Malware Analysis Report

2025-01-18 20:41

Sample ID 241125-lscc5swrbn
Target 9abc7676409e2b51f85f790a682a0e72_JaffaCakes118
SHA256 fa437ba32cfb9a0adeaaa29e05d45a4dad3125494ed2f6cdf184244203d70448
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa437ba32cfb9a0adeaaa29e05d45a4dad3125494ed2f6cdf184244203d70448

Threat Level: Known bad

The file 9abc7676409e2b51f85f790a682a0e72_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2486) files with added filename extension

Renames multiple (2537) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 09:47

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 09:47

Reported

2024-11-25 09:49

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2537) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_aliases.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\TCPSVCS.EXE C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_neutral_fc4ebadff3a40ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_neutral_c67606b3f53ae4d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\winver.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\wowreg32.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc11.inf_amd64_neutral_bb18e5f134c40c68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\perfmon.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Dism\DismHost.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_neutral_c763887719bed95d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rekeywiz.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_neutral_814744dd97ccf09f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8F.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-verifier_31bf3856ad364e35_6.1.7600.16385_none_25fa2709e25e715f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_4adc36503d558868\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mail-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ff6f7ad3c2f5987e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_tpm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e9a36d7a5d1f2712\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Quirky\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..panese-imejpimm32if_31bf3856ad364e35_6.1.7601.17514_none_ff333e6f87d47aa7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-setx.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f02236d9f66d0dfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnep00g.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ee62ada3a1e57400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ef1bf7026e3473f\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gpupipeline_31bf3856ad364e35_6.1.7601.17514_none_5a5226e685faba67\DissolveNoise.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-http-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_53ea200d3ef98f2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_6.1.7601.17514_none_e72ccbf15f92e33c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-865_31bf3856ad364e35_6.1.7600.16385_none_cebf2144fc84cf60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msieftp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_40f52b958c2b1eaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_4b9a399af2b0e098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..idebarres.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fa44150fd4c58f0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-bckupbas.resources_31bf3856ad364e35_6.1.7600.16385_it-it_15df77958ecfb260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20108_31bf3856ad364e35_6.1.7600.16385_none_ad4238d7007ec742\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wpd-portabledevicesqm_31bf3856ad364e35_6.1.7601.17514_none_bb70287f31ed0f34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1c9f3fffd349960b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ehome\mcupdate.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_095167b06e013898\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_6.1.7600.16385_it-it_69b43efa2bb9b6c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_071cc5479757ef31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_95f571d754332e01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8e1ec0d4ea6e3429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Raga\Windows Exclamation.wav C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000081a_31bf3856ad364e35_6.1.7600.16385_none_588458f27036187e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b149e0755d92b6c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_6.1.7600.16385_none_29d5bb009f94011b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_image.inf_31bf3856ad364e35_6.1.7600.16385_none_c079423a110e8ff9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09696feb4aa9dbb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiacn001.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_922c65d7f4aa7a05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa73c75baacdbeec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_827616fb42a2a1fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..lter-html.resources_31bf3856ad364e35_7.0.7600.16385_en-us_79f0fd1584c8b6ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_74dbadbcc3f4d384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-usbperf_31bf3856ad364e35_6.1.7600.16385_none_fbd761d791c06ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\Globalization\MCT\MCT-US\Link\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.1.7600.16385_none_da36ab884a9c25c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmi-view-provider_31bf3856ad364e35_6.1.7601.17514_none_5855f28dc44fc176\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_system.transactions_b77a5c561934e089_6.1.7600.16385_none_a064cb5a105dea3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\Prefetch\ReadyBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nbsmb_31bf3856ad364e35_6.1.7600.16385_none_bb5f82db11a747df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_ja-jp_4468310064bb4cd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nap-oobsha.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5ad997a8f8e6c88d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7483dfc226be2664\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..rectplay4.resources_31bf3856ad364e35_6.1.7600.16385_it-it_098f1b9f66d9920c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmvxencd_31bf3856ad364e35_6.1.7600.16385_none_49662cc79bce21a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_56c62ea31c70474f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_341a55f41ef1be52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20924_31bf3856ad364e35_6.1.7600.16385_none_ae4fd0a2ffcd2d94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-2.htm C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sechost.resources_31bf3856ad364e35_6.1.7600.16385_it-it_69a381305aa0f73c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HUOLVISLWCWCBZB" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe,0" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe"

Network

N/A

Files

memory/2336-3-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 93ba314b38cae5161f5069c29a79cdda
SHA1 898e76aea46705f3551d98fdf96ec4178e97694f
SHA256 35fdc0cafba7a29bdd5aa01d7cca04fac658686a5d78f2df6f2b9c0c432e38e2
SHA512 5400f1749292dba242e3f66683957dfac929aa9d668570a00a36cf92cebdeb21530be02ccac898440f8ecf6c5e7d068d17d1d7d978edd74147e254f2cc047efa

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e11f42ac22e37e7d7257956375c3f091
SHA1 99e02091ed279a44a7a522ba38da3053116399a5
SHA256 56732b27d5ab3b96546374c56ebe21b72f5074788f2ee4fec3c2b3e6bea51a3f
SHA512 245e3f95969268eceae1ac42c5493e3403f43a83db96a6de205ecef7542463461e5077b9ba5752d407e2211da1d69336e69eb63eee3cb5a4ae7dc80679b7bf73

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 f4cdd175879226f2128932dbc088d726
SHA1 043cee646f79164ae1e1e5377f5c21ae06371ad5
SHA256 0ca65354481032ed96630094b26dcd9a2feb2b7781e929d144eb70aab900a78f
SHA512 5ba9b496fa677b592fcf2835850f840718bab130090a3ba9fb60c637147f5ee36c633ed474b825246c446ac2c8446f8a141026ad4469f6ce14020c5aa4b8bd7b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0d0314fe3536a90bd7a2f5f65b66cc8a
SHA1 d03a58dae53d18a2841873c5f37dd34ea6c28512
SHA256 5abc1b8c506b709a3cd5ad84c11e4a64e54610ea229147c1e631900aaf2f4af7
SHA512 bc3cdb5e75390e94d7c5d36113e31a1f7168e25c3d39e9fd67cee42e3af4f008aa4ccfb96e5525251ecffd2ff35dd5226f9ad42909b6781c693356567b122e9f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 10b136d49b2576e16fa3f67ae992d4ea
SHA1 ea25592dabb4adbb8469b07c2bdc99d3b60393b6
SHA256 52b56c94ff21d9a25145defee87794e8b4bdfd72fe489998e5eff5341bca7247
SHA512 3ad7dd088341cd0efb8025bbcffaf1e330441cf0329e871dcc77c10d25eeb89c7cf793b30e1fba7dca7245eb4982557e00ca033398d486c0afb1ee2c024de508

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 9723e42d90ce0b46333b9c572ede82a7
SHA1 ac972f4cb94d3d665d715979c0ba0e6efe4553c1
SHA256 0c94e76d4a81be56dc5a7d0f44795132723a3a2e5888db9afc1e482f775874cf
SHA512 9f8b60a35dca3712ec91a97ea0fe4f8ba4cf16b58d061fb5dc7a97651481fc992683f8d9b9f05e63dcb89a57d5f214bf132bbb0853574e2b891c06e0f5c90087

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 afa77a9a29c51120c4be93c46d612cd2
SHA1 77a349808f5734c7e3a1e880d8742a8cbfb06416
SHA256 0c31085cd5f2121c584709e3e4209ddc3491bf75b109e7915507eaea29f30df6
SHA512 658900b67c21cef8b47e6cc8d1f4a759831b3dc750880f128171d58af28845051f135b7f2c6f7e2787906ac2ce45ff0009d49fd59a7b3ff84e4b8fedb2fb36f5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 4c161b3bf225aa443a3b902855456043
SHA1 16c92f11e6b7998054d12397c6731b39bb8274ea
SHA256 bf427935135f3bbc5e4becaf24ffa9ac61125e208f4cccd4081dcc332f07ea57
SHA512 5e49edc6ac3ba6fe262d4e6f8cbff8273a2b48deaa61f5bf2f8afe176c31f69498ac2cb05282f6a1cf1947e5e9ef236f6f53ec6cec4aad295bc6d7a8ab12240c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 5b7eb37998e2e1054b114c5a722418b6
SHA1 03b285dab76df1cd327ad72192db3daa0d157e70
SHA256 26efaef900362aadb417187f689c1a9ee47472d2cc264ba6bab8e86e0594e320
SHA512 47537df308748cd7e810f5412a43b122e452fd9dccc156c0d2b858e1fb0a47f818b04b3e33dacf758bb9c86ba152f506fd0699a43e054e3d7e8a80303c63ef8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 c1f1574189fa8d393ad0b0baf6f28b1c
SHA1 2ad297549b1c1a790f5ace2b9b227c2b815a6e17
SHA256 44fe2af9b124d8ffdc7edcdd698ebec874711b60c7e4f500e832480a0fea0039
SHA512 50190093c75622b2c40ffd52207aa571659ad516f205ca537fc809d10c4e5ac0b4e552abbd8a19ffe47d63830d8b9f79713acb76e35f2203539ce10496f7d26a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 bce3770fc4d89f850fc20fcaf362d071
SHA1 2f38c1ee2439ef95c74f684f9cfc3310e8636ddd
SHA256 44f7e6614afe137d70ed8ba353980c667197e705457e2c00988c2d985592036f
SHA512 60513f48f8dec528d80af7bfd8666e789bda429bdbfdf18d8061f21431ba9f0aba51075bf3adb0a8e9ade5387c89c71177b25222536fbe7703a423b71cdee780

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0c5318dcfde1dfb4ddebf99587c963b4
SHA1 1a4af8ea004f98cad0b07c3c8a46a6b0ecbc1a65
SHA256 29633697f8e22801b8923d804cca10ee6009b3152d3e554114d58f93a2e7212c
SHA512 cb39942b1bbb93d2ab3993da12a9c5c284fdcdd820353fb51867509abb938273d4a1bdf8782005a2185ef358f902f71524e925633fcbd888c6f117bf40ac73c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 fb0e3b104bf2613ccd1c7d45181c2f4c
SHA1 3ed7dbf6290f9aa640c3885e4b398fd25cd41868
SHA256 8f4232243e07a135125f79202a19f783b3145ec977d5ba45ff7b89786db8b1d6
SHA512 03537e8fc4bd4eff15461695bccd5b528a03ccff39e71030ed19231d9f64b2fa75739c57d022a0ac776d1d00d99cf7b36d8037e018ed9e5644acbdb0f78558f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 1ec64abf6a854efd0352a2378a88f73d
SHA1 70d707e986b1f9946af3e18f43ced71cba58cbe5
SHA256 d99f6266a8e24ea30737e39c7a349e47ebe973759be547686e57d7b3f111ed50
SHA512 76f4ba8024730ceb27674ed3a4178ab43dd760a6a4bb11a0c89752f38437c43ab431e175ec89aa7dad3d8e6d7b0f9b10766f0886f64f9a954a53ea814c9e262c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 281c0b0e39f1895512adae4cee74b946
SHA1 c419fa1935ab6e14813b770379b36ea9972782a2
SHA256 3a9a71b194527b1f8c0aa1a22d622bf104d75e8991da88fe68be0427502c9408
SHA512 59050040e82d3d8cb8a3be8ed9ee4fa887d02fcee79932d0fd8a198c37eb99a11d5c9edab4cac791a12e6f0111aa2f0b25a7273a3459e9fafd472677d78c1164

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 8e804525168996b158d3aab7a0d87df4
SHA1 2522aa01074b1491c3ef768e81db72848fa6bf04
SHA256 6a5a7c771b7e89b492c9a3cf94c11b4af2e7b5df233931a2977b3e31fef8ae22
SHA512 98d4c86d8648e0c858b6b5e096738c3877990e3d37dfbcbaec9483b892da745f43602dabda03eff694ea21fd18c3e4d882bc21aa9e9236d4646d4ff0a45fd473

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 1f75226f54ca9b20b7c1bea2e570c9a8
SHA1 c18fabe516992fb66847e12a6041315125eb37fc
SHA256 21adf5c60bcfd28ca23108435ea3d9262baac0a16f16bfa4f4511685eb3ce8a3
SHA512 e8e239d2e9c46affc0a11338d8e39adc6a18e6b1e9ca7d84e180e29ffd6967ffa3568fd8a532087f488c8a700d79de28f367ea34809e7c9f7c7c8df12ec83d7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 3bf2efb2df85e860fb2bbed843fbcf65
SHA1 55ecb96178b520faca6e66ae1f26d75bb292c0a5
SHA256 7ed4ed120c584b239229e49904cf0a6953ff8ef7103c30c79a6fdcf4098005af
SHA512 d2fab73c3dd746c0741538984f5cae13e04cfca8e3734fbd825bb21c1d3fa3546b3d61c7db76effb3f076c731dd4ba906ec9a9a3caafcc8defc698a9c4db3589

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 0275f7544b1444fcf74f14620acfc94f
SHA1 63536a72d924a488df835eb801c34d1ac1a3961c
SHA256 1fd1baa958eafe8f7bf1e458d9ee5768179d285cd183c6710ad68cafa642bdc6
SHA512 e5a553e947d2dde409fe4febaca392196630c8d0eed0bbdaa90c4ef446d0a25da547ad126b92536a7ce8c15c55b7fba2d12c33abf4d151a2dd969b1f41a4fdff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 2dae3be0b684ed59e6dd76e8079b532a
SHA1 7c5408627106dda259fac8dca6ac5729248f343c
SHA256 c6741bdf9ad8939385db15319dde2d5e66edfeb76527de2a9e6b045ad7213250
SHA512 010b98ab5902f03e7f36bbb43207c705be29c8ddd9dca5b6ff780482bd860295c871eeeaa88e097f096fba9ae55dad38cb3e40427ceeff900d9bd92a9eb0cb95

