Malware Analysis Report

2025-01-18 20:57

Sample ID 241125-le78nawlfl
Target 9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118
SHA256 cafbdc49324c6054622bbac2fbc90b65b5f368c0db7da1813392108ed3c69f75
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cafbdc49324c6054622bbac2fbc90b65b5f368c0db7da1813392108ed3c69f75

Threat Level: Known bad

The file 9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2192) files with added filename extension

Renames multiple (2165) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 09:27

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 09:27

Reported

2024-11-25 09:30

Platform

win7-20241010-en

Max time kernel

94s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2165) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_neutral_eeaccb8f1560f5fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_905772087ff288af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_neutral_fc4ebadff3a40ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR16F.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OSPP.HTM C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc691d086f51f2b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_33a56559f125a9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Networking\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_rest.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_3fd358a3cca31c7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky007.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd86dfd1c4d5e0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e74ded66652fb660\404-7.htm C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_naphlpr_31bf3856ad364e35_6.1.7601.17514_none_0d1b28e7082c222d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-865_31bf3856ad364e35_6.1.7600.16385_none_2addbcc8b4e24096\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..framework.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_464954d4cafb345c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8defad3fb87a4ee7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_ddores.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fec51ad1c53089e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ce5e4d236c2cd77f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..-logagent.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0df3e9f064eeb343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ba9c9f6625ca83d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.management.iis.resources_31bf3856ad364e35_6.1.7601.17514_it-it_a36e3a6951a22675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..irectdraw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e56f850ce61b104\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fea62cbbf2ff4a51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-unimodem-voice_31bf3856ad364e35_6.1.7600.16385_none_a07f9fa9687232e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_93232ba9e6d74285\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-icm-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb94677d2155cade\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_31104b98af388df5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ucrt_31bf3856ad364e35_6.1.7601.18972_none_09a44b6a3051f6fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9b5d51a51f05b818\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7cda38f4d411d833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_68408642f41ba602\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_4afdc98b09e3cfe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiabr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_eaa2da6fb57c4491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-msdt.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a8177053ac6b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1ecd28dffecd4561\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_ccd1c51fc6ac7e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a5b315523d5b814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_4105953bc5c3c6d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..s-shellui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5af0e72895d1f55f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_tpm.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5cf8a45092f4398d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiabr004.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_dc874c484510a5f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_es-es_1426f6f92df62321\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c7d0e47b7405a8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b5a97f6beeaa556b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_31bf50e574487e38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\servicing\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_fdphost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_64b9ff406bba8e7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.scanmanagement.resources_31bf3856ad364e35_6.1.7601.17514_de-de_12b865f7f31eeb72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_696e13bb3ff14528\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-efs-util-library_31bf3856ad364e35_6.1.7600.16385_none_46efb78b042229ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_de-de_588769920e24e1c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee2eb924e76291e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2dc0ab930d5ebf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netnvma.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d029b57a521c129b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky008.inf_31bf3856ad364e35_6.1.7600.16385_none_3ff9d4676ad8549c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe,0" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "QZQVAWHZBPQSJAP" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe"

Network

N/A

Files

memory/2220-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6c176bc43468e6a76016bf3048cf380d
SHA1 4bdb98e2e0c4dbdbf272fd042214c9b9344cf271
SHA256 72a527578ad30c229e28007a2fd017fd9e0a486b96817f823073dec895d038f1
SHA512 1ed9603b56913c85168f536af5c0941363b479af24856c8c84bc036c92348cee1b213aca76531f26b29cccff4124f312fc30d9772d208678e568d5a803c4dd28

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b12f2d1baf1286b5948f9a2b007449fd
SHA1 2dbd647806eee50053103f50534ee55b42ba7cb1
SHA256 2897922edfbe123ed3055f2929e1be8d16989b79860768444bbe044d13b5afb3
SHA512 6a8d6fa9390ce7df4b2a5b8fc0578eb4ddb04c98f4cec4a0cd88a9c4c53f53825ecead47c2a7f4b4f4f008b0d709e035c771eeafdbbbd578d1fd36873636cef3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 55aef7db620c4ea1d44213512267d3c4
SHA1 0b3ee702f8561b13eea2ba9b26d6da414f723896
SHA256 947a156aebd0e5427fa043935e5faf0efc790ee52d069cd55af56a8051248713
SHA512 e3de7450e6e70ddcbed69147d5df1a9477d04436f75d05c86cb503582ff2a23d614860b1605641796dddac0ffcd965f3cf7399a22a9ffb907db2494f06a47a8f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 50693ab40c81e753a1dc97a85ed6e4f2
SHA1 e6c5522fdd686ba89a758f424759c89ee596a7a2
SHA256 1657461f6f69b597ca149a728765f59a44927f1274749f893bc3ee8a0bdadd6d
SHA512 92cfa1f26d266167f4f0457c74881cd466c8c2db6a1a84e959189015469825d9ae36a9877eec9a450a1997332614e6192f1cd9851c8a35f5e8147b08fbfbd4b3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 538e8ff1a23701ade890229077c84452
SHA1 437c2b7b9301f0cde63bef08b6c286fc4ac5f4f5
SHA256 492c36613f56abbb374f39445ba9fd9195da1d4aca188fcfc5ebc44cf7f2c104
SHA512 ffec15529bd6cf497a7c202d984b5bf7b73efd07bfe3885ba63a20a070529e14caf8e74b6311f9c278a4c59e03e5605f437ae75e4c38d163011aa37fcd52a199

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 81a0551f1f6b2f9860417584afd56125
SHA1 4f804e94f10484ad5ff671da68b5c2e4defc676f
SHA256 9d35ea593af3dd6d9d43bd34e75dcf3102e12a9609c34ae393b4fab7751235a4
SHA512 a6118487bc928d190ecb128453977f7fec2310047faf39d86b98e6b4c69d0f86ba24fcf25a6a8116a0970748fab2a604d35cca5053f1b0bf5fb087b52dd4506c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a4fe41c029b54b5c16c64b07e1d2df68
SHA1 835a7bd5878a70105495ca36fe5f4fc890cd591e
SHA256 db50ba2e208485cabceac6e2577ea05abf6ebc67dd1a0532cf59a90c01659909
SHA512 f921904a12eaa9be923208b961b34a432421ddea760774f85a333d9c970b02107e326784c6c5b9081b7b24cc03d57615051c01e9f21042b6cbe97f0cd5fc0f4f

memory/2220-2954-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-2953-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 75c31f646c08342093b6a69b30eb438f
SHA1 eee3c41f3819c6f5e7bc3648fec3c6150d8861a3
SHA256 5f3fb6c323fe3d2710465dce48ed6c555f4d865d76d8ffd466a88f49144b717e
SHA512 fc4def364d1c541fc18838432d70133ee9f31ecb78c165c7aea34f8af4a0b82baf031eac82b93ebb6e8456266ea075ef6bcf1516a118612d2efbbf54c13735d6

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 3a69e59d002f1a708109e4f09c38775f
SHA1 313bff2140dfc2b443d04eac4a4d83449abe7fb4
SHA256 4a71f1143521cb4bf0a471a2cdd40d46937e09cb198c642334339eb407e73b85
SHA512 9d2640dab60eafbcbb1f119c1c3c6e27603c96fc27a91b30e7dc139f7a3311399589ab7ab52ebde5ccf78026577bfd03a46d9d04bdcb44ce56c572b28e1a714c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 1d4d1e4aae642fad33804b105c23fddd
SHA1 0dbaf247e431a9ee03cbd04b69c4de408c0cb642
SHA256 92ac55da1439ecb479ab5a525e80a7b7494f98337f5f676de23189db69c9430d
SHA512 fa4c90a00e1bb142c32d0d46e8237cd549c60f0c1a887fc90c8e06088cd902b321d97d376035d366873a48a0dc94c5a0995931427da891839671c34e4e2deefa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 9308fac1ca216409d8f960f707bbc414
SHA1 2532eb6d52d6b1af567a92c8afd563fe845d8782
SHA256 c56c945308b87d139d9e14eddeaf0433c8c5dbd3decdda81cb735b34b7dcc8a4
SHA512 47bf21b4c6ca9b137e5c0afb8a9dc5b00a49bc20bc21fe6b6aa4c243f34061c0c0e030f3f88c5528bcfbd951f1439fb78495259e68305e074fc7b5e7c3740724

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 beb91976191081cfa7ba4ef89a6826f7
SHA1 be5c955694e35180cb32be7c495bc7d12c99e4ac
SHA256 4ab7ea39b1e33f77b194ae825be1c6cd9f33de208014f964b24fa6d2cffbe147
SHA512 ca6b7af01227b2913b8599053d0444022009fa0516cb68ccc1c486716844f5ac4638dcc2aed218a41b6acd4ef1f166d42308c43b55e0c56f6db5ba014e0e9581

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 eb3796d7ecd1b9be66ce2910b752036b
SHA1 e15dcde5a0618072cbae2483003cb9d1c86dd485
SHA256 1ac4060f9915dd3de7d6c3bf45112992414c1dbf82961695edad491459184c4f
SHA512 40e187f82d29a0eb654dcf71b3211e5561829af34b53f971a323d5003700fd8b8e08484e47f1e3d3e419bb1875540cf4515a73e559ae1a0acb839b3b4df28a00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 c017b9a020b2aa3d7b2d5b68dcea855e
SHA1 2708d8ab56778c241ac276f55ff6d0fefc8fb4c8
SHA256 b9600899c37ad599c4ddfded92ca85676ce6a180683687a88d57fed8b474af41
SHA512 57e97d709cf962d9ef32acf43ee1c1547eddf67a36ebd8fda39391cb5c23ac7addc75d629a34b52df113e2954cbabfabd2a6aef590b0cb586707f5026b1215c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 b65764dda4bbfc859c39af8293898ac4
SHA1 81400807cb9c138222edf6eac89a26b195cc0ec9
SHA256 c5dfee7475534d92d8049e354542d134861cbd9c13914be45dd0b4995d4cb601
SHA512 fd041874b7e29281be353a58252f9de04397d694e62616792300e069d9686ad03c31bd76fe2ae8c33a859cf2280fd7b69417a05ab954b6393daf23e1381c2236

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 63a54222e3ba67becdbf51ba3e8239b3
SHA1 1a934294beac0e2cbed5015acfd8de0bddefc83f
SHA256 7cb9ef6781463675585eeeb4602a0173d86698b988f2d4efb1b357c4972c5a1f
SHA512 e2d48100762abf2a2db4ab2523c4015903c66a3c8f7d12c142a1c6817c2d3cc728d36685fc6d27b5f6b3e0af92bd4b4cdacc93dd0ca9d364ec2fd4e44db78b2c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 92f07ee3c8f6fcf74f1b230cd575d4aa
SHA1 25ad87ecc337d5c0f019dd283894510cd5e18036
SHA256 e6803ae1a7e903d5dad05b059c9bfb6354eaee628ceceb0897838782f4b88f50
SHA512 a033e352338e7bf1db5cc0447f81cd1df736484052f40393906ee366f635a5b37de32a249e37619ab025f92b97ae4fdc0f3d8b988d3b9c2da018900c05086c02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 eac8ddc5da7fe5bff53828415e8e8405
SHA1 8c6ffaa9551933e7a966b5046678f155e6e72e86
SHA256 dac83bd0d929d795e9d1b1091c14ccdb6a5fd79c5d7250c61de9a7b84ab62fdf
SHA512 b200d81efb40c098fd0cf730cbffef8e07782cf30600f27928f60e62b03237331bd87070c830f07e0253fca1e865b40c2cc9be8baeaaedea87bcf5aeb4f78830

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 affb5c0d6a388022798325cf7fe0e365
SHA1 0b2c1040e92eb01d43311d672013bbf048d12bf9
SHA256 3dc15705c08d956f295dd838bad89e04130a015ba2580fc6d7797b19c5bcac48
SHA512 ef97d82e6ff68268cfa25f5fca67a843fc4045004d8f381a2ca4fde72f97ec28a0b010586fa7ff5d6c79dc293acf9f8fd0c0a64de0425fadfab680e5bffa88aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 d8336b15cd9c79561140a2620beec463
SHA1 fb154da8d952be93ba02a1db45c031ecaffa7b66
SHA256 bf78f66f2267e507973ea085c50a53c6bc1d521ebc740b467cf5e73fbe952d51
SHA512 51da1b301ae0580b10753b7c6e3a1ff6cd59f62bbba561683326cd063b2a1ce1ba357d2998c45f95984327c6628e513493526f4443ea9f2a178501f77dc2fbec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b242d31ce9617d02c164a1e2ac3c3f09
SHA1 5d09afbf58d008557d80b8c185625fe950d4d574
SHA256 e7662f6e4266cfea3b3545c84828a14d6263ff4817657b2e43a0bde1e9168761
SHA512 05ea0f71c8c585a383327fbc6c27e7f63531b749c9efee29b03f3c700baa4715d2d1d7225f35574b4bc9488239796b404d0d6b72645ef4fc209a064e96a5b692

