Malware Analysis Report

2025-01-18 20:58

Sample ID 241126-jvtzvsymam
Target a0bd49531cc1790304dfd9c31e600526_JaffaCakes118
SHA256 77d283825a49906c009a0c5c44e06269ce354eaadbb5ebb494c4cfcf6991b8ec
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77d283825a49906c009a0c5c44e06269ce354eaadbb5ebb494c4cfcf6991b8ec

Threat Level: Known bad

The file a0bd49531cc1790304dfd9c31e600526_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist Ransomware

Xorist family

Renames multiple (2198) files with added filename extension

Renames multiple (2186) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-26 07:59

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-26 07:59

Reported

2024-11-26 08:02

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2186) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_b74e18ebf47de72a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usbdevice.inf_amd64_815550fc328ea85b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_ced441476847bd1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_b98e2b928f71a2b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mlx4_bus.inf_amd64_4c426f3bebc68844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_eb59a40d88060ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\gl-ES\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Eyebrow.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\nub.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\RunningLate.scale-64.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\sending.gif C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sun.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-200.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\GenericEnglish-2.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_05.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\LiveTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-200.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\Cabinet.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\FileAssociation.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-right.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left-pressed.gif C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_nb-no_5bb3e1df97276189\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-id-connecte..nt-provider-wlidfdp_31bf3856ad364e35_10.0.19041.746_none_8200bd0d163e4474\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-simcfg_31bf3856ad364e35_10.0.19041.1_none_74d0cf760b6b1863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\repost.htm C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lerevocationmanager_31bf3856ad364e35_10.0.19041.746_none_f57bf4c5acb88f1b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mydocs_31bf3856ad364e35_10.0.19041.1_none_003d1ccd1220a5f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_diskdrive.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c3b3d2d0d28a8a46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..cking-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_32881abe47115604\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1d6e0433e9628ce0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ocr-en-us-main_31bf3856ad364e35_10.0.19041.1_none_fa17a73d6a26d84e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_10.0.19041.423_none_bee15898bcd08cad\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_eece09d0effb6db1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.alertsview.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a57dedfa22c1a6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-accountscontrol-api_31bf3856ad364e35_10.0.19041.746_none_5aaf19161dc3f482\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.19041.546_none_a0a14858c07bcb00\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.services.design.resources_b77a5c561934e089_4.0.15805.0_de-de_d78600275bb50790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.hyperv.po..l.objects.resources_31bf3856ad364e35_10.0.19041.1_it-it_0d34ff08dead4f3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.906_none_9e2a4a3c38b724ef\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_44344cd8024ee1bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_568ac9752a89c86e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_it-it_a201011661a1f192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_10.0.19041.746_none_a09a6cc0e2d404e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_6c43bcbbb905891d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_efdc0b71a13aa30a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..nguage6-base-legacy_31bf3856ad364e35_10.0.19041.1_none_e30d55fd218ae1cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-taskbarcpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_2abc28fae1544bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..lityaccess-handlers_31bf3856ad364e35_10.0.19041.1023_none_8dfd821b47787976\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-qedwipes_31bf3856ad364e35_10.0.19041.1_none_17c510857e094bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_25a4203816925f7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-taskkill.resources_31bf3856ad364e35_10.0.19041.1_en-us_b639d251bd989a31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_f4a55c2c3386ed90\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.1_none_d558b3ccee4c4346\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_10.0.19041.1_es-es_cf801e8458319b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.web.datavisualization.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_1debacf55421773f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..isapifilterbinaries_31bf3856ad364e35_10.0.19041.1_none_2cdee1840cdb7589\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\inspect.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.19041.746_none_e5e33ba764e4ddec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.264_none_a4799d6c7f7a472c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..anagement.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7b8840f2b115e0e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..datautils.resources_31bf3856ad364e35_10.0.19041.1_en-us_518b7f106eff8d5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.directoryser..anagement.resources_b77a5c561934e089_4.0.15805.0_it-it_b28965bfde9ca0f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_10.0.19041.746_none_4a3ee9b1d4ef3676\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.io.log.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_1bf77603ae37c0df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ers-assoc.resources_31bf3856ad364e35_10.0.19041.1_it-it_636aea2917657024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-es_fcde5a75fe44e11c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_sv-se_0f1181eb83d9bf5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square150x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6a17b7b715f84458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SmallIcon.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm_31bf3856ad364e35_10.0.19041.1_none_5ca479c80833f252\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.DSC.CoreConfProviders.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-devicevirtualizationlib_31bf3856ad364e35_10.0.19041.1_none_3f2d94735c2c3711\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_10.0.19041.1_en-us_15645241d6eab123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\pdferror.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_06f54ab8afff1c79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-host-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_07a78c16babed14a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_10.0.19041.1_none_b4424c06f4c291f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DTVXXHPLQXPALXE" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open\command C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe,0" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4952-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9ae5a4d98f14ecc3d4af1e399fecccad
SHA1 53b1bd82653b4629df5fd2f32be7f943b34cf88b
SHA256 63eff9791c0310c54161063369b1181c9d5e2819bebab5d84b9d98c040ed14ba
SHA512 aedc3c27dab633455e76bcf499e99e23a0f8743e72b77396147ea050360796a474acd637befd48f5e28de74c5657c5d3bb376b1f7c16dfdac2b58fe529da64b2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2338c61b72052360eb3e4ebc352fd09e
SHA1 474d33ab517788b0c1b1916bf93341ba1da40646
SHA256 4f7494881b62530e577fa0cb0fa3e50363b13039aa8850fb1335821f4c1a3c9f
SHA512 d133b6be6e92a4751da47748a9308b905404742b61c729f80fa2555338e8b6732f774bbd024d35d2e2bfc5cb05967b7c5d5ad099fcd7d0d39a2505305fe47a0f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 fa081056864ce38bf78fdcff63c9fc38
SHA1 89cb49eedefb982fc6721c2d2dc9f563cce2e2f7
SHA256 e35a9b885574b143781431f0057d59ae61d1a1fda1413dff1d3f8249564dcc8b
SHA512 376b3b73e4a7d368555383e12149ae615a63bc64183ce3d4cb4189145c44a11db7bbead0412b037f9ad34e620759dadf6198d17cfcec9a112951d4707b34d76a