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 892976655a20e958a929cc39c9be0587
SHA1 392bf922ff2ad521daca50634147919fafc77d35
SHA256 bd7225373f21ad98a98d581ea609c9fcc12cb363a1ed777a27c0da6b6788d078
SHA512 06509a18a0d1e0baf30b00f08018ad9780050ccb7501e418b98bf8e2d2aa8c68bbc5329835d0b9b9ae5b8dcd3b36880f751f43aa317c07e946bfe300c9296101

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 59f05db69e04e5f14c6c4f66c220a644
SHA1 1a337142d82dd6cec71b04b728784a9f7c05b778
SHA256 b630ea7437b97079a7883bfb2989d8ecb4de303a1123e8330d9981bd906412f1
SHA512 7b8f0d5e494760a95d942beee1f3b1984bf20581e4ce0743b10b87c4ae7ab8cd5cda533f59bc500b7de30dd964c64831af2ebaa9f7d1a72058903b171b38adf0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a15290825a9f2b7e3aaf59df7d57d54e
SHA1 1ac1ce8e4464345b61de47c29c51a10e6b8431db
SHA256 da6f0a7375b6f6530b2a3e011d7ab9f067f150c31e7ed3fe60e3ced2be4d34ef
SHA512 039f16cab43678fa8ecf181e135fd70cb4e1bf50a9cb7f99e7b3df6db8c3e3965354e99be7e869b59c4f9b2022ca9f51b0fa3e549ea32cbc8e9e84a751f16c62

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 35b51dd320875b8776b3916450bb9f4e
SHA1 6818a764bd3e8591f957ee0bd56e81a8625a8325
SHA256 e5498fcfda527e405860e7656a77f26f4c2b27352c70f25b29cc4a6a9d4168d8
SHA512 94fef8eca8d5451582f3b6efbf30aeda11455135d71e1d224f27b03999421b3d7be799d12b204e93c80915c1595763152462e60fc8acfd60f4e3f074c6ae34cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 d0fef4b8b5b32dd62e2eafc327f9e6aa
SHA1 02e8ea77b13e1b6b1821a4f8f9de8c51d78cf45c
SHA256 29d2cf1f92c2c518f228afaf98cf8ed86b138c15eeb8aa208845f574a5029d6b
SHA512 7d42d949fd5f15c3251355ade1b35a762ab4c01d90f6f633aae42658808930f1ac33b614859b677f1286e6a699f9f78b2ca38f34523dfcfc43e263a8e474c950

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 7e461dc17433d8054517c35721b3c17b
SHA1 e6cfaf561fd26b2e0a2fb6d3ea0e7b7fe947a99a
SHA256 764929594bea3e1a3fc4f7129d49cf64a6db7e6b5aa0c71a5bbcd614d80fb299
SHA512 d956c8ce4b9cd6d0bafde13789f344956bceda0ca929e2c6c7d637c30873c52fd7fb3ea462f1798118c4d900c3fa698645fb5bb44584aa342deb229fd1500fa2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 00ed9a48822b216107be46bd174e740e
SHA1 7454b233e51650fb336a2cfcd54ada69eafd23a5
SHA256 3383f12e995dd61d21cfa1b08f2611bd53031f521067abd45572902fe3af2933
SHA512 67b80272a29920a33c6cc755dfe9fec411c2942eefaad242679172bf4d013fb2be5c26cf2e4aebf995fa1d0bacc697dce27827562e2b992bbbe189e56960bc4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 1ce4c53dadbe5db570e27dcf60070a92
SHA1 e51ca289770bbad7d6a3869a007f3de6f8ff65c6
SHA256 59c1c9635d1891341914e47682c2c1af27a9becd51158b30ff6378d4f07567a9
SHA512 6b3f7c389e164f65ab603d6b660769e94f19983586eebd32394bbe71993bf2df99a691e7a7988dc5953c1778234a29fdf63cdfa1ead151d0a0d5f3b93942e4bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 d4f74f4580ec3ccc000b18d6909c32b2
SHA1 f23d4cb55e73ce42cdbb0025ad0758275025a087
SHA256 8ab93454edc4a1084d7c7a54d9ab68adc00034b95d9c8ab8f0f6fac36c9217a9
SHA512 f6fd856d77198d996511374ab9412aa8a0cab588d686edf149d691e18ea144e839f551c233e58098423f216002a97fb97dc19fae15d032e7e94b58c0ebec62d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 3600511b51e11efd8bf717d625b3acaa
SHA1 dc73739c8a2e4de47ff3ede9a0c05ab026fde03f
SHA256 8b4c05197fdf22a85d1866390183195bd8c775d32beacac90f9bb5859f03a69b
SHA512 3ac52284f4061cba83733a10cd3fbc6e0d4759f4b8ec4c7ba3540abc9b8a44fd8e3e9d03de8b176b0d995461187d6c5f4860720d12ab766e761a5203b3399daa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 4d6807fea0a41af493c2920ce4663f2f
SHA1 93bcfb2313d3f896f3f90dab1fd519bfd94b097a
SHA256 513a6d718a83185fcc2cc4c87a3acf8f7a4e26310478f9d0c544f7b8d0e613a7
SHA512 c59752db3ea1515e3d1204e70eaa998a096f3216dc921d7cad25c7ff3929aa0b278d9a3891f713d93142ef4103702d32f3c572c9a59e7404826e24a4851040d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 43f79317b49f1b6089fa1e601ac77a96
SHA1 6f7f469e9e0e5b8a1aad5864b31cba1c855daf51
SHA256 babd73230f7107032b49776d8efccad673b3de82cf63332c16566a84e44628e0
SHA512 b408761237d20a65ff1f00219ec59e410be08a10aba25e949b414449904cb6adc48dcc6cd22735aa00a4141f88f008f3a9f0b53078a55468ab87d3b93bc4cf7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 23f29e2b51188470721024000f56c4e8
SHA1 8e06ce617c7947e8d44a072a40c5dd47ea951d66
SHA256 0430f455df87c06f2c13510aff1f08a9a6d2aaf60127881e70759651e62908d4
SHA512 81e0cb10a61c07d2935c48a17773bdf2e16def31c15e89d0d197d7f50d7ccc63abc5754a225fd3e7d0f3ce3176fdd4c8c68c4f19a3f710b734e9f5a1d9d2d9f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 d6929139a56d8bdf40c7b9f33cb973ba
SHA1 314228d20ed8fda5a9c568cd48062213008d7a10
SHA256 a10abee3c0740577295e091c3f8fb94604a7530819906ab80f3d0726f9853617
SHA512 d831bae795ef2929a4fd728c8a94c28112af89f6807f685dd77ab77a38f59c499afd42113746031e97f2f0446dc49f910c21167fdf1f0babd05fd327168165b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 4c9e44126ea4471fc9001396aa4afd2b
SHA1 a95a5b3658268c11bbae3fa855b0be38a363e361
SHA256 798c5cc3961458610807c8b68edd3e0f6e60fca4a12fcc0e4faba320b8f11c65
SHA512 81a4b8bb48d1d0c8668b66968db957e00b7d8f48c953c2f6ee3e234f6956a8299a1c5cfdead90f2ac30726e8bcc5eb737c34fb33c0371e795538e9d078ffde49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 15d1e767e02eb84ea641278272f9d630
SHA1 96f580cab523a94399666632c4aa0feb64e1bc66
SHA256 6d3c5ff3fd6aa89d28ef38f029ca049f44591f0190c68102035aa242149e338b
SHA512 f76d655328120cd140dc27dd9363a18ef683237504680430fd8e5101c00d28cebf6205d031e57f817857bc9b4ff308913f737ea49e0dd81e9795f46edb5c5bf6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 e53ea72c1e21e95b4bb3a8920b1f5e72
SHA1 0b77db173ef418dffd045048f354db38dd644c2b
SHA256 8c3676fe8d2dca50ea18b9a11a021fc515dc315e18e1e49fa7685055a3fa9eec
SHA512 831598edf4a52a7dfc5c60dbf9991bdefedb80e6959e507e454c1a4c63a25af8a04f2e01adce0bdbcc3fe99892e0cce5b33960ff9345a5eff3011af38d921f5d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 7c2172ab3be24dd7557dd45c6a0637ea
SHA1 ce80353e51de8109c7a0c196420f6374eeaf48af
SHA256 eaa4cbd94ab21e62523d13311d29d5b8d16d6b9c11cc7860bddb07f6e2015c6b
SHA512 9fa936ffbd11fab1d9a33098a7e2885cb71ef6217ca6f0b26d6c512c22b2bf88d9da265a7ddeba840b3d2435ca8d02bafaa3af10c97f0f1e61b651038703a8d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 279a4c4f31a6dbe16e98885105d79a36
SHA1 41b423c0f2bd893eb14d13aa5187a1cb72d27139
SHA256 2ce379b45e0e5ede012fd62eb3ca4bbc5253d3c66a89eb179262fb768bd11785
SHA512 f24ccc4c0c0f69d54350b582344baef34cc191523e0206d81bdf51b31c3e3ce0f7fca18b1533f5158afea5ede0ea6fdeb7f2008e7de5172a2d3d7d3a04c7d9a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ee6fd6978a50c21471d9560e4f076ded
SHA1 a85b624e42927ebac2b5172d744ca9ab4b0a2418
SHA256 1f2b6e71848f182b8ef7e56f28ba4cb6ce4f032069a9bcd93e797b6f3771bf5d
SHA512 c61e7fbfa98429a897817fd4c61e759cd476a9642512b740018e806a84df5a1bf82d128b27dafd1359c5d038baadc9627d068d5fe0913240c6f718fda468416f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 a2052a98789c0778e012c04ce3644645
SHA1 c5043c5c97b74722f36eee0eebd199559e4b0720
SHA256 14671691cc8f36ff8d2a904a7344ec71f78232b57fb3fa6d2f7a22fb8e724c2a
SHA512 3fcc3de10522993fb6b0eebe193d19699443488740417d495ca0568480c06010a33cdedae4b9e41e5b50a556fc2266970699ececba9497d5ee81157815611b6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 8c2de36fbc5668aa43160795a73011cb
SHA1 599dcd526c7f8006e5eb6a3d3c13e9af06b4cd7c
SHA256 45491eb4073022fb45b40267fc05ecaaa7b6302618eb7fa1c43e884456997eb5
SHA512 454cb76747157d62ab77b38680969ead4d5fdee162e91004f63ee22a7de28c39d697d942b6f29b859722a98733fd4547c1fd791dc23ed9ad7c9b0253e8e23848

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 cd5e6160900087504de5e65d542257f5
SHA1 02e1bed3c1af33d2ff0b6c25f340f293c1a884cb
SHA256 4bea43d01b725b7060148721b78fdb02e70b335a7c7f61995f7d31f89c882165
SHA512 dbc798827cd73a697a5a5e2120fc1b3c6c67ddef2eeea9860cb1480472ac13bcf3d629af1d659b5a26653b5896f423e33708564ab4e2e36196a3d53abd69bcc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 6f2f9ff105d609e0630e443e5dfae93d
SHA1 885df601915bc541a93b9a21515751c476082799
SHA256 0446c0541a4af668bf2e44c5e4737690207743625e07717d35e0e81471da992d
SHA512 b8cc9aea652403aea294b7754089b2d8bfa5912a5ce3c3f2ada4cce67811b9dadb1345902591865503515be62ebbd1f2bc40d37261656fa98455399535f8aae3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 bd3a8cfe3c9c73dbc969517e1f4fba3d
SHA1 bc349d37436efce23331abfdad5f317e908a404d
SHA256 0b6db9a4a88e08ca9e84065ce1a62b392ba458465684a627923d654fd8ef4201
SHA512 08fd2a72d52de93b8b56f695ca2f3657f0ec9604da053ec96f844ea944bc8c64c9ea982bf915f9b23f35f1bbe88b719d983ec93695303cfc611a470225349783

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 ad2d94ddebc009158a09d4e1391f045d
SHA1 25b7d05533640ba7569fd18605c0d7011391b160
SHA256 da379d3bf239a83c3013c0550cf1e1f5130dfedb053fa12e763dd5172b3555d7
SHA512 1abd81bf5a3ad8f825ea16309fec742e46287f97801597febb7a2df127ece762a612f2ac6ca6280cd7d17a84df87f4afdc455102004c0332ddcb6975e7148dbc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 c8ae1005e9013c59d6725cb6e6f8153b
SHA1 19ed6c886f220b3e052d3d7f9715af1353a1047d
SHA256 fdde1ccb86e27decba7076cb1641cb9f80ab2445524da1e39129b2c524e88a1c
SHA512 23d48bf365d45056a1a4930761adb8a380d503284663933e0e0307f3bf836aba4c2804e4f0eb9d247426775ff36076e9665b91248f57e966cb72197cbeb16e07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 2f696dc6ab63c196d9e08fe305ffd6c4
SHA1 d8773811b43d5e28a8a6b2b80b933155617ab977
SHA256 1162881593732b16b79368b9a2eda91b621bd59ef5ec3357d7eef843feecdc62
SHA512 e7b4d5ce66564b79b5b609ae384187bc438ed0b6638eeda3e4eed13edd7189514affe40e1e1f136ab90b77fcd1fcf89a485c38883cc3dc2306133e8028fd044c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 fb61a631a17cd1f8350ed627b56b9f1a
SHA1 85f89b8a7208f5c77e65fcbf38f16dea698bd1d2
SHA256 19071cca91d62a99941c626393caf90005526f2f1bfdaa9003efa04421d632ad
SHA512 25be19fb446586b2f6a3d47fc650fcc2b020b54971e03f108adde69f55f3f141a5d4d12bcf049ead42ea4c9fe234b0edb8c1e8420f80a563ce46438021e1bfad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 27d8b0597d524f9647f1154c9b8ec1a7
SHA1 d0b894b7239df9a33d06ded0d0f4882f3d70f027
SHA256 542334cc0b4a6b433251d80ec6c66e31e2148ae12b922984acb553ac002a64ab
SHA512 8d1da258152dd78f1dc7d039187537e2a935608922344bb68e9261335f01a246fb2a492290439526fbbe0451643501b347357ff632868129db1500f9fb36c95d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 627ac7884cc7ee93b51518890972da56
SHA1 35be90ef6eff2624bdf8d4198c9d3e7ce361d4ab
SHA256 e73233dc84ba947d0afa025f94a034edfda2ad944a37791d2aba0447a1a4add9
SHA512 819a6e490853aee02276bfe5c4e1f9ac53478be88ed1a06bc962b114182f334a2973c8538fe4518a76e9bc297d6c0b00746e5a50bba81dae8a43a56363934d22