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 53b95156f843e0c8ca9e15130cf4df18
SHA1 64d0e231e404a1b7ab7c07f774737002b956571d
SHA256 9c59a80c160738f2d6a9c1b2bc51eec32c7e2576b48f5333965c227a0f286bff
SHA512 6aa53a0507503904f8716be8f89e3c066d54d654e1bdd5e3431d78ea06d7c9c75a53fb2dd5591696fc046dfa5ca331d6bfbd31e2cf38defa91331b930f2d3a4a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 48b89d25c1edf9a4d0ae325da2daf747
SHA1 71acbf9cbe1e4583c53f36e574af449ee21c4713
SHA256 85965a2c98ce779d697d276e4e266ff33c764692dd7b1b49f77c9e6554f7fa1b
SHA512 f726893b872cba0cb88b69103ead757f21e0caa5c653124bd4cfb39f66c49ebee5127005f24a404342a266cda6345e691d89174d90761efc41f92a1f9cc0fd7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 6ec217ea807113ca05b740cc927f4b4c
SHA1 92a39fd5385295e3d031fa8108ba62f917bcd2ca
SHA256 b23f0c600282e784116140737fee3221769272c1d26ec716b509f2246ded8bfe
SHA512 38e867d2faad46bd2cb6b4933cf8bc5f685be2a51780493869370e49632faed684edae6f3159b78ab56fd265f8dfde2f895d294a77965113496041e302ddb60a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 c320ecd442f18a2f5356554e8ab2f47d
SHA1 a103552a46f945807377a08301cae5bf061035be
SHA256 0f0c62e382ac7e28a9ab80a13539b1a23ebe4267c88ef8b57facd9fabccb0e1b
SHA512 dba1387b2279189e2a343ab14c2fcd7e93c054e9edeea92dccc4528e22c77ef809b0e893220471528ea1a21d6e71bd903211d3bf58222c4a5ef9982ce373586d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 a5f425ba0b127a1aa09290e22d0b483a
SHA1 909eecf1e5c673c4a1da29c479cae415cdf7554e
SHA256 81d76df3d6de91a5c461f7ac71f8484661b01d6417ccb7d89eeda18438f757b4
SHA512 940d69d21f1c375e624b1c681c13f3134e556af259d8e3555ddca111a65b976f410e91352fce444fe6a0637e980d34dddbf2146f808feebdc6d57199484f37f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 beec40f074c92cacaaa45b8bc9bcdd57
SHA1 e23c2b75a7b3c47ea62ed8d2d5d378c53826b0df
SHA256 a114400c5224e1209e343e49cc3d4b5214c14ad2d634d628f5abb19405f19e5d
SHA512 c7c764b2e37f5ed694d2b8cadfee29395120541b2a1f689a044266c50d3aebd729ffc39d8fe15a6166443f5bcd8440d6f5c1a9deb9b2f607cfebcec820490145

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 4ad40d60fe890339100094b31ccfd24c
SHA1 d041be5ea047fffbaa7ffbefe2fe0518b80c9131
SHA256 410b4722f569589807653716a207336e58059e7f17ce2fb2ec1162afaff56e1f
SHA512 0ad5222a67d1bacac78f392674929b6f5a88704d56036471c31b2c5ecf94316b3b5670f4f4787bbb13528ad926760c27a9f67c52cc741cb13aa297f84a705c9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 7cb22a3981e8fddd1b37cbac9afa80bd
SHA1 1290d050e2336320b29658de5695c9eb3009b3f2
SHA256 e83b618dba56fb52f55edf23dae7b275050feb24fbb5fa9b1c77049abeffa410
SHA512 a153012567ed9df07886769144df29819146187e5824f1a6d94cb2c1fd30a7f9cc32ebf244262ab021295c17af4606f612bcf645d9d026bc45f813db6fe88152

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 07c348675490569b46940b65d86387dc
SHA1 6bcb091cbb2719f99176611c1f718a79d1962cdb
SHA256 6548d4a8db46d0b930132aabfa98e9303fc803400a71f24048daec7e1b933f4c
SHA512 a5fb059a71d7401fa9ab37350dd99ccbbfaa6c6cbbb83cf40d0d9e7123d56d4312b230008167a01f3b52adae79feb6d281f858c21a5eef3c2319d48fc4a5d119

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 370758c9677b717c0a53e49436138a48
SHA1 099eec0689d71fd7d3a18646f401acb8f6e6f5d5
SHA256 e9363ca406bece6fc8ee20cb16e6a03ca62b7023f96caa7d8c5863cb7d35876a
SHA512 b837b1c1c53edd58bfe38a21647442ad44b5e6dc24352dd45e83babf094ff7ae6ac1ad9c42f671ccf9a591b863fa4b1ab92a44c6e8684cf356aed3d6382994d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 37083b448980b2fa529d7ef4edbf6e7d
SHA1 85f8e84dff125aa4a3fba86ff21fa301ac2e7197
SHA256 c25bac09c264199c11f1e6f211566dd44133e9023507569cb757b9a3b03b4643
SHA512 138d2885fbe5ea8afcc31ff367d21cf12913a64d2e1958924911267fbf5b024f95ace9a59b6f7990dca90cf375248095ef9d560e17eb0ec49269da5de2a954c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 dda90186f53803ad048d2be15be3845f
SHA1 39dc8efa5ff4b106d8b4d0c8ca23bcf8cca3825c
SHA256 8e77099dba3d7f59bd853559c9bc5b52191388c79b0a4fbbc5a7fa197d2f1281
SHA512 cd87989cc9f829c174858ce532a9cfa5dfc81d00a2cc1c8308a728ede8abe0bca3f79ff846a3a34243c00eb704e9891228e3fcf2fcb5af28a8248b7ff7a3e8d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 5c68be97ab9af23864bbfa3249209627
SHA1 71ebf0059ec33220559c6f5ee732546622c4479c
SHA256 34c09cafdd79b921b111a222368e0f84ce4eb6450d4cd50a135110dcd1040c46
SHA512 1fe0d69fb79dfba475b103ef9f98c47d7576c13579913032edbb7dbd78c923914ecdabf4e2506d74c32fa49cc29f6f9ea9bdad020293168e8ee2f21208a95e91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 fd365ec0250fe5d75c465f3897de7595
SHA1 9bf721488aec895a0fd8a512763500fb57f3f8e0
SHA256 8f771c05d5c396b48c220166395bdbbc9b34ba56c34e1fe0479154a096cec801
SHA512 3846e644dec78c715d451ff09ab491e2b6f17c29c7bb076770486adc3c3c282b9fa81dae465c2a05d4e4753ead8952ed008f216b58747f96e521e1dd921cd77d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 0290692847ef04acd8611acad307ab1a
SHA1 79d02824c9f1ddfdb3d501d3e2f3f34af86852ec
SHA256 d0e5df4b4626f9e1f0377d32f408813ca897c4e0152802b9846ebfb3b4db44b0
SHA512 0779cb60648b7b1100bb35563d6ce60c92802c35a1dcd38cec63e6c1712ef12b5c94e905af57b1a922fdd4e3b4b8c6938a0015329af9bc3bb00592614697f7c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 6fd07c4901f13e18e90037296ba5330e
SHA1 90c855297e6a083aa7291d05108ebefcedd21c82
SHA256 2a0d474c232b0b3a9f256a3b05b5cb7e0082948c62b9bd771fed49f5712d4257
SHA512 b193a7b589448b479fd6e108e15f17cd0124fbed17720a07807bfc92f8138edc7f25b3f08b7f1cb84bd66741925eddb60e0f625376ab41a8ace4be8d32e9f76a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 87fc7e69449c33f0697e008525b6a6bb
SHA1 442a54a66ad2f8193f93296e003fb68069c9f84f
SHA256 d7fef3d093a17cbdba09fa5ccf086b08b033765415f124a1546987ae977a38f6
SHA512 6b74c7d382fbe261611eb1d2a432c0eef45827c978f0932f9b32a247f733d0dcf3ca94e9c00b08e848e503eec51a5ffaf1a47e6782b2f79beb2e7f78d6a02171

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 40158cde36f23fbee906fe5def872899
SHA1 d14684582feabfd87663a30b94fc13dfce6fc42a
SHA256 4a87a9c2f0df05bea576e922aeae50866bd68c0270f1f21d9661faad0e63010d
SHA512 286ab50694a7a089627ba86c82c63c443bd5c8f776250408a355fc52c4d5d4c0520d4f73d2219b7bff41d42ca43f85ff324bf238652a5be1e8bbae0d35b8d804

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 c24ff32ba12dc9da6ab5682527218177
SHA1 adc994c12710abf6cfe1b41b1976e2436351e003
SHA256 c35382a37fb1aac83854b67a9a660e509fb0e8a0dfab9884e8cd26f45ef1d52f
SHA512 80e4076bb191cbfea1d7443b10a4661b277b43f1a2a626fb87448b7a8b4306da5db0099a3a71e92ebae1aff792a8ba9c5b708ab07e41472e965e1e878c9e53eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 0866032633285d73cece2da9a6b57346
SHA1 315d7d4d05a49812925bd179a93b455a39d0485a
SHA256 5cf6f2a12ee581173201389527e2d4006c2c2f9bbca9e7d915990c46825474ac
SHA512 1ef75beb7d7c64dcb5af139aa56345bd0e7835c650ae25fcc222cd6bcf0f74c47c5138f12ea10084a2305e4e344acc7bc510f8cd1bc17f8b5e5292397176559e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 c187b35c1b3baac7f3deb9f0cf70ac04
SHA1 26e916c1ccb00dc5a4440fd2125faee3acabb3c0
SHA256 f33c0c7700123e51b6ce9e64ef024b68e0697ed30232f5c9faedb72c3ce99176
SHA512 2c64c859469d7a8331e3c10de1c9b7cfe07a365ad43161a1de84194fe77f3f34a2e839c82d03ee2df6b84363c97d32b419337975e254fdca7b13ef442c2c5091

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a3cc0ff9f222c8777d275ad0c6a3f8e4
SHA1 ebe03335ac28a6a35e99a11edc8302e6ab0fd1dc
SHA256 9932be1f07a7c8bf0c082e421769d142982571e033ea0e0314336df85aa85bd0
SHA512 828f61094693fbc7873865a495868140ff0dda1f39265020d6cb2b71905fa5006029a86ae765c403b24006b51b11a528403decb940234db04b6c8ff824fd7787

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 7fe8a2dfbecdf32d3ff73945b8306f29
SHA1 ee93d9740bba6aa04ab36e76bba2360ad7ab73a7
SHA256 0743573909cbe5fbc29d74f59b1841656148da2774e2cd97668fa5b9888823ca
SHA512 c9379b87e5c737e8ce96a1b975d5428d678d6488443efc4368fca3f162e89b36311eed86e156f7d95c0588647add0ffbf423412b48b273adb680cef7afc3cb7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a4edd2e8414a2bad7fa57fd593cf5516
SHA1 46a256494dc6757b96337dadb633fc38992e320c
SHA256 d740ce96bca97af747b9a7fe621931613c4ccdac1cc83ce8405c2a03d29460d5
SHA512 14bc83b65abe0b75d66b9698520fb46dba2e41ff01adae652738a50b1cefd266f9d37687ad9c8d956d2b4c7ab1f7bb6ed5b00e00c6765a8e23473653ae8b0298

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 06bb0bc2bb794c8cd152cc81fca3af2e
SHA1 281fe80478c4f477325c8755ab5b76a6a20d2b53
SHA256 997b77470e1d65c1c2801ae4a04eb4d54fba3102a96c82dcedd43d59ba5a240f
SHA512 452c1d9304530946907f43f497cc3135773d8097e576e4b10c010220aa7c4160a26b8e06f9095fbd0a9b5caa853bec233a1bff36dabe01446da4e1522207c569

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 47f97f5e89137d13656abdea6f4e1789
SHA1 05a78863a895645cccc65445e46e470168e4eb95
SHA256 6e712171fef83d2b21ed31f0128273b8a94ebeb925cf5331f1b8fee2a32f5d93
SHA512 47528675b790292020c575d8bcb6017e05a9248ae51c6dea4c2d5e37fa379912320b30842d3458efa63dc1351e0e1b266a9f57745026d62b98892deab8d19322

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5976abf2cabd5741fe91546b855e0a37
SHA1 e846ce5c0206787cd3fed5cb8aac4d9355354b7f
SHA256 43fe0f04f2e5a50411eb05bcc4ba610c55790455f98dddf2d3578b0c19cfd40e
SHA512 7c56fa903db7cda82a28d3c0fb41163ca2c68f70ff66ef285640672b00970098adf7e93771ef5a97b2b9792d51ac8fcf5195068ea0846b0d4e18ed325068bb8d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 8dce598298d35cc84c3e1fce8657d4ba
SHA1 31c76291054ad087da7665d4a813d31efe4d0e5f
SHA256 ff80a89d3e92004f3740f70809e85fe51fb2c2c3821e1376683603658c025467
SHA512 11a19de780a993ce4fa92d5c72f4a33d534cd0d5c6f6efbcfbe940a7db655f9bf09b33aeecdc24c33dea89d1cb633916b7a0bbf265cb7f0b6ce6ca49780a90a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 acb015272d504dc170c7b1f02b000ed4
SHA1 17befbe8698ec83d11c35e13fd95700f33c852dd
SHA256 c741db067c30517c8962cf9968ad75efd1d8ea5276f8aa81746d9d78e4dcbdda
SHA512 042478a8a8f6571b633afe98460bab29ac25cea029d05dd27fb9df39d3a2a291d12b9c0101d7b222d4332eafd2969dfad19640041519be95a06bcb8f5b11be51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 2dc6f654cba1a3fe27b7502edf531f26
SHA1 46d872f473134967ddb5071f66e39ca68c1414f4
SHA256 33e3a21a89cb45f06f5dabc17c9f7f8f486353645b470f5923c33e9818c611cb
SHA512 59636b22cc37a428237222f19a951217a6c20c8d1f75eecb410c66964cb43814e0c80304fe18bd1875095d139f0d6050e4d8f853011c21aa68cfd54b0c33959a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 d8506d9086d9470650b78c4a81f06d21
SHA1 dd7604171a39731b01acdbd4e6d0f901eb3456e4
SHA256 9d164eaca9f03bd5dbb4feec1dedbcc94907dc398d0407b777e3b1c152d3fb04
SHA512 9fcd23d56b82c4f7059e9a6b78c5a36a7e80b679bad0981c6ea84684cef83a619f835a9bdfecbf813853b2a660444cfbd5c844b67fb275259dfccb54ae33d24f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 9e15d5432979b0630f5a0befd837d2d9
SHA1 62a25d28bcca7b72cb03c9d103ead9a4e03bd503
SHA256 3ca135c5a4e1dcd555423e8f43f0057ad61b2f075a79e574d72b3ab07bc066a5
SHA512 752a7668dfbe296983084ecd59f045f25c6530b883fac3bd8a612503f4b24b0c9310d68a066bba4f2b001773721b4d003658bec71d1184d7cfb10e29e96483f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 b9ec87b84368747ed97e3d513556cce8
SHA1 db453e1896bfc9c06c23aee5658c8b9419940a04
SHA256 e55b4beea1b8a6c3be470c2742a64463194a48a84205d0822e7499c559053f47
SHA512 0d4bdae23839f88339e2c49b36e112ed92c4f58508b937ebfd81920bc7856b1d3bff53a9e4e8d9b116626becf2150a81d4a250f887c870b01b22b4d302779522

