 4bb3fd799ddb8472f2dd49d6ac8b3ec658c536b0ea0a7789fedbac8aa037e86436f9cd4b993eb49fa752911f6b144335c068834e3ac5f9c35b6bf321e2985b4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 154989ea498167554ca0270389a49d04
SHA1 3b9d174d4e6024486e095fb2e45f1466eb8946ab
SHA256 88caf06fba93dc73461675016339d893816a1221b7d904d3d211370e56976f2c
SHA512 a11233fa0072635ed564266bf8e30e2643e52e28cc4fe3e00c431d3f65f9b9f54fc6bdea7680517a095a1efc5bd23857f7123ffa52d50ea2a5a0c24ea071a2ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 5957060129d5309c8c6c3c7db7b5745a
SHA1 d203b8bc1b4d00c915b9d9e7fc2bb365df978f72
SHA256 dbb8a30de52227ae3303e6c06df4ed48a8a1263e157f3433acf3dc332e53c2d0
SHA512 9c12fd47d7e7dc2f957840eb2c04febae7773bde489bbb8307b1ec3e3603ba499a04823754a82e3a78385de9960e89895b3100e8fbc350ff96e8a34247515e53

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 a5ace4cc78360e27c63ab3ab36583263
SHA1 13d9ee5612b8cca9669ce27fa9e4752a5a6e301c
SHA256 67a997a5b183b79f28dab6176f643959090796c4029c65fc3e4e95babb92f40d
SHA512 0aae6079afe12b2405362c9fd2352dedac2ed58aec44831a3216ac21c17eecda85a9e95993dfc250a8abd36421d0fff9ceea46e5f8d51f3926aa6b8a9443184a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b70922cb74849fb8b757ea7573e28ed7
SHA1 a214109b4ab854e390c774f8dceb9e9ea7450d2e
SHA256 4c3c8f15b4fb1ba1c386237a9110dc3cce8ae7442b030ac246ee96a22c273a3b
SHA512 d75e1dd863bff7a4edcf60df42cfa33c153a268f29105886390011a32c78a222269135ce597ea2dbc897f6bf5098c012c1a35bb84f882adc60273d61506ea132

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 ebbc52f6aa4ade8d90a3d7f5705c6d7d
SHA1 ffe98f2f921a888b1b71e41de10465a78b612ef0
SHA256 aaa78e2d76af7b0827a05dcfc8ad27c42f1b47dee6728c0aecac720348a06038
SHA512 40d08aa12321cca64ace71ac8c789fe889eaaf6a1877b5a73ff005b0a1d94f8ad320601315f7a6acfdb738c7f542881a8478508ace349a2a5bbb4c17b3de48bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 663215a5db0ed8145eafd907e4003c44
SHA1 a4a95f49a7b1b26e82984dfdd0c9c2a4b52041b5
SHA256 dc9dc35a7f2853a99c3e22ba7d40ccdbcf79ed73e9530013193b1e2daa654762
SHA512 c8583c75af8f14fe254877f5645faa812f6eee1f1a9b4cbd631c507fc3e46ea7f3be12f06620034e6f8739b9e7d07c4f5ea16d384b0cdf61f9fbfe030fbe9d69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 e6470f94fa154011941435783e4c7e4c
SHA1 435abfa7587668736353a6772c5c0d9e99ccce49
SHA256 2026678fdbda264e4dcf625d17bbe23aa5392514d010edc08aeebda0c25e2e84
SHA512 d0a91360a944553b9ad56633ab5d26fd37eafa00d58320981470bd57aaf7b4724477cecbd447f786636282276d9332ece8ce27ab84eb95910fb286f00093a982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 c99ce82c1c35debb66fbd4033e471d2a
SHA1 0f84db3a69fe6731444406074171d2b666d80aa6
SHA256 a1f53cf7f801768a190b2fa0bb96619cfd9873da6051c764092784b10d4a591c
SHA512 7b511aad9c7d05c6a1fb3116243b3c653466327d6940c70950c35f47c5b8c7a1d707a5e31f2f1ad0e168c96e52546cfc62077702a66bae4b6993d22ba829c790

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 dfedcfdfc28ddfc37188aab031ed072e
SHA1 7aa1fbb3e55eb11446d564650a5b22d53bbf1d9c
SHA256 01ad3229bbabd1b920ea8b3f31883b1d9e327f24305530b920467772a54ab023
SHA512 09e37903d794c81f140e1c441bf742e36e290518098550a6f036df38936c9916f2b7512896156f77ef3bae93068bb4b31bdfb41f9a37627d9428fb7a2a49d011

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 b1ef5baac52ee1f2522c6d2c0129affe
SHA1 69819344de21fcc33a02886732bee7eb6422540b
SHA256 d4f1116273b436d862838368d7cf7df3ff2105019905570917264132a1283d5b
SHA512 1e180b33501627f4d54c3887a3d1c5761b4967b9b1ff96912696ec3d828b6bef93373f1a6a33a263a9c044ac16d2c9acd645d851bef1a06498211c1b966bb00d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 38d28bbbb76250134c65c503734ae07e
SHA1 3df71bba9915d93d0f18377d6d2706163ee9def3
SHA256 0611a86fbe950f771a4dc8f59bb750fdeae0e9ae11423e84d1a8ad5b3e3327bc
SHA512 37620dfb1ac0062720978b43a1259afb1adb53a4380add5ecb7905dbeaca1e9102f167f118a017f351335604d9dabe944be342cc37d1bf5bbde97d6bd0eec3e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 c0ddc639a02f85464755e26141d34068
SHA1 070b16d318290f8378ab9e1634afb0fce6c43dde
SHA256 b7552050571bc064a6e1c6bc6c0334156984e81d5e217c9d785192627a18bbba
SHA512 cbd9369d5f2dc17ff904cf283f0f2de0ebb73950332f43dc18fb8346d92176eb2c4e2d099fd61afcf41b4274aeba98f08e10f529a3de6c590a19383fd8f60761

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 8915c809d37e2497ef2b5e49097a3409
SHA1 d501e769b0c0804ded061acd0ff41721102a1bad
SHA256 41eb16ff5d4a7557dbaa531fc4555825b6123e2c98e7402a047178369e36e566
SHA512 aae44c4a51ad1181bad2a07fc41fa74c17ace7fe12a717c8bd667cb012cefba47c8c230ad1a4a593a6847bdc7579d9442227990b79e4056690614485e9b115cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 2c292d20fe03a877cd7b5316690bbc0c
SHA1 b70e2d50c670b080cc4b2d0ed7d7868b9cc1f2bc
SHA256 02712062d63d799a03c4b908c4949da329912a6d0544e82ddb2ff1484c9e93a0
SHA512 04505383129b69aac87c87ea89116b89200aa440ad800454559ad362b166c806fa99ff0c5086415fd391a850cee11afa9440a87c8f39313b3feea4a87eda49e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 fe43a30bb0c954ac5d1babb37847623f
SHA1 1d1bba3d93cd7b6ea8cabfdb11dc2444d98439dd
SHA256 896c8f232615bc21c41fdaca9877ed94ef640676f71dce2ed20f99075893e6cc
SHA512 0d88e1eb5381491ad4f3bcabc00316f63d8f58ebed94d1495904bd8d02161655714a63e7c257c753f13b7721c4592dfee874d34272adfe4681ca80b423d01ee1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 faed17344404429e264b4d71c60305c1
SHA1 86a2b8652aaafb34fc32b9533d28b93a6c95ddb1
SHA256 1fc833319512f86586461a1a6899aa6a2992c43d0e94ba08d6764a42a3d6b711
SHA512 eafe1710f8f55628d44c2ab9b07073b2b282e3e3af3b495bb24882b1c7c5a569f9e36f33b46f44ef3b7ee7fdc4affa246c7c88c0a4bbd29b0d67a0848973575f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 57315a4bc73213d86bbee92790b147e1
SHA1 a3f1522cf8337d9f168e035ea87a8f3d2fb39b94
SHA256 01d630d05897a9182cc3b6c730c21039d484c0b12f5ea28f7e4adf1bf6878671
SHA512 c71a223bbeb8bf8f74f745e893ba7355033bd99dd53fdc83827cfcb982634447b96089e2a7c235640c7420f56d0105706b76be0f3d71eb0a8e7fd7693227c027

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 e3f5834029997535fdc5e44b00c729ed
SHA1 afd541f92f85bff9b9ddd554a168e0bf46cb836c
SHA256 53d2718ef13e9ea314ca20e1cf022dcf10da0fe7170504230b87cbaa0436baaf
SHA512 5766e55e13b2f76a43b313777fbd546f3d767f8e488aa25949c7d66f02a59f3ff6c70c608ddda73a7f19001bcad35d821d29ba16f237b0f896e5d49459993ef8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 20c0681d43875e1d9bb27480667ecdb2
SHA1 bfd80ef6a66ce3c4ceebf3c0078eaba8fb0ca50c
SHA256 02370d1070c62b118ab9c0de5f92fbf65c799215142512e4881df3c2fe1e1cc0
SHA512 b2b9258da7a746d9f86b11441f9fb06898e5e77de60dcf4aaa71fdf72103c8ff01a09908632572893749e2e6aac26435cafe0819c6ba85f1bb60f121ea606608

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 653baa5d611bc3aef2542bab2744f518
SHA1 ebfa233ca52bd816201b06fd2eebae5939fbe931
SHA256 0ab345c02f16fc4c8cd4743f2ff7b404c42c5e98f9845b359c46dacf1464e72a
SHA512 ecfc2bdfe14ec95a2d3e62aba70a0c7c26ac99881d1b0363d36da01f75097dd9d80b55ab943ec897a2b30a179d251f80173a4044a81b64e335d96442c94769b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 e256185e3211630bb33cb30f0d48e034
SHA1 95610be6ba615049d07c2538682004803275723a
SHA256 3404d4b089975e53130ec2653b4cf2168473ab21d20fd635432445d8422d42ac
SHA512 a30756146e1f397ec4dae3dc5de9f8f523f195ee33e218acb7d916abe370f359786dd9b0f1261ec33eecbf1603dd3999aaf6782ab37b5798a4ef2149db621e2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 7a05f5018bc3cddb1894cfd052b52f7e
SHA1 b43f671ca05df8d37859fe9d2d6492b9f4c5b0a7
SHA256 b5cb3992e4308df98dbb5e500575f2842066819db4f232622d73875e590fc21e
SHA512 a596b5a5231fb7df4cd848c04a27b54285fe687f7e0d7d3dd6cd56bd331976f3732ee566339e306ff4d7ef1d783b0b93b3dd244f798d4593f836f798ed0dcd1b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 a102cbd2fc5f602624909ba91f1a124c
SHA1 03ec36f100bf05a2803a1548227060602a892c01
SHA256 17d060663bf315c58428e9c153859aa9f52b62a73960bf1ac28e92404a14c49e
SHA512 4943abb23c00205a509faf35f707d2ee1b4d66bcc76f50a457da46dc9a021e899bcbcb7588188afa73d2246089f94d8e4db9e0a3b99713fb2fc752bb081e4db1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 a08cd949db4bcc93f01d7b9c5e172605
SHA1 5d5f27d38ef7c594cecd59d9fbd8904e227f907c
SHA256 65a614720220ce725b56cf61162c49a3d46fa5cdc7d46d733424fea390bc21fa
SHA512 465f33dc43234591e2f40ac202f5528e99fd392c21669408c7e86839376c1c4ede6c2ce22d5df9fe9d895286f9fe63a75ab9bfaddc129f1ad5f0c51cedfccacb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 685f8cb92c280cdf318b267ad3cf4d9f
SHA1 9198fe091bd7f9a94a110b21bb14d5cfc0cd68a5
SHA256 2752e5550e4447552cc362ffa3a9cfb6766ba2a970e9cf5c4be99f134c089038
SHA512 8a37660d9db3c1bfcde0cdf56ed775e8b8e1563904aa5e0f231689d15c31d729c2ee6382f25ad5a634f56709a2033febdb28aeca9b61def850ce54bd87998452

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 f106a382214606c2dbf613a5b988de6f
SHA1 4bc1c71c62470e0aa39aab03571a24ba38b66e95
SHA256 6a56116e68183f0ece2ffd9ff788b0c0f2ab65cde62b03af3e22cf030d64b39d
SHA512 0c58689168e86014dd0125f982c94c7a78dcf083ec85b3ca7b9f02bbe3082476918da7aae39dc541b975819cdb08e505e84ead28d5f8fd5cbb50d3ee7af81e0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 809bb18e42c9a0093e0db47873e05689
SHA1 bc5a427264a45ed04064e03cf912a39ec07fb5d0
SHA256 8135bbbcfc6c3d9d5677a7331f6531a6cc291f6e22f665be91e0b680791fcc40
SHA512 2ea56b939886b0423d86f2daf7ba47067f8c23d6faf7bcd04dd4784aec444184d6d5de5da858bb66c8b0a8f977f59c0a6a477332720d637355a0fb3498c38dba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 ed58208dc3d657d89c9b6004e21c322d
SHA1 26d49ab84995e3c0cfb9ea245e1bca43c24c5d42
SHA256 c8b5f9ee12ecf0ee116a49cb16b2fd47b4cb2bdbb9dbd34d9116b3da362fd09a
SHA512 fb75f809a770f5d09443c9dcecdfb668186c22cd7ac81f6a9bfc96dd4bd37f1b145b0e1c31ab2d1e10a8f436ed7d40b93698fa34581806a580d04569465cbc48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 e379f01727249e0a1a71231cbd994599
SHA1 4d2be164b505b08bcd15efbf5e6c15394c1014ab
SHA256 95cfbf6cce373a2da1e023ed04148141b617026ba3be8efc4977245daaae0d68
SHA512 7343c6c6c198fc16719cc40d0a582a1636ec03c9519f6bfc4654a2d567b481841c1356cc947c3fc7a15d41a4bdf8e068b54cd4fa62d01ef1b6be3f1926ea9570