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 3e8ae2f204c870636ac7f2d0cb94ad0d
SHA1 2caa5e9ae94dbae60c50a06bbe9e31185c431724
SHA256 4e6d56857647e5ef2dc6c9a7f6510423f581853c0158e0c6272c6dbb9d8d21cb
SHA512 265592a6306768abd2a3e695271ce45a11debb0e8f23a6af34cf2263297b2bcf6a01845e50d2560b0251e9b0e2baca0799ad0ba1df5f6ec0cd0e2684ea7e5323

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 37ad75fef88a371c74db61a821a218f7
SHA1 55596ae3121b13148e3100193201c5d2d9ccb6bb
SHA256 2e4ea28c9f8e136e1f3456bcb2e7f57ea17f20286a077353b14dbdcb32d20cbf
SHA512 c6288a05901c60c795bd6bc904044f744bd768ccd226a931febc86dee7199ef629f4c81096b576185c5075d1bdeb65e9a0832a8aaf391475eeb9e482fdb2f0a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 ad9521731b0b05f498f1e36c29d708bf
SHA1 9fd2717f62ff75553486c4ac0972450f065ba1c3
SHA256 45bde624c90f44563832a3f196ce5320199753f9b8c9197000c8c582839bc09c
SHA512 997fb2bfa58422dcfa36f1a99531574eab33d9adc14b6a07d4e31f2c1faeae5b32ac1b30b3b3586ea662b47942dcec89875db5bdac501e19c7d2dcbd2a7a05f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 18be4dfe32206e415fea6cf2e3a3e044
SHA1 aef549fdd33a93bc4dce3b2937dfb1d091c1498a
SHA256 71007495165c93f4c36fe5a236d1d0c963193cb4bfeb338d0edb5bdaccfd4185
SHA512 e2886d61f5b60b780e95570fc2dec6894f8f70cb754c24b5931a276b19ae24b18f4a055cd012a38f5ce34e12a2003e9fa7d20a3bfea1eae5ee16180c599ed4c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 634e697e3524b066e1e89654dcc59e46
SHA1 cbd98bd09361cc69b38a4b84efd757791eb64781
SHA256 c7d5a16db3ce12ab6a7c810ae620639f23d5f0bfa6ad61c2eb8877f6cd7fafb8
SHA512 ed83e4614644a0098ff98227089b996674df02c9064be05458a7549579a53437f1f1d555904ef591a960671857d902a6ddd17760964412e9804c86e2dc9d3736

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 99e91f5251bd4cf79b1acf130a96fdae
SHA1 e68d6dc5e0f808208bd919e9fb9531dd7ece6d09
SHA256 6312bc59082fe6d8d114a94009d5c73a3c8a5a6081cb1a8c1fc1d246472f4461
SHA512 9f3aec3b722962ab72e67f53f60bbda9c7d1b58dbc315f2486b9215d723ac4f6d36c83e05ff0a537ce8af70b2b9186ab84e50cec94268daffb81e02cb978c5c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 d3ec438bf6a66eab1f9c17e67acab946
SHA1 09430ea3d005523ed7e565b71429000e61a7a1f3
SHA256 b9b1c5c00a44b92dcb6446f6bdc9e21a7d2582db071d5b3dbdeb8970d0485095
SHA512 53c11e5f90150b0b606f981ba0a9f36aea8676d21aa1d8b78bb8b252203cd1c4e0dc499c7f5ac28ab7948a770862c319473ba0093c3fead47dd68acfaab61a34

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 8b0ac2ad2750da96a3c9dbf151155f23
SHA1 bedb2bbe935cab6e64aa14cad9af45a236b27357
SHA256 c3bad2b4d63be106251f80306a39b1801564cb565a2a79038ec8a32e63cbd33f
SHA512 e32344c3bc85dea4a38b0e8758f828033fe468376ebbd96d26dc6b778d94801667ee8a9614effb7f3bf7df2371b57a9aeb281f5fb6e0fafe9b3a39c641d70a0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 e0747d51b51ae28ac05d3e02961298f6
SHA1 f295766aff78c4896300213ad50ab164becafb85
SHA256 8bdec0ca10d2c05f02bb524e928ee96a3f8934f0dd5c9ac8d48a5568a4749788
SHA512 13e457a7ee89fa559ef403f589040c1ee7a4464860a8d59fe06325b26d01987417fd5b62035d0b4a98d43118a3d17e9073f12ab8f983f8a7a0d0191b2a5f96a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 900a1d6422d6fad7f061abc3625bc4b1
SHA1 eb551499a830218921d11e891f67851436f0d54c
SHA256 eb00034b0ceef76f196ac9699cc42db5bc90bdcc06209037f62f41aeeefbfca7
SHA512 e047d9a57079567eea2f0f8a76cf33659a8e33ba853097bb554f18fe04c47e9a53367a58d32c98b8278aa7d1a97cf77d9e8e52eb39f0bcc04a132f87e414448d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 8161ad7cd376237f5eed64fff5ea2f3d
SHA1 0668bffedb706ae3c917f26c819146865fed4e6c
SHA256 abeef0a6222756cdb4d5649f47744dad4d10018df2090278588bd520689e683a
SHA512 755f360f6f2123e37f5c3433a3a240daf8309ecdab3c2211314d318b991477239d1dae85123a477a6cf24f81819b8058798bd7e14d1e805425eb018545da9f23

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 773af7800e7f9d476b57297068ee59d9
SHA1 2035daff91752bcc09231e4711f1c3f432973b3a
SHA256 8d1ddcd833f25e8f15f26e09453debedad0d70db08064b3a29aa8a5c8112ba00
SHA512 def0701e0ac4fb9006b8c49827c5f302227db0400d1a921059e73cc8a2dc0123e6ac71d5d0e6d0f5eac9bd94042886e81be436ebbe14eda3cf44b33d131c40e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a6f58cf5a8e36dd7627f583ba39a1500
SHA1 f96cf073cdeb0a3ab3b09abaf6a4459a8454bf09
SHA256 1d1b703e4830fc213f3432f6a22e490e748340a91c432108e3e838676d90cc38
SHA512 6c2bb5b4511e47ddf78b0d8a0ca6b3d6d31952d37ad4892fa06e8c9e92d7c719e1baa41b53635b1f0475794fd461081dde2d18d4b7c462e4af76f1556a9e81b7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 743c61f6cf2fe76a07efc3ddab2bcfe4
SHA1 2becca9ba873aa3e1d6f0c2854cd127f46ed0383
SHA256 e7e52459634d778d3114c083eca710ec28ccdcd7d1bc87f230ca84b354f61d5d
SHA512 ba4de6d4c29772f7f77a03da17e324000db1e7f142f8543959740bebc81aefdd33de2581718721d144327cdf35e0f78312ce5ac1624879a5c975a4d5a0a36c4c

memory/2336-8858-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 31742353cbf6874416302f77e058d2a1
SHA1 24fbc0b098c75d56d875cf9d83dc31d6cc8fa066
SHA256 83c708ef014d7e0b6ed587b10858d1d74eb47d38a9ba63c87bf951a0c713616c
SHA512 15ec26ba0fb7420bd45732721ed457cdadecabc60575f69af32a5016f1c9d9162c87357f81e5f5303658e1ef0778a5e5c7c467e2efbd77d0ae235fedcd67a8b2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a21fd6f5f0b0acd3e5bd12fa07036c57
SHA1 c721b8e23fb2ff860973bef70de307b2daf28099
SHA256 841418802dba5f6037de7c915eac705b87fbff18d4bcc3b56ee37e2195aab163
SHA512 b9a6c9dc7f96f1362e8bae494187362eea8f494bfcec5fec6f3816a2fbb8a1c82746c28d8450763ac4cf4b7049718019ae1b03dd305454936d2b291d1bcdb1cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 196bac369cbb81ce12cf25e051544de3
SHA1 25a10293a577a2f93c4eb2ae63b436da7df30bbd
SHA256 acefc5ef65f9728e10ba0f00512a3f65453c34106408a2359ef9a32e304e94bb
SHA512 7c9cffd13c767cfa2aace9dc74dbba2326c106b6fadeda3ed97e3fc8314b2fee493a625efc4169c5b7853cbbab80b7e7dd7894b255c1a4cbb1054b6b45bbb0a1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7d64869553c6dff5fc3e5697e3c55592
SHA1 4dc5c12ce4916f44593a6fb2fbae6b6d16a6dc3d
SHA256 06e9dca32f95e4f0b13fa304518e00819a76b7254a902e99bd2b807ab7036261
SHA512 f33c230d0a62ae8455fe9eb9778a43d163b59029570d299a9bfd6e7d32900b040a8e8e892764a78647d232e9b73cb158e184410d1d6cf58a03ab52420509e179

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 39065ca38b6900e3f6f4c88e430d3174
SHA1 f123fb98e0e05ecbf37241b98dfca9aada8779d8
SHA256 35e32daef9f104fcd3620740976a4aa4ae72c1b921e7de7b9c84638965e108ca
SHA512 a4809a7c4dfbc83fd2d176e72d881f96e9a7bc9a19161772bd95b6d75105e5f3bf1d5a645b77e54416480c06c8be396225d37f6c07ae7c3332b8cfa3f1113c21

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 6ee389e087ba1806ac8d6fabfb1a2d96
SHA1 3ef992dc272c626865e4952be1fa2f9dbce8dc2e
SHA256 0b9202dbfe3d6eb3b40e356edf970101d30c54e9988631abeacfe8a192ce9754
SHA512 35fcb275765d6add2c8999f3e47af6b58ada53b5b02a7712cb2b625f2bfe6481bc741f99c9a88f19dfeb6b5961486aa8fc9b6916da46c63b69479944d5802b0e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7ef7ca9454b42e12c9b68d9aa1f31d2e
SHA1 23f911160442139334bc2ba8aa1638a041a3a73d
SHA256 e2351c02e0283096dc1f38593ee06f5d58f0a16bbebb7dd85b2d726eff4c5d6d
SHA512 d30245a1f25485f498b194816112b78cc3c41f4ef291461c5d256b2648d352ba78994fd4662590d169ebcfa7f170d8a3f8b11e5641d10100fc47ed92eac703ae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d1412497f7ee454cee4958d6aeca5642
SHA1 56a281295734e9b259bf0230e03c39b2e6ac5606
SHA256 c6241ca3e6d5eda0c3b4ff61d6bb97f1f255c74ea2aba0bdd5d645be1132e213
SHA512 8e7822cc8820b340e442664373d41f7007e209992bb9ad2333e6f604d48568cadcb1ec2bf25cdb47890fc4d15b2d62c00e391e639a187fc4b72e57ae7f97e010

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 8c896b61a9faac3f24e781c58f3617e0
SHA1 b2b97665548d52eb78751a15ce15a9f0a396d32e
SHA256 9035a24d04368cedce17012f58a75f2eab05cb95930436940dbec740810fa11f
SHA512 d0a43038d01bfb8cc789286678f40de89ef124220cbb673c032f1b36853749eca45034d7b857623c436b1075d1512a3bc8a61589602167d27b133b05958f6790

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 b82373a8e89b67839ace9f1b45d687e6
SHA1 e1645515db68defaa5369836346cacf9d05cf2ac
SHA256 539583a6cbf85225bb5836797aa1968328193dd9456f8784e213a7e9d6fabb57
SHA512 173d015df6dc477476e9d18d7bac0839465a6998d68e2f6dbc0ad3475b461a453edfef37451ac27b345e5351634aaba87845fe0011c7d3962f20717a2d62caae

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 86f59314a5d7fbd3be25682feedbb44d
SHA1 efd24665af7bd2b27922dfe0fe534aade111b592
SHA256 0a56282cae5803caa193ad124a1273e2478e690839042ecf75fafa318c371e25
SHA512 a898f62ccb87de6e321e1ca6a6343df5f8a14334ae8527fff9b143f0c28fdf31770704a7539304a246b861dc4c2af84db9738bbdae0bb0c85155de26e967152d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.EnCiPhErEd

MD5 dadc0cadfb60c888fd202cc3abffc002
SHA1 cac48d34c14aac4cea071f8dbfd31ab0e3d2db33
SHA256 2b8cec1cfc007532ba6c9f78cb25d81c3979f41da7c49206f2ca12513f1785b7
SHA512 822f04294f5394a82f5ae0fdb3155ce633391c7043fb3965701b06372700521100de82c79b974a3e9b034c43caac509c804bcbe5f9472dc7ec7ba86edd4fa622

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ce7aea1c9ceefdd8530587a6a4228d5c
SHA1 3f94259020e6201964fa1285ed65a8b8c2b1386f
SHA256 4511cf895a0a729022b02812c4d67898bda6b8f63fa6ab172fee84cabd4e4bfb
SHA512 a8aba436111b4130bf985f4a7214aa433b8901f53ddd04e84bd6a4b26ec03d1abff34da870e328f5cb909b1e4ff560a96ff307d7f3e3a0a37585e67fd4219972