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 48447315daaf6150fa5b16394f081db1
SHA1 29d8163f5d73c5dfcbac005fa3d77fe1317f5529
SHA256 533de197c0933ac16432e06e9bc9d372de1bc545239fdb509fe6d12619516202
SHA512 80ef824b524b3e9e0b76ac83e8623c585f6a1d511f67df896d64adc10015ce6ae07734cb3ce4e119fe6ddf47d96e54c0e64f1680690b0661e3da05543f888647

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 72bfe84603bf8604c54fede6474d3e74
SHA1 88ee5fb5b244a6a451c7baf59d8e0b4edbaa8866
SHA256 c3a09663b291cbeb82963cb56c9e123f289b1b4ebb2be4887dfb41f95eba363c
SHA512 3d4ca7b83bea9c4355e7198e243b41778d3f138c36faf04319eeafe6688c006d62d43865a7050353b978f7aca853f66825de2a8e31de9a213fb80d621e8794d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 454e5b0dd9dcfd6f8b1baca8c81a812a
SHA1 881c1890116ce01c9a53e96387d20cebbf730908
SHA256 088cbb8a6ae64b2b4ef12d1e004cbfe613fea1c306c69a2f36867e7740a6d8c0
SHA512 f57c6cf1e70c8d48c7daa597c40931a38d942858269cb19cd4a56f91fe9e7f4301961f83ae3827d31df393eb04869ce9b593c6821eb4689744fae62f6f24e584

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 93b1fcb26572e5f46008519fdb6b473d
SHA1 5183f38254afe98815911c977df68498f4451504
SHA256 fdcb04d1dc59d54fbcab348520140e3c6d27f46c53483f127a4b9c702813723e
SHA512 ccc299f8b2f4b91be84411b191c9bb56feb0ffaae7bb6ba562ab79d0c9cd2957be95f046e1d38dfe1e902bacf46a8e2e521c528950a4cb95ef05eb8fbaeb90e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 f8be72f685ee952e623413d0b70a9a0d
SHA1 e13e36f637968f6d15b7922c9dba54985ecbc446
SHA256 3f864bdb947fcc0ef863611e3ed9246b8bd6c4fe1371dce54cf3d2f5b69a2090
SHA512 698e931b34015002ef98c5d22835e70c85355124358d5d5dc9cfc265c4f98a59bdaee1f395c4d7a78e69c4468a1fb517a05b4ab5a5888ed7afa65030b18b5d11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 3a5c339e249a04af782c35d685dbea35
SHA1 8e56b35733a465a1284e4eea495067b54d4385ed
SHA256 cd73d7f17d96400849b90244c3ad104b686b9ac540c4869a7198dfe26eeed5a5
SHA512 b69a67552c7a7f2f0f72fd2adb1071ea0f7be0b5ff8e6ea38600d907a95a4f500fbfa373c53d4dff11d9ecf6839d9e61d0537e1f0904d57eedbb05cef2f70665

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 ff82bf06d9ba9089af0f26935077fe63
SHA1 a939c40160fe7c7747673b027ffa67e58f8bb09a
SHA256 509a47f574e2277f80fe442fad0fca4c8e3cb5cb8ba847b4a266144dcf088678
SHA512 39bc15492d747b24815c347b862800409b21b3200400deca9377aac7d4fbc74d2067b7ea2f53cb7be9fe1eab46b2c1bdac667664cebf345c02394a7ff06d7755

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 91b852d3f6275c2856a45d9c24adf259
SHA1 7f1bdfce9fc58e32c80ff5f763bf407bd153cd75
SHA256 febd1f62125153f1f58fc0f5ff26982b76f274ce8e0c7168d82afba209af15e9
SHA512 3d62ac8c70f4abb00511301077d655820b06883af79df33f2f9ad9de6ae2d8eb60fe55ab8dd566cf6694fb5c67bd408fe1e3b86c5b43e0d0713bd08ea248498b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 d4df72789103ecbfbdf40b7e60ac7190
SHA1 58a05fd53a1de21445ba47f0a7c31fe5cf1319f1
SHA256 4fc43fd61dc5a0d4ec9ee563c9289e28c1f5a04b1c835da901be6c46d75e60ec
SHA512 9196a303f30d4b94b17729861874b10aed2b25a9cfb52c0b6f41e085ab7d32f1fb46129ac5714b0c8d7085bb16f9f6bf5fde9ae3bc3dae0b3b08785c54c5e21b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 65b3f2df06ab337685ed3fad56560cf1
SHA1 a680f868a08712b32f80b94bfcdba9e84b828b36
SHA256 33095c248fd88e1f140f3361936b51caf5f3059d8ae28c723a01574e815534da
SHA512 e8413dc92ac310b2753bb8ab8e81123345f75de6686615e90885fa0852209c52f98f7ac3f0e69eabe4e5146e57cab19b2ec07d1431e1f04de35a6f442f060af7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 179e3f6d62d8e99c65c1c82b3c9420cd
SHA1 7e471974ebe38d9db925b66b618dcea5bd0a9b2f
SHA256 0d0cd8475bb1704d03197d164c1892f217c27b535fcf63dfe0489bcad80ec5f9
SHA512 48bb65ca7e500e0111e7d194430cc7b911e0c38b6aa2a5553fa7effabeb6955fe0c65b45e1be22e22cfe1860878006431c4c006e6a175c75e2b473b89dca53c8

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4a3a9dc8f6f41e86e82ec5033f35fb15
SHA1 c9a39a2b6bdf8a9c744860222e9959e0c2daad31
SHA256 99bbd8e6737cdf1f3c5a201518aab9a6c66fe09ce71c393efe1ff29930daeb1b
SHA512 f4f71f11526c9885c98e4fbe59d8f4515d5a386ba008fbcd5578a8e2a4f01aa886c5e9d8066df5700602f7ec5ff7f7ba0efbac7e7b089612592f5816b89bafd0

memory/2220-5906-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-8433-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ebe871e58c820c1d23088370225564c5
SHA1 cf3e179085132fd9c1bd5509bc5c96589a712dcc
SHA256 f0778afab13e5c5285d979cc04e47a8c2f7d2eb26e5eb3ceccbcf7a7a87b0ef9
SHA512 39c4dd4b386a4d66d0430ffc8a4dd906e853926a21c25e64eb832ab4176eab460f6c9fd71081b98999eb30b8fc47e5f4737d79fcb64e1c4531a74d0618033c11

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 67d6e37b1a33b03d5e0b4893170d7d48
SHA1 554970b2f6210c132a4035324c1bbac40c1ed85a
SHA256 c942243cabb15f135dec5c8468baf537ed02ec022234524e03713565542a82c1
SHA512 e98bd5c88092677f55bf740608df236c059c230990ce73ed9f617c13015288d233b703e90a85b63bd965726b0fd23bacd7ac98b6e3bba7498bb54d727b8a68ab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 e4f44cf132f57bd3e6e3b57cc736b653
SHA1 e5f6315f593e27da3cae9b0b9f1ecaa67f239a66
SHA256 61e30abc4922f85343adba1b6ad2190e2e2c369ddb593c1d80e4ce43ab7879c9
SHA512 5a46f1b2e00a61cd9f17255ae04becc7d1e26c11868f747de38e45a367d7b19d96f1b11d90f371bc0b0a6e004f17a86196d5d340aee88fca00ffa76bfb616d14

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 89e873281a504e9e5e5ec9c15a1ceb5f
SHA1 ddde9e68f814912415f60fb93b4c886f2e9fce39
SHA256 22f0c2c8ea21c938555f90f68f58d9b70e26adb5efadc6993920f4c05fc171a4
SHA512 2e5fc350aa16f9d7f6a1a013d79cbe30b3b6dc863f5dc2ef9b2dada3584d8df27293d60fafb8daf96766cc2f71dc58fa694d29a7d033bf7f64fe44d09420ab00

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ac9a7e0507f8b5b6de838da3f1829cd3
SHA1 d7e2a592ed862aec8c5c43aacd1ddd10f094079b
SHA256 ed9bd05cb2f543d4624b6e23a46137046dbe3af1711d27b595f8bd1c41e12e69
SHA512 9afb513cb8b1f1b284b2dc4cda42af3f9c7f602ab525fed2b1c64d961aabe758549696137b9255e0e43d512db7afd1dced9a7fc069b5dc48ab0b164a809e4956

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 13eaa67f6fbc17a414ad257b1f99b248
SHA1 9cc5ef9337dda4a5ac22b7ffc6be53eb457d7bd7
SHA256 0952ebcac27ed018c65455971732a05631ffb7af4d220baa5f580899ec5c964a
SHA512 53233d201035ba24b2226b01af2e6e68d5f2567a3a6c08edfafa5ffb2f5d7b5fd6b992adcf810f6152b7a699cb074b1ce758bf3d75bedc501115c1b4c54a804a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b688e4bf9fdc9a675b553128998902fd
SHA1 4fbc1fc3827fda07a29bb4e3a47399f6665f7ca6
SHA256 ec292978854a76fc5254d34aa484b43eac08a68b836a8243fff43c91a43bcf8c
SHA512 d2f824b1068d097cd2ff2f5a54070f894de0d96506806006ca290ae5d7b4a6178abf93afa09faebf5cd26312246dc96ee9632820e344de3c9dae9f61e265574b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 562427f3ce441108239e60812fbc6949
SHA1 6faf1ad32d97c283380c2b6b9cd1d268d5f8028d
SHA256 c77a62d9ea892ae86f8fbaa4e8bdcfb4c852baacba5abf5dc935b3eb218f79fe
SHA512 fe0b477401c7579d8c5b85ce9277a3d777e31672dc69747bb5a2dbc3c6aac4de65e9b230387534f6b703e8af9326100911c9cc3ff269d8c9d15b62117c7d82f7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9902de682556bf1f9969a6bb10712254
SHA1 11bce971681887d596f290b5e1b1547bc16588bc
SHA256 d5929cb8fc4dac64f710003ae8cedfe96cab665f38d15abe6994b1b9445fdba3
SHA512 5222c176941bd9c23cd49fe6e6b09f33c67d686e0d1fab8c06d50a6e598e108b41bad85c944bf06d71bdaead6c6df058834d1f50585f020fb5eee545b1038dd1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f6a3a9cc5d5104a85177cdc609f6cab3
SHA1 69d3c95bb41e178b753f9a95c7cb9c499ecfaf8b
SHA256 face3139bb8b5dbf4c13e9128a462e2199b16da2c70d13137fd8c4e50b5f8c3f
SHA512 4656766e01e07fac455b4ac69d65f52f359c52787443fb8e44573b9bcf064ecd10d9298e7de5039f490ef5caa7d1dcd6940d07d7b097ca4e7df73f09db57cb9c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ca8959a130e36628f5a9bd1d71c67b65
SHA1 ca597387226cfa10dce5265fab22c7e62d02c3b0
SHA256 8ba6a0a6a16b22e4cf3fa0363befc223e723699e7b945bf999efeb7d6ecb878f
SHA512 91c641ca6a14382cff6449e429e8fde37f9b2ee1c4d208dc32953f65d95bb4629b9789330a8dc06c45c119def23f95e0bdbeb49ce944625619b71e3ef419a3c8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 179edf0fd944014a91984eb56c66093c
SHA1 ca286205381ca13c85c318dfde1916c2242468c6
SHA256 1520fc2f604d54e0666cbe4c41b3cf4b427e7651a63e0c1359fb0639b3deaa4f
SHA512 98ab0d2b0f347ee8c9a1b58092f3adde7f3486f999c031d2ac225dd2e67f1570273ae554e5311360d6925125b550e78adc4697e621c1d73356e74e2b4862830e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 12c78636409db92f39578b0743d69eb8
SHA1 ab1a0bbfdf97a61727643847d35a88aaefb8a048
SHA256 8842e3e2019c9b95018dc9cc350e9a09b0abeba4805bb63cd869df8b1b7faf8b
SHA512 7f70e03f5f37e9c5fca42686f08765b4314ff052219d8be51a6be199cdd0f3a560ef801da5efff3ce20ae02cdcefca16a9263f509755796143471d259e222cbb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1f87ca4c0f92752bd8c75c0ce1033a0a
SHA1 a9c7f36dffd34fe4738ec4209124232ad08acf16
SHA256 4ec53e7e4f1b50cdd142e7fd1124e5a0d5648750e5674becf072351b7c8f287e
SHA512 d472971be12d284210694e585b301027b1bab3cd5bdb5a6213852c7ef5a6a802a320782a73794b27c23fc4ae801a6be4af0f723c2724a6ce7a3756ef9fa9eecc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 8b8d3684466101c4202746d12072ea5a
SHA1 f506a750eec30ecc6d9a76d72d2044f35932db97
SHA256 0994c4b7314c4978048ec1bff878d311a19a0403322d9cc6640bf038617111e8
SHA512 45f1af1ec6c196c92dac90f027d4d27a983385b188fa0039dda482d7292a2cf3a145f4cdd279901e5e220d6a4756331500771db5b567a3f286a9805aa258bd7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c14b8498c99bb98f61422f033988c889
SHA1 1749937a397253e7bceb902a211a1fce841031d2
SHA256 2ec3d3675e954c1ede67c6d1a7cb1ab04c73efce9991e52d3c784841ad16cc06
SHA512 1a0ffaa94e4a56c8eb89c5ec4dadfb1bad3e0141737b4486f0398b23e476f7ad5ebc61e922096665dff490beaf4be40c552aa92d20a77e33b5110aa0e592d9f6

memory/2220-9055-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9056-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9057-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9058-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9059-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9060-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2220-9061-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 09:27