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 e32e45b39e0c6ef8dae2ca21412935b8
SHA1 e92341db97dfc3a33bb02787010fa351b4c8916d
SHA256 e023af8aa46ec2aecf58728bffce8f374077d33701360e0dcbee8ac2d1d13d92
SHA512 cb68ab3a5ca693d2b3fafc4585fdd744ca58ca4dce14822287d04e56e3816e2abcfb879c2f1cd3e958788677f4d6626ee3e35dc9e689bb75f089ca724606c03b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 e00cd930e33d5fc0f269785187f892c6
SHA1 0c66253ccf44e3626b531d23efada871e5e555fe
SHA256 9b49d43cfce8886309fa6f81635ad7d3f0e13f0de5a2aaa7a8fc79ac73e96664
SHA512 805c653cdc0d89c5f047cd03c8c3774ab973b2523b0be095b1113545c19c43dd9fbc49b4e374e3b0b5c45225a2f6158a1cb238870e3789ca503f4716c6d07b0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 253c0d3e17fd11ec4b51ca6579ac3c2c
SHA1 7a089ac4f9562559b8011a58d063dcfe828fa770
SHA256 142c1baff564c915acfcbdb6f4054c3c4e8fa0a29cdefd40b8c1b49383bed685
SHA512 69ca7e761a56b471e18b2f3a07f7e1072d0a7823ccd5238d464a3a04717042815e9d9746761d05b703f80ec1023df4ff0e6d932eda4c525f8d86fed49d59f2b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 c2398ed7569f10635de75b32533f3604
SHA1 1674a0c39a71999ae751a1653dbfc616764ba1bf
SHA256 3ae8a0f7f4e2123874f2e9c90f6f9709af95d8c147516343cc11e0ef0c6c3a37
SHA512 78792a02aba925c2f77c3fbbf1dcf5b2a52b95924afb57129893b03845369c3724a6e593b33c6c2efc0f738f77702d8196eb0d14f42b37c274d55d4aeb6ceae0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 6d5588fa9e3e43d8939a72b7e4deca26
SHA1 0a3a3d0bc2c74a5c658bca6505eece9173a9448a
SHA256 822378932286bad1cf8319c6cec1667fffe99881361a420c28a30101903ced63
SHA512 98c38cce6174448e326126066d1b92a8798c323ff7f4d12fc356d2510119cc943ba8340b698d1ea6e52f7e9591dd483e71099e0e75339b252e87cdf6d8bef2e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 8317cccf37349345276dab2c237fe3c1
SHA1 8048e6adbafaac8f805f770bfe4c05ed285b930d
SHA256 b81ed2552922ff561807705d2177bbd237054a5b7bd0784f3a69cf6383632cb9
SHA512 38a33e98e9c2a02078eea5247a3114e61c3b671ba92a0f620bfdb8764ab7ac5f9daedf4fa4f072a139a06be61be04bc9f77fc932ea67aa41f83b510a778097fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 ca491e2265840460af9bf3c8430d9f84
SHA1 de2fae00af9c983cc6c736ef44b04902e4ef635a
SHA256 ebcf3b16bc72aa003de7a99fe9a0d7498c0d8427e64fa6248b5a358e155dfdf7
SHA512 d07bf0a7f5427a7a5e669d48a77f582c3dd56d9f5e80c8897ffd35ee352226a19b74e986d3a0d182454002dea2737a8895654e1a149e83964e717f58615d69e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 fa683e4f0c6e16038c955d69d9b2c144
SHA1 3ae5c0814389c4b1074ea4388967089a659d7b06
SHA256 a0a2df81c68909509cbc977e8ceb177f6d4d23fc67604e49f44962ed74d37f28
SHA512 4f247ac8f76de94455173f0fb7ab60b26cd787d99ecd30e180f3bac90b57b32d090a5f8a499adb8289217ffd12b95b2e93ecde078ef4d835c4b53ee0ee286719

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 6604673783daa68e06ff66f0bd393d75
SHA1 48b09947826c2fbd73f4785036cfe64c213b97a4
SHA256 30c326cbec77443e6fc8861ceb6305a3021b709aae1c87383f8627ed0f6585af
SHA512 286ebea3d519d9ee1ce69dddd9e9235b7300e5c76b72af2c20d4f70a1a4a9407455d4067ccd89f123ba7ae1df94bdc6bb929e9240cdf7846ef3920239fd6cf88

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 5b13262dd4ea4f798ab1fd834152f51a
SHA1 386bbf5a777d6ab1292f559ff4b34f27dfcbbbf0
SHA256 65ee2d2ffdf6e297d87778984a615e88a202c6b7a44ad1ac89f05e8454a23bb4
SHA512 6952e966ae276ebe67c5c24e170d5f55f40b7179acae9171900f6e10808137449c9304d2996ace8910212af014a756567c125020d2868b5c73518c54e14ec5f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6bcae9fb00afb166ca2bd97d67967a83
SHA1 03a5fa48670608e9c01d7c3ba4c86d2312fe42ea
SHA256 67d6d2bd52336f85d7de90860ae763bc254ddd318d89e6990b7531cbcdde717b
SHA512 bdd2fd649e4da6c2b182b4f96e37736d6bb6e83311d4875da1f1ca556c41f35b89af3099dc1fc26c422b5222e1a9ffb2939aa835a75cdf9b06b20939d435dea2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a88d8bf9fd4f5aa12c3dc4dbd1676d6c
SHA1 eeb48e61fe23d71ad3a9ef77fa6eaf824b4a93c1
SHA256 ca92809d1de8b1a6b231f49f3938f3d9b0ed7c0536fb3e2f3f2dd4240a79bb51
SHA512 380bc07183ed83da57ddec56b32703a0cf4fda9620333d4a347ff0bc1cd17b6f65317b3115449453e6b3ad41e6dc1930ae50a5d57c41523659f2ec05593301fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 746b9b0d9b485e37626fbfca4802b653
SHA1 f13557f0b36f42b0d5705594b30c34207ecdf8b3
SHA256 13565b625911052f0b8e07614dac254ad428b54c1832b58e58327aa8394c7398
SHA512 3fa7c116e64896ea529800fd7b8c72490944200cec9fea8ee79953bf593b0662ec184cb49c219685811aa8b7ae513c80105e8068a55db40f45e7236920c11222

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 1a2a775dd4699efd92bfbd0f759b7fec
SHA1 5447aa276cb2b20cf6d72e4b1c024bdc4c48ac19
SHA256 5e5626c48c9f738cb34f3d0c11968d4e5ba87a66fafb3ac8dccafe09c8f8a26d
SHA512 35fc15f9bdc1ffc4dd9a21b1ab2b4247b13303d089495e47ebfd19869f089f22f97b8ba932fea119c8dfbe06c310b26164ad2f8ca2498dab2c9f77f394098a18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 8ece127c0b60f1615493e1315ab49db6
SHA1 d5d098d2cbfd3921695d7aef53114646a8007870
SHA256 50eee4649073b86f3b15d7bf536b90cfe53e94a45b84002107bf275891b1e4ce
SHA512 9cc72f42e32c1593b1afa634d1dd7b68540c8d610bdd301d05b94a14152aa131190755055b5db4f2f1a9ad0a27ece726f06372918e083147270ea9907b4996c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 4f86c0cdf6244f58d24d673729fc5c4b
SHA1 ff9969bc4468cdba02f93bd3716066c2f3866256
SHA256 9db070c7d4850f0a61b5ea2ace60d32464a800b8892bd680ddb03e00891b348f
SHA512 b272abc4aac444ffe334c29b3d769419a2fdfc623773b5ea4d13b0f0a81af58bf5e1f4440bc558ff111b9fc167ce0e8c4f0a2801744ed9e366fb65b20c451c9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 ac28276afa74ea9e5feb3d0479fb91b1
SHA1 61be4dddcb5612a16bebebdbfc770c0fdd45aa68
SHA256 a0f42500491aa9edaa864dff2b9267296b1b3a40c8ba58220b5cef10d4f4d91d
SHA512 ea7968dcbbdd3fe91e93cd4de5aa33c731c85ab4bba75f4e844815a18829e026be8e083b2b92d454168f93786555e0773f8d8978fd5700b4a72975980df59ca9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 a870a26deecfdb9da5f62c26f88bd42c
SHA1 c0d9bb0652e8db0e57cb5f8eca010892e7c473b6
SHA256 00afefcf99418738032df9e877abe8fc1b568d1de8a99ad01846a94d3c96e57f
SHA512 9f700f3336d47b955afee17099c04650472f9cb09ac6543984b7c31d29e7e52233e32a4949fcdbca3a4b3b287e7ddaaaf827909e95782d912131adbc41e2f5a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 746ada63ae99f2122562e69a7ce56bfb
SHA1 f086a69bd3be395f1ffa0b024b0525a1798f0c0d
SHA256 4a07faec4ef29c7ec4c1b140619901e4ef35bdfee198768b0cb9accee27f0301
SHA512 2f2693408781b27a78f3e71d62f453a1bfed4b1a94cab5eb97ca0ad56c04ac7461c8d265ba93503be19a330a62d6add4c3f7ca81265890013b8fb5d29614960c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 920b114aeb9921db55115f57470c32c9
SHA1 6ac846c0a118278da3f66038021f97cc2be57b33
SHA256 b27144d4c081143f24d6354113a486b84decfc5ac0ccbd7d9d0fc993e8d66409
SHA512 ee3b25ee34201e643b4131a851fd7eec382d683b8c142a8150c406ce0bd43f8e9ee890dbfcd62a329d336c3e73f90e3d857034bcc7241bc49e37a530c1edf610

C:\Users\Admin\Documents\CloseDismount.xlsx

MD5 b6cb2b7d7573fb2b74c1b999e359cdb1
SHA1 939f34c57c46786fca79a34150b1656752fd6ee9
SHA256 d1a26b4a00a7b06b1fcfe5fe1a29bd3793148f9285d9f1f2f0dffe9713579391
SHA512 8eb3221413aacfd1bb6f92959499fd4e1e2c55ac508ecad76780beb61f613c95a70394966487bb5e39e23ae2a2bf17a6bb9cbace16c6aade4b2327bbefc1d80e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 bde3afba482eab04b6e224c3216ac97b
SHA1 672f523c05a2726f8e4c3f3ddcb01c09d49eec7a
SHA256 2d63a76e8f8f89ec7e83f6991f8283c0735f1c557b889420b861d11bb66874ed
SHA512 6acaab2baf8b7b7454a1d63be63f0a6057824c77a0eb9262fbad44517536460ed568483bddd3c71397c3e4c81d4314db5bbe917d3b7e094987651369ee470805

memory/2624-7994-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 51a391d22768e052c1464b1d3c9e1a3b
SHA1 08643f0bff684aaa6e1d76c7c472546b4c99993d
SHA256 c1cdb7f9978f323eafd058c54bb47eba433ec051c5bb24284d96b23458d31a2d
SHA512 4dcae1a56d9bbe503e62beac3077d1e5f9b53d3ffc53c739ebdaf99d5207293475e0e4463010136b5c9a0c6497d57ba77a0ee52a094c7e112770eaa36ece0b77

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5708b378025b018d66a5b6df48c5c444
SHA1 4707cef2320695e5b5b23497bb32ac788f509c1f
SHA256 f28a036aea710acafead179e4a73aae0211977089670ed340dacf19bd2c31b7a
SHA512 d997ed59f519d0bbd856ee03badf6afbceaf82cd0b73cf00efd8085ca6ff85398575b393dcae14c38c040fe8ee47ce236dde608693f4f40ed802582ce6dbb154

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 60ce37071d6b45436aa89f01fa7ad313
SHA1 758280f8f6c8ed7f885c7485d0edf582b2677d15
SHA256 46ae19a1c04a73fd18d74ae748a210171065b4f9ef96e1fa6fcbb9a3c638415d
SHA512 34285fd308fbe98e3def073b96556876469e7e49d78ab0e126e5fa97b70fb27fa5d00b806006aa1d5b5f4654c4b49de20d74de5fd3249f89d63b4185ae7363e4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8fbf9076132d3dcb3c0ccb02724e2ef8
SHA1 f5f0bcd6aa3aec4c07620f399ec48080627e2ca2
SHA256 d47834637eaccbe92a3894a8d8c050db03264bcd6c3bdf8a46ca1fd56a0f9033
SHA512 15562e3c17e686e1f4f245934839394961b085afa5979a6fcfc7d04d70db7bb94299a2570cf2573ebc02754e9f8daef5772b935ca95ed5ab61075b5713d7ec64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c6687e7dfe2e687a16ca5b713a25adb5
SHA1 cc243193ddefbcd00e824a80878b37e4eb8fcc75
SHA256 5e54759105ea8258814ef857d936cbd0dae767192ef923ff9a36dfd7567eab99
SHA512 00dbd85709d5bce4e17542f3f7428fc007e53643a9b1864e87954a35b5615a69ff22421165b90b872744a2a8f80fec5880431b5a4f029c03ef65be6600cb9027