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 f199d3dff7ddb6e3be7e38f76d997386
SHA1 1c6374d565e2a7534714a9113f6205ff5f5306c8
SHA256 ef92fb9fe26af1fd1490881c1abb5acf2e5802acf09805520edf11d16554fa58
SHA512 1b886d1201949a70de11894375470a8044514288dad850da4da97f511550a01b6d9fdfb2d535961b346561e2a606c6bce82e1bda1c90e74c33b620ba88281c7e

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5a3ab70895c28dba4e5a750fb5ede555
SHA1 463d4ea48d2095ec53573c1e836b9e8d9e99f686
SHA256 5756fde6fdd3d1e5da447cb308cb7ed78dc613d640886696dbee3fe8a9e131f6
SHA512 a36fa8c33bbed4e25d7e06711e042fdd6bb0b8e9948e783e4eb682923a912957998dad0485a92bb02fe9a10e443b2a89bdab059bf9a27e6a8094e9d76f0f267a

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 e9f8ebd6d8c2c821523599a4aac12952
SHA1 47c44074722115e99fabe172a04d9e20eb95446a
SHA256 890c7bc100bacd54b8cc140f0aec13d9f32e72c8e019d0cdaeb494fe7d7dd2ca
SHA512 53d9284ba7cdb6c7ed9e4c9319425b642cf50eeccf7a3e085fe0686628bd6777dededeedb02e2d5db5932d19909b8fb96b884e33828b2fd24307a9a285002c16

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 3ffd5d7e45a9d6c3808846cc83fae07b
SHA1 8699de848caeb2a0d79fc086737124dbb403567f
SHA256 fc35b081ea2353cff53bd98f28ce331949821d4602518b563dead1f745478bdc
SHA512 bfd7eb168198e50fb522aa534920c86a47550a9a4061143aefd999664391d9c2d53fed0b912212f90a41b0f5934600faf94fa25ef6a555a80b6d4852fc5c57b9

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 1e43764791e8338b93f07ba1c83eb747
SHA1 2ac8f93ecf721b22e68645777120aab71493bdd2
SHA256 36b5cc27a9edea73120169f1a2c84ecfab18ea24a59decec9af6fbc36dab0045
SHA512 8d944645c110cafa8c9d85b84f6c03e49d02fd0b6c17ad0c4565f6070a1ebcf4e3b2ed3f80b42bba1bb5f0210f07cc10ac79fd84c374bb540bb1fbc67bbc940a

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 42ff5bb6d9184c6ddea97566ddec7ea7
SHA1 7c56ddfbf8f8c97b810f5db2591b3617e90a16dc
SHA256 ec6774a5c6d45716905bc6873d608f0700e61ee74b345dddabc0c28847945f58
SHA512 901f162e0575bea1ecfea2592908520ab7d2aa9083a7c7ff07b9ee9b20455ebf32b7e45352f8e46ed719b571f8e729101d4f0534e6bfc7ec6f653051ba09fa12

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 2027da67e332215a188de346fce78495
SHA1 829a8228c0a06522aa3d72c2f37197b1f4bacb94
SHA256 3b6e68cbee60ec774346738733b9621b2b4d7b45cb8aa7bab2d0459c393ecd48
SHA512 deba665e4dcc049f4bdc9574b8565a639a88039996da8fc984004df943b6268665b74ee0ee884a550db1831fe6a1af1182a805d68455adb23bc98d3b3a026e98