Reported

2024-11-25 09:30

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2192) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_9aa94bcf077169a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_4c83ce3a06d0048e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_93b84ecb5fd1cc85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_7cfab61cbab23e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoDev.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square150x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-200.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\forms_poster.jpg C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-36.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySplashScreen.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-32_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-250.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\msil_microsoft.security...ionwizard.resources_31bf3856ad364e35_10.0.19041.1_de-de_b6f1cf046804e99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_f79b680f94668688\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020426_31bf3856ad364e35_10.0.19041.1_none_e5a73036e74ac45c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient_31bf3856ad364e35_10.0.19041.1_none_7e6778bbdef42354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ci-wmi_31bf3856ad364e35_10.0.19041.662_none_6ca666bb17871538\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..s-mdac-simpdata_tlb_31bf3856ad364e35_10.0.19041.1_none_4e091aad68c7924b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winocr-tifffilter_31bf3856ad364e35_10.0.19041.1_none_f368b002bf60c41c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..nsettings.resources_31bf3856ad364e35_10.0.19041.1_es-es_1382d4dd3b44eed6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-adminmmc.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bad55be2b605c7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-propsys.resources_31bf3856ad364e35_7.0.19041.1_es-es_4a53edd11736317f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_product-onecore__dual_btampm.inf_31bf3856ad364e35_10.0.19041.1_none_89d05cedbd2934fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..anagement-dmappsres_31bf3856ad364e35_10.0.19041.964_none_ee6288e2a9930d7f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0d2c5826aa3f5888\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1266_en-us_68eabd5c6b1d4e11\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_es-es_b5a569b8ef1537d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-internal.resources_31bf3856ad364e35_10.0.19041.1_de-de_0998fc3ec40f8077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_10.0.19041.1_none_0a9403fcb970687d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_srmlib_31bf3856ad364e35_10.0.19041.1_none_5bdb1eef4de17ae1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmserial_31bf3856ad364e35_10.0.19041.153_none_77ff19f03034f284\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-usb-winrt_31bf3856ad364e35_10.0.19041.746_none_5bb989aed3172891\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_10.0.19041.1_none_e2a1e85b858f5f9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasmontr.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d2edf4eb729cbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_10.0.19041.662_none_4b1d718aea4457d6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_wpf-presentationframework.luna_31bf3856ad364e35_10.0.19041.1_none_8b310a74f03b7aa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\StoreLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.746_none_7946fb11bf19dc87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msieftp.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_946e48e32e255073\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1266_none_4a493e58c33c1f56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_prnms002.inf_31bf3856ad364e35_10.0.19041.117_none_cb9f3b702835005f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\SquareTile310x150.scale-400.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tcmdtools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_35a4233951b0fef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_10.0.19041.1081_none_785913d6d8513d6b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8185c61d44558295\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-400.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..nable-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f287893b3953867\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_10.0.19041.1_it-it_6b56ba0388d73fcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Device\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-printers-winrt_31bf3856ad364e35_10.0.19041.264_none_d99123128fb92294\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.servicemodel.install.resources_b77a5c561934e089_10.0.19041.1_ja-jp_e0f564a9572a88b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wia-automation_31bf3856ad364e35_10.0.19041.746_none_edc048ff570e67b7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-200.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-httpcachebinaries_31bf3856ad364e35_10.0.19041.1_none_511649a6932fde88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.security.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_f6755d9a7370cda1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d982646aef5facce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..tprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_d687d6282fbe951a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_it-it_7f6730ae1278a605\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\wide310x150logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netwmbclass.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7d747017ee767f46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.746_none_df620970ba05b4f3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\htmlfileicon.png C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_10.0.19041.746_none_b50abe60cd67ad0a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..windowmanager-redir_31bf3856ad364e35_10.0.19041.1266_none_a5cd18cc18a95cbd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8ead8cc463900441\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-taskbarcpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_2abc28fae1544bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..-core-tsp.resources_31bf3856ad364e35_10.0.19041.1_de-de_7b601ab5ba6c0c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..omain-clients-netsh_31bf3856ad364e35_10.0.19041.1_none_baa8000b182fb17a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "QZQVAWHZBPQSJAP" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ia1lo4q9htaIVqA.exe,0" C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QZQVAWHZBPQSJAP\shell C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9aa3829afa5be8fa42b5f65c7e6ed3a1_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3196-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6c176bc43468e6a76016bf3048cf380d
SHA1 4bdb98e2e0c4dbdbf272fd042214c9b9344cf271
SHA256 72a527578ad30c229e28007a2fd017fd9e0a486b96817f823073dec895d038f1
SHA512 1ed9603b56913c85168f536af5c0941363b479af24856c8c84bc036c92348cee1b213aca76531f26b29cccff4124f312fc30d9772d208678e568d5a803c4dd28

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b12f2d1baf1286b5948f9a2b007449fd
SHA1 2dbd647806eee50053103f50534ee55b42ba7cb1
SHA256 2897922edfbe123ed3055f2929e1be8d16989b79860768444bbe044d13b5afb3
SHA512 6a8d6fa9390ce7df4b2a5b8fc0578eb4ddb04c98f4cec4a0cd88a9c4c53f53825ecead47c2a7f4b4f4f008b0d709e035c771eeafdbbbd578d1fd36873636cef3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 c2274a2967af0023e6c857720dde2e54
SHA1 0adefc1d6a456af5f24d93a76e1003f2af7bded4
SHA256 cb0a7d4ae7e9f1fd4ff3bf885300dafc2c303b03b1d93ca5af125f51c2641422
SHA512 9dd2838e39f9fad5df8498e129d487561a0eb318e41d008738a6b5e7544baf34341d764e8b60601b62366e697293225a8cdee2a3adac0003fc1146b255184e94

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8ded85e178d593e4f2b44d1038afb199
SHA1 3a8753fedead018ff6aa54a4a867e27bddc2d7e4
SHA256 6f79090de2a3caa139e2de351045010ce5f6590169de2571302f73c39f0ab7bd
SHA512 1293c888a808cdd5a624816ca0155dadafdadf2c6e7da2743c1209ef058c3bf44bb15b2a00e7c1e0575b495ccde01c658dcd4fb30bcd211f1ebcb02409535350

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 421d04c3be83415f3c0cf74be3b1355e
SHA1 f16690dc42e2e11256f7b443c61fb4eeca5d3451
SHA256 aad7707d7cf5009251305bfd47609536f1df9bc99e67b06030354a5983ff9a71
SHA512 a3d94ab80f9d595b1e983fd02d1d3ebb3fc8c3303e9f2c74aeaa9b82d6dfdca0fcf2639c73f08a901f29bfed46f20c7077f660977447d0419880d175d2ba1490

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 94e3897c25b48511d9d79a687da89eb4
SHA1 63a8519ad5fb46959b2b6d0e5049b80e8e020f0c
SHA256 a98c81de5606839a0120a430d3ed2cb93c1c74756ae2455fe905d7644ebc7e0d
SHA512 ecede7f3dc1a7cd5e561d22c1cd5fe03c63ae07399c67f08a6a9ba8727578dc579176d998b903e58acb6536e8ad1223213f9abbe740e2e18a6ff7da02eda34b1

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 a1effce0b581fd6821500f3e77e39604
SHA1 98b6fa301025bd30110ee860e6bf587505c761be
SHA256 9a1eb17c1d65bfc4d9acca61c434bcbfe49267c91fbfc7a791c06edb42ebffc0
SHA512 9908d5af850df84c20bccd4daed708d2b9e2cd484d2362344b86a675cbb24b989c10c4b2e5ecb12bf76d3299059fd5b905b16f68d1fb4e463669b0ee5605d2b4

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 8f0ce7048c86559ee883ed30db719590
SHA1 22eafd48b67c2d10879b0f5a6bcb355e5e7479d5
SHA256 2e75cb4d61b315f796d7ea53d520224aa83633e509f08010ebededae4f7a93d7
SHA512 80a9b65d4fe40949ac980fea74a7b8e8fb0931601cb4e7f9e085e419bae8385cae14a476a308db7dd2e1c250b24db225caae76c24393b186f860744d3d8c39b8

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 c7e777031c3ba350112d2a52d271f590
SHA1 2ad2c26eb59e7d37962c61cadc3e1745db630926
SHA256 53bc954acd2bd8295674f1a22d07ecb0b5a292247ba71bdc7c8bc3ab90597286
SHA512 fb25befb3988c62a01344c14e7bbefda24de1660db2d99aebedc1f0af7302411c59c4638808cd577f04961468c0dba6b4e14975755d6c2d9b3d7c10b38bf0bbb

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ee905f43e45a6e9233d8123817eab416
SHA1 86e22af791a5977d1d3b5aba68739403b8b996e0
SHA256 5056de066c550e846dcede8cc039ae1b1712a8cc31e0f036e3872dc897043934
SHA512 23b1b7111760251a6f8db33dfe9e95e575d01069478f21b5e694a5c41a838d67f7b2e00eef8da30ff2d7b2e88bd814f1b20f4e16949923e1df61d040cec6d2bc

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 63e16126b3100022f3aa8d7ffcb552e4
SHA1 8d9fb42fd2a01c465b3d7dc8c68c51a9ed63b262
SHA256 9e41cfe9f2ad501ee1ca50c201a169852c9b3ee6d6001d6d06fd521f97f28110
SHA512 d1a501b11fdcedf121ae482cca9b85950d04ac3b514e8473dd78df49be18541cbf2ee1be15a5ca70a13cf65b38cd2243e1e6ea95dea67f4b68e2fc0677b32267

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 0c4be8735298aed0f7b7af2485b9dbbe
SHA1 8c0470fa066718a20a4f2f4387a04ec3f0cd2903
SHA256 162aca02d3eda36c54a7e02f7a69139d0bbceeceeebe2e6d74d59d33420cadb4
SHA512 d12ca1c7efc6a910a5e9261118be46840e8cd0a3c7ee1e6ae505ad5c25ee01fd84e3cc3d4be7fafd93da6f7c661b125823442650f8e869d0517c0c7a358a79c0

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 f40f6901f87892e2b2769ea9964ae445
SHA1 3379ba8b98f04c7b717ce376b9a4c33365cd7665
SHA256 7e9661ea0edb2adf71f9ee133a44f06a15016faa8f7f2b245a58517691df2b76
SHA512 b9507f31686a7944b2d3875bfe1b83976f8bf623a078615106b613e202c64009d4ca88e44aaf2c6445d50429edd092173df676083562eb5bc8b9ef14aaf02e9a

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 e047b2ff711cb7777fb7afb205e28f78
SHA1 f86fa368a5d3be299eae69cddfc5eae7a3784f73
SHA256 54a3fb01fd5eb581e1497f5feb37188d605afef0b306fb82e8c0f08d89e2f6ad
SHA512 af993fe29934c33efa7bb0f79e2adeff9ff5ff640520aab1b5b22aebf46122dc6788b161dbfa699386842a69c40d269ef936b66f42d01f0225a3266993111dc1

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 19a83ea48030cce011e3dbbc0b708a61
SHA1 f201cf355353c4558398d6ca1e568e45c6d897ba
SHA256 9cebc93542254d4f74984dc05dd32453fdc27a5d9ff12ac5d15e0d9ffba59985
SHA512 fb7a4df029d4123de1332e7f958646877f5f3823fffa6ef30b2a9c9260bf7261043e19295cdea0d411b4454f750ad8b4aa21277030f8f34db20076d6e0b99834

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 73f33a4398e714ce950568fb8001250a
SHA1 5d1a43e24e2abac06cc53224af2f7567105b7b40
SHA256 9fcf0621c1a84265e8185179c16a1773b4bae8dbd103b8fb93ea4399e14997ba
SHA512 79456a584073abe6a848a86a061d187d18a64930a40846a6166c07b1d170a2c3315cc036c0e74c900822aa3f6e89c77a88d0b5bd52bc356d62e7c02aa2471a78

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 0a50f03bdf5d98c10416b3bcb8422be2
SHA1 9adf3627a5893206aa821e946ae871f436942cc8
SHA256 8f7599b9ba3ccb5d6d9046ddc3b88c4d63ae5b96060b04da7583637354426204
SHA512 b54f694c8130c254592b7301c36bbf274c63e2f11991a6b13fbf9010a9c44df6cbeb53b415e42303b35817c96679a15ed81e40f5bfd57db466036f2649c78230

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 0c861e16439bd6bed855ee0d3f9bd2e0
SHA1 fcaa0b55263025675ae9d433a231645bba16883f
SHA256 b2039874418fd52bd1c75dacd059ce9081aaaba0649c3c423309558b951a6cde
SHA512 e5737fdb5f9f9b9340921d9092100d4e7a36ed6efca834cd4d8ec9fa96c052c93bb9d725dd540c83a9930415724c1393e179682f6deb63d4f11420cc2df69162

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 60112ea516e41e45bdb0fe2b3011e7d9
SHA1 cc1be35d4168ba2abfdb4b7ab3f90ae237234895
SHA256 d22d6fd735f8421485d054b2c05e1993aec4ff62c4ae7ef4d403e0ab5991832a
SHA512 1bffcca612aaf2150c40306b2c71c9ef2a83027e70b734cad54ac5681205bb8e00f721d3b5478fd509408e251436218ba0e015b90caf70d2de047e17d3b15931

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 b5f69d2d9d1bc9dc15a1afcd62d013ec
SHA1 ffa4c504fda355f7b04de00a43dc4384c4c66972
SHA256 a4c61b88a5db0a0ee759a7ad3cf4a6d73204f846c01f960f25fb26eff81ce632
SHA512 c9bac10c2bc408be0bf43d61503c6f3b96cd346fa29930a8831fe3ad1477fc392b7bcbe71d0d0c7bb66d28cd4e87bbe8c26b0b14d52ec7b13255284edf7d57cb

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 b2dbb9c10416c06bbbd3d94eedffd292
SHA1 09f6e4cec81b0db925b60f82063e73e329244f4b
SHA256 16e8d1313c143a76efc3dfe3c67a96395b8b113e72404e8aff8f3c3b331d7eba
SHA512 cdcd5a01742d9fd38220151085a1c8cdd53a146005bf2f1164b17a09127e03f59ef38afda7e3e3df5485dc2db9139b04f807577cd80d837361734a0df2aab1b9