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 fea105ebf3c2cce098261596aa917e2d
SHA1 5116004481a5590d111151f0a0c7ba63c7d5d1aa
SHA256 67e4fe00dcde500b4c9eb35d4b9ee41a3bbfc3069e9598f187c219942d2385ac
SHA512 b358a99d4354dc0f36182536e09a27531b2c5052b8c0ca20b4c4e881645b7b19b93dd54de261b05d271ae2d7f954e96c2796ff9d4fe962b7e0f770d09a488deb

memory/2336-9710-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 09:47

Reported

2024-11-25 09:49

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2486) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\replace.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dxdiag.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\DevicePairingWizard.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\TapiUnattend.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ddodiag.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Dism.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\systeminfo.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\logman.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\edpnotify.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\iscsicpl.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ndadmin.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\hh.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK\Assets\VALoading.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-64.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\MarkAsReadToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow_black.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-150.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-400.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Package.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..chine-dui.resources_31bf3856ad364e35_10.0.19041.1_it-it_76317e6e4376b397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_10.0.19041.746_none_03030718c597d891\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_lv-lv_4233ec731487e2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.scale-180.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_10.0.19041.1_de-de_20508df04add32a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\500-17.htm C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_c56da04b0430e4f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_nl-nl_777a52723c230d61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_fr-ca_fac701f61ce3c311\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_10.0.19041.746_none_b97c85cac92fbe13\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..worker-v2.resources_31bf3856ad364e35_10.0.19041.1_it-it_cb5fe19400daf1cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_10.0.19041.1_none_394b2b83a105f776\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1023_none_8642e441ed71095a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hgattest-wmi.resources_31bf3856ad364e35_10.0.19041.1_es-es_c60bea0e87a424f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..el-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dfebce59981ec8f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hnetcfgclient_31bf3856ad364e35_10.0.19041.1_none_474ca1a7ed9e683d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_10.0.19041.1_it-it_0a790599674166b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networkprofile_31bf3856ad364e35_10.0.19041.906_none_56bfdfa2d4d49724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.19041.84_none_d062347205e52d46\PerceptionSimulationService.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-regctrl_31bf3856ad364e35_10.0.19041.1_none_d0a7810853f56cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.19041.1_en-us_5da52394cac9dfd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.1_none_04930b2bd1f9871f\Square44x44Logo.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-networkbridgenetsh_31bf3856ad364e35_10.0.19041.1_none_8087b80438f3d43f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\TabletMode.scale-200.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\ssh.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ess-userdataservice_31bf3856ad364e35_10.0.19041.264_none_1c9ca8878e62981a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..lient-wmiv2provider_31bf3856ad364e35_10.0.19041.1_none_b6e04df4280ebfac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-w..iodatamodel-library_31bf3856ad364e35_10.0.19041.844_none_5308232e9343b869\f\WinBioDataModelOOBE.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_es-es_c82ea5efca98fd7b\OOBE_HELP_Opt_in_Details.htm C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpf-presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_bb8aa452b18b9835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_10.0.19041.1220_none_2b7492093c8a570c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\Containers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-e..edmodesvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_8dd4d69454684850\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ingflyout.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_bef45f9f1f7d7c25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.0.19041.1_none_7b8a5c016543670b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eapprivateutil_31bf3856ad364e35_10.0.19041.746_none_d621c6503f6ba62a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.19041.1_none_f725ad3465e95fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_it-it_f8576122041e54e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_10.0.19041.746_none_7282cab1fb01acbe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_networking-mpssvc-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_0135d3526a87e019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ufxsynopsys.inf_31bf3856ad364e35_10.0.19041.662_none_eb48813183604651\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\UpdateRestore.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.19041.1202_none_d081cba554088913\slui.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1151_none_6dc4fe08a0051e4d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.workflow.compiler.resources_31bf3856ad364e35_4.0.15805.0_it-it_9785c4d4a0f1bdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..m-initmachineconfig_31bf3856ad364e35_10.0.19041.868_none_b471f94f5b1036ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e43d7212a194b1e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngshandlers-cortana_31bf3856ad364e35_10.0.19041.746_none_89cd79c73eb2ca71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-vbc7ui_dll_b03f5f7f11d50a3a_4.0.15805.0_none_c05cee4e743b7fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\YourPhoneCallingToast.scale-150.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_10.0.19041.1_it-it_616c65496557d65c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f11f9259d9e234b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_10.0.19041.1_none_fe5a9f39f9460f04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-docprop.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bfce1fe5bc80bb98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TinyTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-naturallanguage6-mls3_31bf3856ad364e35_10.0.19041.1_none_0b8dbe58f1dcf7c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.84_none_3e82ed1fe15c67db\rstrui.exe C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_termmou.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_15c2e58517c5678c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdp-api_31bf3856ad364e35_10.0.19041.153_none_ba03948cd2f4713f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.746_none_367d36471bb01f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe,0" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HUOLVISLWCWCBZB" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 93ba314b38cae5161f5069c29a79cdda
SHA1 898e76aea46705f3551d98fdf96ec4178e97694f
SHA256 35fdc0cafba7a29bdd5aa01d7cca04fac658686a5d78f2df6f2b9c0c432e38e2
SHA512 5400f1749292dba242e3f66683957dfac929aa9d668570a00a36cf92cebdeb21530be02ccac898440f8ecf6c5e7d068d17d1d7d978edd74147e254f2cc047efa

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e11f42ac22e37e7d7257956375c3f091
SHA1 99e02091ed279a44a7a522ba38da3053116399a5
SHA256 56732b27d5ab3b96546374c56ebe21b72f5074788f2ee4fec3c2b3e6bea51a3f
SHA512 245e3f95969268eceae1ac42c5493e3403f43a83db96a6de205ecef7542463461e5077b9ba5752d407e2211da1d69336e69eb63eee3cb5a4ae7dc80679b7bf73

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8bfd5bd2aaa1a582d8104f4cea27314d
SHA1 c663b619189318b6b34433a55cd60602ab2b9389
SHA256 6c7444644d5d39bafbadf52e95cfbc8131577ba525c63afb74d12527b03414cb
SHA512 70a22d9a9521c28f216d829f0ba2ff8183df80d145791069bade6368860b36ffa69bab08d4d56ac49c09150bc7728f625431eae46bf85847cf43b9867b227b51

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 039c95fa699fa1a8314f059cb655f12d
SHA1 a3d1a047ce732dfcf48612d88652441e6fa78331
SHA256 65a4d974f7197ed261e42f281c06403cb6eee421ef8ff6db2789ef83979bcc57
SHA512 29549f105f5cacedda50afe7194d32d66bff41afec6ad403d3bc97c23fcf06e56a1fd122e0c0d8d6910f2385b64186d2776bfaef1f9bac8cf77aa7aeba5157e7

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 75829af27aac4dd5ea16a7c8c51bb74d
SHA1 20adac6f09e271c2a1c400d0b9cdd42e85785d7f
SHA256 e8f98d2394a9137c1bb10dbf84ed01cc8dd06bb7a561ae86c083bfb233c73307
SHA512 1ab8f4786330a9dfaa01b726f5cf970fa135561e860991260a44a93195f62935f41392151e1f6fbf0b6926c72f8df41abe39e2092ad2333670dfb90782d140fb

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 dc0168d31ecdaac8bad8ec2238f46ae4
SHA1 a6399f9d02b925b6a997e75aa720a1941dc402a8
SHA256 b1e84ecd81d12a909e1c299434b90c5aa984981487239bce6bf9a5804ed388d0
SHA512 ac73a2e8b3ebc1ce7448668522e86041195babc3d4ecf100fd422f955e91b28c2a2ac75a0624c8d9e6b262d286cd292288eda125af2b3a5b77092182402af2c7

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 f00551bf43f631c53384878d6aa71cbe
SHA1 e09e29e0e97f9d0f3bd67d02d516d6d325a7d045
SHA256 38d19efffd3ac51e2b9e45f05e297e2c4aec1c70d8760cab2ed64f6233f35d1a
SHA512 f862026ed504161ddee36fc8a8d179444b5818db66e0fe24252117991a79bb1e6c6b7aca6ef5c32cd3fc86ec5fa293f2875935181647032c18bc6acdcbf0a3ee

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 7696b1ea5d65d19432598f23de73c304
SHA1 0e311afd40f7eee599ca8e57b04ab1ef36141569
SHA256 afb4bd0fed7376cf7997f0fde65eaaaecf064c014088122a33057e2162ebe5dd
SHA512 602ae26e6917c2cdb088a5c67c679f5f1c4a5652885ab03835d51e8e6b1fe607486a589313be1da9064ac51accf509250c894ffb92afabbc773738287fdebc22

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c0baef6aab8bfb39f000810975351751
SHA1 69c3794b63ede0cb3bac5fdd19f63fda1d6fffcf
SHA256 6b9bf7655d01a48b31b7b9691537aaa71536ed87f212a8e4e74e44206b6aee6b
SHA512 e248549f61f30293326300cacd0b89bc2f3b15e20ddae67adde51afc4f534ea6311ef57f399113bdb3a62a0bc9bba3a9df4fef49e20750ee6b6e451705f0f850

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 2ab553f185a4db1663284b54dc69a2b1
SHA1 699e28569373775e32d8a605c7ff1b4da3cb1423
SHA256 4d0dee54bf13aed112b461d3918e6766eb30b800f8c1dd15789fc6fccfe3d0e1
SHA512 e256d93c7079d21d133854e8f4931cf406665a1bb0e40151a7ef841fd83f7a9c62d06abf14b24c70ff1f32a7ec597b5d15d38865ef871303bd051033af075b06

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 850c6d94738dec68f2734691cbd7af1e
SHA1 2091570ff04b316ad75caab44ccf0498b0b6173c
SHA256 ae99b48b4b8610298b520c54b3c1dba0394d6c65ce75970014792d73e9362226
SHA512 5a58f68872e3a0876f3c16fe82a28ba75376f8373079b9efb45636792ac25b0ef2bc3279d1c9a732451b419633daf730583b86c9ebfa66644888cea2932a7276

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 292b07f476fb803276d022ac800f1695
SHA1 7bcecc2ea04c6be9b85c7f8ff4321c5039d6efd4
SHA256 cbebee5a94ea88ac88f0b2a57b019eea55e33a281bf3b7b749df22204bb65309
SHA512 9e4f63476955db6ca66008e3b728a6167e917b9086296c3c1ec37d3c8b2f988173ddc69c45edf47a804fa53ef5184817df31ba229d7481a8f36100eae1de6147

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 778879f7601fb39ccf46451c399e2ad9
SHA1 fb6ad178f09d8e0222057f3df583b61b8f2ee93e
SHA256 170c5beb91ef5e1483126c4cfe2efebc8761686137d752d295d720eac2f191bf
SHA512 dac4e50c8697ca3c96bc2a5858770ee6e1193182c92439122486b8f5cabd601fbd793b4d058ea4de2863d6d22c6398fc283e2bba343b62f52478e6d5a8641854

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 de35ef61f99eeb5d6678fc51e023b40f
SHA1 d4a8f8dee0015ffc96cb123e905e0b59acd6f014
SHA256 ab3062970d7f9a6a720dbe05a3ecbe76afb837264a55b2b9f26516af7cb86bf7
SHA512 083e8f5049ba6a3ce1a3e8c5ec3f91bb12d922580a0f9c03debbdb263ec9e697fc8531b2eb47131fd6b4aefd9dd08602d28b0c447a04c73db44103120e68fc86

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 8556892058f35e487ac25d7c209364ac
SHA1 d6ce3b4738b0e62d9ed08ac1e8fb189404c04b95
SHA256 d7a688e1b5ded27e68b8932df609201600a17d552f3d2769adb28ed7e05f2b9d
SHA512 b0c3091c49b701d4945b5904e02d4e2f2072e0818c24c8927f447aa6d41e58fd125a6a6b040c5e630f379e798f20b7f43b68411701156cdb5c315a2abc00f1da

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 a7f037e43b47efbe282c5acd9e6170e7
SHA1 50b89f2d152905097100f4264f4366324ef5c8b6
SHA256 6643cc4e90940f21eab50c78bbed983e811bbcba02449ea34ffa3039e97a908b
SHA512 ac61ac6808b28274f605a9464bae31fdf68ae4a0ed4e4646f397d1e6113bc4de764f938de9aadac6247eb2a1384172911d8d3bdeca0b1ac57c1b20011af6b677

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 0b0bb26eb23ead453d9ada93bf218365
SHA1 61147edabe4af6dc4009c67f2faad53bdfbe4cce
SHA256 8cb40601c8d238e43706219b7e0e5b20bb77eaf8515ec1b4a989fe1f33d58221
SHA512 5c7f25d55d7ff87f621197ca211c9d3d0d6c8dfd4f4e0548d4cd510579f26afad8128013ebab58eeb10eb90a297bec7de107dc8c885518c57b3f87c4f356817c

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 3daa1f3afca2832a88803a06db79aae5
SHA1 84a9d3dedbe684677788f90dbaeabbb5ad7c269b
SHA256 44f6ff95546816f44b7d37b4dd1b7ed922cf0c35cf3d5c963f095c78600a528a
SHA512 c0f9851565d52415c23cdbf3b28d856d0663916a25b265f42fd20fb6d4be0f26f0dee2efa9dc8a57086e1294a5928afbc5401f0fdcbc00a7f445add5432efa17

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 b29668945a84afcfd8ff572b8c0337e1
SHA1 083e7facb2f0e7db8a6c31f23186298bf8578d57
SHA256 9f36177c63c8a4435ae0dcb3b886ab43a752c6b90007e229b16e0bc4274adc7e
SHA512 06b077d83045913b69488d6c8c479bd159045536ab8f47492e053ccb8b15d5e8c6197dadea0b1f41ba4e77741970d5e0165d4b62af4ff458b54cc084a665d9a7

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 a6cc27b2945dc573f5ffe4e3d657ce13
SHA1 f3ac16cf03f7c246f4030691114a245e595713f2
SHA256 6fa2c4da9d0aa328280170342c9da3f9731af4a6e9af5f307595b726bd519e0e
SHA512 935aaa3def291dde9a74734a83ef1d93ebd30bdebcaf056eed6dfa09f7bd44f9c0d38c1cb7b7418fd8d78aebf1f70b4b80eaf660edaeac0e90996ff884b13ae9

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 681185f330d2992fb470ade34396cc28
SHA1 2068c94c19ab58b8b4d54c2b01949ef56439f597
SHA256 20abefce3954c5a97158be258be0ef7816d6a3d78278b0c87b09a2fb4936355a
SHA512 3aec320be4deaf6fdea77ff3e57f0f86a404ff3cb9970b733bc96db128ffd91b32dbf0541ddd1696aae61fb2180c7a64c4690350168435e18b4b7e2db956678c