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 264c78edaad27935b3dc717b7ee2e215
SHA1 8e11384e1e57426fb2c57be9bf2eba85f7b1b33c
SHA256 13847e45abb3805ffdf64553d49cfc45bc8b8a681ecc8ad1fba2682e7e183a46
SHA512 86c1a0dd539e65af70b852aa503755eb3d489dbebeb3cfa9b5c5095d1c7354d7eb28f8d269ec2d5a9f0c9725c03ac4fd062081e0a21715c98b89cda5f021b353

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e03ccc7ec23456d6f76a1f5ab56bc25e
SHA1 e94bed315674835c06005d1f641daa3acf8cb86d
SHA256 35f60d7a838b78e392efab8d49dc9571abd3031fe512b26bbf663d2f8c1702ac
SHA512 54e1fd39d51e34229fd4486f0bd2906072822bed18af11fe6f05178e898d43e06ec9f7d9dc8dcf55daac602b76861d1d809746676a0015373e6e3109645f8c65

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 99003bee98dc7f59beda42b7e4730bc0
SHA1 73b68246c38d8ad22b9024fd8d9e13e5d9628859
SHA256 8169f4fc0e721c988fdd8fa8d8ee3c8a6d5ed786af4ab785c0d25ded21a7ee5c
SHA512 2984f60098bbb8044baa4d0fcfce921ed78a725fdc07f008d4cd9fbcdd3f9dabc5801c5a7097537bf2eb10e8d7ec8a3c5bdb5d22982ae98fe20501a4a380bb0a

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 a9fa68ec4813194c72d951eaa6c4c29f
SHA1 1262805895c6e6bd2061d5cac62a012350b0b764
SHA256 cb93837e3df0bc91eaab9084aec9a9d9adaeb76762c40d0f8fc5b2934b91c1dc
SHA512 939854c5352faa44748a185cc45f2f3f9e3d80f28c2c576d869c699c96bcf2d3faa88151aa45989097934ae2305b59d8c21e310c91382f2b0429ec16a9072d23

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 2c9a9eea94ed92524ec43082e5e42a51
SHA1 385b0d53e69f6af9dabb3abd89e167578f927fa8
SHA256 cad3158015457d4c5f6687356cc2a2722a37576da3ba8d6e509e15725199223b
SHA512 435e853b71ecb3da658085109c609c5039630b98e86d176c5138fe6e52d2152a602b2db40ddb0e900be1fc2185ec693de70be7f82a255b08a485944c97d93ecf

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 b05f8b9e3bec0c81cef816bc5a7e6572
SHA1 8942884f248c87499815a6e1ae77f9dff1fe7fa9
SHA256 6c3956ef553d4ca031db2a76da1de28d1ec305293d8c0b18cc3d81db7519469a
SHA512 9293bc1ae523454b23cb236e0ac6894a41744c2da549f5083bb565af9ac3293cccf29941241859612265c1a8546213d4475e0acec66162b6cb739ff0ab42d13d

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9fa3c41e47b4e5d38b925f035aacb144
SHA1 0584ccbf87bfdbd833159099f272dd824997260d
SHA256 118185a7508ae3b6c110891ad5e3a64b44acf96bcc3432de7826bfcb085ac5fc
SHA512 bba064fc131d87e895ba7e22039bb1cfee9a348f39de1269db24718358cd7bc5899d7657997513b64d3f1745ca15327eb60b4536827ea0ef07c7cbfb6c7d8a69

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 116b40cbf434febb542e8930c7816cb0
SHA1 1f8eaa6b8d3c0fbcfec9e90a4b780ce6a484a764
SHA256 1cdfb39d85f7d37034b1cb68ec656c4370aa1111ca4ddcd7a7930e3bd8eb8c5c
SHA512 33d8fc1dc9eff7052f1758401e2e32154c849d79f973dc5f43b520f81e5479d4bd0916afff540aa225dadb38cff540a2d7d2dcb6c18354e55ed049ff03ec70b0

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 69f68a1072403c4b607d38a592df8753
SHA1 01346892522e113d6928ff96d50ce68921e83261
SHA256 267984bcae6a2c79e09a6f6edb188ba571c428126481b22256716a36940857af
SHA512 50568896e67c385b184e11d120cc62947503ed460dd01bf53bce03427d77f51ff4c1fb0914f307937a4674f597658b2ca7d37d4cbba4a5abf385e57dd8e0a18d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 798d0312191af32cce27ebc2172665d5
SHA1 3c9d6d720c68afedad75a9689f90a23e208b98d6
SHA256 e13db410b43ea6911cc46157ab4a5ac404bac67cfe06c348fbb53ff79c46e4f1
SHA512 2db9fed23a9a16c416caebc5d649eb213f450cb65a9a53ed51eb0d954b6c8724c3e60e98f442f34e0cc5dbb9930baea2b9fd815dcd6e521418728c4e1152faa1