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 6b43c3144fdb9113ddb62dc31ccfe9e2
SHA1 8990cf5c5a1eba3e4fe5896dfbab79351c7e55d7
SHA256 49ee539033a88ab507e479791d7cb83791f5082762d4ba252d5b6c76bd090cc7
SHA512 664eb7a2694c69628cbef274c611ce5b18edd06d23fe18e8c0a3589a5f7353af4ace6969acbeae474e10f89e0359c3ce8e679299bf383b5ef7da02715f223fc1

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 e796b59c5742afc00cf4649bea943caa
SHA1 a74d962ddcec7a80ab5d1d3275ab1d297cbfc00b
SHA256 7b2ca46b0fa206b5e3aff64c3ae593c88bfa44954787b223774470a070740ae1
SHA512 be9bf62200b8ef8cab13160d113feb98d57819c5af7d89780bf270172980b0a73a6d45dbaced880d241ca8365793cb16bdc8fb48393964ae178fc4839622dada

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 565a81cfb46ede8d5275d30e570c02ea
SHA1 4735c34e1c7223d124742f48a2921cce56892cd8
SHA256 9d73b36e16ab7cd86312739654e36c6b13447ce5ddf500fdcd938532519f8568
SHA512 ee1cbc0db2af30841246d8e03cfb04fdd0605f5524cfcd2881c92e77ebd38909d8466daf25110b534eff5075172f1ce21548ed9f2bb64f0ab8120babb193be29

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 512dd44252c0faf51b5eba3a552e2b0d
SHA1 6260785d59cd8dab989bde59784f9bb0da59d856
SHA256 0adb6722c0e3ed16ab82837c6dcff56ad899e8fa98d357263903ba1177611ab7
SHA512 0813b55b042b0e1293d41fd826ab3e367b5ef216109929f16d3b9a495f9cedc67ca117e252ac8060c14c5be29c794c0d33bd54df4569403b2b8a6628eee293c1

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 3c33b76976e9e543c32a90fea0baf8c5
SHA1 f9ae3a21b493ab43a3c32bdfcd90cc0010228d2d
SHA256 8b23fa13896631af2f9647476a598e0a3dedf6209fd6ff50e911adc1ad504cf0
SHA512 47b25f40e6c7949a6fc88bb32328a656f7946e9fb23acdee3696b627e9c1539b5b410ff0aa28b8535487ad4c50383acddb61af7d573a655f025387ee552485eb

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 ed93f760620db41c16c42bc2a202562a
SHA1 27625451e384a24c66434c238b293d9f8e874234
SHA256 8e1f437e81da3d5aacdfa5439bd0d1fca9024d4e2679653c51b321d7d79ab62c
SHA512 3e87a8c380714b83f91e0bb80d67e564022f812dad46ade39f7bda2225b14024bc60b9672c01c3e20d45e82d756dcba12cb2a710a127686499ddbada4a59a424

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 cc9d5b0999c7a69bc9d7ff81511177ae
SHA1 4cf1f7965d04fb5c11250ae73fdbbb3727d25a1f
SHA256 61cbf18c95f5bd95df0afd2822f4f9bf08cfc76b2e0588414eb74eff9a1cd0ef
SHA512 9f901aefb3710b1def450b918f57aa6b645311921d7ff38182200610dc921ed43502b0b3a09f7de5c3e957b2a03a6db2d2b739ae03a9e118e925d3c2f167eac7

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 fcebf8235089ef78dd5f9e9bdd0deafa
SHA1 71c01b1bce6754b6a8d96bfffb075eca5f818f21
SHA256 20d6c37bf5ad30c4f17694b99a9da862a045330b6e45a82dffd986b2cae1c436
SHA512 f962d50e2aa4d83885f4abfcd6876bd38e00d74145ce1dd0a1e5e947102e89f072866375b2e538253d17d6de709eab13aeffc2a450f3967cf24d888ebcf3d591

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 990df80ee245f35d4e0b99d2a7961d67
SHA1 f07d4a817fcc0d31c189819a9fcd43e756fd1a00
SHA256 362f7e5154ba03aab017a48c95f938c455cbd475898a3476fd143a2be90dea16
SHA512 232f458d047161f982329974c0582cc1cbefb3742f6ac6b93bba7502b015de1488f5cd5082c5541564c255f7023028880115dc4c897175f73a3bb713b6aa33eb

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 4a900aaa73d440e174007ab829d15b9e
SHA1 466a0b6b1bd7f546fc274fb194d729e178779121
SHA256 f60dc81507c5254eba1a686c63ae0fc4d209a6d93879a353fa35285706bf7881
SHA512 b9ec80af5f36ad91b45c793f9e49a21bd46362b40b562d284350eacae7fb9bd0c9237087a39d8e5059c24981f3f1e7021c240db4c49ec3839926632d75f348c5

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c4e0cebe1faf7917680b2b55b6a7d51a
SHA1 8285f1cfa56480418bf216a1d4cb8fef18ae2b72
SHA256 7f08c1888c8bbdbe9c695e8e5e82ad70e8c00cb3fbb81dc779392a0e6540d11f
SHA512 d40fe0d15b479602d64f334b74e29c5ef666f87fb565d5283a3652c94ee924789426766efce29605f67111a1d739f337e594f62e226eb34a57beac3dcd8553e6

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.EnCiPhErEd

MD5 f80742b9e1c1c896f9686bb59dd3bb3c
SHA1 f69dc9b3fbf3a9606ef191013c866024c6a6e11c
SHA256 fdbc69aa14fa79e35a23a894651adb16abf691ea26095e3a3b078839595b50ca
SHA512 1eb00788fd9941de35b5e859fb5e9360c669a4eefc3b096353c94c3e24b4d23357809741fd91b098cfa594dde0e572aabb4458b901fec7ace51e210d0dcb51ca

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c48d3375236dbcfc7508ada040f7b0b6
SHA1 3d370ea289a614b33b1d8e597d4d36dee3e98e02
SHA256 a0cede3a97ef33ee52292b7da7f57c849fd3a54bac102526b936da4110c1b5d3
SHA512 eaee7eff958db18b36edab67ceb1a576017c48fe1e55082b1920acc4da1d8c91127f88a6c4c9b481136f875f882314b5437b75362bdf9ff4ca1cb4535877878d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 5675fb745e2861e2a21beed23a609756
SHA1 c939c5f0770e1311511c3de78d040acec58f41de
SHA256 e1b1f0cad2671cb6dd6ded67b3793050456a2187067d3ccaf7fe7b7fb6c9d247
SHA512 7c21797181cb8c34543eb5eb2b9d68da65aca05a428e4c167a2d11260038dec1b0f1a6bdf5798647c8773a168594e62c735949af3ffa71d4176fc2326dedf777

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 bbc7a3b857d1845be976119101f90b57
SHA1 ebdf45b33a5d1ab3ca5d9d712710aa51d23ef70a
SHA256 f0e6c2ac705a53c5187308b828885a680639df3c1a6bb83c9b3b33d29491e2cc
SHA512 8bb2667ca2c4916e8bbbac69bd1dbaa8cc030de93748aa06e3977fbb918d877687ab2c231ad33347c06bee719830c41408eb5f8ad4083714b7719914d2d7c2e1

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 a9176f84e0eaa6a03304f59e1d4fb128
SHA1 223f28e15149a926f14bbcb848b37b755bedc710
SHA256 1e5c6f70ed754cc87646fed591f802843507c19c4fb824848109abcd08a2ffea
SHA512 565c6a728f4c7f7c23b28ba10fe49aa9102519bd3a4b7b72f12ffb825e55ac1c3e1520630d20b95d2e6db7b798847c161d89cbd24bcb7d21f7cbf9be9299885f

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 d8d20fb809a5434952c8cf46f798be99
SHA1 92c35065a00ae3cad69974969dff2051a7da7ecd
SHA256 20cd7d663c81cecfb9c672983395a150a264dbdcd13572e6b8e68c5baea0e238
SHA512 e7ff939dde52071006ab1d856fc1f5e506adbe0e95204ff413d9ba1dd65542451afcc1a76bdaa70b12555f82d642d75b4f8661ccf38bb37dbbc4b4f5718fa33c

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2d687ea29ef67f3e0cc309ae56fc48db
SHA1 05178da06935caf627a3558d9ec8f36e7714b1c9
SHA256 fab579487fc3a908c8427f9999f5c8ce012722f8a4952c16799d68999ca43a14
SHA512 265368c2f454438111258fe57f5940c4bdf125f8e64f15c47c8d57467da2c3c18da7f06e766534fa584fdd71bb51350848ec1a9e007e0132569e4352cc35a1f8

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 ced16eb729253c5d2fdacb5cf7572295
SHA1 665c885ec4a4f0b39b54474312d7d78cb2dacb95
SHA256 931b323a79c5ab653e3c0a2186e6bce7ef0d5ac26e025d6e9688aa8b16259af8
SHA512 e1dc316e2664f60f17bb064325d367f2a2b4e4cd5263c0331b8f43621d42bb12cf75e245a4db10ffbfa7ebba59e0ab7ddd76401bbde14acd5643c8234772d69c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 33fdcd3a9cc6c2c5246ffaded5839791
SHA1 fa412bacdf926b6c5704bc8a2e8fcc51829b1775
SHA256 4d57e93d5293316c89f08df6e73dee637fca27863c1eaf1f30f73862f473865b
SHA512 f5e6234052081c9881d48d74a3f20a3fa6643762c2a1abeb14139dac3a311f2377862012bdd27a85bfdf4abbb9300b4bc08d20db5b16435f8af635a17b2f13bb

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a722e0530e8afc9650414d109d7e256f
SHA1 28d92b1ee04c13658cdd3f28c02adc1a7d53491a
SHA256 1321e7c4ba389738507b6d5028eabb6b5dd0c6be57bd4eb48e025bd08e1770c7
SHA512 800c2bcf76caa25b96f236a4325fcb57bb018e08c2d0817346fb0624d636b360f50d45623c9827720dfce0ccba110bc0a90a199fda5d5550e9212c02c52d73d7

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d47d719285e5d8549bf294a494559b0c
SHA1 a3d1e196ad7742d20a369b294bc6c500c2067259
SHA256 60ad86801a417a474ba7ee5e7c87eac4b3c53e3c17f1e7146251f0e577849e8f
SHA512 67c0aa1655c8ff11a091ae9a787bde4b4df4092e881eee12cb381c07c225d615f32b0e87163e7fb16344ae5cc5dcc407b481caf8e5b186c6f1cbd114321444d2

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 82583d7b03551ad8f9974cbecf62b0a7
SHA1 7d0a16dd7c36673ca7c026dc7181e2a5d9bcae6a
SHA256 65e2098fea0114661ebbf3e78bea102b99319ee5e51a2911737e7347c3e34394
SHA512 fee589c2d7c45487a2a894d79153c648c87ed673e6d45b97b9c872833f3853fd817f41904fbfd94fc09c187dbac813774cb846c04f253baf43ba506be3ecee9d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 799dc2240e3e9739152c29bccd4a25d6
SHA1 b945d3f8a4cc66ea9f2b4fc7da998f31a550c791
SHA256 eba073c8002a4b53e49f2cb04422e1c7d7bd6f16fda240e8e26caf5b5f37de88
SHA512 8773020df2da25172f0cfab1dbe9db8a5b61db04df62964a8aa5188a930b9d664b5c8c96e9a8606240b94d3fe7d46b74ea8ec6be690a53e0d6de754cbad2da47

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 8eccf454bcf0a6225797fa2563b852db
SHA1 3456f190cb4d8d782d96fc72f6de97016dbce6b2
SHA256 85055e786ef1a219041f235bf223051f871824b5c9639d181c0888fc10f50839
SHA512 d8f8f7501c1e7089d12aab8c1eae22cebc7f3d271ac57388f1f12fe1856b90b200cb1fbfaa5470d34c6c296e814881a016de9ff53ede7aebaad38e7a651a6589