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d56360c0f635c04a91990682f4c3db04
SHA1 0b0665c20df39248542f8a81431c07fd31b3dc80
SHA256 bde1dff73c3a8615fceea7cbefb95a5c49eba553dc500081aeb1b217b82bf1f0
SHA512 76e927d326acb23f75cd2c4126ca8078e925b671a6092565b6be954fedf52102693a8fbbe3d89b280f0e8ef1e89e3fc78e2b55361778c4c6f42ca91048de82ab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e8cfc9820d9f10b646e52d8e0b8e8a2c
SHA1 75006d292211b3ecaf57cf6f921038a7ada89c22
SHA256 262d79afe093776c8733fc1f2f67ba34adf2779748de77ca3beaa4d2a16166ea
SHA512 43af2f4706927e8e7e5756731c5e0306b64865f4a81ded7382eab6ac82e57d0e17301a095ae927050627b2c643f296110fbacab01d892bdf4e4df6bd92e6a79f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 823f4fa12008603fc4b961065b4f6a26
SHA1 fa3447472ea22212795548d53f8b5e120fedafd4
SHA256 29b2998cea681a0c9946f8849debd5060821ef064729a76ba7e54fb3e8310f69
SHA512 45bf7a7df25f44421a742d44fe9f0f0d5afefb73ab0b646701dd2a48cbc9c47acaeed1782d8828df5644eb35727c01ce7ee82b495544a855e163aa2a1cbdcbe9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 21eddd02f49ef84246ddda6a71f5950b
SHA1 5a54dbc42e38dfc8bd7cb5630d36292dd04a365c
SHA256 b1bdd0829133a187cff27efaf842addab2649dbf24a0c34d1c04d59782b15d1e
SHA512 5f16d21eef3fdb25b60282a9f8b205b21fe9c59510703230089a951d59b7faa2bd1057db3186ca9912ebfa8527a5899e6c262644eb622a25501da27e7b2d92d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 0f8ad33aba2df422b6d101a9f7c7dee8
SHA1 5d64aff79b855f5d02c1a1292787dfd58f21654e
SHA256 6fe51a010c0f08c69be3b84f114e7b4e79b8b42fe4d74eba24c36eed35babbfb
SHA512 2b981a22209e278c29bdef1e7f7bcf9542bcbc27cf21a414e8f04848b95abf9b8323197f0b0c464104a17ab4ce0443c06c62a2cc151ed063293f5ddd9f34e03a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 0f8636dd8ade5d28781b9f5b21d279c6
SHA1 3a83fec25152806b1e56a81162bc0195a35e05bb
SHA256 bab17574b18e288c1ecfa5a024ea5a9fcdc0d2a4f7f155ed5ee653a504ab2509
SHA512 fd4c1e53d19a49ca16e4571d5b4ae381bddfb4f099182aea106a8b15faf987e936ef4b10ec924efe7c0e792e9c4fc0c7acf1403bc7a7e2eafc96e76ad6b376c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 64235cb9f62848d6010d390bb07e4ffa
SHA1 da0082372d80393839e2c945227775fd6a7cfeaf
SHA256 c22cb1aee90bd1724d54500eccd8e2fa2f0db99213c6071278b207bfcf9eae9a
SHA512 132832c4a49104993b0bc672287f55260a38b9320a8722a26f50904abdb91fc8573b177f2b4e90441fcc7b8e5f142a139cd5ce9ee3ff85c9d3c8801fc42a1881

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a19857b55ffd0067051d4cc3461af6fc
SHA1 5009d9afe38baaeebbe7f158718fbd0a48d1c22b
SHA256 84287044e9607710b187fb91d2c62e3348f6c4a9a9591b4d18e52814b96e5931
SHA512 f6552036d93b23cb3c80c2b9722d14b58df7979337b07ffa2e8d5e87950b92aff169da434d236287a8733b5a32e148d30931620f218fa0e72f46bfef95dbb3c6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 a397e827bd7f0a25111accc36c59f106
SHA1 7a97a925975c3c217936aebfe53f176cdd94c775
SHA256 9694bdcd446e587b4e63addda2dd5708d005ab61e9d90c4926d9431a10044f84
SHA512 92ad139a980bf9932fa2e672ac2224a304b92b72f08f95d131a80b1a86ab1096b74baa0946988d19483c2844bd81fa5003421906c8dd0af78325bfd4049213ff

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 45a5d4d266939775610f760c1ddb914e
SHA1 4c0ba64332fee104d6d17576d735b2bd90e95445
SHA256 db37e4b34f5de1a0becccc9ea888abb7f131a9eb395139d6477b57029c17aac8
SHA512 cf250a268bc5727542f5cac42ef81d2c049de64f1e6d0c996a7b61493ed0df90544bfe30639ddf5a40cd28c0e634ff2135225fe40bd2c2f8747d00808820c55b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e5d75f7234aee9164c86a69569645e34
SHA1 c1663ea6dd5fee4e6be65be73b6ff76b510327e0
SHA256 dc504efacc180a96d59ce5aaa9c5e646e888655dbcd35f7d342b6201b35031a7
SHA512 41c425394ec1d878b6879c793201aaea77fcfdfd16dc98f68c077084911fb924a901f9501589dd6abc476debd6b084900f3c5d518e283b9c140ff8a0a15fe57b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b79da84aa1269f522e0edb3a3498bd99
SHA1 388ab15589f4201cffd9227fc9bbe16e6a4ac504
SHA256 4cb6fc2eff576844d8928d5acc1015bac06cda9b45cb037a8b7cbbf756d70355
SHA512 490351b70e644d9b8625ffafc766a1af0ff8389c93d529d48d169e403628c3daaefca2195ecf0756e34f9caed61464b62b458f13528481c933febdc6c3de1c46

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b17070abea08b984c5e8f6f49c18959d
SHA1 0bce3e7c91110ae33abb91afc6ea20413753e2b5
SHA256 743f5c89773ca430be101007d3eb82747806f5a6e79f181cb79acff7b33f52d4
SHA512 5520e920640f28181ae3c5f1cdb5723be209c193b92f8dfd73c454475ed2f04dc9929d1c6d2b25d9aa577d0371227803823c85417421d85bcd018a2fdcc0d667

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 da079b623742e13545a75d4b7df78b37
SHA1 a9af1b2f5e6bc69079a6f5c10e4c1b2675f2abe2
SHA256 61158850c7d8fa06b41204ae1439b1d95d8b8146dd0c2d0c28ccb8a8b962ff71
SHA512 473a7c0340e7d04bd617da511821dc96e5cf50a499cdbfc7c3cf8762385114699cfbaf186258b0984af09d022dae5e23c6f25ef64ea924931367f84269745183

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 788d8d5a316209a85667e50a55cbbc09
SHA1 3be536276db7122ce26a76bf179e53944070b448
SHA256 c71ebb551ba49a67fd4d1d0fcda21d3f9b5e917a56342a442564cad3068e96d6
SHA512 96530fcf0c51a19e92a6360e6ef30e2f96466ab219985456a642274e25898e7be4c39e2eaeac49d1a8785d193d08e87f982fd1e53efaf4b5125a8ceac93305cc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 469a4bdb37c1f039f74f3c8c9e64ec11
SHA1 9a4d761bd4171906f66efda63fb9bb3a6b0834ba
SHA256 46034485cb23ff0bf77514c59ad02a36a95d4014f48a5243213523b8e7340006
SHA512 f351d595b2e1f235baa9465492ed33aa7b853ba21245a6cbea66ab71e48bd8af88248a4079865390624f353a17b9be82e60a678c13a4c967dfda2cd539e85d2e

memory/2624-9119-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 04:46

Reported

2024-11-25 04:48

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\sr-latn-cs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark2x.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\DialRotation.mp4 C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOn.wav C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_ie8.gif C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud_retina.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\warning.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..h-windows.resources_31bf3856ad364e35_10.0.19041.1_de-de_bfff1e1167d31931\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1e441945d4cfed03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-fsrm-common_31bf3856ad364e35_10.0.19041.746_none_4b895af00741be77\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_10.0.19041.1_none_30174582a020e7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\emulation.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-twinapi_31bf3856ad364e35_10.0.19041.1202_none_3a72066050358976\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_a134d9037e24529b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networking.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fef9806182a9716f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-pku2u_31bf3856ad364e35_10.0.19041.1_none_3eb58c1c7236093e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-culture_dll_b03f5f7f11d50a3a_10.0.19041.1_none_9b96711be13ca628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_el-gr_b81b0338a64039a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_26d1c138eee56dc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.windows.form..alization.resources_31bf3856ad364e35_4.0.15805.0_it-it_415ec60bada99632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dafwfdprovider_31bf3856ad364e35_10.0.19041.1_none_b058c457605b2980\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_10.0.19041.207_none_3c300852ab214f81\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_36dd868ab7490fdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.security.securestring_b03f5f7f11d50a3a_4.0.15805.0_none_18c5b2c505c3da8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_10.0.19041.1_none_30950d642c114bd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..anagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_cddc6263faea7577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_10.0.19041.1_none_86d88d8102fa1376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_10.0.19041.1_none_1467e2a7a796dbd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.1_none_9f240d63bb655133\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..providers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_330f2c7eea7a32c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.546_none_3865b81a15779bc8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directmanipulation_31bf3856ad364e35_10.0.19041.1_none_0d61cfb7754c66b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.264_none_4a12028313046a9e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..mgmt-mdmdiagnostics_31bf3856ad364e35_10.0.19041.1052_none_5c29d3c6f976adc3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_6b4c1e72043e86d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a4b8d1c948d48fa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.746_none_52d2b2ecb593c243\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_de-de_a3fd29f71132e3b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..rtcards-phone-winrt_31bf3856ad364e35_10.0.19041.746_none_3ff76fb204ef6561\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.xml.resources_b77a5c561934e089_4.0.15805.0_ja-jp_b575bd7aa0e20326\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.208_none_6a4181adbacaf779\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-dictapi_31bf3856ad364e35_10.0.19041.844_none_b4a737a0a8a3d36d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-accountaccessor_31bf3856ad364e35_10.0.19041.1_none_7d516ffd32896a00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2aa71f4e335f00a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..inproviders-sysprep_31bf3856ad364e35_10.0.19041.746_none_bea59e0931f7c640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dynamoapi_31bf3856ad364e35_10.0.19041.1_none_eb539835d47e03b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.Resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-filecryptfilter_31bf3856ad364e35_10.0.19041.1_none_6691405458642a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_10.0.19041.1_es-es_b149b1243bf625df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.746_none_9ebd3ef9f0c794b5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wceisvista.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7f2d1afe34e27907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9049899d62a0e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_basicdisplay.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef20656b7106b82c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_110072d23cfc00d3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a128055cf095a390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_it-it_635a71dbe36ecef6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Search\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1ec98aece2c4557c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.153_none_65cd0f4146003466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_47ef5b61fbb0202a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wstorvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ba7b1d3252d432c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..ckdownwmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bc040d895034d384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_tsprint.inf_31bf3856ad364e35_10.0.19041.153_none_356ebfa943b1edf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1237_none_a9b815907b71fe1a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.ink.resources_31bf3856ad364e35_10.0.19041.1_en-us_4bb69b6211a31d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.configuration.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_cf689897302e0b01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-isoburn.resources_31bf3856ad364e35_10.0.19041.1_de-de_ddee61ebe5bbcc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GKWFVSVTOVYMISB" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe,0" C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp

Files

memory/1660-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 3c7e13a7a062b1e1953f38408688f6a1
SHA1 0d893144dd99a12cd7ee79b1ce0dcf4135c1fbb1
SHA256 f8e4751d4974dc881d7252698edbfc84cdb662fbeaca60eefe1ec1821414afe9
SHA512 63ed35f91787b1aeff93bb1160f71dc2c04bf0e7d4f019b1e020a67ec74d2810da8973f0715f2ecb663aa823a1f98216cc1af0d5837d02c6b7f75aa9cbe1c6f1

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 3b9a32cc104bc8cb76bddab3649e3ab1
SHA1 4e0696db4b847983fe39e79cfcabcbda750e653d
SHA256 a3c1a7537bafcb12faf85c1146074567c5489bdaaeab5ec9d6bb771c6f70b938
SHA512 3513687b9a6e56873ce7b8678ef0456781d99db13fc240474e07718d1bb85373886a26da4e2daafeba2e4e5493ba7b47d5fe236298ef8b986ca0d8682a7dceb4

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 7a9f89f1b6fef1dbf58c70733af6930e
SHA1 e180a4a514edfd9006de7dbe3b3b406b709e3d0a
SHA256 2dfdb8971df0c091dd069be92f13faefb4baa64f6b559e88cde231e93c0c56f3
SHA512 dc233cd146607e09b5a296b9198d8d577c29c068658d2b08354f0e348b6497e7b36eea21ad093259472df927bcf660183dd78cb8a6876e78f6bd6d98754d64fe