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 daf9347f0d18335140621d0e7b47a1c7
SHA1 ae1c05a626616198577214097e55fe9bddf0a891
SHA256 68ee10c0284d36473d5856ddd3f033834ca96c181c070e24b2aa7b6ec0219128
SHA512 bbc2244581237fdca21005df9887dcdbecb07c5516f0502276eb8c4294ea787378d82499ec4595aaa62874975e5f0a8363ced01ee0ed9df9ccf3fd5b17e70861

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 6f702ca0942eed3b20b5001d883a18c6
SHA1 6bb9f61ce6199062b83fb8f51f909398bcd21244
SHA256 91ae98bddbc544fe613756b8fa29a08fa3ef794b8812e7591fd8a7b146f0ef42
SHA512 b548c38b1fb3d6e89e9e1535077273dcb388993730dbd124690374923480f5384e19a7e836f8c51b45de2a291bed6083c9a13fb5095d3dc5c65a2da900e242f0

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 accabab9c5b8166745cef46b2e613321
SHA1 ae0777b660cce704a4b9aba4d2f3d002ceb90550
SHA256 6a51ca9d68074f3ed78e7a9e63fc935c6251393be2ec0f2f5cacd78f49ec398c
SHA512 7eaf82bf4f96edbe757907564b1a1f803dcb3081db6badba8e725e00f6ab190f64d77d43c123798020cc1c427067dfc5544bc87e91ac0a3e09e1183a79255ea1

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 ad8c72469cd1ef31d86c387d1d923de3
SHA1 358722c82d2700cd359c940577a0c13fe48e129b
SHA256 c29135aa80718006931240e701e23638c67ee1759f546ebfe746eb95cba34698
SHA512 b4f94a60a3537ca04f4519fedd1a53ed879501ba7963223402c57cc0c70350b5364cdc3105b1573ec16b3108007b04a1ae974426ed1dfa5f456ec614cabb91af

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 bcb5f218fa2b9c55cb49b840109fa3b3
SHA1 c818d24adee9066a8daffef09ad5aa0867918904
SHA256 f379602bb79ddf96df6a8594956d30a597d561eaba62fd682a11490087193aa7
SHA512 e98e48585443c2ca0d2a7e418572a4503e96b70ac132d438228576a1a464f11125239a2302296ed8fd1f79788cc9d9fd185f5bf00ee0980d6ec93920020b2748

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 95caf63b70fd841169bac98ded6e4ce2
SHA1 237f8bcb6d995704a950d563cc78c7d646b25019
SHA256 93a2a321f8062d4321e09ca01d3465c2176b747ac6f9f96abdeaf2beee40ccc1
SHA512 4e2cd67ef494bc08c35e346d3371c228c919128e9a5f2c85c585358e8bfad2d1562ccd07ad2d1567f96da7f0f3906a271ab466136cd958049e109e565d8a8494

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 fc29fe2b36649b8862811921a01c2c3c
SHA1 d3e8932380a60eaa27ea3761601dbbe48bb4ecd8
SHA256 5f232d2f4de98ee1c000dad609f526518ef4031791d6c86369c7d8e2cb81da69
SHA512 8bd826a3ccbce6366427cd139f5e7be63cc8b15142474a816969638c09820265679b434dc48cd83384183654e8e59a41a92622518bc5a0679f45fa2937af02ea

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 03de06b450fca60c79eabd6ffcbfb942
SHA1 293aadf0c0caedee69385d56c852f09185c105e2
SHA256 2543b8d2dce9457b4ff633c4eb93b9a5348a317c6a870f1507b3f0b000a88ced
SHA512 44f338433fa97f82b05ed905411df1a8f2ccfb1cecea8864259e82a82205eaecd0d86281d5cc3491564b561fff28d877c7ad70d5fbb5e3134da51304fff26291

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a1d9eba939e1127f763b1cbcb084292b
SHA1 9977c9bebecf72414af74bd549af2b40b6343b61
SHA256 7a1799046da4a3302cc42a1cc7fdfa763b665c2828e54cc06e866690b336a9ff
SHA512 5f582fc1d4836f08fb10eb8aa2c2a0770ded07aaa5eb83d6300d0c7315270e4d0d7fc309528bc009f1c08258a76dc947b3a285f0226641734fa047f485e84d96