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 03ed1818c9add97cc0744dc2d5e885d8
SHA1 452c2681ec03c2046213aa9cb48e0304a59e5ae0
SHA256 01755d4ee479d7dbe72eb994a59385728166cb2d0931812c6180d6791f123af5
SHA512 ee6fb037b69fbcb0e62164a74e9a8fc19d7396a2b89aeae97b4e9241d8d34875607e6a667d8874644951e41065c0113dd7ec76259a136b5055b1fc4676c9f8b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 12cf24cecb687d8daf068a4f7e801cde
SHA1 fc99aa8e415ab7049440717e7d9fbcb4aa3b787d
SHA256 cebba24adcc65763ef4bb4b1f11a06830cd9640589fcdcc729e33287ec410cad
SHA512 09ab58aae66831815d22c7799aaf9f7e0a3182f3101d11e0e9046fc691acf6d6003e575b39791d1c5cf5173db0fe41a10ce9e410d62d970693001fd084880c1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 28979764b645d6be93b23d8750e1d958
SHA1 095aacd17e95f30f2765c2eee1848d80839286f5
SHA256 f024bb141b2a7ce63644f89becd233a6e244a2cb934918d3105ad4ac28e2710a
SHA512 a07a32f50706155a4f2bdc51e1dac45f162d5a2424f142fef1fbf87fcc80cafa0c37119dcb1c858f6f461bf44cdde7cee8aaddaa3482e304237967f0d2cb8f5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 e247e9871af04810a40be9fd989ef7f2
SHA1 ad07871212c5f62958815b141705ae655fe57279
SHA256 0ab4c3db3f0fe5d8a20ffb9f16077dacb274c53caed175a89f0dc6a1537c5c85
SHA512 fb03a1682821239fe098d8371e7624f26d30fd19fa581eedbee953640e72382e986d334e23a52bdfe275cb521f8286f4b9b3c3c1f600b5975801c1dea56a0bf6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 1c06dcd350bb629f074af158d307e3ff
SHA1 30d8915abb916529a9752a187e7c98eac9b19434
SHA256 0248bf247369ec4623e8e49fb54260ba80eae36ca78dc2ceae38c089ba6afc9c
SHA512 0906023c823f30b16b731381465b68f091e5661872eb4a0c29009984e62c42c6ddf9c8c50bc482c4127085a08f1de3ad48372925c32047e5a8d71de063a1223e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 cb91f8e6b0e71fdd3173a7d976158b13
SHA1 00f3640ff18bab51b03f5c26fec9068cf5c231b7
SHA256 cb62edb0d89455dcf4c8652931bf26b78d9ea557433cf44e3836331dbaadd957
SHA512 eb61f0f4f85e33fe3172966577c88c2e7de619f8e88f57bf724b868ffc0782665338860bc3a7402e6839f34d114705f9a91312c03d4b05d3d04edef626d8f2c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 ff92cdab4302c748d0a7bd480533b202
SHA1 23e085f23153111df2f2e9b34ea59ba8e79c1350
SHA256 69c90aa1333e834488afc6376e09332a3a2b8d1d66d057edfb2527abd86e404a
SHA512 5d84c3ccb7061a592618a672e83943e184c50f6c7f7c06585a52a9f1d1639049bbf8246f954f5b4072feb136c2cd2ad37da57a4d80d21832b8342dbfdb4d961d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 9b7b9924864162be98d76ec7cc1607f5
SHA1 48aa67532a028ad6c033f038269f90950cd3c020
SHA256 e775e0d0a6cee0a1eb9f3326d9cc83d287746bea96fb469d1d68f4adcfd2df97
SHA512 92f6071700968ac5eb94807f07bd2441a34d58d35e54e30360503c3594e612cb4d8709d62e4c93d053ae5ecfd25422ae0d97c30ed09236f8d8cf03139dc4e9b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 f04cb27db70385aaabe6bccaa9c56b48
SHA1 7b36b711034e827b4756e3a9ae2276d046775d33
SHA256 32898b62f712aa1625f183813439a72cc6a7249df57fde5cb269b45e9e95aba0
SHA512 c1809f6a29e643aefce902726147395a93165e93ea6a398e5e16c23ebc0224a192708edbc58b6974c3b31e394f77a020a746d89d314846ef6bbcc53939181b51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2b37cd8b00a8229aca8e3f15eb9e2b4d
SHA1 67b1958fa1aaf7bdfcc91d492dcaa1d704e102dd
SHA256 4bc36d00b137e27cab07dd540c3d98f8ae0de5d6e4355a5cdaa0cee4603712ff
SHA512 ddbf3ddae6846e3c063d405b0d67eaf1e2727a4b370bc6cfb302f8d567263ea23f3cda8fc1810a53df47acd5192b22034942c31427bae370872f17c030c41fc8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 e07da5125a623b91398e0f3bea4c7f1a
SHA1 d1150e3fa27f3faa11bd12a8009881e3ca9e45c2
SHA256 c4e865287c1b6cba473f729036cb04c609c636a44202f90a95de3cf03c036f28
SHA512 47909ed1c0edfafd9492f9d971ac3ba71048f5b2159e0a4dab3f4bcdd9321648945bcd9c43affa0d1d68381f068c1bb688a19a6ae355bf2cafedc944e3303772

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 ca9c994a25b50d8b249c02197c4f5f67
SHA1 3efbba358c7e71942e3e1479a76a43bf416cb13b
SHA256 13e108f8a328765c0a893a0e86a79370312965d54a026279944641114cb62162
SHA512 783261cc8d49cd5571cda3ef05b47530ac0fd40e277ad104e9c55ca37a0cd82068ebab4cb05259724b8b7f120bcbdb3ec79dfc447f187ab5f9463d77250cee61

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 929ee4745808d082231d03f79c642bad
SHA1 bb53b31f02679885dde96f5b0f2b8e43898ab917
SHA256 894a6218da0cbed1a9d87a6c49d556927b0f7093dd14dcc6e36b236051a2878e
SHA512 7f14cd9a84ce589a7ee1492e454cccafc79719a78dcfbca975b2d033bddb47c81aaf6c11ae43c3ba76b4605c059670f4ff41bdc52f5428a6616901ec2768cdeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 738b064ac39e1c0112f874af492689e5
SHA1 4ee59b6b0acb1c05aafc2c9bf7a4bd4e9f190774
SHA256 5ea79b2b88127aaa06e7b8cb9eb690ab613900956002858a5e07ff00c2bad449
SHA512 73e95310cd8a2ff1e92431d8fcba5c33095d1866730baaf240a88898c080abb332412ed316c4a02953f940d8931f6e65fbbaee178b2325192db815eaf2c995be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 7ba5d293ecd6fa1c82f183bbce255894
SHA1 55010346602721587a0add778f0593464a4e09ab
SHA256 b863e9d86eb793838adf373a963b306beb30aca4ff1d3d7fbd457f5ffc283582
SHA512 13b989e0114682eb7b44a975e90b422f7b497d6b8bd989f7d658cdebe2fc889813840aefeb849842577e3936b64fbe341a94c358ee3313919224f6e9c407365f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 18fe601d58756cf01b2635ed4a6ef339
SHA1 fbad1ef4186f671c4632b13eeb0b5310430c8f63
SHA256 7d63d7253f0e4c1f2b7ffb5389441f1b6168bb9f374bebf6666e27a8ce722676
SHA512 dbc7d738acdf63ff4eb91858b4adc566e82daf902b384db7707eb5520c4dce6942cb948d2e8de165e9e85bf02ccaaaddd1d0a382a527f7fd644fd262fcac096f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 dc63c99dc296566718717bb2657bb887
SHA1 c1d1bc18edead8a6960eff54f4bb45b81bd8d319
SHA256 68c108ed6d930b7b3b534cf82abd57ef4237dc5ed91dded8400ec4effa6de033
SHA512 1339db528eb5c0c2ad852d662fab6d5ec54799c500b21b699ccf5dc5d35d4990892aeb4cec1718d32fbe3b5903dc65f92a03da46273db024e2a1cd579fe0e44f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 09543a08e4c845c84e00f533f3466902
SHA1 cfccb2bc55911051d512600ea8fbedd58f8e946c
SHA256 8b99d1fed26da5c3691373b230450c6b134132af6bde4d63011bb6c48ea804ce
SHA512 fe32778eaf2b778b664b6587890812e615468b45a5f8178c9b68b432e8869004debe822f819c72bfbc3447a1122186054dceefc7b04ee4b067a6b1544408be5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 819c3acb788dc77f6259f9aa8321960a
SHA1 5347cd7f86d2ffc86227e9a1a58c164ffa5c87fa
SHA256 8a378e388a539ede9e511d383c226af2198d79e526bb8921d0a10dd30dec856b
SHA512 b54f1e60fc2aebea9a36e664e75a9c44c143e78a30534c43200f705b4c590f43d062ab65f7e738bd7ed3d4e514d8a588e182f34d67f39f16fd403cb58d7b065e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 c780089ec824a27cfe00f77d2cc964a3
SHA1 9a22cf075c9b0e15b9e20537697ee5f8bb4cc83b
SHA256 e84eb81adaa41e40b5bf931008570459b273eb4863e893a6f9c40120368a4385
SHA512 174183f2699452fca3a061a5362b7022fabb2e748e8312597b1b9d4bef09baa8709d18309bd5b0eb036cfb1c564dd1d97bf24315d2872279ff47fc6fab6d3bb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 cfca1928a28a6b80d4b0af21e5372a8d
SHA1 9982198afd297155b2ff0413749556a487806065
SHA256 fcff8bff7e7848a640f7371aac8334f97a0bdfbeaad54655fd9560ff9ad4898a
SHA512 6c7f837b34f4a2169b2d92be658de0d1844f7a0f002432c9dfdd040f1f99733ce4fc779bc5b31584fc4e6386d415f6b646941790cef586d6a1f7034a7d8059e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 2a152a9449aebc73083ce7457ba4101b
SHA1 c318333d69f8d2ad8ea20027d6a20b5316b587b5
SHA256 e7e6a55b8b98252c8227a76d4af0c733099a504ebf745b16cbfd0a8e531a825e
SHA512 de8b2f48e269da7ee2b153c97b6ccd9812152af967ce6ad3a503cc426209616869f0b1311eb4806b20ebd5cb484ee29c8f3c1294b10b1ef78bc58969497c2685

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 f3a0122d116b5f39db5ba331d2c30fa7
SHA1 9bc76ad1baa880c2763018418db209fcda6c2252
SHA256 2e8a9e9e8735bf07cc514a19a422f9b287287133cf837189b1c454f5b0f3b425
SHA512 03193a8f9f899a5a0f230bda05eb896dcbb9d9c239c558d643a65472b2df745c1ee98914c3a6c24d13994f0ed553b6f7e2dcadd2080af8caa0960b43f6ae36eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 58166a13cfeb77edc5941b073b94c6de
SHA1 5d30a7c36891ebcef7ea69e3b4c3f89405cb4265
SHA256 a0f4d5ca4e316dd6931e411b410c30e858ab0d7761061654332dc860e8e03d7c
SHA512 94d5155ada5523e64c171d11fb29749c77c8c14827041315eb0712df5e59322402ddd023f7343418747d13f4288e0e3ece81417b407e3475ddba881d11cb0fe4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 af19bb3b209bf71ce41391f18988d6e0
SHA1 9026f53e78d1195e8536d9cf9f21f788bece1932
SHA256 a28c0cf2d0edbcd3f5e5f52617dd5c96ce821d40fd17d698d2d95af8a0b67814
SHA512 a646734618b1746afe62c9aaed192b7006ad857440623a40a6a9d904d3f13ebfbf45b33a9a0ca5c1ba5efa6c3e7b016812fe0da5e3fd641a85186871b224f8f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 ef1abd514ca194a847167706d42a428f
SHA1 86202fd67e2054b56bc5be5d60a6349d39928ff9
SHA256 0da3f2e8a629918ff2d12f4d42f0dd98e75251283dac580d72b56658490c933c
SHA512 1b863d955a5eff7b5b40e0c038678d5db30c037dbd264394442d39213515a25b3ef1dac4d7198ea28a21b19470a36aff831f34a28bde415babe933872567e244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 1886f3087cb046c14ddc047e7dd3dd99
SHA1 d40f56c77124c90dd653cead1179184ea8142b39
SHA256 cf1959bc386d76ae60cce17b53a6001a82cb1f349687504c3b777e73b251139f
SHA512 51606061432a8b2fc2099093b59576423d582518d363f574191451ece94b898be36f4bc4dc2021d22add56e3c26892eaef4c6e960d1df75ed850bfdd3f0d306a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 5b37c0b789143556c3c6c380bdee0658
SHA1 bdae4c9d5223b09c9a2e8f89dce59ff45e615b6a
SHA256 b069e91b5ef7615494abf548287b2cf544f52093ed2c5991d2ba1e8a4414e3c9
SHA512 8790d7236be0e27fd852bdc212c237aa547a1e11cb65a1389c2a2e7a828711584fbbca28ba2b3b4011c3b233fbcd85d92f5793fc05114c9c4b7b1a0d2cdce640

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1e5da890ed24cf0ed88f825ea0076648
SHA1 3b1fdc6ff61be29650902bb83d919406019dacb0
SHA256 5384e7c2ba524badeee07c01e428d62ffe2ee4ea67c8ad18c01596f02cbf0ad0
SHA512 384f3955f2a47fb20efa8749b9068cfe0bf996226a5894d06de7bf8635735b395addcc69514b6b49b33306e1f1a11933243f1e15da53bf715a8b6d36f9daa7ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 251bf7aabbab3ab29ee06d04f0c290d2
SHA1 1fe2c19d3b95ddd24691d09aeb5dee6fc27c0f6d
SHA256 e932ac46e2795cc6f873d038031c1920e86bdf2992f4211ba2a4414c6e8f9a54
SHA512 62f44181a9ea79c596bebd82dfbebdc9d66d90b1e05560325f8a37c66384655eb42b3dec92ac3aec736c6af15f2eb9e314b0a31d0514f767498bdcef59c9f460

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a532c79c137c0dda2f46deac931ee02b
SHA1 342a89a7663d9abb9ada17d097dfc70093418a71
SHA256 162a61fe4ed140c8e475c2e9aa01c1514d6019639c7ba89adfe7abf124688a7d
SHA512 91c784fa7b8cde99837c889f3d85c20af899483d2a179c7d0b6877be2cd29b9a3239a6069ee1341330acd6ac4d0c81698e2f7c1b5368e8f5865ad79b3702ddb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 cc8441dc3dcb241e5c6b35eb01ceef90
SHA1 be9c87fb1488a4da481046284cdc762274db5885
SHA256 eb809d330c7484e3376150bf4557c5b3a2061c3156c04c5efd16c7cc47d36f14
SHA512 2f6eada5ed5debe25aad3e69c9f63b3946eb5d948c21943476e8484c0d27e656922c6049c4068690f3a7e7673cb075ef2d4375cf944772c32435b7ffc5365bc9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 16db6e3c30bbb5acf4d53cf63670e80d
SHA1 d9bc374aadb52131d1d590fa68da2833ae056454
SHA256 e08187e282e6b2c6d7a4c3988a3693400b8b2570424a24745110f99f6618f16f
SHA512 2c3e6508cad4a4e9e560b52c66dc28d463fa91b016e563da32fde187477ddeaeb788f5cb2cb4eea8a21c756937f8f4f132db3d09331ddfc89156b092e1f3a211

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 09ecc67da119f9aa1530001f818ae084
SHA1 1a5dd17d8eada2ecde91e9aacf62eed051a788c8
SHA256 c04458320a661de914226c3a8e8341d2db4903a4187ec259b2b30f3ded1d8617
SHA512 6029f00767974438872c60e4230c3dd5fc7c0bb28f41e0643bdc88898ae8aa96d328054de41c61aacc9cf6e43c3f89169b9ef27207925973d03cb524393cdc9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 a57a871432b2d099d0e20f1c7e201d2a
SHA1 5a191848011db39731c0027986cdd1b4ed23e6e7
SHA256 26d20479a349a9a5197987a8d8886d3b184d09b55e1489fc9083c782e696dafd
SHA512 91113fbf4682ac211ecdc1b6e9f88d96a582ed19c0b1c9c87ecb55a3e76cfdaf34411d0d092f3c102c364cb8500366b7d826b3a9aea9c824b72fc4bf87d834ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 77f01829d52a7d8d788ac59ded0e0e0e
SHA1 22e1ce8c7c30c5eef163c456b5bf928e1ae7e578
SHA256 030383bf79aa5c1ff123c41ecbbc565c11bd0369ffcae3df3ad39acf2cc8b02f
SHA512 31c049514c6d2421cd71fbf879f7042e955556585b45697f72885b7af7e15fdd4dc229abd98bc29aca3853f9da651c3effa56dd40d5a303f58426ff4d3f88080