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 500f03f211db63f954703576a129a929
SHA1 98630c708ac972a7511c6f8692d496ccf14d7c88
SHA256 6afea27b848f6724b53bd4851e1d8d75d98843a1281810c58624ca35b4bcc54e
SHA512 6b2056c51ee6e66a091aaabe919e94be0a6852b818fb191d2e3f923360ca088cf41ed456065a622d8d6229e6ca5f9f9fc3403c0cea9a164083c48f573b697325

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 ac883b22f713d7448e44dbbe42ec1583
SHA1 e9a86f93ffc6e6d665e9162add241e7b0cb462d2
SHA256 a5174d47781d52531d4adbce9ab5d3146da708bcc963e2acfb8732a5914d06e7
SHA512 c2d9774ce470b848303cad29a74396d088f78e15a5c9d8b98d5a3c4bfdac421a714e2e24f2fc9e24338470c9726c006a53cb1b87c2fc789746e476a03dce4482

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 ecbdd8234550367a8e5906cc814f0c2c
SHA1 25dd780fac689ce621508d90646b8959b3f087dc
SHA256 efe39b4e56eeebd8fb06ed8a5409f7519afb30674b4258503a75540ddab7b9e9
SHA512 cbde6980e7e717c269510ad739ec02deb99186a709640123d4721643eb0c7730c8929e835446bbce6e94307da19ebc7c18c2524e8eb4b190550f615d03e14d98

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 f055d158f1a9d6d563bc60450ff33711
SHA1 50f4c175dc9b71b3889c98a53e3d2d08730b48dc
SHA256 2d8d2d78eea14b7397a9147c5cdd82e8248cf56ed88146288800d2c1eed3f76f
SHA512 714e53cf2a3df1a0d248f6a72bd44915ffee5a1867e3f28b92aecd167b757c7763a45e90f0453211d5914b9c846b0ec54683fcf1de103e2c4fcfe9e1592aacf9

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 24aa539e0488290c96091adce03c1e76
SHA1 6eede4396f354568acfedf512ba2cbdf1fdff7d4
SHA256 ccf776bba82a1eb7ceba278ec2bcfb1ea00c499b75781c5f1ab66c83d0800ed7
SHA512 826312c8ef891adf86c96078468d89e245379eb7f2692d9dfa418c36416f80e0c5a16585c8455b0f951b8b80f61a06f188398e9b8f68e8b5bf1fa43f2a160f23

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 d1615059f3bd96ed62c029b7a714450e
SHA1 d9c7c35049b76b3cc86768e71331dc7a219e6b17
SHA256 d6e8f5881fb1c6008337e25796b5cee28244d8f43e4e78217b1f47900964fa59
SHA512 4c6021867bbe4429f47e81adc80e38e25d9e080aebc18d7d0f7ad6d69b4bd80d540dc109082800942fbc1124f04086ae94a44c4c53121839cc391db88bdc7e7d

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 d05bee2392cdee20d65bc171bcb13910
SHA1 526600340448478988aa86bd81b0239a40372a22
SHA256 5ca73530e28ccb37b4f8ec4562a6d72a97799ecb8bbacd5062f4e6c4dc9681bf
SHA512 48577789463f58c3cf77333ab7a063ef3966f7098cac06faba480ebeb8c433bb5553a09531fedf07ec55d4285e2f2b59cd883762f40efa4fe22196f726ed277a

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 15b56f269b75818a86647d94943dd096
SHA1 9952e770ae8f38843eb030d51f23338b116a57eb
SHA256 0fd1132f61b129d9743aa2394273cbb44be84eed8519975a0c92d61ecccc8943
SHA512 b0dd705ffdb5226dc36fc4a62d41cf57a64b9145351b07bf990000113eed6ecf1182341f9f20ab305d8791c7c3ce01e5925841993194718a5e171ea4ed5f3b93

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e098dfda0998bb81ba2381a41272808d
SHA1 cdebaa37539ee9a492a58c97be29d099c6a319c8
SHA256 441478574666c9caed3a60c0a39286a16e80ada0517db5745d2cb9e968633c76
SHA512 cf18af414ce93e5670a32cf369698f41da4465a562f09b92314e86ed3aa824cb89f979fcd64014749a258518f85e6a96dfc14772a7cf3823ce33aa40de3b2729

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 61534fa4ce50bf1c5df5d985548f126c
SHA1 ba523b64f2890a29e23d36e4891e3573f63dff84
SHA256 8d972e92045d9a9519c7f9e106a76ddde2a9a9d96e18899fff4948ed1ce82264
SHA512 027d9e5714835fac9f78ad331a0db08e46299f7b2407624055c93c82ceceb4f9ccce8eb7f6e5edaf8a356399ef4099d370b45e1b683a4de0161c52626e7259b6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 6a2aefc0af30bfacfec52c62dab1d360
SHA1 353d700a57547452d80d050eef76b95f0764eb66
SHA256 1773f87858525a5a78f0ff735100ef30a891583282f439ff3b98433d57595fc2
SHA512 7ce22fbd8e8dcee3f0a5494407490855e487ee2ecb108ed98019087e707e24f24685d9d11a945174cdcce9095a43471456fc85b49638a86b35869a36720c56f0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 10d59e8b8d6fb710fbee1dfde68d0aa6
SHA1 88a792d1386607ac43684c792eaffcb90e89858b
SHA256 f118a7f7518a0adc433c0270b4179284245cf21edd42b7755e5dce0a166e778c
SHA512 242ed738c6a5bbdd26adc07e98236daa24578c9d67c3e7445cf9351a37269b94159677480a850fc9dd5c69748db50c92797391747e7d4742d4cb2632424852b1

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 f9bea0c45ca589dec07f306e34773604
SHA1 afac68d7af8774a276dba528b247578a8f0e8588
SHA256 989c55e5d2628152ff20714bc04806af0267c021caa1563b84017ad3022f41c2
SHA512 8a0d60b9e3e65cef1dca5ec1699b1c195fa7bcd0c144e86ef454369cddc74624e3f47569e3b9ab6929898a94273c9b1dc10b88e0f6ba1a4f8993c3c4f0b4ad3a

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 d6b0b4560730ec324232ae41130d2853
SHA1 37677a04ac346e639bb43252af8937f08a816f4b
SHA256 0470a4edc272038dafda3353f8558201055eed3f9d92b2766b4547a82ffafd58
SHA512 119a941b38a2479f7d0a49afce61a36895da93f0ecd5788ac1c2c032cd21f60fd48d6b2a9d1da6781800af93f52a32080884a2fe29dd595fd614c717667cd353

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 fb282a34e424fe5de106aea883bdbfa7
SHA1 f32847c2ae302f4569e6623ef1d6686baf2a4d66
SHA256 6074196412e06511dc9dd0b717867f3eb6bda300da45466d6c6d6eabc94e0b3a
SHA512 4bc2a85082508d314bcb8b2de3c633117e605367404af2405145b20463b235229e1c938d2b03d04f65337835a91a866fcb9f82e00c3decf71b56f15dd8661f0d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 117502008b18ce0d16b5152564aadac0
SHA1 243b7707b083e96e03cd111e960c53701b0849b4
SHA256 f422362ea585b36a3a0c44b6103403a8da185aa8cb1c31d096a2d430ea02b40d
SHA512 1d6f0c6831e1f50fdb84331163eed9c5014e321ec3228a12b470cc61b0c0b8cedb6c27dcff87b47f55e17e04ecab1881aedf0365033417502cd61c819c2ca7ad

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 513189ebd99cb73c08e4233649a01f7a
SHA1 ab7793a01308e04ef245369fedcb36e3347894ae
SHA256 5cb4660f51ed88a82aabb425e66d99787812a6c59203c9169398fd19189c111a
SHA512 d2fe7d85850d4ac4f0f09c653fc7532cfd26190f97238a1fe92d23f4cc63ffe6acdaf40f2c605161e9eb5f98f5cae9c683aecb8522b3e1c8473cee7480a0e976

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 862edebac4d6099cfb68578df557965a
SHA1 658aababaa3c86c25418cfc1c52673e828cc3862
SHA256 3b4088725aa0174ae25491da3181de2f4c43bbb7ea3a7eeeef8c872e1af75417
SHA512 f762f4317c5d6b80632d8b0fadb8236942c66097a5491202725301cc67042620fab08af62f1dd7da37e28011ed46ddc7d99ed28f7950a1cd024351b0f81c428f

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 82976d07c7829c4e903141e9cdd11068
SHA1 59b12c2612e075f4e1da71afab68af97c87a92aa
SHA256 8a56005f29a08ea14997beae4139568938ac91662ffddc8a87e385b6c356880b
SHA512 5942a8b466604a682ddc67d9604aea49c3ba3d3a0897432492c107c63d5815b4a9ce616744b2e54b5eb9ec08c5ddccfd7faa76c7b7bcca1f26f80b098321bf82

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 aad8cebe75228555027475c54e102b48
SHA1 2e110736c01c007e96145d5e4d84650265202e92
SHA256 1494ec6811dbd6ce1035353b589e8953920d3ee6a408cdf7b9e22063230d323b
SHA512 c9086ae39fa0f81bdc4bbdec93795dfa181233f2f62cf2cf2559e5c177784d0e9d51c2afdd3fb4435f2f7a0c1cae52b86852f3baf4f67640f577b0bf91999552

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5d03c8f3b3754de1631d1bd9cd59da0a
SHA1 1449e73bc212ba24d6bb614811a945f85ec30b48
SHA256 d51f8b805f1256892f7914152cc3f641a9bb491ed7ba71aaf77e6d270ec59a27
SHA512 fcff2e2d075bf5f8927446c3d280422ec6ccc84a1e3f9c8f767297b9b68c87275c0e4d25a7879bf8bb66a1a41d7665433effd8043323786af4df9f51e51c7815

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 77162ffa0c87117ac55588d741c9613f
SHA1 282e0606e5055f30a949b38bc17d33c1c437c0bd
SHA256 43844df0d4540ec5d3f7f6a218fabe9b6f2b6dcf7e136e5bc044c48cc2680609
SHA512 4e706103f92c7421ebe1844089fd0806e49d17ca73a7415d8a3f1652bfbd9e7e635e0d40e6945130632f4f5e0f6d58363b77231f0765d73fefd379584c4702e8

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 be5ecb4d30e0ad9923f0b59272ff25dd
SHA1 cba1630ae74ab824275280684bce2da7bf0c1caa
SHA256 2c6f17d75f1e4359e01a2601fc39cdd031e43d3ded584c9344a09cd9e1dfc64f
SHA512 eb921da6ca3fa1c7b438df78d9c5e33311923ae43d6a37fe1293b255d2ceed41ed5dddcbfe123c3432ec361b264399919ffb1c02108d41a1c8816fe2254833d5

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 8de86070a5cb470a0e0eb9b40e123215
SHA1 17426d30ad332940e7d07c67978679eb736191f7
SHA256 df009640433446ca4d7ac703453d1fe6547d7b67b3f7040e26683f2dd98065b6
SHA512 78ffba609f679b35a64959e34b070d9f0a1e033dae4b8e261ab3bd05cd093d1aa0b37f1cf15e3e4cd25e011969de87e4a3b2bc192214db9bdc3864454c2c1e04

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 41252a0f1218d2b4492927c5579591ed
SHA1 af7c893c131193258a1b848044127ddcf01f67e8
SHA256 c3429a739ec87c834b7bfa4839d2c5dce87ab120fca9669cf619912c9a3261bd
SHA512 1a1e3ff8c9856998a7142578775b416f1f88e4d1a9d80d2401030c1fff9015908c222fae29b26355bbae040f0bf3c4a79236a23b8e30088dd5167bdf7d652a8f

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 4618849e9fa992f1f85bed97d12b7466
SHA1 b1a7eaf1b3ff9fc5f664db2aa81e547ede8d257e
SHA256 b27c9036c75eac962d52b397bdc5685f8513aee107bfe8815c78bd1f68e1179e
SHA512 76f7010b3ea4e4955131f47eb0c80f581d0a3b1dfc8099ac609a53c25d12070c56fa975be1e6cec920db120e9033b00164f0f3ca881960360cb435a7f6499e19

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f16692f7076a08eb2ceabc028578d903
SHA1 9a93f0e454db1aa33c03b850afbeff4351e308af
SHA256 6c2e03b7c59e6a92ad0bb233ab29a9c27fce0512cb2cbc70c32761f9224a0204
SHA512 758d488b20c452fdbf57b0815d0ebe0af6e3a6c0857a9919cdc66b96d830923f671ee05e605001ce534ac56d6fbb6a325209b2880a5053da8e426d8bf86c5115

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 aa8f69f55180cc01d27a0e30b2fc5c4e
SHA1 0e8fa5c7aaebb438d1a23b09d8ba2b16689a2161
SHA256 96fad76c6b5f87f5549e8d38a44fbc4c7243570fb1b41a991de3bfe6349e0f10
SHA512 7ea70c7e7ac7a582bbe1e07b799016b3bc213fadb57d52f926f7f18788d6f2c6c2e1be501841c29c6808fbdb26ca878b4ea59f69d0be7a2de9209bd238db4f85

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 5daeb0f0495f01e32f11d397301abfa4
SHA1 5fbcf46d2eddc9a3d5ba594a93a0e0ba45532b9a
SHA256 befe5a435303cded367d8ffabfe297d790e161664888f6dcc34979fcb4103aa0
SHA512 aa95fcc2833d569b82ed0f4c8423c7ff7b86b0a779d4398a23af3ff8c59e761715223c9880f4c28c612a07189ff9b21275b5b1e1c8ac1e88876a72fe0fdd5666