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 6c49165fe9780738c4ef341c1fa45320
SHA1 42e9dd0d150b73f27a1df50eeed5f45513c3b8d4
SHA256 0d4276bd218b4a03ac58592115caa5f76614ab22d830d2adfe70c4fbd64f8f52
SHA512 8b02bc487c5be7ea6e2f7353c35fd72c5336fc300459b6ffa285ce1315a943c0af7348e4b214a785f6178fc23f33fd02a4810298a2fda64b70a54329731bb408

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 31dfc2f3d30b755775e577a046724596
SHA1 5ff16dc09de064eac9d363e22ff53badf200f8a5
SHA256 5b48aecf47ee9b699c62ab876ec773da0b27e07b216b6ff462b9bd23ecd5ac21
SHA512 b7f7aedef1a9c7bde0322cfc7b81a72127bb7a0c2622b1a58fcd27b24df0c4a61ab57c31c8c13c7e797f78c935e8eaeed573ae10664afed6c5d86ed641c55183

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 aae026f33fc80eb1b0b173d4961b9736
SHA1 ad9d204524fda4c547a7778b1f9aa6bdf5fcea16
SHA256 88e117e732bebc7bfa51598dd18791e59a3edb077555badeb1c9e7a5ff730a4d
SHA512 9e5afe00cb72ca3ed016e464c9d094b5eb05b87087568a6046bb79099c5d0141b275401a1ef45a0417e98c2ea6196126702bf1f4ee7fdab02c2130b2efec9352

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 de3fb33ccbcf24e54e57aa8a2b1db88d
SHA1 03ddffc5aaf492815b5865eee6212295abdc6bd2
SHA256 2fd76dd0a8805a28635a7a409f85c96b87f4371e937ca1250706629cf9d885aa
SHA512 3ceb9d7745a63dc90edd1be13226f537afced5c40f407387564c7e7a610f2ca5a44621c752c5273bd58ebd115d2e956d15694c08a084f759e5ce937cc1ca8b99

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 0ff61f7cc238671c15be3303348a65f0
SHA1 7b043e86f2de8f506a13435441ed53a37c1f2fc6
SHA256 f4830fc1d238788e90aabb73b333111a1d4dd8a03f37b23f3b830861a96f5c0b
SHA512 0d791aa7ec79aea3436fba7602e85ba5d16bffc3706c22f535608669a38517a4f684266f96428dd46b89ae3c9a43cb7aec515d81f5b8f3c14bf278f7d66f9f92

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 77390927dba483e44b9f56cd6a2213e9
SHA1 be89e0629965f692c4655fb32b3ce74d40d686d5
SHA256 7700e8cdf207ad77b4a9e50fac2e9d4e566193d7262a2ec1c7db1404953ebf7d
SHA512 bda5e0f8ea610920002791a7e1e80e522469ee4ec4fc748f4f4ad77e36964297b8839afeaec61c525884ecff785752b88488bcd54d1381ce0667157049892140

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 b4c03112a208b1423fa5d15a7d95f378
SHA1 e0197e1670936848dfdc2ac2a4d1a383d7b76a47
SHA256 736b8b160402c0e7277b70839a97aa2b0cd8f2537a350506be60c343e6c82df2
SHA512 bf0091f8f4b8a93042203f33d5a024d06155651983c8895ad46af89c6284ee09da461446d283d4a07272cc6863143dc51a2ca878a260aee36ca7c3443d0b5f2b

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c775af4bffb5e80d2ba82e5e509372ae
SHA1 39cfd3eaa3b8dff1bd6333f860985eeed81d5a90
SHA256 ad7054afa661f1f767601d50e97617b9602a6c7872dbc786e8cbf838df02781c
SHA512 3b4dc3acf1a379812ed15ce34454186a43ce5b24c911d59486815453eade0bd8f55ab60f6bbab3077a5bc66968843d0cb3ae97fb63f8fb5367d936c2e9b963e6

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 038bf711fdfe6d64724d800fdb412d2e
SHA1 78f6e9b4a0c343420aaa29b1a0c6e351cf9a9f2e
SHA256 2ad6d22346115e41ad30dbf2070d8c2f52dae1e0741b1d7e71417a436329db0b
SHA512 09e6c022eb31600d0a5836d427ffc31a86530d328c55ac72db4f80f1c0b1a4933e0570776430c8349e311a19d0adca1d3bcdb658f25c3a8deb38cdd569ad5549

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7a5353275623706ba35624d10025dbbe
SHA1 2d852fc3449ed169144dd6e023bdd1007e117133
SHA256 3b55b1bb23ac883a52a35d6eed1431b39bb590c76f528908a02086cc420fd7cc
SHA512 3fe4ee7cb642ce0ea3c51821420f2c6b4c77f2c2d48047779d9dc4faa62d51de90a2485d3bec0b9cb4e318ee0f76f47a7996745e4fda6658c62b92cc03eb2a2e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 3448a4eb084f4c2bd81b1db638c945df
SHA1 5434aa1818b7cc7fb2e268ea5d4e287fb25a6be9
SHA256 c0cf9227cdc6cf92d17f2ac4cf2b626a088ce376a7411e7ed7ee29df05f4b989
SHA512 76ecd5027ea8c4844fde0cabd209c7a9cd797566a1658bb2311382c2a51c80cb447988fe01b9d3a4782ecd42ed4dc837de5dffd62d0b2f7b9b566c9454285649