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 a1ece3d757f36d5c631ebcddeddcacb6
SHA1 50b740d4dc597ad945ef8025607d2ef0c42dabdb
SHA256 63f53612b86538cdc41aec681877b2cabd3ca5bbf592f209dad9cfcef42178ef
SHA512 aa2c846b59546c06a8f84d30d1b3838c823461e572314bb191e82ff5538c19bac03d25d0cb2453b709a75a1f7276e10ee1859aec3c01e7c1eba1da2b782b29fa

memory/3196-5423-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3196-5424-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 35d4bf4217574b74ff800a6b8efa94cd
SHA1 da8fad8183d95bfa2cef2f26ab7db3c911a50110
SHA256 37cc9fc7276f0cdf7ba7524fd491aed363e14d6efa45406ae92b289c83adf16c
SHA512 dc561d67c49548729c4d7f58dd1b3fb42964cb90cd17f8860c5f3545aa0fde4c6ea8751daf18f17842474c5865e3bdbfaae27760cc7609ffc21bb987c7fd8c11

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 5a3490314440a23ea43db919db65e691
SHA1 5c80d63c6ecc028333ed6b80a8c9aaf19e309036
SHA256 4d9a9a1f7bc84832fc3f3a189f68bc8cebc31e80752370ffe50f84feaeb3182d
SHA512 7622a57ccd1406808bec1c92042c7b058f498154e8ceb9e9c21e03478c6117ce9f51d80a450dc0fafdb1aad6e4045a2d6e8465db32eb4b8f1b0480aa6aacbef2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

MD5 02cb8408be04c80dd5f672b9003a9cc1
SHA1 0c8c4f7435c2dc8e170db86a80238c06698ee246
SHA256 300083de1cd8adfd00d172c977c5bdacd59802e24ea36134b4b50a21dbfdcf41
SHA512 52d1e9d5248ab3596625884021438e9df7ceb4f8b432bfa1c04a2e76315228742e0ce4b6e70a9a1a66f5ed31f5647d0c3996f27e3386ec41ac1ee6ca584fdcc9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 e4dd24a64224908944a0d7d94f3eaf1a
SHA1 5bca30a6740f3ff457d4c2db6bb2ec27f3313a52
SHA256 3d1cf59634cae58ad33eb318a77ec33dfd3c4ec3263b3c8d946a634ba6424451
SHA512 0d4036b0c19eebc68bc15a9c32a233d8965b8369676d8525429e13cf8e8e0d1c22f8deba48dd14dea94f46cd6689b85d21c427204084eb26c657f3b26945d676

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 d191c1061cb81a42d5b7da6402c19fb2
SHA1 64f2adc0e9e2fdd2a8d2faad850e259bad91adeb
SHA256 3b15cdb9d1ef51d6d32291520e3c874e32eade1bba7ee1837b08f8f7e16e4fb4
SHA512 e14627e7d3846c2d03de24fee29932f2320cc40a7ba419dda70c31b2cee1b6e33a566e1292b456f5565f1103b199f160ed229354f3233c858ff77a49f2d2968a

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 e4f44cf132f57bd3e6e3b57cc736b653
SHA1 e5f6315f593e27da3cae9b0b9f1ecaa67f239a66
SHA256 61e30abc4922f85343adba1b6ad2190e2e2c369ddb593c1d80e4ce43ab7879c9
SHA512 5a46f1b2e00a61cd9f17255ae04becc7d1e26c11868f747de38e45a367d7b19d96f1b11d90f371bc0b0a6e004f17a86196d5d340aee88fca00ffa76bfb616d14

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 67d6e37b1a33b03d5e0b4893170d7d48
SHA1 554970b2f6210c132a4035324c1bbac40c1ed85a
SHA256 c942243cabb15f135dec5c8468baf537ed02ec022234524e03713565542a82c1
SHA512 e98bd5c88092677f55bf740608df236c059c230990ce73ed9f617c13015288d233b703e90a85b63bd965726b0fd23bacd7ac98b6e3bba7498bb54d727b8a68ab

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 ebe871e58c820c1d23088370225564c5
SHA1 cf3e179085132fd9c1bd5509bc5c96589a712dcc
SHA256 f0778afab13e5c5285d979cc04e47a8c2f7d2eb26e5eb3ceccbcf7a7a87b0ef9
SHA512 39c4dd4b386a4d66d0430ffc8a4dd906e853926a21c25e64eb832ab4176eab460f6c9fd71081b98999eb30b8fc47e5f4737d79fcb64e1c4531a74d0618033c11

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 89e873281a504e9e5e5ec9c15a1ceb5f
SHA1 ddde9e68f814912415f60fb93b4c886f2e9fce39
SHA256 22f0c2c8ea21c938555f90f68f58d9b70e26adb5efadc6993920f4c05fc171a4
SHA512 2e5fc350aa16f9d7f6a1a013d79cbe30b3b6dc863f5dc2ef9b2dada3584d8df27293d60fafb8daf96766cc2f71dc58fa694d29a7d033bf7f64fe44d09420ab00

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ac9a7e0507f8b5b6de838da3f1829cd3
SHA1 d7e2a592ed862aec8c5c43aacd1ddd10f094079b
SHA256 ed9bd05cb2f543d4624b6e23a46137046dbe3af1711d27b595f8bd1c41e12e69
SHA512 9afb513cb8b1f1b284b2dc4cda42af3f9c7f602ab525fed2b1c64d961aabe758549696137b9255e0e43d512db7afd1dced9a7fc069b5dc48ab0b164a809e4956

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 13eaa67f6fbc17a414ad257b1f99b248
SHA1 9cc5ef9337dda4a5ac22b7ffc6be53eb457d7bd7
SHA256 0952ebcac27ed018c65455971732a05631ffb7af4d220baa5f580899ec5c964a
SHA512 53233d201035ba24b2226b01af2e6e68d5f2567a3a6c08edfafa5ffb2f5d7b5fd6b992adcf810f6152b7a699cb074b1ce758bf3d75bedc501115c1b4c54a804a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 9902de682556bf1f9969a6bb10712254
SHA1 11bce971681887d596f290b5e1b1547bc16588bc
SHA256 d5929cb8fc4dac64f710003ae8cedfe96cab665f38d15abe6994b1b9445fdba3
SHA512 5222c176941bd9c23cd49fe6e6b09f33c67d686e0d1fab8c06d50a6e598e108b41bad85c944bf06d71bdaead6c6df058834d1f50585f020fb5eee545b1038dd1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 562427f3ce441108239e60812fbc6949
SHA1 6faf1ad32d97c283380c2b6b9cd1d268d5f8028d
SHA256 c77a62d9ea892ae86f8fbaa4e8bdcfb4c852baacba5abf5dc935b3eb218f79fe
SHA512 fe0b477401c7579d8c5b85ce9277a3d777e31672dc69747bb5a2dbc3c6aac4de65e9b230387534f6b703e8af9326100911c9cc3ff269d8c9d15b62117c7d82f7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b688e4bf9fdc9a675b553128998902fd
SHA1 4fbc1fc3827fda07a29bb4e3a47399f6665f7ca6
SHA256 ec292978854a76fc5254d34aa484b43eac08a68b836a8243fff43c91a43bcf8c
SHA512 d2f824b1068d097cd2ff2f5a54070f894de0d96506806006ca290ae5d7b4a6178abf93afa09faebf5cd26312246dc96ee9632820e344de3c9dae9f61e265574b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 f6a3a9cc5d5104a85177cdc609f6cab3
SHA1 69d3c95bb41e178b753f9a95c7cb9c499ecfaf8b
SHA256 face3139bb8b5dbf4c13e9128a462e2199b16da2c70d13137fd8c4e50b5f8c3f
SHA512 4656766e01e07fac455b4ac69d65f52f359c52787443fb8e44573b9bcf064ecd10d9298e7de5039f490ef5caa7d1dcd6940d07d7b097ca4e7df73f09db57cb9c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ca8959a130e36628f5a9bd1d71c67b65
SHA1 ca597387226cfa10dce5265fab22c7e62d02c3b0
SHA256 8ba6a0a6a16b22e4cf3fa0363befc223e723699e7b945bf999efeb7d6ecb878f
SHA512 91c641ca6a14382cff6449e429e8fde37f9b2ee1c4d208dc32953f65d95bb4629b9789330a8dc06c45c119def23f95e0bdbeb49ce944625619b71e3ef419a3c8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 179edf0fd944014a91984eb56c66093c
SHA1 ca286205381ca13c85c318dfde1916c2242468c6
SHA256 1520fc2f604d54e0666cbe4c41b3cf4b427e7651a63e0c1359fb0639b3deaa4f
SHA512 98ab0d2b0f347ee8c9a1b58092f3adde7f3486f999c031d2ac225dd2e67f1570273ae554e5311360d6925125b550e78adc4697e621c1d73356e74e2b4862830e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 12c78636409db92f39578b0743d69eb8
SHA1 ab1a0bbfdf97a61727643847d35a88aaefb8a048
SHA256 8842e3e2019c9b95018dc9cc350e9a09b0abeba4805bb63cd869df8b1b7faf8b
SHA512 7f70e03f5f37e9c5fca42686f08765b4314ff052219d8be51a6be199cdd0f3a560ef801da5efff3ce20ae02cdcefca16a9263f509755796143471d259e222cbb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 1f87ca4c0f92752bd8c75c0ce1033a0a
SHA1 a9c7f36dffd34fe4738ec4209124232ad08acf16
SHA256 4ec53e7e4f1b50cdd142e7fd1124e5a0d5648750e5674becf072351b7c8f287e
SHA512 d472971be12d284210694e585b301027b1bab3cd5bdb5a6213852c7ef5a6a802a320782a73794b27c23fc4ae801a6be4af0f723c2724a6ce7a3756ef9fa9eecc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 8b8d3684466101c4202746d12072ea5a
SHA1 f506a750eec30ecc6d9a76d72d2044f35932db97
SHA256 0994c4b7314c4978048ec1bff878d311a19a0403322d9cc6640bf038617111e8
SHA512 45f1af1ec6c196c92dac90f027d4d27a983385b188fa0039dda482d7292a2cf3a145f4cdd279901e5e220d6a4756331500771db5b567a3f286a9805aa258bd7e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 c14b8498c99bb98f61422f033988c889
SHA1 1749937a397253e7bceb902a211a1fce841031d2
SHA256 2ec3d3675e954c1ede67c6d1a7cb1ab04c73efce9991e52d3c784841ad16cc06
SHA512 1a0ffaa94e4a56c8eb89c5ec4dadfb1bad3e0141737b4486f0398b23e476f7ad5ebc61e922096665dff490beaf4be40c552aa92d20a77e33b5110aa0e592d9f6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 1e068d6f086797001ed91a96e96c007f
SHA1 1fb523fe8fd5dc0272149f47454848c3e814522c
SHA256 2347ef9425dc1e0347f58b7aed17a843bb3e52c65689388357cee9359d47d5eb
SHA512 24ece06a3b6d7e9ef616c2501e3d07fa52c1f630aa5d11bfbe5840a7136a59adbb77ff976febd3d9cf39e25e3d39cb3eaf409ed3029e6f7c1708bced438abfa5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 b258e81dca1dde42a6f457ce4b61d626
SHA1 d5a6a60f99c74be353fc357327429d6851a508e9
SHA256 26c24eff02114d4b401b4007b7090ec8cdc43516ff54ac6df3339010f6e8a8e9
SHA512 e17ddc6426ba23f93af13e3419587bc581135ae32a0664cef28662fddbca5b71d8612ad2c47bae0173ecad527f26a582999266c87291d8341f3c8e9a81d20350

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 ff7f40ad8f8fa3dd31b22272655ed1e6
SHA1 be67246bebb9e724b51e0d48a406fbb84f5f9551
SHA256 0d13c228f03c5f43c294f153912c105fcf9841c8cd8ced69d81f7cd1c1331b28
SHA512 60f7f47abd84b69e6ccc34ef6251190f78ffe40456ea8deb3a4248f8596c395ed46d5621639715489d08ed201b83839235f2ba07034264cf1d11061abf6fa7c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 9260d161beb788e9513dd9beb47d2d42
SHA1 fbf4954791b4e7757f10d69665eb9fe92fd3d2de
SHA256 be5855ffd81aafdeda50e2d7500763d117301a5a678f5fabdf711186c8209ca2
SHA512 dafe1d16d3165845d816a2ef1bd342241e79d79ce93fc010e1c6b4ed7e6866054656c1f34cbb4c284a9542da9fc4f4061edd2c221163fb3202d2c51923bf342a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 605c619c4c6faaf06209eea6b68cc813
SHA1 447c1f921f06446d375d85792a97e5bcd7b033b6
SHA256 4e719c26b8a2b00c88becf3ff95d2eb906e43bfa639525e42e4915dcdb1211d7
SHA512 e99afbab5c440961c1e8095f9b47bc3a3eba7f25d4015686a580ad79978edf2db366abd0d0687bb93bd490eca6eb9c240e8d5a60a81922442a31ac64bcea8817

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 3d7c30db78526b621f34493801f6a07f
SHA1 90d310b3cf538fcd850716904cfc3a8ae81979f2
SHA256 fde6e5641e54640cc78476ae744e7ca3e97e1a4d771ebd11da3a2f54d00be9dd
SHA512 e819fb5e1e3ce37a8e5fa74c0581ec1d912f2b5c7a187cad4fda56ad9e14c8ae7c5e8a5054a10006513de017c80eb285cc9267bc90f24e55a508351ae78216a8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 a95cb7e88aa5ab016d21d1043e3fa4ba
SHA1 aaa6e7f4e63c2bfa3f88e1cb37a9f4cbd0829d7e
SHA256 67c224a9c80f8af84f7d705980dd3a79d0cb3cc59cb4013f61f0658df48c3e8a
SHA512 bd2abaf1ffb0d8c2c21ddbb9d270def9a8cf2f15367ddfc4abe89714c4c82ba8ecfca8aba8a230a84405b1f6a6d09909a33ef5d84a586fce7453ea85d1ce59ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 f61152052af657e132e6bfe1e725b74e
SHA1 e159bce584bac7e0173739a2b90a34b48e09297d
SHA256 7f3fc7cdaead763e1e978ea67dc2788c1ca73d2271d2abc4365443d727a5e3e8
SHA512 22c92df6a1615c8ddf714694d7118fd13aa0aefd420488b79a4e13e0055c0ca6d03543b7a2c0a63f2b5347f857ef9aed16de07b9d8a91b016b5194ec51ee4291