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9a20a02c78a27d934a6e58d255d1b087
SHA1 96cb0c0789d155fa5ec1440f86b761d00fa30c84
SHA256 1f6cc6ed162482d8794dc5a13fbaa61c05fa5870e50d725132dc999e95fe22bd
SHA512 7c9d57fe65c3bdd217b6cdf7e6e26080d6ec7395ecf65d71c6e60fae6fbe0e56473ea8b381546574849f70c78b087491dbf2237487ff897b37ba1eea4bbefe78

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 78845318234aaa5677c30255299b6400
SHA1 63fbebeecd5e3ae9e19af00b56f67c308331b6e4
SHA256 4adebccbaa4c8e49bce3eab0e27019f8e00af577a59a583748f9b6bf3642302e
SHA512 59cfd861a39556a6136bcaa8a74f6043b04b56fc58186ffbc472a6748b9b0b78401572ae4b1d3fd109476b8bc839f250d754abe62abdaa45ea66c60c3d956951

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6692f7c7f13f6b2c259c7169a53fd64b
SHA1 0d86cd6134439ef8e77adf560cac18fb2f676c7f
SHA256 b644064362faa96303e1a6b2425b8e3ebb6f2a03d9d8ea6116984a68bb6139b0
SHA512 c134dea43668b6272cd10c1ea6534f8dd4a2ffc02bfb80c2c93f0ce1ae5c3398b86c3b897c3c037b87731eb3151f7f5ddb5194c34065e8db2f8d86533029747d

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 41b63f9364a13efa88d4c2ff21589d73
SHA1 d040b27c0ffc35cb8180f5291d9dcb9d5ddfbfd8
SHA256 1c13e1a5c87369ef7e259b4a46408b8ea903c08bb9b26910e299213764d4e5d4
SHA512 fa35378f874a34366954d752d60acd2695fbc2ff061fbeb904fd5837020c0a91414c2cef383cb3c21266b81ff89754a9ce3743185094c0fdbd1d871eaa0360bf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 1d2327dfab0bf785c7b0d9941aee8a21
SHA1 c9775825721eacdc8a30131f220eadb4fbc4d57a
SHA256 9e06b28978d2918b05728af473ced491dbf0db75633e09f5f83c88b35d94576d
SHA512 fdfd9c2119ccb6e0e80518760754a7a22970327648dd933a3ba6e9504668f74063dd8391a00c4aadab97a318dbf073614183f237721848ab07d3074b3b33cb51

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 3f21ed67635419592dd2009b8c76d572
SHA1 5ecd9eb595ad941c64a286eb07d42f8b9aaebb09
SHA256 a718da1eb8d1a2607dd6a367d66138e45abe623c1d6c0c15e9e6455b6499ddc7
SHA512 9657692d8b142558a4d18778da923c35f599bf492c2b3700bb0ac33dcae62d88b58b545b511ae6aed8e6e328b7b73321daf94060050816dd1042bbea2323b583

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 716cc19020493a9d24730b6073e7f089
SHA1 3071e2d09899aafe0b92d6d650a5028e73d595b6
SHA256 bf6a61de725df650b8d52799b8764f9349892aa66f5ece56534c68b8d6fdc39d
SHA512 62509dcb4fcc61ff9d758a597e9a9a6d94c6a92a7373963d8a628b4fa1c37696c3b3870e91bf6bc560bd39913989ff013f92aa87e5e0a04fe8e0d6a56c2f5155

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 445aed195be0541410018661967017ca
SHA1 29f173019e14ac9b56e3e892671779fc82fbd94a
SHA256 b3498a2a395e2707305fc5a0656d2575ed0b0eee8104d2419d15bd58bade3617
SHA512 6a47708ffdd31aba4f4f83ab430c2ab50b636a8f8c533397b578ffff55a4dcb49745c7954dad21f7bb8b914a67aa097b8e9bd48e7fc4697f64c00f3eede8c1d1

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c7c12f4a5fd89fd899309376edfeadec
SHA1 394c1fe6838da3a33d8fbbb8d67844478b552cfb
SHA256 f593f3b866400b4dd97c1d2de649b4857f08933247afcc9ae627c3b8cb6c9fc2
SHA512 41adf9da6c417cdb709f4c21f2caeff52961a5668f15975fa555ec5b5e62ac592c3e847506516885e78eee89ef87a1fe902aac8e355d3d657248799741426e5d

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 88da13a7278d5dd1b31beb15720235c5
SHA1 d58f295ea99e63cf870add834d16d6bc694257b3
SHA256 d3a5c5761d4659d48e4ed7b235ec6565379c1f75a3234fbf8e639eca8e6ec917
SHA512 691dca17cc54f23bd283361dd7cff05f7b6d014ed2930605200645307192e27a06bc98f2aae9ab782997874eabf3d10dd4a32d5f03b89297fb4ddf836e361208

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 73adaa0442b9b03241150242438ae3fc
SHA1 185e1fd19eadbde6f178f7e24b83f817a03d228b
SHA256 b5ac471bcb24491d9d127fa7b053705150779a0746f8ccb87da40236bf40458e
SHA512 19c4449cb55988f96edeab2186892bba4ffe39ad4878b086b6d630c2d40750875b66d92357f07412468b9c8b874a1077d23417fa74feba6320f504675c15a33d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 b0eb14fd3dbb1ab0964faa3777166680
SHA1 f9daf17b8c5739dfa43d5777b4aa56fb7100b548
SHA256 6fa26bbb7b1b2c54a507141f0af9e50afad123e4c49f161b37e692a5c1a07e4e
SHA512 80ff9273f1a2bc1759e2bebc1e334f580edd70a490f8af79dacc7a8098c1791659d3b7d6158800994a92a719186ca2b618d2017ab33172c61cb94c1ec990b04b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 5dbebadc83264ef98d9a73f425475937
SHA1 7954afb18462b04fd726a9f5466bdfa2899385c1
SHA256 e151ff97bd3a6f3cce7a06d869d5ef061e4dd7794ae855eb5cfceb3dfe4d60e0
SHA512 ae71c0b6d939eb0c82cac99688f9c128a475cca9ba37414fe64b2b9ba7e5ee0267930e69fab48ac5d729ed660dca06d8f0a1bbe380f7e07ba7a867898ebda110

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4a062e5a441b3864737e793994205ddd
SHA1 33d90fe6e5c33d281b7dfe2a5193c64cd468aefe
SHA256 5d097b09f247c7d6943dd7cb9630d80644ba8504d3014974e019445949e2f835
SHA512 db6ace16915ddbedb39d3e90fea4ae5ccac53f2bed0b1df3d1112035f0939613794617083506080e07655aac00cd1447409de0250a7a33ed648cbcd62f7ce75e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e2a5cc77239387b1a4d617d2008e57c2
SHA1 a45c67d9f521800564a5da2a1e30cd8fbf55f9cc
SHA256 3404ae31ca071b2787e93f589b78427b1d98ecf58de8958baa545637b40f0a62
SHA512 6e6a8328e578c8bc545b6bcf75d72630aa003f6dc98be4b62520ac3c29c6751c82cdc1ab3c6f6275b277845179c325cc423c42fcd75a405a1ad64934664834ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 24779b133ad7d7f2a9438a08d09f6fc1
SHA1 00304c954247b3368ae411e3c75344ebfbc4c7eb
SHA256 2f19147d47ea5b44285fa42f2515ac8eac31ad1c8765c9a6f7914fddb4935fd0
SHA512 7987fd9a424aa83cf30177d07a0d926ecad0521775a9453f4c3933ff79f4e9713a911041bd03ffaf33782d5542cbab3dd7860ecabff00918e74f057498483fe3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 538639d43d4d14aa0469214b5c328a9d
SHA1 22cabd580ece32c369c5b28a2a830ccda1a216de
SHA256 75d53991780593bd6aec2db096f22e7e46e15c22d62f9532bf0ee9aa815d8b87
SHA512 bfa47e291cb74ea5462334a51d1568c712892e0495bd6ba90f874ae3cc83f2ceb134acc21417507bef7c56cbbc44321eadabdbf422ad1cf14adee8948a16ceb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 f94064ae982eb883c125e06e228ae725
SHA1 019b50b77734df197fbf62f421a9d08fe31ca649
SHA256 5d1fb3454b2a17103b1353181a44ff227aa594b2730855139a41398286a906e5
SHA512 9d5b14eda1bcc3618b03ef1618e73b820be2f4a630a8785c10b6c2b80aad1ba33f51d3fa9b0e1c3961a4fffe7dac2acbdfd6cfbbf5a299c2123dd279e652afa6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 54ae78cf11c23e8c657ede0d676a5218
SHA1 0708a16d258bc15cb74ffb6faea88b58770da541
SHA256 f4397c3b92e493f37e6f30483c86abfe523f99f9a048c9f84ab261ac4d31db31
SHA512 75b02075e738952c5e7c69f33d5d4febc8a670e2365341b2fa39b783dd103c9e7841a5985b887aff535517266de0c6956bba763dd42d3e796504c714df1aaaf8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 38210c85b6a5501695102a80354be24d
SHA1 ed37c1b5c52b58141d4b0c2f5875760bf3f44708
SHA256 35b6326d3f03524b64063abdfaac6672b96675f8b6d16f5d13185c289335d38d
SHA512 abf98e9b741f2c9e0486ac6ac7664d7ecc0c204f670b52998e7108e5d1e0e2a7ffd76bab6cf23bda5de925b7025e6916f198b5361e7632e0e6d310b281475f2c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 e27ed4d00191f02c1fe3e261fdafa1d8
SHA1 ef77e3ce118d893ab995d23fe0c53a6e27861d98
SHA256 8a1dafe5ec436aa2f5d0c1c9fbaaced146da89d43c32e4c546190be544e2ec91
SHA512 0a4512e56ccd931eb7e6e3898abb16f9af8e2adaa5f59b940dcb251180c47a04a87a90e20ee45a193dafc36d3d84dd1ecb5d8b5f26a50bae5573cfdd4bb4fcb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 45e7abb65bffc198be76a26de580700e
SHA1 de45c667c339db7b85a04730bafe45c1aeb8b4c5
SHA256 85f7dd08ced7e58516f8008c83ece1f57b852c8f34388631cdd5c2e866445d2c
SHA512 d9c83e0bd81a02d600f45fb690316fbfcdf49815731e6f38494bb186262f47621b44b54ada4dbcb94e728c6ab9d11efb4a31ba8f2171487fe5f6814beb361b5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 575c7b57410b938874d3a5cb89f0e44d
SHA1 5ba8c3d89640c129a10e7f1719acf7a4f056e2a9
SHA256 1f5cf44985ea0840f790289791ac261daf7d2461767154efa56babf0bdba670b
SHA512 016a48b0c1d4a42f24abca649b360e34d364c6fd7f664b03f40ad3206f00e4d8cab066cfa17ce8ed34fd5840a0a09ccdd71bd14ca2fd419742ce78498ba73aeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 0e50e53f05535c51d254536273de4753
SHA1 b9179d85e07e311b416fb34420bd05c5c1aedb8c
SHA256 6d8ffc9ea21f78843ec1d0e2cc7c18dcba346d93d341566c173c42157c27b793
SHA512 18009573215a804a7c6b541f0189523e6d773b3e86a463b401c8d3bf7638278977f9cf5d4c95c97dd4934a0edbbb9f06c654e6f17925f2b9a327c484651028f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 cf52bb40451526ff400ae19f666e0f22
SHA1 9475185aaf59142478fb47e298f6fa8523129539
SHA256 2062980781cbbd6ef793a2c0309ea4d3951679836d5e29fe4e6f1751703df1a5
SHA512 e06d7401ad312c7883287642fe2fae375c85282e07f4cb31269a02c64213bf531fe4c383170a32ba8f9ebaa70cf2372af6dd00622eca16d8c5794af276fe0eba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ed9ca265074f365d5c15184e2d81b9e6
SHA1 5bb2eeca2e17adc6480f59ca48328b772b3661a5
SHA256 f50184f3fcd313f65accd15432b28635de8e176eac559da1ff51c3176054db77
SHA512 9e2ad0bceb5d370bf4250fe1a241a9e1c67e85042765931337150eadd44932907a5a86dd5969b8078a1a34fc417c581c8faeb77a3327721c9081215bb9916736

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 46bebcd250596f313b186843856910c0
SHA1 a1aed6410f3477ed1de1056f18a8e121f2b98547
SHA256 5897c3a9eae4291eedbd292873bffc72b4df1f781392586c84e6726b044430ed
SHA512 f46736a27ac45ea6d02d0f97225432e2a044e2074cb12d3285bb40f7248c77b9cc722bb9281b92e6262a73d85d1591471e1747c6a67a98ff53fd5e4fec387007