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 183a1613c42f55cd7d8199733a0a6558
SHA1 c7f23c538d1ee329f98c88507801185060ccb347
SHA256 ae1d0bd82176a9633d15a60cd78240a43dbd6d1ad3bc76bb3f5c64dac9d741e1
SHA512 2aca4a7a8516d9e8ec7b62da57cd47b15b77eb7e1883de46f4d05f24c47c893e8ac1392d31a070ea1f72e9324fda0982bdefdf5ea9e64b202b6e3b0c88264c0b

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 8b7e72ed2211ba8ac46a340caeb1429c
SHA1 1c98c9426035dd2d3d11370361214006dade6bad
SHA256 08f909b8e0d044badb873a902e4318476cac08ddfcfca123b266c7608c54f613
SHA512 7fac6dc0e5b53dd258586c256d4323581b9e154c49184d0f665ee8e77d60a9abe94d9eded08d6f6d0c3b8b1e377a25980d42b2801a8048359c157874c8bbe1f9

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 53a275b0eaad58052beb831e971f1185
SHA1 26d58139f0ae13629fe040c53736cfcaaef3cd32
SHA256 22ce8280f19d59a944311ba0818735f6a37265b294788e12da5876c56b0e35b8
SHA512 0ca063e0682f38b21b96fbef40d9aba7aedec1fb0bf725ca15f065ae908e10856b1446adcab6893caeef73de582e9c800ec6613c4499448eecc16e799fa439b0

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e62e364692f5a456bb7ab25004283f7f
SHA1 f20b81d74930ee11ec61ddd699cc2a3776aebb87
SHA256 75b6884f23798847f247630d99d70108a9f3a946b51b57214cabde32002188fe
SHA512 4dff12984d31c4decff8592959779bf15b8887251ad4f6639172e237fa0ad621c59281bc99bce85334479521a442fd17edd4c1cf96d02f523fdd916d3be9f648

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 657fcabb6997181ea18863135f166766
SHA1 6eebd564918d5ef5f100586932ea978be1a3b8c4
SHA256 aa92514c7c42c5b0b2906ae115ebf58bffe3c9fe089740c14245730dd58355f2
SHA512 c61dc2015c62cf2ff139ec786e52847a4c923d7840852fb287ba93a71545422b31c007d566f3a2ba34bfc7bf4535b8cb90c9b6930bb4bfb0e283376c3238b027

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 703d7077152e1366956c73a17bb486e5
SHA1 58329a596f9baae86872a9bb5c9abdb4d372b40e
SHA256 34a11fc559fd54f0001470c260a1448d8e46f7e738a956e8457b6c88d9ecb4a2
SHA512 12ffb23492fb3f4ab59401b270174284eda268feac9a0e95f6680007df183c3a6e8f974e8d5ff0ec41212ae16f56e5beaa03a619b22ba97226b0012903164df7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 af2a9557531b2a77bd1e8947387a3ac9
SHA1 08611e0d3294129013d4bd4de9269a1bdb2ef34d
SHA256 37a1505072a221844cd010d9e241b7fd74cfbd6c0c3b8e1e5e01a01608a2bb4a
SHA512 19023266bb1b0844df9157e7b53e3dbc65d8343ea40d634b0c8868d8b1ec8adaa05efe15db220c0e17f0665b8e032969ffdd6587fbc7d50f7fc8aa44fff7191e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 d4c79d45b08351292c3d2e9612eddb28
SHA1 3386d7a0ca0f7fc713e2129788584739451a9b07
SHA256 28e61840daaf063ca1c230882ae08bc469f386e0dc9e0c210d1c6002e10d26cc
SHA512 374cf3f9debc0e0a23be929847f7019bca52bd1e9e747e0003fbe11e4b153e0544c946fac096922acd81d0df02e69e8f0e1120c61d657f8d789ff15e21071c4b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 ddacc675038ff7564e9dad53da46e441
SHA1 1dc40db379a0c2152aeb6fa4e2dffe5ca9344ecc
SHA256 3f3437387de2da63d8839ceee91cb89de29bdae0969a51f33c47782e52298038
SHA512 4e4a0b677b9576472f1b219389782b2ce36a6c01eb69bb0c33162707416b75592d12d69a75fa26c03f239862a50a12e3e7e23fa3e21432a3abb0e2a189c15bbd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 c133354f872c52a9952cf2632f7dee06
SHA1 092e53552eb4ba0c63b361a7a96bf892140b8613
SHA256 fa8c59834adad1fd95fcd04ea48aeb7499c5f77d52736d275caab34e154e729f
SHA512 7c42787c896fb9699a6ed943068613e2304bddda96eef97a02d9177523102cae9052da28e585bf7ea5091daf8aae4fdc556e17be48fa5d53bfcfbd6c9c62e9d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 f95f92b8b63a6dfc27906e64099ba465
SHA1 59711987e82e177998c8703ed426fd974acb2a38
SHA256 5f894cf70ec28e0ed181d17670ca0bd4ec3ccf691eb44bbb671f08790fbc69fa
SHA512 6f25c4807c7837ef7a5887a8b05cfbd298947b61438e870fa6c7bc499b10fad0d26ec0845baf5c0c82955b78e6b966f36087e6d1879bf7ff70c55e069be34679