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 f234f8a7f3e9b332b3076557d10e8385
SHA1 2cb2978f16e3cd0cb4e8d233c46c08e92f5e16c4
SHA256 cd06761bdaeac6f37614ecb10c76b03d78364eee7197cfffd272a1e3d2cf5a7b
SHA512 19292df19db22f7ffb6c4a60afeae9ea4c4799cf303d8dc01137fde4cfbbdb349936df99e666c066b82da87eb32f35c47045cc6297ad641bd1fc1a27b480a1c7

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 89b8a9676d3c363db5295d1cfc24670e
SHA1 1b0536a0ba955e6828182f0faa5a6e4b71776b59
SHA256 7cd93980460dde3934440709ecfb29be5f63cc6ed2da0133b817fa3d4806efcf
SHA512 99cc3c5df7c1b39257d961529569bc167c73c5ee3f02509f43d99b7c297b9c7553494d676f527227f6afeb05f4ee32c341956829023e0d15d033c2fb996e81d6

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 086cf619b9cee4decccb9e31b9e609a0
SHA1 27bfa5fd1948d5f6c4d1d8755f97fb472deb8781
SHA256 0749962dc80a3d1fd899aa8f7e4c51fe7fc48c2db61f16801f4592a90d8fe9da
SHA512 21398788e93b9880d3d94403a4a2b6f71d82215f8f0e0bd0ade7d13effbba9507b271d9690cfcfdbb70331b58f13868373c2baeed653a68e4c05ee40dc26d098

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 75b8eee84e9515b757601f098f8be7e4
SHA1 be247b47c5804c87207e3284cc55a828d9769f56
SHA256 6ac9a81aeedd6e0c47d9e3083bd83cb58a2da2e28b30d963207eb82bac7ccb30
SHA512 a4faaa935967b2eb88e2a10eaf495a04e634de5c3b7da1a3badbb1b09f1766ee2684c1b02908ddc8a4385187fb86a88c623ed53eb7d6a8f713eccc548ce00061

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 cac0889859a1cd917bc96201ed204f1b
SHA1 d27f075a3da2a9bdc598a669b7a817d48adae0ef
SHA256 27f40aff3fb2887d67142c5b75a424c0b1c0f50513d5ec58535bad28302e3c9a
SHA512 f5153c672ed7bb65d6bf1b1a12a91d1b393faddf1089ac42c67282759ad5a06c6dd4fe18d5f9c386ca6ebb763d65d0668635fa5201813340dc93f3076a7d9d7b

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 5cd55d7ff2b350e6ea48d5a7b9f5432a
SHA1 68d670bb9b4a497c556302c148857deb2b8c82f9
SHA256 c859e4374267bb4a3177c90d7e6ecdeefbeb05565e47115483ff0e914410e110
SHA512 b9d49d7f7f50fe3145c4ed8d8c784bbcd49637c75c0080e065e63ca90ab8f3ecb4c473249de9eb3ddfbf66d1ab58b36e4a91a0b7d669d96abaff5318ca8bd6a1

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 592778e936fb4c7b4b9f7ae05e5fc04e
SHA1 b265ba82c964622db5a4c364118b2903b9447622
SHA256 b98cd43216d9641117b0ee2904c0d14b9bc024785b45ad2432186247f8aa5fb8
SHA512 e00af59c66ee462c87cd758673ddc9d14017b64db06ab9510cd995bf4a2cddafa730dfffc49c9744de5813276e75c5f38896f26b0887963c6ec9c274b1a68af5

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 5503320a9aee1af4bf24f55768419b28
SHA1 313ae10245fa5bd34401f75aac92e0c7af679b87
SHA256 bcae3af30b0d90b71d45d0ef82ccacefe6b04ffb4da934bddab78981c8869b6e
SHA512 e639662a430baf0063024ddc7842567b93ddaa89d1a467f7f2c5cc71fd09f42a4e2400a259341ba4c33f1790decca9c8180ed8cfe71c1d913d4bc4bcc0b9c8d0

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 d31738546629a721fa4bce19b34dd489
SHA1 eb38cfa94055b93fa74d3859336f614f398e1540
SHA256 96c9751d5984582e70e8fdc35f340e424b1c1273a16f05b97457f0097bb57764
SHA512 d95c0104ca8ba21d1432cfa64d3682a0dacd72da8eec98dbbe710f976ecd8b4f333efbb84b528809071342a4fea2e8e09daa4bd968bfa6423e200d74d7eaf4cc

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 4f17898a8cf98490de4c42add1eb6261
SHA1 0872a93106efea4a6b4eb861814e0cd327e4aaa9
SHA256 753e96bb1361d568c8b571e1236ebdc39a42b8e8c6bb8b611fcbf1654357e562
SHA512 1f623d6cddbc490950a0827775fdebc729a95aedbd9d36fd32080eab943e06d4783663c2999ae48702abf478809d5c7cc4ac1655d8fd17bc8ee220a4d785af80

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 a3a79acbc0712840aa83e826ba9a7213
SHA1 37b652556ac7a05e23b8afaac450f447b3c83c65
SHA256 7b16c59fd6c5bbe5acb393dd4a98aa4bdfa5d0dcbe529d6b49ad1775680b0138
SHA512 bdbd4dba99f68b853a484120029c2e4fa25a3900fd700ec64360e90df275b2d27160f90bc44e5db3856d5c150b246cce53acb1326a056a9b1df3f541b2b2c578

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 eee91f1f9308712d73909a2bba6042d9
SHA1 813a4ae39a90fbf14ff806cd93c3c1bebdb7c218
SHA256 1f9b5329e7c8c32786bd04a553d7678722f8e06af8bd753ce7f53990883cf3f7
SHA512 f760bfdecd95c80a5b64ea880c51ef2e045cce9870ec8342b08796dc6a83b0a64b0cceb71582a418bac8ed89ca2b460713c8802644629b98c33a7235f978a20d

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 800a4e6032fb8e83cfcbafb11039e101
SHA1 073c760a7446a67e378a05b0f5824ac1c69b7cb6
SHA256 9dc4c027d52fe8edf7beb15de240d9b43d6a69cc8d902f822b8440f905b36882
SHA512 00be7497351bcda16fce08b6d88a85f7a751b64b8658841038cab702decc6f39b206aa9ac3c49b76dfd462ce3a66993e62fd0240160198c46042c041bcaa787e

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4c3b7b53c2e1e9277429e17eba3fa31e
SHA1 33349aeb242e71af33afdbe29f29d580ddb1bb02
SHA256 21a5fa660b5971fbc74e1f00765ddf50194e4d5648806ec0a9d9c27b0d70c007
SHA512 d10cf5c60902ae7c20064850f52b129c89b1f316b41571694d38fab527e1559d4d86cee775a71218050d3c605f1e061b62dbc4aa5e43ba30809c50266ea5b749

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 8fdf3400d13d3225bf8779195507a99c
SHA1 f29e62de52900a1e9578bbaca3f1b721935e3eac
SHA256 7b69f3d4f10e59a0408fd39843c59248e1b5b692d5aa53bf6278ce76bc8f63ac
SHA512 555f6c699beebd4495d60f6e3f67a71a06c632b03643a876a5c60cb4ba9ac44c882ddc43607d4bf562308ad2a0719d6a7175078f1e0f7eb436d27d945eada7bc

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 6e4f496f8b93d9e5b74fd558947c3999
SHA1 9e06ee36c408fc635117fb71b77d82655d8d9875
SHA256 ecd7fcc0a927e9264d9e4c15cf16185e987cca45f9709a411bc9619c165275d6
SHA512 7205f2ba8b10db38ae9541f8551cbcf45977face8d412729dd2a9b46972d1bbc53e740c7e8c7b25e6d7e41d5ad2ee518d0fc25a44237718b22fa22c72cd1983b

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 a2ffc4e30eb046f890880915f80ebb76
SHA1 dd9873026663eee0146b8d44f25111f13ebdd5ce
SHA256 ffb3fef99186c983c6c7b5a3d30e5d8e18e7ccd273c5017ce2643384d7688467
SHA512 af9e582f086aa9b3c949bf7daa498f1f03cc30c1d4dd1d8bfb0f9677c255cba2dea06f978ede6c1b8f9c18bc0695ac24f28dd7fe800a58b2ccf45128419642f6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 a2671afb2c1193f3c2e4d62acd7b91d4
SHA1 ff1792a386cc4dc73e0277ee74a002bd5182d438
SHA256 34fe453d941d1db260a1c50732217fad80832571b2fb91a89915e85027588124
SHA512 b98ec878c6e34c2ca03aa89688da15f762ba04bd04f66bed2baff608467db03fb1b70cc10e9e96bb405f150c1ecf0232555742e6ca3ac2295d6be43b0a34ee6c

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 f2883621ef8e7f8222409bc0d7ae2660
SHA1 27ffbff090abd1d694e6a345f23c8ffdc3dc58f0
SHA256 6223db21d2e9cc94937b4faec8cb346745f9d20f25a45138ed486350bd55a08c
SHA512 73383fc29535b5a096b5c5b5ffa75768de462bfb7bd344370e128d826081cd6c74595e7a4419d84d75ee2e206cf0c7a28919b90473d2c765064a1a72ac5d7c34

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 48d6312b09ab48a57004fc2edd073705
SHA1 132af6948e8040ddc6b8dc5ee65155348a3f96a8
SHA256 b49daa45eb2b1da0f94347492b3e9a3573e5c9c48ee2804a06bd13ee3e2ab03a
SHA512 0729880a2ed2de434cbb3569be79e6d573a8342e4a871b901737d1253c7c4ad676b356983863b8d8c7db78afe20a6f0b98bc04b2165fc865db536ad7d8614789

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 363191a6a6e8d9b7eff383b92a5205eb
SHA1 a33d615836da8fad507670b4090799691265528d
SHA256 4f279d79ca5a7f130f2c8ce4fe190715d8c4aee2ac20a857a3a1bce58c83c5ba
SHA512 06cb2d94e72acee4da1966cbc4a0954ded2c49ac337c58d23ad6e49155c0ac107ebc8f494b433801bbf4369f83accc2739a298fe298f22670c6c9b7e7699929c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 d93b73dadae3de919a8fcfe3c158ba10
SHA1 635fa817a3d8c25a5833ddf852b6b777847fe42a
SHA256 6805e0903c14513f72053948f6028157139f60f4e173064290d844233de101dc
SHA512 9ea35e2ffc0972c5115e473686022c86f81d0f2fa962728701b2413adde4ea23aa739f6f6015990f183fe6c2d487ddea04cbe058425857cc62efa6d202206047

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 2e55555195dd89cf36d75b851ee72818
SHA1 a5bafdafebd8639671dd068c104ab48bf474f354
SHA256 6d7e921098f501e91da6fabb1c4193114ba83c76f08a9435d1fc518473928a92
SHA512 fc5151a95f877d99c8cf3c4028af03e73a271f48defe32512f4c45d12a196eef1c6a506d9ec9ccf820ca8bebb482612aa4ccaae4a13401ee3e70f586224e9cce

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8b9e5aacfa13515c38398c3329c0e8fd
SHA1 59efd7b8fd200a1e27015018671454f81b43d563
SHA256 f93da25511b1002951ceabbb65285690ea1b02ca7c2e167cd96f74020306397b
SHA512 cc4dec704405a3051fda09df1740c8d2ee85162b25d4dbb6671ea501284043579818f9cee49c6d315b394d72cb19a5c00283607658e11d34fb9ec7c8b098031b

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 319e3a66d1d7716951674292aaea5469
SHA1 fb1416a17f905574a5015fcbb35ec2f81ed5eda5
SHA256 bdb3cb26c94adbdab23e2c5bf92d436140144317bbe18986b5c512685bfb68ac
SHA512 b0cb1ec3cb9091751ba754d0fcf4b771b08d661a529c81c8d75c0c39a6d3e261e1502a36d834e976ce46dac52a1393d43190e7ce300e295ebfbc411e806662b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 220d5190830b33623267a13b0009bab7
SHA1 2387c028b4d3dfc1e8e362220cf3aa5f5112f0e0
SHA256 574f270c2020355b9ba5dc2866ace2c1ac273349c24dcfd08a1faed8ddfea5c8
SHA512 d4786ca356c1b2d4f7965ae7270b985be6f13c4bd953ad33d0528eea3f0646ecf8f468f9c5d6a87fa9df2cff2b7f2009d579e82e0fbefaf7f62b3f3b6e34f848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 84db19f0de2a643f832718bf2edddffd
SHA1 fd13b78cc8f6c965e13e6c0ee9af28c174e1494f
SHA256 4cd4f43d5e063f38d1f3e0ea11f8834654504d6cf152e7077fb5dd85ee3b3b4a
SHA512 eb9b34c94b1e175a30ac1203f2f6dead77df93f3cc565ce97cb09422dea6709954f7980ee57d97754e3e07d6eed2d0bc335f4b96a022a0b466e867a8e42213a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 6a864a1f48a29d774f1cda3558ef804c
SHA1 8a000de2264fe0858df48576d51af1f4cd0a0904
SHA256 155bad557e4b7852170356b3ebc7f9367c11f136e478da84b1e63ca304b35c0b
SHA512 2d95e2f2edd69179a32052fc2d0a4adb1816ce73bab63a12b5fa406b6bdd5df899dcebe80bdfbb942ecbfb87630a26ec8d0df414c2ff998cb26d207f635c95a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 56cc08f1f56d7b5cf49f08265781745c
SHA1 9a03f095c7af38dca1953acce7618f0fa80c56a8
SHA256 a3f43d8a7d99ced4f9443cfa16e545286b53b7be15c533989eb6daff8fa92c88
SHA512 01ce9ae5ed473707febd053a59ec1f832cbcd6466d541fe729be87ded657d5108c96b55091a26c86dbcb79336a23ccd5076c02db456adbaddcdebac2c75c01e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 9cdee13d98e5c593dbdc1a4e517bb75e
SHA1 a52ee3637873b209f24dfb87b86d228d2eb1a030
SHA256 8d65cc9a407fa092af5aa7e5c1e10b3b9b9261828ccda1d3ab262fdba0ddf481
SHA512 98acd1a62b9b85e6c2f00d7c387942f8149d77b76ac6a301e4a88ade7c097394418de3b271dc9ca9c6a0ef4c87b079d44fe877bd0c7ac3d6ae2b4c3e6bee3195