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 e0c5d94428b92fc70c2ace441b4bf73c
SHA1 6fc669505dab5e6b5a227132c0494eeb277d32e5
SHA256 ceca875523de3efbddb0c88e3aa32443c2a74248a3507661e48bfa7bf010c1ba
SHA512 83640471eaa1ecd808e34190ce959af88c9aa1eca2b5c1667207d45d90f4d2672443553185c54f7d721a7e92ba83beaf4bc94cd35f7ae11391866ed7ded5d20e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b3942e57a651115b99793d378fde2198
SHA1 164f6eb5da9354c8efbd7a856a06a895ef90ed76
SHA256 623b323305628b46cd47b1334069c133a1100176162669f949b04012aa369057
SHA512 25e997b8d88c6452b3bf0b7b1e05007d51c4d925c329529fc533c2a05e381eca57a61c35efb4eff974f3dcdc3dbad610437c5335ec207e3daad06c97247eca09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 39052071aff7c2f734d00ec05b72806d
SHA1 5bae8e3d3192d91badb98417b24a0b854e091993
SHA256 97e7a0c2a3bfa7d717e7d78a6fa0e902d28d4a3612f4cd8c6b6419e25c8a392e
SHA512 83937076044aeac05aedcdff734706b73ee27d6380ae2a77c0d8b67c9a774d17d3147afce6742b6a6089cf8e1074c3dc4fb129ecfbf97a844f00affd58e1a307

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 dc3f0095304068861975dbaecc0b8613
SHA1 12f67036456ec57d6d2d14f8dacac49f72551866
SHA256 183adc6e18f73f61aa45fffb71a52f26517df542612a02c103efafddf99916e6
SHA512 a491508b9441321c2516692deabe6530ad7a2140634966b674134637c8becab262fcc9c06a897cdff48e0404bbc554738831cb3b627ee4c0a3fd7baa367b1da8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 a54e72a03e71dd3d7c1bb061960e5e50
SHA1 100e57f66bd01fdcf4703f0083528b5f352abe37
SHA256 15f0ff28f3fbc024083dbd47004807f41df5fd0c8b3d9682b7603834fb1a3c0f
SHA512 4fdbdbeb4504b8636a3ccec8ee2390435c8d82f9416f374556bc55d64b6392bfbe335b9bcc31b0a840d534c5c10ebfe5f2d976e940677264e20d23aad5d6a786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 7296572dea62cc527011dd2e03b4681f
SHA1 81d51bdcac57a2d44006cc2cb4ce92b200d36101
SHA256 0ecbf532c08e492969bcefdc35c2f35813831f6f578ddbc6eea608e8147eea06
SHA512 80ae89800205174e3cc12b62942c95d0343eedccc7ee9a8169033ec1f75223b6a69bc7e28954f7d2db5eed56641006c2f8d9c22ce13b54730177a473df779706

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 f06a409de58380b0d649c23b42f109ed
SHA1 9117106294afd419a4d5c066906430d87abd1cb2
SHA256 c32a088fc1f6e5b8d2b99fdf9f870103451165e148255955a0b96bfc6e2547b9
SHA512 ee1c7ec6a4b2216a6aa1ac147336cb2a1820cfadf46f72c6a19ab27244444bf9c5c85b531371465fee9b7d946cd46366fd538da2c4572a44d319ec3e3f5972f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 a7b9f079d888feffb147753a7c295398
SHA1 b7e355bf96ea489f1710116bfcf18bf034bd2df6
SHA256 e372e13a639eb5003af84862ebae9b91e40e0562872fecc6fbc2da12fb0b1fbc
SHA512 a8692cb02082dde704ea46f483659669c1743e702b960744315ef1eb925ac6e347d609d565b1080eb23bdf61acadad802e17b5a9f9c218baf746574f69bb18c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ca799ddac33e9b88b2a831f66fca80e7
SHA1 ee7a87e3bcec7fddb4bc0074754f0e8d7af7b161
SHA256 ecd289e1fcfc28e509f1b68ac7c7283625f651ef9bf01aeab98dd97849320f0b
SHA512 d63760979f8ebba0f839b2dfbc026cf72e7b89b1e6321cf151696152d5303f4c06a74147d4c29f16a4a26957b86d5c98b32b1a560a2d95c658d46d7bb006b389

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 fd6195c93b69eef2b5adf09d1075a362
SHA1 ba19780efd7483dfdf8c2794101f50bfca72fdc8
SHA256 baf16ae5a85ee77c0e38d6cd5a9ff27fcc9f187cfc79b78b00cbd1474e51f04f
SHA512 da1fde5fcf5601f627ffe1ae48d5e2b3fac41160fba816952f74e558c5b012b39072b8b3fd35190e5f053fcc2d8377812e8c245951bc525d8862325820b57386

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 6d49c53bf1598aa108288cda138e5649
SHA1 b74757a0401618ff0b9c7a2fdc2f48da1bf37c0c
SHA256 d1a16d72892ae82a04547abf3c9fe920b47b3f15c69eee487a058a9dc152e1fe
SHA512 97053062978c8da062483273e663b15b1af046e172ecf83f548868591bc428bba0392d71bc2448e6cfbc4f91940d95236d3f89bcb51cefbab5c007cbd40d59dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 62dd972b7cc8ef62585a19fe32d6bdae
SHA1 37e8dcdf276d63576b906b1cc3be498d1e164cbe
SHA256 98cf842250c1a4f2803ffda28c9deb8ed2b19b7bc472c767585737d5f5d881d5
SHA512 92e3fd109e06a1270b5c8b2dfe139aa16ae310e2b69aaeb68efc8c9fcda61d2a081fc638d63565cbfb19468872a1f0996aaf60d73bde03eddebf68c65755339e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 808a86e0ca9c24c9c40157f0320f1718
SHA1 25b0d5047505524899562e7afc9a62d0657d670f
SHA256 155e8c7731f65105386a86d7fabf532574a71c0958d4d89753c780b640da38c5
SHA512 d5dccf102fb86571b28c8b1c641b76b624d238d8b53eb055a9c679cf22fe416acf2c24e908a9c6e22d446dea7a1d707346a188a63b5625c383578d3108f1b609

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 81d1e7aaaa365bd0e6e7d7dd51c99f4c
SHA1 54a81a91010c80c5762a53993fd29261c899393f
SHA256 7bdf83af42d3b59d38cc468f0daa23a5f3ecea9054e09c66c8700f91ed68e538
SHA512 e722b8e296ee63cd4d917b8e431b16709afb46f3aa7e5e46991e03d1417d5046e06d24f8cf94379b0d397ebd7729e9485045e14393b12c80d884546b73942633

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 cb3650bb689079e482cf2ff8d3920cc4
SHA1 078917e2789964d3acb6f43a08782d3f7c89f142
SHA256 ff1d85aae4fb872fa23c68aebc06dd9be53c07a2e98b98477d9fbf8781d5c0c3
SHA512 8d48dd6576eb551dc4d0faf260ba75af9e0f9c6ec9579cab49eb95e587037c74d301ec52cd5b11c3c46db2d94043b8f53baa844c072efbf62e46cda0307a300e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 d31e75755bdd6e4fdb44cce4665b0995
SHA1 a2b09fb7e3a5e4d5ae4af4c8ae60b6fe6c3f5291
SHA256 a5f02dd92603d3da93d8e3d64df085aaf14c48f8dbbe83cbbadb0e2f4ffce943
SHA512 7cb7291c856f788c7fa956ad4b23f51978b1d014002e2a646c0cef9c4e4f5d91d5db2649f44bb5da061e500042c629a1cc298114014113e4777bc23b6f4e7833

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 4978ddab3276f7993ab87b21728cf755
SHA1 cfb270e365ab4c12fbd60a16bd9065879b7eda5c
SHA256 b24083fd22cf274b7b3caf02cf35a80a805f9a1a550b1de090b3c498456c5da5
SHA512 6e19dba9df5a459e3d3db73f842d875299e3186cc063d4388786766f0ccd59f818c9f3af5e2b877f08830c703eeeabaf30e5e8500018d275678af78644ed2085

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 96083e3a36001e2d60f89e86bbf5a201
SHA1 fbd9a10c75e7a51a84e31338a62625942602e07b
SHA256 4c6b98b881a069faef8830b43d3aeea0120323c8865479768b56fe2bde6cbfe8
SHA512 ea732733596f4909726ce419166448759ca1fb0da623f829f1dd25038ad059ced33dc8a3af7d9d9b53b323dd0a1b0a23878c5b5d5dc20c7c168ac4b773289ffd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 182ce6220361d633e661f045a3b77306
SHA1 7ea8d0ba09f9b4a64d42ee018826523d68b703bf
SHA256 f1a4092b2be71b17beda22fca0e7fc4f9d8449203b36581ba94924ed9b9156b4
SHA512 55a4ccf8b93424da199cd5e4ace78307325de803e22c0e00cbdd35c6ed44002bfa3449d56e1170e23c071c5dd8bae563d0661c4f5384140390ae3b82188c7fb2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 f117da883a9086c805f61f84e3ee464d
SHA1 03c8f49cbb96909985061efa6c31304bf42047fd
SHA256 cb5479b0b85c93e5629b4c990012e46bc826bbc74586db8b72dfea97b5663929
SHA512 ab033bad4e5ab79abcb144d26504158bf386753e6cb97a578e6819750481bf4fb06822d5539d7d45a728786a0368db78f2eb186f62d53772a97323dad8232adf

memory/1660-4430-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 7788cf655dbee135f46e68b1b9c55e91
SHA1 06f0c86fa3b808168ac7d06b45721ab7abf9f310
SHA256 317c373914a7ee54e9f998809eaf080316373ada72d93222953c9144916ffcbd
SHA512 1cc2e954d1cdc0ccc84fa49d35da7958dc25b88d8a0a5888591416f4ff19a7efce85c4deafdb4f2fae7d57f7860d3276c78193c830451bf3eb262268c19ee1f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 2e1befc98491333596ce859584d0232e
SHA1 cdf5c7df7418c4e527122c15f9e87521462786c1
SHA256 d9358d1eb84b6a8965ff7f466f6cc8e5fb61891d96dfe74ca01b8c4c1e5de5df
SHA512 4fb0ce5e6db2e10ff7f7f2594f785e26a66fb2df41083dda5e136102a70d35f72b0ee06060026d908420ce10c7a0df9b64d21b0cf32b9b39801eda26e352e337

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 e1a173ef66a72312a34beaffd3705d04
SHA1 3329d261205f6385a99608c509cfac210b138fb5
SHA256 ba64dfa93a20ca438921e97397e40ef601c5d48352f8de8fe946d045166d7129
SHA512 85aee181a71b3efa842f57c8f3665cc3aeb6969aa69c72b3fa051eb2f4721bac4979bba3ea0baded0fc21c72162f58574b550d26c710db90468c7880724385f7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

MD5 2212fbadba298476556a1eeb73cff7ea
SHA1 36d0ed7d8d0b940a014e168042fe525eb4aa47e9
SHA256 8ac870a62ff7a38b505ed9e2ec944bff29245bbc6e7481411077df4ddc0eac4b
SHA512 999d4df64cc03117e557ca571d92c5fa1c779128518c452cc12ef1f977c33c8fa39c2152e884ea5000c69daf04e9b39a12b93b354742dc9a4337527a262fc7c1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

MD5 f40ebd01791ee66996737736e0cc15da
SHA1 c4242ac91648aebc1e9ab532ad1ec4fd5623a61f
SHA256 19655fa5910c75ca45b7092209f94336c301de7a90f79daae2e5dcb759fcf820
SHA512 ca45d53f6d6887ddb9fadc3555e9f397987ae228ea0962af6eedc415d1e800f75c809a1f16959214835e6c021ca017f267c89336ddc4e44c14caf1415d669fec

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

MD5 20cbe0957ecc42fa9256a49d11da27c7
SHA1 18d30a85a1b67575eee0f966b6e27911bc815c6c
SHA256 1ca417ac39691a51cbf174fc5062aed2a0b48da6c61d16cb9c7a46863f28594f
SHA512 6f9a472a4821ed08e2c686b47b05ca9c2687cb8459ec467fe752814655002160559ac830879485c1feefef71318bfe008eb1cdd4b419af62026285f02fb8ef5d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665714398674.txt

MD5 72ff63316c6d0b3fa97206c79e8d427a
SHA1 873294d14098a815d15f437da4aca5589a760dab
SHA256 a980f51aa93c7ec2381f0ca6d0bc4b9f1e837f6420fde262c2e4609d68464f40
SHA512 205047283b28e7b9de8b532fe600bb9e8b5993923a7ec125a00ffc2f9522a81b5d4e00ee6303da596e4102ebb01535dc2ce504a6da12b20b6aabe95ecd1274d6

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 36a366b8127d233e11eab540e23c001d
SHA1 804fbbb70d55ec67963cc0cd4b148657175cd457
SHA256 a4198df9cd9448ca9420ed544998ad2b82763472e8fd4cd88d489f730d8354b2
SHA512 6739ace12e7d14af0ffe32755b6d087b01c729658cf967ecce4dcd30bbf3c3c381c679c0ed103ad2fbd946a08ff80a583613554e72aa991bbcd8087a1cc1db76

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 51a391d22768e052c1464b1d3c9e1a3b
SHA1 08643f0bff684aaa6e1d76c7c472546b4c99993d
SHA256 c1cdb7f9978f323eafd058c54bb47eba433ec051c5bb24284d96b23458d31a2d
SHA512 4dcae1a56d9bbe503e62beac3077d1e5f9b53d3ffc53c739ebdaf99d5207293475e0e4463010136b5c9a0c6497d57ba77a0ee52a094c7e112770eaa36ece0b77