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 044fb404b11278def8e21df656126753
SHA1 3cfbc1b655a5313e5946db32e7a9b97f9edb33c6
SHA256 0d21a679fbcaff6797d337aabff2f04f54b9454c0946418d7c5f26e6de940ea5
SHA512 5cc11fa2041663878b48d9a53342cf5333de84cf559761ac0226c904f31fc392aa4c28025408035c1b71ff63ce3e818e24db8834460ccd011d85a1c2d119edef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 c5d00b1063e1099b984130e7b710122a
SHA1 a79cec58bf5dca243c43568e26578e936913d5c7
SHA256 d935495e57615bb8a80c04700ee9adde5ffaeb296befdfecc9c9ad2fa279198c
SHA512 388e7babd414f09a03a7ce6bd9f26d835c7513bb17b11764abf891461c87908788ba225e634871c482691d964d80ac6739fc554139045a01d13f784e28d66646

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 f469b7208440332a09fc1eb43a1e0fdc
SHA1 a2e145c521de08e2a79d1f923b8754c01734e686
SHA256 683afc316a052d4d42edfdf996a824fcfff2945c6f4de95fadd9dc375a5f5816
SHA512 931f160ece465cac18b87cc3260a1110b5c9f8699e3089399f2deea585a30064ffaa9bb3a1aadeabc29a7fee8679943446732fb53594d5793ecb9f91ef086bdb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 7904fa03a6aa82d7c1b4510856448869
SHA1 998a3c5b3785a3a1591ab1269cf8bf06031f23f7
SHA256 df25cfdbf8ce5a09ac9cd2791ee7f69eb8aef7ca5c86f4748d75c7bb1058b46f
SHA512 d6bf9100ec83d21e82098aa3a99430560d5da2e593be608f47d7867dce6b2c754164fdfdb5bff24f5ba892954bb7d84970a800edf4c998f00f443d35764c2151

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 245b62fe6c76ec7da9523446fa2265f5
SHA1 68832262d11fd590d3be837f5a0e15eb297897f7
SHA256 a24537ddc7d984b31010c1d7bb74e7f818ec8a7c2d715bd31f4bfe901c7156bc
SHA512 2b552107511cfcec7293b63868d015e0a77ca7fb7afcddffa94ae01ee56713a9aeb206f3062770bf489703da6d2a89d4fb1fcf4dda08195a2040f311ae9ddbfa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 ebee72571dbedf91ee158d6e13baf1aa
SHA1 6071a75d5b3fd0017515de3367425aaaee358804
SHA256 0b57711fa9f1eeee4af9d9e66ab5271203750333b61eb55977852a651aa375d1
SHA512 82a7937ccef943a7f5af4b83e2f2a8dfc5a3c7f299188e10b39f8955811ab09edc54426ed812c8c6405cdb657894810061a35c6d7b9289514a184d1449132680