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 9eac24e742d1cea02149a0ffffe3184d
SHA1 06c6c3491e3e6ec56aa8df066d854673429aa6bd
SHA256 54edf9f804a5454d2954e3cd7fcc81713aea737667aa5cd06e7a894c652215b6
SHA512 43372b82265c1400607dbe103346564c98a06033307d7469eb54cd7d0396280be1a69418b09abf5935f1adf9ef7f5feedb73945baf1273c3c12de614f792a8ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 78e36d704fc4d9973b9e53ebc9dc07e1
SHA1 edc9af1a5988951e053a06f6f4ee11b88a629b8b
SHA256 237da0d91f85d439730dd9c560362f5153a544d7eebb786116d480e8d45100cd
SHA512 691467034532a6c0ea847a301d24e11538f87b45cb889789571701361859f368c0b3941b800f271bb2a4d4c6e7fe8f10aec3f94848e75097963a9178640b83da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 0776e4f435e0e8d7eaedeab38f1e8841
SHA1 2b3ce743a228926e9535067735d726e8d90164c4
SHA256 de741a721788f2d01bb8ffec679871ca047413c5dc5e8bbeb02dca47f72ad862
SHA512 cef5571485fda0e80e16525bb83d735e80715d5ebe5652b7975d6099df7fe0ac5cb75fa29e8d6dcc7cd68d49bb97b5355b8b4c63495d5baec9d32a598465dcfc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 f01caf6c06f8ceed4670083dafea5249
SHA1 9313f15d3fd6eb00aee3b5681e2a1b9902255e8a
SHA256 9f699eaabdf5c1706e5c57ab0660b54d872691f37964fb46a15e883c8c5f97cc
SHA512 9769f7bf7a091d694d063b9c53b2c5e2cd7fc324bda7bde9f8ed5d78238ab47b502448b3bb17195c5efae7c1ed8a054368986f0a4aa4e5d582e7d5e111c54359

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 34d56a2ab85fd402eefd8aaa5fde18ab
SHA1 a3822047825974364031a4308a812387c0b261f8
SHA256 9d305775d173714ce318a2b0fbaad4296a0f08e043a5b6e30ee4a767bccc463c
SHA512 0f7fa480cf1b2bad7930d7ccbab822f1d95d57ca80bb2263ab49e1f231e2a88f408f7c56f88c7c897054d0187d83e70af6a541c9bba19a2ee81a88e0c0e5ba6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 201bb53051f80c7082928f5518c0574b
SHA1 fb2a663607a618ff8b7579cce4e219908d29ba1b
SHA256 84e650fdd720f288b86438cf755b070f9f3947819dce774742e8e7f34b074f27
SHA512 ed65cadb0fdf78a22a408d1d5ceb827c6280238ece6c7622be57bd61aa44a317784efc25ca6a28a45d96a66b86d8b25a2e54b1c7757122622927575d901677b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 49f86952340adfc252f8e0ba03afdd0f
SHA1 d1844170ce024608b1a01062c45e6349f9ca42e1
SHA256 a2c01a56eb20dd18c7c205f2c1cf6a1378ad6df36278c86365b834e346e5aa87
SHA512 d9caec6b4484504af81363e79ea74fa2c54deecfa45545d743e6c3e1563b4dccf34d11f84a2959205b6eb56a99ecefba7338a5cb6bd9e09f34c36935336b819c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 d1a66c2fffa6e9f73dc3d31f45004cb7
SHA1 89a366aeccc2292e2a74df7a5f0cec9ac844b541
SHA256 c1d2eba867d1bf0c684eeef3e8ef76c6eadfb4ac6487d285d13d6985782ab6bf
SHA512 5e3cb5dc6af80d57539982ed6aa88074ec09720606f67dd16cfe9c99432d249214bf0cc8e4d727ff89994c598b96d0d025e04b79a8c1193922f99346438384f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 8e6a73c89fe4baa11d5906d6935ce3ed
SHA1 672ca709b6e6909c466ec7bde156e86dc90f1db5
SHA256 d441ea8827c0775a18cdbfd2996a8afe330b24bacb5b25b49a100e420d186078
SHA512 14fb7e77ff9695540479fd5669bafddb3e20a9567c86f71db2891efb26b81d87e4060017e8bca56323343f57489d6ea26ffea15088536a2541dcc0f89b0487e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 803335f71cdafbb5e8ce82e1e8d127c0
SHA1 f740c38f453c71ce162c378a10fceff5cce556fc
SHA256 a5e2a52d2ca7f67dfd0c55b898ad0d5531e0e8ad14f6f5bc269c31f3647d321b
SHA512 a8a4288c1b36ec965faf45d035d5ecfed8cb1a04a011d162f0c354e2e0a1fc22431fe5ad5e6d512615eec21bcb0ebf5899faa9052fb20f50414e6087fe5028f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3685922457436908088f4aa9097c4f89
SHA1 51360ed38b8b1d0981a076f4e378520dd45d9a4c
SHA256 005a86fca56fb8412f557caaf61d317f8c101088f79883790f31f032d6e9782e
SHA512 52a5882501c3de727d8f2e283c410e906f21c47fd56a54b0c0463d2705e501475cc898ded63d65763e23a1f51b3b1b064556c3c4514ca06f66806059fcf21bb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 2457da7889c58eef372e782edb088cf1
SHA1 611e2eb25c0a81c7447d2c22cd8090439c728e9b
SHA256 7abf7ca38a160a842803e270966b6119efdf9ab1ac55a797d9be13b0faef1cc9
SHA512 4b21cd8708c989298b760a69233bf6843b6cda56ed99d328e98cbd77681b34acf300b629e4c3ff94e232f088f9a59f5484465d19c156a42e19a8b32e09198a5d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a29d42bbe9c0df4e275e2002ffade3ed
SHA1 5ffe0e87d6524e6594212bcd3e98e78c5021afe9
SHA256 69ef3ad67e2a4058f5be08c54fc67fd688a68653bdb06ce38df8cb81d2f71f9e
SHA512 5604683e4078f30aead3f14df41093e109d437a7f85df5786a2f24bb990df7eea94a8882b890fd3d32cfc2f51e13261abad86119276a6322d447a5e19b1bd955

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 b4b1776ee9f5f6dfbdedfe6c91458f48
SHA1 b15ee3447a98cc2826391fe16f945824f08d5a3d
SHA256 4015573d49c74da0c270a8ce6bf7622aea738e336762c44c2c8b89e7372c5a5e
SHA512 0a2bc91f3826979eae0dea7eed27b8a59881f0be8e0fdbcf1a7308cc1efc0e4cd303c20df13d37ffeded9b8c779dcb868b8d92c33c0e8aba8f7aaa30314ecb3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 59f9a37babad462ee67bd234f7d40efc
SHA1 91bad26a755cdf34374c91a15faa40e3bc30be23
SHA256 b0f750a17d1c2c76abcf35462cbe7373c15e76e97bca217c45ef0ff38f420610
SHA512 118debf0d16e8bdce93a18941847c2ed995fa141f21f61cc4f9f9f35bc4a04dda30073f482c5b8c9b6bd408e6a3c765aceba6335b447fc3dc7ef762f20932be2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 9c8063c0fe03e6094228128bf2446c9f
SHA1 3493feff8972addd37c229ab9124eec8e6669fe0
SHA256 5099d47e1cf395539f757bef1b4e82f9fe6797bd1c16e3dd4681b1ba40d06c2c
SHA512 132543d7e71e41ea3fe027653b6fc25c92401ded9b96cdc89de8aa83d5e84820623a0fc5df5fdccd18ce17ad29866ffb0b5595bd9a3f8bafa9bc841a4adfc892

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 6377b24622d7f5c5dae3dc4ee00f6a0e
SHA1 8ce85cc8130c5810f2301d88f5be4083de9981e2
SHA256 d522cc906ffe0a99e5eda4b5755119c87bc457ea2471df074ce1c9a89c6a20db
SHA512 b9a3fa4ccc51a775bde35bcf70eaf624bdfe6b0e8b5c15181ae7308f42edc760b73f11881a77b20ff568ca40004849f67a8a8bd6e7c9c71839349d719520cc91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 69a348e76accb608c032eb2e08206e21
SHA1 7aedfec8bc6b0c8fe50c3b376f6ae45c89d48a10
SHA256 2b82b2c7cad46c7414ef356ab08ffcd4498430402dc28cafcff83b7cd649ebae
SHA512 fcb6ed71f51b7347a3b4205b242dd86f018c2d6dd587532baeacb6c054094b1b74a2d3bbbc643b1fa36429a4013ae39c0aae4c01794fb9c38062187f81afc83b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ff5a2e9716aa43154c030f034aae3bd8
SHA1 83263c91a06f1132feea3ef2343b19a61752237f
SHA256 d2890af705c3e28885ff6af08ad91d608976f3e36ab7f2ba75fa8ab12a9c060e
SHA512 16eb8a7cbed31ca687f7c3abce59734cfd2a3266a0957511f69471f12a8666fa71d9c62ed317b957365744fbf6f850894dff770a6fc40688476086b16f4abdeb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 3f748aa84c7c60d5f1aa05e7ba3f1d70
SHA1 7bd9439fbcc3279b0635a7836beac0e5b3d292da
SHA256 312ad0291422bd71825090ca49286f64061f08eac500c8b4a253a7d1218cb3cb
SHA512 4b7abe38c9c7a216b3852169c46753369e9e1301845859448dfe7e38224eca99fb8c4585378e9d2983f38f82351467cf73220033d9f58b6509512f45eaf3a140

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 12028fbfcabd07002981db05594d5538
SHA1 3ad8b088f2f4ad111a5956612609fd47ea3058a3
SHA256 1977b15d9113685bcecddbd2b2fee73e6021c1823ea3fae8b7f9a52ec16aa607
SHA512 6a2fecfec1bbf3e7fb26cdc50bf062666be9c979467fc943814dfe3586419cfd4b055b364d1a7bc3a82527ea2065edb3879c2271865fa9e3736484850fb15cee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 5cf7bcfe158bb3115d3ef030811f2e54
SHA1 ba0a5d3dbc932d657f6f5a63b2b48066f2b7a85b
SHA256 1443415a7bc97440716e5b19c2a3ef548e662b9072e1648d18f2ba188b363558
SHA512 0d9bfeb411055554650cbd9634d5374843fc790b3814f762670d55e4077c6a0b02e7d34ff49bb665c5cb59b6820d4e11f2d46071b463f242452d8cabbd48e04a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 5cbfcb78f1d5c64763364f6728fc09b4
SHA1 e03f89a6357cea57ec9e13e009360125e0aad1a8
SHA256 98819c67a7d4314a1f2e40cbd64c998b8c6f18823feec596f15b5f0e7dff5331
SHA512 2ba8b8bcd11b0497d9c52757e5ecd254bdd33b5edae47fc8e150a0baa2b5b03ace714ad3e2b4277613619485bd63c0ca0e2a41ee695f95cda47e436c4e8e2e8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 caaa32683d26bd4c1998ce593e329d3d
SHA1 81a2ebd5e963fb8f1a77bb25f0e0a89604d370ce
SHA256 3888993525c690936e25b7f7546b8ea9c6226efbf3cd5d509dc19f6a6f728ef6
SHA512 67b139f164fdbd08e2b05a49036de23990a0733dbe7c8bf4efa1b7da373babb65dceb032545d3c2a9f57a74764717dd723703a5af35438cb918a5964f6719a40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 89d58def7310f82f0d7749646018b5c4
SHA1 63dd6bc71e61b054aa989c786f6db2143c738429
SHA256 ef30c724bda64e6a8eec30d9c400cc2291ed1602f623cedc1783c70583612d69
SHA512 8c779ef4ef52bbaa71e2d6f2746fc368692078984e562579af7046def857710c36b46759abbc9a86fcdbbc2e222e35890ad0889b0b2d220c6f0d887575fb1d16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 69428b9cb1281e7dfff23fcd97029257
SHA1 157dfcf2a01ee21f5ac19022acf50beedbb2410c
SHA256 529b739272ed6f5d4b250db9d1fe47316bab720a39c59300317923c9ea1cb882
SHA512 9ddaf697fa8f2b9a04dfdf70f7aedcb01ec1a73ae607515c84297e2a5a5a26b546d14d828ef4bdbb11825b38afad335dc0872d7dd958f6bba9da08c794c05337

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a9583971a9d4f37899620c0d33860999
SHA1 2de155ecb9424a4d111878a9548f3c6ffba831e7
SHA256 534867b5a16e564082e8036433261e9964faed801390cdd8982ad9bf4139bc27
SHA512 e265a6a37df0492a71686cff761c044b41ca6e194a8ab75213a58e6b410e23693f8dc0a4bbc3753c5839710ccbecbea633ce264bdd2ca68547d03ed72dd94ef9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d0e399e0715a21c8f1710d22227197e4
SHA1 a2689ebd796bd670dca0b31c40ffb369a97705d9
SHA256 8136fd8979a7279b2c891ff746a1c5ba7c115bba1239f4ce0207fcd706c6d298
SHA512 183ab3398e87199dee4ce62c7dfad75941d09da42deff7fb6402b06dd5863261b4b16b3fb3843069772c4cd76d10b94f9a1129c7926ece4138da8f69af701037