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 5708b378025b018d66a5b6df48c5c444
SHA1 4707cef2320695e5b5b23497bb32ac788f509c1f
SHA256 f28a036aea710acafead179e4a73aae0211977089670ed340dacf19bd2c31b7a
SHA512 d997ed59f519d0bbd856ee03badf6afbceaf82cd0b73cf00efd8085ca6ff85398575b393dcae14c38c040fe8ee47ce236dde608693f4f40ed802582ce6dbb154

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 60ce37071d6b45436aa89f01fa7ad313
SHA1 758280f8f6c8ed7f885c7485d0edf582b2677d15
SHA256 46ae19a1c04a73fd18d74ae748a210171065b4f9ef96e1fa6fcbb9a3c638415d
SHA512 34285fd308fbe98e3def073b96556876469e7e49d78ab0e126e5fa97b70fb27fa5d00b806006aa1d5b5f4654c4b49de20d74de5fd3249f89d63b4185ae7363e4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 8fbf9076132d3dcb3c0ccb02724e2ef8
SHA1 f5f0bcd6aa3aec4c07620f399ec48080627e2ca2
SHA256 d47834637eaccbe92a3894a8d8c050db03264bcd6c3bdf8a46ca1fd56a0f9033
SHA512 15562e3c17e686e1f4f245934839394961b085afa5979a6fcfc7d04d70db7bb94299a2570cf2573ebc02754e9f8daef5772b935ca95ed5ab61075b5713d7ec64

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 21eddd02f49ef84246ddda6a71f5950b
SHA1 5a54dbc42e38dfc8bd7cb5630d36292dd04a365c
SHA256 b1bdd0829133a187cff27efaf842addab2649dbf24a0c34d1c04d59782b15d1e
SHA512 5f16d21eef3fdb25b60282a9f8b205b21fe9c59510703230089a951d59b7faa2bd1057db3186ca9912ebfa8527a5899e6c262644eb622a25501da27e7b2d92d2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 0f8636dd8ade5d28781b9f5b21d279c6
SHA1 3a83fec25152806b1e56a81162bc0195a35e05bb
SHA256 bab17574b18e288c1ecfa5a024ea5a9fcdc0d2a4f7f155ed5ee653a504ab2509
SHA512 fd4c1e53d19a49ca16e4571d5b4ae381bddfb4f099182aea106a8b15faf987e936ef4b10ec924efe7c0e792e9c4fc0c7acf1403bc7a7e2eafc96e76ad6b376c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 823f4fa12008603fc4b961065b4f6a26
SHA1 fa3447472ea22212795548d53f8b5e120fedafd4
SHA256 29b2998cea681a0c9946f8849debd5060821ef064729a76ba7e54fb3e8310f69
SHA512 45bf7a7df25f44421a742d44fe9f0f0d5afefb73ab0b646701dd2a48cbc9c47acaeed1782d8828df5644eb35727c01ce7ee82b495544a855e163aa2a1cbdcbe9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 e8cfc9820d9f10b646e52d8e0b8e8a2c
SHA1 75006d292211b3ecaf57cf6f921038a7ada89c22
SHA256 262d79afe093776c8733fc1f2f67ba34adf2779748de77ca3beaa4d2a16166ea
SHA512 43af2f4706927e8e7e5756731c5e0306b64865f4a81ded7382eab6ac82e57d0e17301a095ae927050627b2c643f296110fbacab01d892bdf4e4df6bd92e6a79f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d56360c0f635c04a91990682f4c3db04
SHA1 0b0665c20df39248542f8a81431c07fd31b3dc80
SHA256 bde1dff73c3a8615fceea7cbefb95a5c49eba553dc500081aeb1b217b82bf1f0
SHA512 76e927d326acb23f75cd2c4126ca8078e925b671a6092565b6be954fedf52102693a8fbbe3d89b280f0e8ef1e89e3fc78e2b55361778c4c6f42ca91048de82ab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c6687e7dfe2e687a16ca5b713a25adb5
SHA1 cc243193ddefbcd00e824a80878b37e4eb8fcc75
SHA256 5e54759105ea8258814ef857d936cbd0dae767192ef923ff9a36dfd7567eab99
SHA512 00dbd85709d5bce4e17542f3f7428fc007e53643a9b1864e87954a35b5615a69ff22421165b90b872744a2a8f80fec5880431b5a4f029c03ef65be6600cb9027

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 0f8ad33aba2df422b6d101a9f7c7dee8
SHA1 5d64aff79b855f5d02c1a1292787dfd58f21654e
SHA256 6fe51a010c0f08c69be3b84f114e7b4e79b8b42fe4d74eba24c36eed35babbfb
SHA512 2b981a22209e278c29bdef1e7f7bcf9542bcbc27cf21a414e8f04848b95abf9b8323197f0b0c464104a17ab4ce0443c06c62a2cc151ed063293f5ddd9f34e03a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 a19857b55ffd0067051d4cc3461af6fc
SHA1 5009d9afe38baaeebbe7f158718fbd0a48d1c22b
SHA256 84287044e9607710b187fb91d2c62e3348f6c4a9a9591b4d18e52814b96e5931
SHA512 f6552036d93b23cb3c80c2b9722d14b58df7979337b07ffa2e8d5e87950b92aff169da434d236287a8733b5a32e148d30931620f218fa0e72f46bfef95dbb3c6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 64235cb9f62848d6010d390bb07e4ffa
SHA1 da0082372d80393839e2c945227775fd6a7cfeaf
SHA256 c22cb1aee90bd1724d54500eccd8e2fa2f0db99213c6071278b207bfcf9eae9a
SHA512 132832c4a49104993b0bc672287f55260a38b9320a8722a26f50904abdb91fc8573b177f2b4e90441fcc7b8e5f142a139cd5ce9ee3ff85c9d3c8801fc42a1881

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 469a4bdb37c1f039f74f3c8c9e64ec11
SHA1 9a4d761bd4171906f66efda63fb9bb3a6b0834ba
SHA256 46034485cb23ff0bf77514c59ad02a36a95d4014f48a5243213523b8e7340006
SHA512 f351d595b2e1f235baa9465492ed33aa7b853ba21245a6cbea66ab71e48bd8af88248a4079865390624f353a17b9be82e60a678c13a4c967dfda2cd539e85d2e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 788d8d5a316209a85667e50a55cbbc09
SHA1 3be536276db7122ce26a76bf179e53944070b448
SHA256 c71ebb551ba49a67fd4d1d0fcda21d3f9b5e917a56342a442564cad3068e96d6
SHA512 96530fcf0c51a19e92a6360e6ef30e2f96466ab219985456a642274e25898e7be4c39e2eaeac49d1a8785d193d08e87f982fd1e53efaf4b5125a8ceac93305cc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 da079b623742e13545a75d4b7df78b37
SHA1 a9af1b2f5e6bc69079a6f5c10e4c1b2675f2abe2
SHA256 61158850c7d8fa06b41204ae1439b1d95d8b8146dd0c2d0c28ccb8a8b962ff71
SHA512 473a7c0340e7d04bd617da511821dc96e5cf50a499cdbfc7c3cf8762385114699cfbaf186258b0984af09d022dae5e23c6f25ef64ea924931367f84269745183

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 b79da84aa1269f522e0edb3a3498bd99
SHA1 388ab15589f4201cffd9227fc9bbe16e6a4ac504
SHA256 4cb6fc2eff576844d8928d5acc1015bac06cda9b45cb037a8b7cbbf756d70355
SHA512 490351b70e644d9b8625ffafc766a1af0ff8389c93d529d48d169e403628c3daaefca2195ecf0756e34f9caed61464b62b458f13528481c933febdc6c3de1c46

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 e5d75f7234aee9164c86a69569645e34
SHA1 c1663ea6dd5fee4e6be65be73b6ff76b510327e0
SHA256 dc504efacc180a96d59ce5aaa9c5e646e888655dbcd35f7d342b6201b35031a7
SHA512 41c425394ec1d878b6879c793201aaea77fcfdfd16dc98f68c077084911fb924a901f9501589dd6abc476debd6b084900f3c5d518e283b9c140ff8a0a15fe57b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 45a5d4d266939775610f760c1ddb914e
SHA1 4c0ba64332fee104d6d17576d735b2bd90e95445
SHA256 db37e4b34f5de1a0becccc9ea888abb7f131a9eb395139d6477b57029c17aac8
SHA512 cf250a268bc5727542f5cac42ef81d2c049de64f1e6d0c996a7b61493ed0df90544bfe30639ddf5a40cd28c0e634ff2135225fe40bd2c2f8747d00808820c55b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 a397e827bd7f0a25111accc36c59f106
SHA1 7a97a925975c3c217936aebfe53f176cdd94c775
SHA256 9694bdcd446e587b4e63addda2dd5708d005ab61e9d90c4926d9431a10044f84
SHA512 92ad139a980bf9932fa2e672ac2224a304b92b72f08f95d131a80b1a86ab1096b74baa0946988d19483c2844bd81fa5003421906c8dd0af78325bfd4049213ff

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 b17070abea08b984c5e8f6f49c18959d
SHA1 0bce3e7c91110ae33abb91afc6ea20413753e2b5
SHA256 743f5c89773ca430be101007d3eb82747806f5a6e79f181cb79acff7b33f52d4
SHA512 5520e920640f28181ae3c5f1cdb5723be209c193b92f8dfd73c454475ed2f04dc9929d1c6d2b25d9aa577d0371227803823c85417421d85bcd018a2fdcc0d667

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 815fae8a221e8513337d36392d8b8ec9
SHA1 e95dd5082f9a1abbf9131018189e3c4bab00896b
SHA256 0c4e752c8feb815dc4533693839d12c7f4aca3cd5465b17823b3069f849845c9
SHA512 2b849767e6b2f3073f546a4e214dd3bdec42d2e8e3c970570cf983aa7b6e4d466e505280ceabbc3adeb5553f291b6427b1f4b56cb7fe5562940c8f5f8ad0f4d0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 6d1c9bb599a3b66ae3deddd1505dedf2
SHA1 4df9783c8153ec0ca796996e1cc304fb8dca7bb0
SHA256 27fe5e79d989e0f29b7b62a118ef31d4e58d2c15aa9237215fd8b9df0ce021d1
SHA512 7850e2ca7f456c6202f19b0893a732a9ccabd89f63ff84b571fd9aee9ae87a0764d733abec178bf9bca75f5fd81f22f480d259f72d083fc18536eb327f9373be

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 79ee3edf3ee7aa4eeb4f418be06cd1c8
SHA1 f69d0ef53dd902d9bef652f17b7513d24bc5d547
SHA256 7ab76b3ab165b067cc734ef14865a8391af305e5e6444b42277c9000518de8cc
SHA512 d38b0e15d308ddbb38e0f8a4c8f704acf623d4c978f3aeaeea1c698630f8357e50df0a40781f82eea0d5264a05c25dca73d2dbf100158329218565381b7f8d61

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 87b9c5cc4323aea7474811029f0a2393
SHA1 33fe0c76c75accb8f6a2767bb4f608b3edfca6b8
SHA256 b8f5471af80e3ed10452a345c5a6bcc3c40ed34b56506a274aea74e08651a747
SHA512 d370180b6c38a1a9c7ffe4b94a8054b56c1bd50eda190d7ffda58ab8a9163438188778633057e77850a0b182aab3e6b90b976bab6f6bca1d7959c8992233ef4d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 453c36e3230f04e20ba8418988802a3b
SHA1 23d1e4546dcc81fc1b98fb8283f82565536b1db6
SHA256 59a50e43a938248bd1ee8645f0a6c3b2df67fdf61c9a50939fe0ffdd68d32664
SHA512 5c8121cbf5f4dc39de08bb0f022f32970d401d8b96299fe4d8248d20fdae6e1141382930f9265b051a0b648b9417154a3b9b076186ca078fe316bedb0fcf1b97

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 b62030c11c3358ce89860a8d54b76633
SHA1 a8fb389baec8254fa01608ad4eed27aa70596234
SHA256 33fa71f652edef26c0ef5926dd675ea184547c9ef5449747bfe04a6059c37d2f
SHA512 26e646bbcb3aeda65e41205678890acaa781a0280d2cb1602ae2c8da3c1d44c4c3e38da1f6c2abc38f2233d024fb8961f3ba4b725d56fc74de4632a0e4759c6d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 cff924e0057269e4bd251c5bb1662742
SHA1 4f6e8493c5fd48aeb49ffe329b8b566524a4593a
SHA256 71d8fc9c1a26c3cb61156fac0d159020a68fe166a52f9edb2a2b55bfe4ed804c
SHA512 769bb58d37e95d796a7699d774dc69fff3dd7153ed0e2bc693667d76deb120a29af2f13a78f41851a1cb9e649021c643c2c011c644291d52b9ea8c43f270b43e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 8d296b6e23970e6a2e54aff043893719
SHA1 7c6c1447a2ccb9526ed9e8e4da87f8942452fde2
SHA256 dbe4d593547d53b90a14ae3d915a01df52b7a8c547781ac7561d418858e60f13
SHA512 bf304095f1d71ec409b0aa882b93ddc998aabe3e12f67916bd1c548d7110aa7a6f654292c3a770edb2b4e0fb322570882201372b8cd099b2fe3a1a2fc6ed3bcc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 9f9c0fb5a7be2dfdb5cbdf99d95d11ab
SHA1 b1d7d27aaa38de3db6d4a4f038e9fad343a77d4c
SHA256 0fba5b286477f01306fab1dd99b0ca37bb2cf29891cde57549ec12fe1bc3b3e8
SHA512 6aae57b69a7a14546012adf61f12fbad215bba58797270af4ff37dd14d36cbac15d8d2e707b4384c07a7dba5054bd633162dc10265f27f8e2e75efd80a3b894e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 0b4ca5dad2d8a75ee71d2712853e182e
SHA1 f53f10a776fd11edbc2a685a57ff712af2c43cd8
SHA256 f97755d856863474b87063f0a72c4a7dd5e99e4bacd7b3a51469a71b6ecd9154
SHA512 404575548a43bbbf5455889260ba8e34446640febeadedf6cd7e53254bf236c4116644a02125aadaef28ef5cefd295b7e2167893af576be973bcbdd3e1c00951