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 7a93ee8449f67203f5b57e54e474c44a
SHA1 5cf3ea3fa138de83ae676efb652ea82db48dba35
SHA256 80d67838352cc18f1774006f412c2a9adeeca3014d631ba910e121380c1d968a
SHA512 235c69c1a85362f57873b306c0af3c67c280af9d8075c7761ace01e75acca57e9770e06385223d703190eaa7f4fa65a0d4ead4d38b5acff2069b616697e5f721

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 797b7705a598a185b041f3c544bc047e
SHA1 04e812fc77bd5f5b641a90f90f6af8987f549b85
SHA256 9e2cf2b22d0160a43d719a6680b332180ec793b1830601e92176d3acce9b8f9d
SHA512 36e2165612d35307bb8152aaa88a63fb941557fe58437a5ae9f0efb173e8b771fac34d14d68dd2e20dda8a332003189a5a3b32356a99ab30801132b4e60ee9d3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 e70433c4ea29a16ee7530e516ca2fc59
SHA1 99e6350b1d293f018021b1a4776d516d2f93ac6f
SHA256 dfc9ba228a172a29bede70bcdf7dccf669b24783107336f7ccb8da3b58721fa9
SHA512 1488fc63a45e225e135f7d63aed381db09b6b990407799793737fc9a731d66cbb44b6506fe930b66943bb69fb376e66330927515a3fb1b287ee83aa7e1232196

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 6b38d4cd614b234cc1a1e6d738f93ba4
SHA1 a63871d2667560886f6251c8a851df690b94c3f9
SHA256 77713a3b17904fc3acf7db6e44d29e4223095a5d2d80708cc608b731235a71aa
SHA512 8df269ed6a224b703a7d145acab4e4926954c4c536a3162c68e8cf156a3c96aa05c65263af1072d055fab164d51483f8681ed33a196666928c02cecfa56efd4d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 d45847bf817ea577d61bfb1acf998db6
SHA1 dac03061a53997af6bdfa8bb11145cbdbd6eafc1
SHA256 a3c36e01bb28f42fca0f777b5ff886d9d02d160699d930372e3406de1f26cb50
SHA512 c59a56f587a04dc4f4eb3dfa4634df4667e0380e14ce127c4e34da4d86020f1eccbb94c0cb0e6a6276a691fd25f9115a12144d29960efcc9c6cdcae063b3981b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 8bce1d5326628dc58271a1331a96da4b
SHA1 69360968260823c251959abd3dd2bdab88911d25
SHA256 db34a5a6e6b00dc4c0994317c9e78553a00ed9ccf680fff994bbab89b79bfb63
SHA512 9dc7ac331d569538a432ec5966fd131b93839d13f3b95fa5d7934ca6d9bd90281cc70d434264237ae2c28d5a5371209cb6dcdbeb0dccd9e605be294544264afc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 faa64f9eb7af83456deb24c89c3b062d
SHA1 e5af7e95f0e2cb1b2e9221a2e922b409664eebe1
SHA256 c909e2e47cd29d8371da44ac939609b538126d288b55c05d38443e47121a8a12
SHA512 762862c6c7d17532c917a22d389e43ffd47668717e352f0222612074a70cb24796e4d636bb05ed545570102ac8179a0b1099a9a85e3faa3509fe3312563e652a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 2523738d6a743acb48e0eda54e0358c2
SHA1 4468b4c36f8d63368e7708239ab5f67dc207caf8
SHA256 77b191afd44bc0a34ed7de786a4c5de02b58c30f0f246a994fd4860f5d3a79bf
SHA512 ed71af3df357fa88cfde064d28226a4939349bcbd28c8f04d0a2e0957cf34febc76f02c69e27f4377a5104a4f71bf89e55df1da2adbc9a37a07e13a2b65322ff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 6ca71b17b577e27b960ec0cbd8a3af7e
SHA1 3a180782757bfe60602cbe80a63abec127a2bf92
SHA256 f1b65ebc7640f011581dd977b65e47e4e41afb74a0cb9cef0c1b0c1b23994893
SHA512 a09ec6816203ce2bc5c4a5a33a868a8417b1cfc9a8fa70cc4497bca03e8b72b7edaed98a59d6217a1061e5c6d317925d15138fd2b1a0c3e12f9132c6438f2880

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 62102280dd26203a1a403fc10bedfced
SHA1 dd81c46a4cc10d939a726f75990f156899fd48b5
SHA256 d545d2c311b9663730a7a5c8c8693903fe32163b05a99d9c95736a728aff047f
SHA512 d49915ca7b7768e27ba51995f843bac5dd19ed736b4f7391f438b252637f893eab25ee86750b119a76c1410d34e26c80e9d0b3798f6ea773e6476aa8ee77dc53

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 7f8aee1ba5eadfe87943b44e65e97689
SHA1 e79588a639cebdc4f848a1b7252edc1ab4c9c2ee
SHA256 2817e10f9a5de38f8c6491cf7ad9fe3c84906b1ddb09f1b9e4f0e3308e9f71a1
SHA512 ec651a6dbeb0a8e133f52bce929acffa0fc665c99449679465aa1efa33ea3ceda48596ef45161dd3c0bc9ec126c6c3f0847c3a5bc09fff5881a2a8f3fc65afa8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 b6bc81122902289c1ca3eb8fc2b36b14
SHA1 962ccbf6394b4d02123e44d85779eb9f08a475bf
SHA256 9fb68d932654fdf2f5e02164e4fd7dcb1a2f50370cd08e12eef59453ce7a7a3a
SHA512 09ab2e102af03215a01696aa4b9f37ba3fbb54a2ebb3dad965a3a080d9822e0ba842a675c9a3244cc71fa27e7da179650067b8733ecb3730507637daab033fce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 e1baef104f273a7d8bc8215cf7b5bc3b
SHA1 57f32135c61516a3b8975dc4f4de6ec0b0fffc6f
SHA256 3645fe34d12f17bce2712a8e3ca9a1cf76dba5992ab893f89f2d0780b36c7d4e
SHA512 da5477518839430903a19e098622c29a467da6351b940cbfbec9f9c5b476e121f7b3cc5944dceea4a5ce33d241ebf4a5ff218f56e8c2503762b8de7a04bc5e31

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 3cc6ace63b25f169c4b83173f6869498
SHA1 2ce5bccfc647cf9eaef88777106513dc8995e5ec
SHA256 60d12f71b918b855c1eda1e8a9545a39aa50b8f7774d92bccd0cf29a84c5a0ba
SHA512 a18d94701398f55fccf4c49467e157dde52e4df3e6ab343e39c23610088720e01ca9cd834508bb9a9689418ac16dae471da350a2a1737e9319f32c1a7b0675bf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 7cbbe6d6d8135ebfa64f9849b082543f
SHA1 c8c93c6c2bd17db73bb50454be939a8bf488a179
SHA256 4eda0c6c026b2b1df3a4d3890663f14f92d927dd26b03863453b20e148af9a80
SHA512 ff6b14eab08483a0f855664a4c26bfa807884dd5c64713416537f1234bf74e6894f65b0007b2a99b7a491ada32606cb38e235a8df34c7766b5efcbd2ff822103

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 0f1d1fc90cb41ce746aab10964aea94e
SHA1 09caa3427218b72581fadd9143af95d52efe6471
SHA256 b1f2a265fa6155b80ed4506bb36f5a6e8ebed1f710584237ba3712fcd9586f9a
SHA512 9bb9eb090cf0c3dcb391f5b43fbb812f9b37804cd19747270b1620ad95ab7b65dac5a2875949bd74922148d0d51e10a78f10a257a1b1965826a2facd83881ebf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 08c96e7ee74996472abbd4e21681a9fa
SHA1 e6a7beaf9ace670a6fd9ec4b997e6e6bc1f1045f
SHA256 9c96e0192011d36350386480a3eec5712180283a0689a662f93141f2d108846c
SHA512 86dea4d4ac1add88b05781a44b11f6fd35ac8a6b8c0149c5b25455f92308c8ca406a4d05d901969da6dde158225f4df55219cbc6bab70b3bbe152d86bf332336

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 c0dc364b1886d8f9624d116d1614c4ca
SHA1 2602f532ffc041d92ccd6002f76e51c71f331415
SHA256 d14ff28faa44717d98e41bcc60099b069fa717aede8badbf5c4d241002305441
SHA512 ce63e4f1924f5eebb980111b22d136814d99be06cff35daf10fd09485c1168b4a92eac7348a420141b80bb6729821454a2e7fa18b2e91fb53b0f9a58e74403c8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 863cdbec9d85dfec6c3cfaa3f5883fd2
SHA1 b1d1733ecf577cfc7d2d03c62a0bf369647153e4
SHA256 096ce2dce4a12d7660b5f89f73b2ebcfe7335cc72cd5eaf1a2a03c975f7eb5a8
SHA512 f42a2e72b57dfbba1eaa0c8d6649fe76276c26c757c8483b87d5487df91b2ba6b59d5fbd02422a155a7a5fd9a404970b69819f2ba1ce8be2a2651f77424b1112

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 c36e82894167f5db76f86242efbdf8fd
SHA1 764d87510ad956518e5c785889d74ce7470d4648
SHA256 f67a608d889239c34ffbf94083660624ef2787a93e0117b5a74fcfa88a1d9294
SHA512 8464cbcbbae0aab57160032d9e70fa73c8752263f8d3f458234b50dcf9b309f27906caecd7d9776bc66d2ce55e27e8921f37638bff0bbf2f11e8b3f61d97fbe9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 45c6fa5cb06f4e303c94f27821cb5885
SHA1 fc3a6a2d62b82425fef7181e9471c9ae928fcf7f
SHA256 c3b7ba87776a75a0d7e3a32b4849497d84a10ff6f8d21673c4dbd96fef83c3be
SHA512 653ca91b14d2e3e4a07c1493735c2b009b7f7e309b60b45c3e092136ff19a345cf6da794c6c8b6ad25292836aaee2967644fa57a763e9a7adfefede913f23c5e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 9151e8227beb89d5c3f4a089359c5948
SHA1 08f2e870c0a0c8b490a1f939bdd711401e3c3349
SHA256 a7805a521bf4140c606f85ffe9f0cdf2c8a9aa22df9ee8955aca6bc4d9a6ba74
SHA512 652932f1484c2911462352509ec8a4b4ca32ce835ecdf6febd0a1620010405fc66bf49ffa4f46ebc1b595edc4df2dabff03ea2e46e9160f17f543d6ec49ee817

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 6c4baabf61f8822494e4d116cb7098d3
SHA1 66e05a4a942cc30ab02facae335903b3dd97becd
SHA256 396f653697c691815362ac97c484e4c570efb4a570dbfb805bafa47d88ed0370
SHA512 6b8d8f143cf4a5db41c691b1cd689ada3a0713292d0bb68e67b3d9296d5ed59304e6a82589e67c650fc56bbfa91badf7ee0d8d8dc2ae193f6d253b9b645b2da7

memory/3196-9979-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3196-10952-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 ef567a22a954044b37c723443c39e261
SHA1 1680f16eefc5ed204922efff65493942ed5b5a88
SHA256 c07ccc1a84d682f4b1199614f96440cd0a3328266c0200b49d10f5fc851cc036
SHA512 49c2d59e3df1691654f9d3658e4fdc196538d4daa140bc295d5505486973467e84b46e0618078a74235100dc6d7ec65fb027c3706cb5942fd6a3a9edd5c37744

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 6b62d1c7081ff609c4577b7e4ebd78e0
SHA1 cef1dc18b949146e9780a56454b77ed6ca420b63
SHA256 ea609f9a9921e65a38b3844fcbe35d64036a27e319f2affbb9906ef785b00149
SHA512 ebb5cdfde32f568c7a6fa4007af81c627b0052e9f88125b123e24a97fd068141d4368f11d82288e351d98f358259ed594612968b3176ae75de883111a033a76e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 93830dd638f5b10427038f029d1a0544
SHA1 5ec2177ffebb63db647c296caeb7093541e8635a
SHA256 d611fb3db9c92bb200c7e7fa528abbef56fdf2dba347f059d651cfd804519c8c
SHA512 d08bfe28efb5ebca0bfa836fcbcf807b8faf6fadee47084790d22dd8e06faf55433af999c19ba81afce839ee0d22ca5953dec4509a16c69b3af6a24467cdb255

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 15f423f66ccef42a80367867ac89456b
SHA1 74fdcaa3cd837992dd4e3299031dbc4d59384491
SHA256 885426721affb88e61596fdf93bf641a6fd7fbc79778328af4badefe19d2832a
SHA512 0e25a5dc78d6cbce234d3d7e5a06761bb5e370467134e45cabe906ec3d08ec70c933983364cbaa59a7abc4758fb0b388b7b94077930bc1004a6a5d16307d8064

memory/3196-11277-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3196-11292-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 3b031f4954cc7c90854c8eea78fb123c
SHA1 64f9aad79899e20d8706f1da297eeeb1463b11be
SHA256 c8d1d5ccadb1f4b5978ba21314327c03ebf8f8df73225b2904775f65ecb22efa
SHA512 4acd9ace15856db5da69a345c0282c7a3a6778625c800e5f52944bcd10d7892a09b3b1f1f04eba5d6c9ab8ae45d398e9dd3eb2e197b7024c6ee3805f496994a9

memory/3196-11297-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3196-11298-0x0000000000400000-0x000000000040E000-memory.dmp