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 056aca9f51e7ef91f82aa7f42728b65d
SHA1 768abfa029d0d90c8d8a16ed06cd5ec4fa7f7cf3
SHA256 aa63cba6721a80eb6c9618b03d1853c80a2f8d8835108664f6371fd6a40ac781
SHA512 ad2f89d391db632e66d833e250a253e8cdafe8aeb80325b2c95fbbd9bd5cca0e383b175aa1a12dfff2014b801e118111dc0a71f34e9047bcd220c85fe65672db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8b1d0506b7c928e583ba985e1d605df0
SHA1 8a820d8a41e22eaebe031fd8d538ac020e99f692
SHA256 82424beb74c5795c3fcba5486050ce3a7cfa66c62c353d7dd2d85716076a0cca
SHA512 b589fe4925b20e0c1bba9f4c3d8cfb60d530a36f22832ba898eb1835a9c7329bfb9d060e74bf7548e9b3d47d0505a492a07d9f1ce6358c85ae8bec37ebc3c0c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 1b2078343907a4f9245ca6a7e6a16e05
SHA1 f260ea4167d4019a52b4e8112404579ba1cf3f6f
SHA256 b14eb47b947aec52ecb612a561eb1ab341db8003ed3afd792547ca0f597c934e
SHA512 14f99464b262ac54f8d783e48e31bb07684d75ce83e3d46ea1cbeaa9578f268195cfa44ded22fb70d806213b471b09ee0703a4f4cb6de213bc00a0035479da2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 baea085c8856980e140b96df5616f666
SHA1 bdf5db792d6ca9b4c107e9a03ee299eceea6da82
SHA256 374d1b5d91fffa8b211af3f9513afca157cb094e9e9e3422eb87843b00d77c88
SHA512 cbca101053f1168f1d751a0dfcc3550f3dc66bc360ea55e16e07116cf68bffad143acdf60226ebf345a21cdccc3c424a28a68993824c9ab2e2a39231ae93269d

memory/1652-5158-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 292f60a187e51250f36589d8127cf921
SHA1 2a0c14ed76e9f09807b4b98c1e7550756916d983
SHA256 0752ffe97dc766115cfefc61e145c71a1ac6fe0137e30cac96be25c506cdfecf
SHA512 22d94c9118295d6b118ef57d154eca18a0ad979ea10e4bc5efa913f43b6779e8ac3bb0546c859d7b2328c72d79b108fb5f64a5fb3dda9d82211c8b1323ac8c3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

MD5 f5618d4e1c71008fff63471021e855a3
SHA1 382adac8da3fe0315c27c35c90569530acda93fc
SHA256 407d559173a987307306feb66b0fe9e9f330a632834b8c30dd3ac5b77c169433
SHA512 bad8c00f051467619a28dd4c029ca5efc1293c30f8f16bf92b0a5240dc741f5df82f9d2838d0e5e0eda32a623d14a53e30911142bc2e6d3113630582d5adb3da

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 f64207b71a0cf85e8e083f0cea290b27
SHA1 db39ff0d13f6fee024cdb600af761d16234fc4a2
SHA256 c55b9fbb9251f16b5bbb2f940998f19edf5ba4d46f11e645c4e122b17980dd7f
SHA512 e4ba6185ad11ff461715a89a4a1ffd01841a0f952534e8620bc89093846e455c2107a7315c045cb68a56a9329d357c25a43cba2b1192986a961e760cb21b19f9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 774d7e09826be7a0128b2e7d95db2ea3
SHA1 614753ba1bb113cc7f573a444a676f17f74c339c
SHA256 fbf0b33fa0130c8feca8224508514e25f5efe9f367a4c64d30f42eb1489a8336
SHA512 f6c7d040c0213e3d88850c84805bfff9ecb6bda3725221d2d6871157c1d60b6c55b3c58d19934ac03e490d61137a5c12040760584eb1e044492bab607885acbc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 59b39e92496ffe2002d8fc619210dabf
SHA1 d441b191c4eae36f557931ea695c5fe310e2540c
SHA256 ef74cd80d86704f5c1527a0ba37bdcb3586bf66455931dafddef910f18daf36c
SHA512 ed8510095bc980ade2407e894e11d4a1783f567c96775709e4ee3293ba3cef2d46ad86e3fbbcca1d23664777b26e183aa501a78058b94ac8d4fd5ea708a8c9e7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 e4a5454d93282341a9537d2c9c604ee7
SHA1 08347b249887de1e00c95986c1c70d82e0e3b380
SHA256 7cdf1070dd9c1581d516bbc84edd49580514eb0569688cda89cbce2a54cfb51c
SHA512 c4dd13b3b90e5bdc7673ee0926d20ecff834a4b578b3b0daa182ba6684766476d0f616691de021461679074f02c7230d80090c2e14cfef7e0a42d839c5550509

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 196bac369cbb81ce12cf25e051544de3
SHA1 25a10293a577a2f93c4eb2ae63b436da7df30bbd
SHA256 acefc5ef65f9728e10ba0f00512a3f65453c34106408a2359ef9a32e304e94bb
SHA512 7c9cffd13c767cfa2aace9dc74dbba2326c106b6fadeda3ed97e3fc8314b2fee493a625efc4169c5b7853cbbab80b7e7dd7894b255c1a4cbb1054b6b45bbb0a1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 31742353cbf6874416302f77e058d2a1
SHA1 24fbc0b098c75d56d875cf9d83dc31d6cc8fa066
SHA256 83c708ef014d7e0b6ed587b10858d1d74eb47d38a9ba63c87bf951a0c713616c
SHA512 15ec26ba0fb7420bd45732721ed457cdadecabc60575f69af32a5016f1c9d9162c87357f81e5f5303658e1ef0778a5e5c7c467e2efbd77d0ae235fedcd67a8b2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 a21fd6f5f0b0acd3e5bd12fa07036c57
SHA1 c721b8e23fb2ff860973bef70de307b2daf28099
SHA256 841418802dba5f6037de7c915eac705b87fbff18d4bcc3b56ee37e2195aab163
SHA512 b9a6c9dc7f96f1362e8bae494187362eea8f494bfcec5fec6f3816a2fbb8a1c82746c28d8450763ac4cf4b7049718019ae1b03dd305454936d2b291d1bcdb1cd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 bc60d114ab69b8788b87dbbafc5f6ebf
SHA1 4b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA256 7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA512 2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 6ee389e087ba1806ac8d6fabfb1a2d96
SHA1 3ef992dc272c626865e4952be1fa2f9dbce8dc2e
SHA256 0b9202dbfe3d6eb3b40e356edf970101d30c54e9988631abeacfe8a192ce9754
SHA512 35fcb275765d6add2c8999f3e47af6b58ada53b5b02a7712cb2b625f2bfe6481bc741f99c9a88f19dfeb6b5961486aa8fc9b6916da46c63b69479944d5802b0e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 b82373a8e89b67839ace9f1b45d687e6
SHA1 e1645515db68defaa5369836346cacf9d05cf2ac
SHA256 539583a6cbf85225bb5836797aa1968328193dd9456f8784e213a7e9d6fabb57
SHA512 173d015df6dc477476e9d18d7bac0839465a6998d68e2f6dbc0ad3475b461a453edfef37451ac27b345e5351634aaba87845fe0011c7d3962f20717a2d62caae

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 86f59314a5d7fbd3be25682feedbb44d
SHA1 efd24665af7bd2b27922dfe0fe534aade111b592
SHA256 0a56282cae5803caa193ad124a1273e2478e690839042ecf75fafa318c371e25
SHA512 a898f62ccb87de6e321e1ca6a6343df5f8a14334ae8527fff9b143f0c28fdf31770704a7539304a246b861dc4c2af84db9738bbdae0bb0c85155de26e967152d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 8c896b61a9faac3f24e781c58f3617e0
SHA1 b2b97665548d52eb78751a15ce15a9f0a396d32e
SHA256 9035a24d04368cedce17012f58a75f2eab05cb95930436940dbec740810fa11f
SHA512 d0a43038d01bfb8cc789286678f40de89ef124220cbb673c032f1b36853749eca45034d7b857623c436b1075d1512a3bc8a61589602167d27b133b05958f6790

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 d1412497f7ee454cee4958d6aeca5642
SHA1 56a281295734e9b259bf0230e03c39b2e6ac5606
SHA256 c6241ca3e6d5eda0c3b4ff61d6bb97f1f255c74ea2aba0bdd5d645be1132e213
SHA512 8e7822cc8820b340e442664373d41f7007e209992bb9ad2333e6f604d48568cadcb1ec2bf25cdb47890fc4d15b2d62c00e391e639a187fc4b72e57ae7f97e010

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 7ef7ca9454b42e12c9b68d9aa1f31d2e
SHA1 23f911160442139334bc2ba8aa1638a041a3a73d
SHA256 e2351c02e0283096dc1f38593ee06f5d58f0a16bbebb7dd85b2d726eff4c5d6d
SHA512 d30245a1f25485f498b194816112b78cc3c41f4ef291461c5d256b2648d352ba78994fd4662590d169ebcfa7f170d8a3f8b11e5641d10100fc47ed92eac703ae

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 39065ca38b6900e3f6f4c88e430d3174
SHA1 f123fb98e0e05ecbf37241b98dfca9aada8779d8
SHA256 35e32daef9f104fcd3620740976a4aa4ae72c1b921e7de7b9c84638965e108ca
SHA512 a4809a7c4dfbc83fd2d176e72d881f96e9a7bc9a19161772bd95b6d75105e5f3bf1d5a645b77e54416480c06c8be396225d37f6c07ae7c3332b8cfa3f1113c21

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 7d64869553c6dff5fc3e5697e3c55592
SHA1 4dc5c12ce4916f44593a6fb2fbae6b6d16a6dc3d
SHA256 06e9dca32f95e4f0b13fa304518e00819a76b7254a902e99bd2b807ab7036261
SHA512 f33c230d0a62ae8455fe9eb9778a43d163b59029570d299a9bfd6e7d32900b040a8e8e892764a78647d232e9b73cb158e184410d1d6cf58a03ab52420509e179

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 ce7aea1c9ceefdd8530587a6a4228d5c
SHA1 3f94259020e6201964fa1285ed65a8b8c2b1386f
SHA256 4511cf895a0a729022b02812c4d67898bda6b8f63fa6ab172fee84cabd4e4bfb
SHA512 a8aba436111b4130bf985f4a7214aa433b8901f53ddd04e84bd6a4b26ec03d1abff34da870e328f5cb909b1e4ff560a96ff307d7f3e3a0a37585e67fd4219972

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 dadc0cadfb60c888fd202cc3abffc002
SHA1 cac48d34c14aac4cea071f8dbfd31ab0e3d2db33
SHA256 2b8cec1cfc007532ba6c9f78cb25d81c3979f41da7c49206f2ca12513f1785b7
SHA512 822f04294f5394a82f5ae0fdb3155ce633391c7043fb3965701b06372700521100de82c79b974a3e9b034c43caac509c804bcbe5f9472dc7ec7ba86edd4fa622

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 d9c6a0fe284c0f6cb20bb54ab662846e
SHA1 31eb5a2b5fd133ce3b7b0ad671f43a38ee4a6b0f
SHA256 cce2cc9c3bf8f4c99123eff0c3f92bf625e074c7cf3fdde30b0c7312cd06fc7e
SHA512 9faf8e6c9cace7b7b85b48b086eeb080c1d2646beedb7eb1e54657f5a746d676558d3e22cbd14766dab44a480d1b72fb19ea178279b08c73b17c65d64cf147f4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 ee77c8329b0e549b81a4782b11904991
SHA1 0bb43522647e56864016d25496bf544298f62869
SHA256 5571473624c411d6e6a013f2dd5c76bff786ad93733f7243b8abfe11df86181d
SHA512 2960e42a80b248b4b425d19dbbf126eb001d2342f87617851cf7061b274c75bf147ac26a6bcd083f457a2dd6bf45d502d639066c2dbb3222fc88961c34d73660

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 9e8d61941a68702ef1596fd2452ff659
SHA1 3585ed3a353f03e755c1122fae4d6ca61cfa9740
SHA256 7e7bc366ddaaf79066ebef124d036b913e5578ceb2e69a632e0f665b808ab742
SHA512 e858d9f02fcff622ba7dcc81c5aa989951738fc3b6427261235b7c9433c5afa1ab2ff6745eb8aafd9c97d4b3d004fa690f5085aa445870e7b670707b73907665

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 a26b6bbd63419e4dd7b54ffccda7f854
SHA1 d0b03980c510b76fe92fc0c797188abbec39d51c
SHA256 df8501229438f352017328e3bef57a86e8ebdf6ecbfe7655082f4592a1a8b838
SHA512 429bacf0de4c0efec82f86428a1786e7a87751eb16e183902a15a03d1f8ba15c268a3259731c51bdb8429a98bc8f498805ec2ee14a8d4019b6cedcd200e1759a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 0e4642ff0b8ed5ba145ad3a15cfadb4f
SHA1 aa5e1e1586589c5d299c9ecb7b608e2fe00f5d50
SHA256 062e55963c7ffe542bf76bd52138f4823c286490253c56da2c5b33079bb86001
SHA512 9b245f8f6231cfabd8ff6784a4e5e7e40537eb7fa8888b4446797b8d0f244c86f4c386e710f206ab05d1c5c5f97c9388f6b47d97d491000bb20800f40c085a10

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 493917d6dcd5a65c2b71b15e30e3b256
SHA1 0f79151420041e718763eb870cfc2a97af316a17
SHA256 42fcc2bf3941472a0eb203c184156c6a514b90dfaaccefab22d652eaf35d3ded
SHA512 cca736561061c6b795c0cc1075ea0b63c53a9a9c2f536f9e37e4ac51d8cdc83b3b7d3203233fd5089aa7bebfef67a05d04da93917eaa3c52b04ca9d68d3777db