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 70b715ff01c48b2839d62b14384c3d49
SHA1 f0c0a96378c7b48b341c7a06d6bb40ecc95239d3
SHA256 c1630f6aa132e3d179bafbd13516b28b6496d29c64451849a33cf0ad2c0eb639
SHA512 edd78a865be71bd88ddd838b5ec7272c2b0cb5b2325f9e79290dfcb35d23bc9fc98dc0908feecdefb2c61b5a7379cbc4d8b97640a668214a05ba44c04d1b4970

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 53ae79fb3bc8cd624ccaa6f14117e80c
SHA1 f98251d93d82af0b4a1b265c9e99e1fd606ff835
SHA256 986bed36dfcf6b72ba523d796f94af6419881458d8bc99e8fb4c125d26aa9b25
SHA512 77a43955587f6974767a431ab13c459541219c29d6140ce2d60cb34162132fea0fc43ed4ae87c577d5ac38d14fe902ec4e81af55aff16bc8e9ebd8d220f45b2f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 c82711d09383d88f2eabee68818802b5
SHA1 4bc372e4ad65429972e4cb9a7225f82227c4b379
SHA256 7b3b144d6aa181d5dd77673f459799cf4526b440d0bc764b9065f8cfac1004cf
SHA512 7d42ec20a11a3e2836aa280f1094623a899a7537325bea004c14ed4ca4391eccbdff0c348447c57ecbf2a121cc32ac72754f1943186217979e7465a04929aa44

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 5e7137ce066b1694c34f26b9f9a2617c
SHA1 9c32cd3230054a4c6464e3df4b49e340dac471a9
SHA256 a01cdea0a70283c77f999900c1ace5a7492036fcf9094cb35faf2ae040f779ba
SHA512 5ac18e34d69b8de74882294511c7fbb5e289ef1320955aac03d38e098fa3ecbf697c8aaafd987051c8f88c74d23250b640177cc14fee80fd8ae7ebf2deb5a866

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 e8144f2aa5b2827ec1a830f0e23303b9
SHA1 7cb98a6533605de101604a3f47ee3d5431130426
SHA256 11274f8b6b25590f628269bcfa8dd9a60b07e12fc4ade652b6b24bfc807ecd78
SHA512 20092000c207eda26f61e9dfdf04a866cbdaff16282ff4a0362fd6e8132ac3df2ca8184d6a0b14631239f5f3b1c6803491284d6f820d4e89e20fac3dac6a34f6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 782434e59cd3da37d24b343cfecc2ebe
SHA1 2cd01e7544fdd70dc1eb27bfdf6420d4725165a3
SHA256 58793ff0be72171731b5b89980a2f6170a3c331a61985c4cd4b83116d195e09a
SHA512 adb0a81d9bfdf19585296662c8a7e96b907944722fbf62fecfb589488818ca5c3e6ef46e6dffd662aae408a71cef541a390266f8453db3f2de6ff1fa1e3aedb8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 5666cda9df7210543088874c1a63c6bc
SHA1 f30c13d4bbd0e8bcc76b19109a649dac6bd3e241
SHA256 8eeee23a408bae1a1ace4a9765cafbc503dcd5f690bc308026ac34e464b4fb4f
SHA512 a825dde2002557abe9eac826dc766354e84e9047936d3f7627dc9b40f7276756db19f1f8120327a5250dbdd56065d92c895b86745260d1c6a793b3a4ba9ce60c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 01d2ce404a71902d632e39753c3dd9ba
SHA1 c74a13a2a49155fb1291e431f5c2cab4898e22b3
SHA256 d8d1d591e4ce5f2a2083ee8f6489d8a44075d6a94eced35858780c600a00f5be
SHA512 5bfe8649fe22cdb2cd2648f112e62b5e778443f06d2ae32fb04d5e20e148ff07e9b2f159ed777686dfeefdec06becf23fcc69400ec076203a9ac70c54196c238

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 f9b06ea6734801c85c69015d9a752232
SHA1 de2573406900d4f497890689be4e0166992bdfbd
SHA256 45818637b599b3fc1ca3b8546e4a9018b81e9ff270f9a37e069a150c041198db
SHA512 3c700f1b4059c277edac88d8dabc3e80f8708bd67a6dbcbf89d885ef56eeab79020178230d6d8fac8ed7968e0d1da5fcd8e2a9197defdbd0a0f44933099a6231

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 70ed914e8f10f260a953095fe72bbede
SHA1 1e2f0c1b2925ec99700b8fc63aa453a70eb56fd8
SHA256 5720273ce27af42e0b38b48df72720e6fa6d16097d163b821adbc1726cc3bbdf
SHA512 89e832f661d20e2352274f0d88dd2b62d021cb3df17da7323388b9a6264c62df2ae5fe0fef347a5aeba7c8f79d839a46eb341de1aee673b3e0a53d90a5b5f9ee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 d386f5c30265f879f4d37f1d5d3daf37
SHA1 9dcaf6a29cf08194bb1e2759e132b8d9568fe19e
SHA256 bec7b4911ad934f6a0dac97b452babab3c741cfdc945928caef4dd16e858110a
SHA512 ded9e024d5574bebd9537104af4d959ec711f2337eeed2b5b3988fc5201c14a61294df19542a279d2fdde176f2d565238b1a461f6aefd50645e0f95698bd0431

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 fa6e22acd2bd44ad45a5cbc3d0cf1c9c
SHA1 842e3f0bda6d7dd42c0adcda3e52ace7e5a0ee60
SHA256 77aa04c98d0856d7dad096d3b7e56c311d846e6211205e2062accf318987c4ea
SHA512 2e7d0ef97974e7bcb2104a266e006645e8455effacbbbd59b7994db1b0d5be0de3ca85d244d73c2070f8d9e682750e6c4e88185b070b0037798933e4edfac659

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 5c994e0cb0ad8f974108c0da6a284f75
SHA1 830ffc12bc79c62dad166e9b73330801a8c1d7d2
SHA256 dcc55bb61b56406b2ae9fa3a9abfab4457c0bc85b0022de3badb45ef62abb809
SHA512 7811d49fa0405eab687727a4e0a70d1e696fe9dda45503b1ef0db69df864de8a212120807ba887017428472c31dab4ca321691ab3eb2ef47c747a4dadaeecd3f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 baa38f77fe2234b53f7d05f977f51223
SHA1 a0b989189d06194c78e3d5ea123b9c818690188c
SHA256 1a94e8b735a0451e3e2ab0d96a0f5426b4f1b3060f9707c2020c72038b249281
SHA512 dd30185c348da7e127e5789bc1757e6e023830a2c0d3ebd74f8c75b077028630cc309f8118b4cd98868c223e6a0142e2f0cfb9ef57294076c490c03f3299b72d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 dbeaa18d3c253c586fc064a52f382d93
SHA1 029bbff4fcfecbc423f18b52ee62998c5bd99cde
SHA256 797ac8f6d61c48a865dfc45c729fe5c022ab139ffcf15e5bc0376b40317ab84a
SHA512 9794a2e1c8d8ff3b9678a43b0220a43dfaeae41966bacef6c05de745edc516d017b2d667c3f426d52f2b7a562229f733f11721475792e1c6b7d4b2acec5f4523

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 1efee053d0c455948dcda5a127518acf
SHA1 10127ff97b1bdd86424278843b53e346f90958b4
SHA256 9855ff99e5f115621d623bef994f8faba93446d005cebe1867832495041aa91d
SHA512 cf1423731eceb28aa597a4a3653284134ab1dbba87fcec21b64ce109416c024b648dc2d96755a3cf089a2e2bfd7fd8f809a4fc7e54613b680bd5ab4fe6064bcc

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 d9675da4313ca3981721deb0c6d7ff23
SHA1 c314048c422e33d0eb8bb7fe5ed86e24cfd78cb2
SHA256 8e740c87b537d70c8d9767407901dfda132393b4c72991e6ebe67986d35c47a5
SHA512 611673845e98b442919b2bd2445ade354f0e877cc21b4bc9e03778e73b4dce478a028cfeb075640df3c3299f1a72307a5c01852b352b5fafd931d9fa055d73cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 7242f8893fb7eac6008d4100a5ec8ae9
SHA1 caf736e36b748285974cb337107aec34d211afa6
SHA256 d2dceccf54d2d919126543355326dad726358f809aa13d12af8f7a626d4af855
SHA512 201ad5906c83740c852e663f8b457eff127e6077c6d486b3f7438a16f34b427fc84f2dd1c25eb1dfb5b5d611f0efb67ba00d188990ea4450b1da82cbf5db8d6d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 dd6bccfdcb0fca4eebcf495c493c9699
SHA1 ef1c2b10ee045f5d813060a87daf85e91f0af3a6
SHA256 8ce94876b525ce7bfc6b1a2c992b2872d7aae16d0b27bef259113589778cdbc4
SHA512 1d3fef527e44e359900f1b84e5c010d027e31adb465700a1d871862668249dd4a27618e9852af2efd66c2f3287bb5a235626734f6532a089f0b18e21196ec850

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 d2670bdcb333c2cb7763673a1b0d5193
SHA1 a41665224a6052a1e862bcd5744edcb0e9a0ef65
SHA256 c8f3b048aa67f994b700eb15a29474046cf7b283efe55203d414fb903c76b6c3
SHA512 f0a37d9050ea1dbf20fbb7af8491113fa751a3c3fc431978b4dbd71f48abd34850207991f4d372ff22564a4990ee301a1beb608ae5b6d92b61584b105d3244b8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 64914a49b92842238ea60c255a83bfdc
SHA1 36a11d48f5fa32ae5db1f21e743f40e56a6c357c
SHA256 a90ee04d6505024293b2bbcdb649f9c9d546d2de93815c68056f58ac887ce88a
SHA512 210d2862cc0e605b880549524b8a59b65a6ce519d3fbfd9afce72c5a9df06c2c86b0ba14e2a363b1c6143e26247c751823f8f0ff57e1894c9cdb09905a683a8e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 16f890afd1101d775a8a821d17f069d1
SHA1 0c3fac4aa60116e8aa749748ecd3d8a5612d3b47
SHA256 76b4a025e0ebb4ccf71262967675138f64fe035db6268a81f19dcbd7ce26f5dc
SHA512 d0fe2c114ad54a979a355626aea90616cc2ec5a17bfcccd8efd1e43bab473ebbf2689cdbfab4e4327802620b338ef1d693700714a36e897e49871f86257f92b2

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 e62ff99d6d1f400a6be175c7603a67ce
SHA1 64ca085a750612f8ca0aa1975cce2758786d45d2
SHA256 1634b186de83485aa0c26684cef51b190e346b5a76f280d3a3e3292f44787a10
SHA512 20cde19e1da8e6e439c92951cab7edbe85b230f5b453807e9e9302fbfebeafa0b6cfbbca325d47c9e704ae80e7a5c55c4c366762ac6cea65734f2f84e910de1a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a1a8b4d54fd0194d910e036b47d32312
SHA1 ec2446330c777327ab9a64e95d28e01f60af548d
SHA256 83a9860d1e77481ea5a21303753c5455da65721b03cd8bf1f53288f083945c25
SHA512 5caa7726669633b876f8cb74ad14ed729d737060e27a8bd82e73ea79193e415fe386fc8e312798e69bb922cefc0a231d76b1e2157dbf40e7ee73cff0066fe776

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c340c67e8bd870b27709fd3cac522e3d
SHA1 0010400e4bcca4225a00073b0080e9c8dcdf4a77
SHA256 aae441ae1760bd0d2f861ea0cf44307c54a1636ed7bc56c61b20f10c9fc967b7
SHA512 16f88a4d01b546f187bcd419b0324da42806b6dbae2f275baa7a74ba8992b6bab3f6af9e1f64951c0eb9ab1bd1c8fb57c78e1da97a1ee1e0e86f8692bbf5a449

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 327f9e96e1d47f55065f78cf7eafd5df
SHA1 d1d518737e4b72f13d32e4bb18c6bd8a65603fad
SHA256 21aa999a607588afa1422aee15ded378a157c8cbbbe96091527bd56b7d319736
SHA512 1fcd7e9fcc203de17c5615e312cdbaa3736c4e5343c1e63854c2cf18ad757957e9a217c6ec1a28906fd7e08e41e07f74a2891c9aae9d50a6632de0dc0d215422

memory/1660-11301-0x0000000000400000-0x000000000040C000-memory.dmp