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ff4255fc7a5c3dd7362ef83cb9550d07
SHA1 758c03a0fe20cfb8a1511def3e0d72f403fc122a
SHA256 f52b575044053ecf0a9d3c63c745b6e2be745a2f6823d64a40c862330e827af7
SHA512 1c730c8c265cc860b2406b75c805f82025b7951846d2950304c6b5ce9e94448b40081968e73af926bab8f1c8da2f686971d9ab01fbca53797192b90ac896592e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 1c30920cdb3dfe9063b8f1cc314a9ad8
SHA1 e7895029b88441e0cbf8b633ee9ec8dba02f85ae
SHA256 bd13aa9398220965093b308406d1f494a15cce447a7b699c67d73471b5f3439c
SHA512 0999238bcf864cd547e55909652e18ae8ff3323e199819136bb29e37dd6d69162df4c9b55472f39ad820805f1bd9d56836107ddc3d00c406cb4b02ddde6ec980

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 cbdd4e8a271693f9dbeeb676e754b81b
SHA1 75f8a7c4362ec1348933e454afba2065eed0c2a0
SHA256 f1a1babe4f40dc2ff8b5005ab4514c8b61c8706e941b423c0cb5a25fc60e0c32
SHA512 4f74145828cde50a631c9ce83b072f54955aa92ca3144e1f8ef63c247a34635f59ffa44c0404014db184a7cbe47fdb2cb52d819ef8f1961825c9d2b69817f6ae

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 82f91d234d194e6f0f6ef37dfcb59776
SHA1 268934672f9b6438023a783b9303912389f59da2
SHA256 712350a09acf7f57422c8d92b13cf6bd27a02c200c2abec2a822e6d8551d509c
SHA512 8bf143b5b7d3014bbf308aba75c870c31bb80b16c3fa3b3ec017491ae33a26dde300e2227aeb393eedd259271c5a768ee8404944812a66d0352b9e7d2eef9156

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 ae262758c5e06489ad8e9a35c6cb1f10
SHA1 62a2110952f45f474bbcaf5198b3eb00d56b030e
SHA256 6c235c31df3a1e1d59bb98d9251c899cd5b6eade82bdaed8d1567cd7b72c8dce
SHA512 87a86bd4ed850e21fa9a54a3fe33e2bb23d621340a58dacbda9a4697d13a9c94e23bd3cb3cbdb08fec309dc2361bbc825e668148a8ae3204928552531e049a3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 2ae158d72b387a060ff02cce01a0408e
SHA1 e1604b49b9069cab823386905422d90eafb934c2
SHA256 c2039b18b4a3c71ac2e2efaf250319ca6db981fc1e39a8a4a324f63de42a240d
SHA512 ab501c9d24850344710a7a06351e2f1b99bc729085b0c00782e3820c5c7f5b350358fe9011a988c1d6ceb49c9ea41f17621909322bce21e3f8c8fec8ec5d80a9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 af9466a0a6b7103afe0ce4b07cd41fe8
SHA1 2e7e945ef6dd2fc8bda2d0f9332335fa078af93a
SHA256 20bc2cd7d4e20b8ece63b02a113e32e624dc1f381f06811e4ac7c41689485b92
SHA512 47aff195ec1706fbe5c7e9437231c39ad6c831545edda4b3204952711e7d0397df4a8f85317a581c6702ca3793fbc6ca2d61c15237e672e67e4019611402e577

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 940157a8737b4d19f7b90b23a93602f5
SHA1 237a859100be105c37bc6f2ac410308fe5b070ee
SHA256 b85c24c851ee592662bf665f65f38dab72e4e5c80181f7b1f0f06d492065c5f0
SHA512 47b596c8ac5a37b95d1cc12f7dc977809ba388cde95074e9f03bfc90cadea451b785c1c6094454b21469d96e24f39191e6eb1e8306c2ab66e6beca9879bcd581

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 a480c6e8a33e46439c6b13d5d669655c
SHA1 d8518819cf1ca284d94a9da6832cb9381703defc
SHA256 2c8ea1b3e2ca8b8a1ff9653db9b4f6dd3a73a7290ae6d0829f4b986f2f3ad86c
SHA512 d812e19ebfce96fb81b47ebe2cf98d97d026dfefb3b148fdf550ae6ea3d5bfbca97f7195e509d4823a76b4eefa111b054a562ac5ed30f4c568df5c98bebc14b2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 1beae6bf2381a1fc736c8eeb34f33ac2
SHA1 6c7bf203e59218166a5e7ed77713319d4d7c4656
SHA256 ad03f3aa0bfcab871bf31527a0de8b92299d333d3f374318c5ebc87f260909ef
SHA512 2d53da8f3b238eb12c9933b1d8f061136e160daca802e73e49a5511acb2d893adeb5a62c945ea5a8e204151abdd56a9119d5880eba76069c47349f179a0d2a39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 d249b6190d0021d8cff7bf061a0c2166
SHA1 9dde4de03643c6541607e8d1514ac9744cb0682a
SHA256 5f95a2a629d1eed3dcf90eeae5103195cc16856b60c239403768ce2963d90ec0
SHA512 534c68145df154781276d3130a2ae25a3fe6a62b2f03bc9dcce44f8665352155f6f4fa6f31af0249c5fd99fdd3759ec9aef54783b7cd9757d289b29ae22a3d20

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 261c1b94a81b4e49a6bcd397e3f9c341
SHA1 8c947f995dc6f06d52a95de883395fc28a4683ac
SHA256 9e4c72202d5234548dd218be6b4dff2c89e08fddf5253f32e7b2ab393dc1c656
SHA512 d887f1416bf4eea39c1257ad6488e6faacc5452cf344c7005a00b0773fa4d1761896b3829728c3e70fea82ebe77a95482fb62f6abfeae34b5e5de6fa4669315c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 c3303d194e0734db3ca063418bfd8561
SHA1 f69a2013d2e4c1fc09ccc01d1a885c3bc2796a53
SHA256 d34bd9d19bf7b5d7ff3e1bd96762ee06511fc4b580a0dd6afc3507644fff15f2
SHA512 73365e39fb8a8f322e31e1962519f331e7d8b77139054c5d9f5eb8747cc21baaad72078ef03c7acc7d7cee461e5855841ed1e29c5bcbe1de00443369778ff0b5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c1f1bbe51bff9fdce8113402bf9150ee
SHA1 47fac09c57a3db49bba240a605bbb147882209dc
SHA256 33a8b2b4b5b9478f53d91c37351c42425c0cf7a3b2be58af2b4bc30e89410556
SHA512 40ee9d198f156fad785662dda373dc9d3a530697dbc4821b242b876f98278ec0084b2049d6e45c8dee7203a08d6f4a3f5ee32f5259957594f5725ec8c0f8ac86

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.EnCiPhErEd

MD5 28584692d7c6c720fe66bd3daa70f5db
SHA1 aaa061fd923f865b7aef9e06f50715dbf5f2e528
SHA256 24b7337d97b2843b402bbf1fe2ab3238cc38464fdf34d3e2fff2b25d0b33a944
SHA512 fb0bef0af28a608da1a03d0af2f449ac2f37839405a1272609dc40c25b359f3de52d2364dbe2846413871455f04fdf8f2b7a53a9f8a2a154e9fe9bd14d648b8d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 24bafc9c162aeaf51002959279561b14
SHA1 ea2a66e301e4859d453191af5b780f7d315419cf
SHA256 4e405e1ff39e453decf5c2aff90eb0adced555439fe98cf41d1c6cfe5f7f701f
SHA512 65b772ce36daf5df02dcee4b93a2a5f0d04a0ba9939d00ab6a8b30ab4a5fcd3b19e997f8885be09bfa0f3b6ade5ca8da241cd71e3c560e9c3f76f3f5377e4b1c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 d41a4064e22bb03e466073840bd35b7b
SHA1 40b9cec9d46a57090c2972a432fe16db3fc3a181
SHA256 5a7b304278eb1bda437339855ed903d295a602f99f0085d801a5adb734ecc21c
SHA512 0b56f57ae2e70d8264836f65bed2f17e98c9f93354942096a2e55c60716bb1168d929b79cf94a2773e93d48284b34b9725c852d5ddc64bab2f39ede104653c56

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 6bd443c888f9b73c0dd429986f336d94
SHA1 51fc0a6ac001fbb24221c0db9dd97615ba8ee626
SHA256 e217ffe4657ac9f027867afcaed01a301a7733c830a5e02f3009b8811a3d4fc2
SHA512 5f51054cb91a20f9ff68b57d0e2189834786a0784897cd71b2bc7f46f0420855d36825766ca78e3eb072e1cea679cad52563b5fa2e74714ed919aab7be8697cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 cc56eaef4f1e71c8150967878f7586f9
SHA1 b8695babc38b93ffa2e7bfa367ca88811bcca152
SHA256 5934f7aecb29c56722211e1222cf159a8707938dfdca31ecff7386f77303b5dd
SHA512 08845eb2a041eaf656019fb027f7ed05d51eed713d0638aca0dc6d3793e7ec763b9309b0ab28d2c65b0ded54e66d96eb1855c52c4f76fb911ad64c7fac31213c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 8373dec14ce5976e11015dc44a6c95d7
SHA1 aa5449c17eef8b6670c9d57cec14ac320cf8e33b
SHA256 d99e3bea9db796d2a05f65d4272443fbb951c33258f37628fc110aa8800a85a3
SHA512 cd29e384197b9f036779a42301101138736e62fc0ec1d4732d082925385c58312ea483528e60fc0273e178a8ca6f63a6e032f866302443988b64dbf75b6c5be6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 70dea154bb6e45c0d5f19732bb6ed049
SHA1 0e10a98b29a92446b6d321dcdce7619675129931
SHA256 48d01f3d276afe592b560fbb3fc380fbbea4d9f3d2627ef7970fd14bd28ed67f
SHA512 be49928343cac7536384552acd08cb5a1b2a29ee9b5cdcd621586e1e834218f30c2ddc574cedec74dbf9b3ba8d4bec82017ce8e16f648ab6040885098d8a0dcf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 a476261e91611ec14ed13c08d7d1a1ee
SHA1 622f64cfb6356d87730c140c8e41a7feb7c0d0d3
SHA256 723826e1decbaced85168361f5d00a7d0c01e0faf173a510c6f8892dcdf1d56e
SHA512 61e8cc79dd8b151de7ce86f0d0729e489bff624b01129cd9664d9833083b78a47cbdf29ef0d6be7a586a1f39aae80457db89c2317e1d48794a46032dbb2c5564

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 9e027f2f733c164b871cbf49a4d8c7d0
SHA1 59f7685f731250af50336013e76371f44cd99898
SHA256 84313c65a696a0a49faa255264ed2887180d73315c6f56cdb36abd761fd8fdc0
SHA512 1653a22490dbff0c95c3e2ab1095a8f365b2fb3ac912938db413e4710c1139db511282666da363a1363a3a4b4364f3c7687647d746e754c319024215a12f8fe3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 8a5be4f9fbfd59e29712128ffc2c5730
SHA1 2441e8a0ba907eb93e3b7bf4608fce5e7acfc711
SHA256 f179fbd0a4daa544c5a575aa63ae617d8d2ed79fa5a305e9ea89b7b689b1770e
SHA512 c1a49a4f52cad21cc75fb5adb6a9c46c330cbd252ab458b98febda45c4b8a246c145c76df9e1276e745b061e70fd77981c8c74e947a4101176aae97c4486dc16

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 7f9dd45087d4a7a542be9473ddb0692c
SHA1 3d6d20c44e99b52cb28619b40ba91c4beebb0db3
SHA256 de7e8efe5fb57d23f65d72aefa057894dc4897c92527c159fa79309974fcb1fb
SHA512 b3a7c9cb28a0f953e39d656fe0829eb426495ffc7ee9ec268082ca7e11e9a3c77d81b176455a713ad83759e177bab2dede9825cf4c8911835c82feb6a59c919f

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 72e445399f289f535dd9da7fa8021bf9
SHA1 da14f29ba5a0e8e2dc3969c744944283e6e569d8
SHA256 9e6c4b906545844174ccc9d94ed6fa94ff604dd2e0c65d8693e6f5a4f78a3ec6
SHA512 4458a3ab4aedcdffa59e5187b993045dab07401554630a140bd748631f91ec689e688726075cd8dc3c82df4d74c7e29e59ce63be7ce1884ab50d93d250704c80

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 1ef0c54f63e26521743be85149e9e5b1
SHA1 ecf3c7a74c1858c6e1ce131ea4cd759d608ea9ef
SHA256 2734f9aab9d8197ede9c752cae541520df50e7730b7cbf7bd19ccfb8ec859862
SHA512 e88fbafe386a34817fdc22edf097616c1886b345e8db440d1643839f33ac1a546f921fc8470ea5cf62116e4281d6b4d7876bd5427a4ae2ca711da0f30fc9a3e3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 eb3173bb86c4728f9ccb51292858b892
SHA1 01dec6c10265c6cd37179e20d12f9326ce01d804
SHA256 12fb304b40da9e7ce41df02132f8355ddca58dbaa65e3fc10f20478b63ce2c74
SHA512 8809289daf914a269bb357ef7a4229b961b7e1973bd6c056c136413ccfbdb96be33765fd7042b7567cdf404dda2e7a67540f82c2740be394f40cfaa064eec0f9

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 1aeb603ad1ea4b7a1f873dcd504c8fe0
SHA1 42194c0c487a179c853cb7e7c5e908ad960bd0ad
SHA256 3ab615cf8de604bf3d45ba3df01b8221b64c9b4d0e147bbd59a04317b8c9b24d
SHA512 17499ef96db19201ad25ad538d81ba32492df8aea51d337216248b1281589d5b256cf1b66b716cca6f8e0fb5e4c27f6cbf36de87bbf431c376bc54b249dcbc05

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 f0ba486b20083ff1c1f57cfb932d92b0
SHA1 600d4ea6ad921ee9c24588e998b06be57642b142
SHA256 488cc1c44c4a41e850b11f4667e1263e7faf66ea6d76f12b6e38d0ea5d32a40f
SHA512 b5e9fcb98683f51e8f13c6fc2145f00cf6c4137e64630d5200c6c787d984e1fdbb352d35af87d7db83ae7d9b34a7eae74f5ceb13d6d19257d840b4b340bbf7ac

memory/1652-11789-0x0000000000400000-0x000000000040C000-memory.dmp