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 7c2972cbcda5a024f427d1791c060556
SHA1 3fd579fa6483b47dee2d1815aa9e4213de41b86b
SHA256 0d354e3fb45b56746a305625868f2db0fb31dbc964673e302b9706073d58df49
SHA512 af3b9679d0edcee50f18d0441cac49207459615add51c827b17696385bf0363fc9593c1e0f1671a56f13e2dd6a83cbaebde66cf422add2d2a003913f42313a7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 5f2ae874e019c3af8e3727b2c57dc8af
SHA1 dfdd245df5f387e71df563e8b800cf3677f1e35d
SHA256 a39da4e792f633559c1c22f692e98c3b05fd29c62be1f40c7b07e8a760bcbbf3
SHA512 91df75d709b0fc51d77a745937b1cf3df092c3f5ab59b2514ec2ae6ef9f97fffe21e38cc4aea487de36780272ac7619c78717ae0b90fa2924e0d67321b50e8a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 cd0ac95f1110f827fa64a9b4ec40da05
SHA1 790426d68b2c5f22d8070c64d96b6ee7b7f71c41
SHA256 19f02300c09832e06669b1925a1898dd9b6b394198c91b777ff9b491af3131b5
SHA512 eaed57ca62504c5f0789a1165dcf3aca4aae2f280149659d440e8b8af7fb92e07baf2021c4d2641bdc47505fce57b3fd054ca06f2eedaa204d553709dad89d4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 1c51efeadd95498e5cffb708842e40cf
SHA1 997b4457216239fe3e7bc49eb6b47091fc95077e
SHA256 6acc03b7388cca621ef1973ad648dae3715a648b8d0c68fb893f7c128aeb5fbd
SHA512 2782f64cfab458d4249f9fb4ee2a468aae6c1861dc66274864810738e27af43cb177350626b465ab3eb29a835ce2a0d088ffcf2cf1e0ed153c809559a0895dd9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 9d049ebfe2fbf5d86898a2422c67f0f8
SHA1 1c00adb51c4ecefbf6800e66f56e195ed1bad793
SHA256 0e354f448d6d6bc1fa73bfde93f6ef21b7a95a5ba561c2df6d372fe20393474a
SHA512 a315ea034526f502062dd9c773edd501fa5155aa5ee3fb1c4b66c071201abd3aec6e28fb6a47d47cfcdc9fd2d87e80093d6322e27bd4bf207487caeda90d1b58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0f7402d6e92891f7dd1f047232be513c
SHA1 9fff0822d23c9df005f1ec02c89ec314bfcc4f0c
SHA256 c527fe534835e7fd992cfc5376a85f142699cf22df99f16c5ceb44bc4ec62346
SHA512 9f1e90380109981c7ec1e685ff4dbae7c6a6e278c5bebe74a5b5deb087218bddf792aad7031a00fa6c2a148c8f00f5a5d62857bacd7113a9e310825b46144c22

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 b075ba7483ceed0420ed40f63d8ddb01
SHA1 d129e42f5c5f934dbac2bbc63366828fd90fbdcf
SHA256 6fdb96261e1d88955cf4a970cf52571a9202e807b5d93ba08edbc7238cf34a59
SHA512 58f3f6e3e045adab751c1508c13a0b61936ecc948b5101878b8408407defa4b882a8d1fe1a7dadacef4ac7f3d421d6424c55334bcc567ff5be30bd19ecaf4a29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 d63ab73894c29b95633703b1eee2c68b
SHA1 5bad08d2658c1e2610aa2ccd0a50ebd25bafc103
SHA256 918b86c2cd013a43ee03769aab2e1f709b7d55e0838f769b4363dfca114d8c3a
SHA512 bb322dfcdbe482b601032f846267b48f6a742c11db0687287264eaeff738c974b2e075ce602d6e347c4541b6751a4401c314e8cda66c61ff6fb48c4aaf0865b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 8e56fa6b5e60fa0a0fc7d0c0c8da562b
SHA1 f74cf38358e59a0871e00c1428c7a328d83b31b5
SHA256 64fffb6a2ffbe59775b7a8ab54d56864f5dde5e2b27f9924837d1dc9d1fd5eb3
SHA512 647842d02c26870cd759e4ac77d6bebaea430a761920c7c02c687d6c4dcf8cb6ecec46fae48272baec5db22d5408755819155771098e6cf1111c5a0ade855f2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 67c76c53409f4fd90b399785c5d05e65
SHA1 513945b27e2a7dc61b579ea955dd2bb5fe13e138
SHA256 e9e17fbd05d24c9ccdda41c118964a8d4f750366c6b6be9fe38bdd541ead0f59
SHA512 ad00e08879fafa3c5005eb45fc3241299388b484f8b953276c7f2e541c27612ce4ff5fe0439fbdf39121589bcde554b1eac7ae0a02c08fc96da510de6a06f678

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 3f097ce482959421e78dff50008185ac
SHA1 c62435f12e8b5b7886c60ae9ba33e9a6f3474b7d
SHA256 d1bd31acf8a66f5e8ca0ebd51d41f9a2841fd64657d205e47c0a97b338c74bd5
SHA512 f20c56eab8aea40a95d7c62aa39af35569ae92cfed45c89ebb3f9c54279404602fe72738059763e516fa1a2cb95652788e58bfa6f230a3eab94ebd415c0f54ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 f02197b4045d6649fd9f2baa8b126241
SHA1 5f062459d19a4570f12dcea2f617c7956d44ac90
SHA256 f49de82dd876116e31e162dcb4162a60a237ca44d9793febe96ac619f48d7d24
SHA512 f29486c6215be740871bc13cc9cf1b4a1535f320aa6ceb18239cbd1b74fbe0c514ee1bd43152216fa84eab5affeca7c641e807102c91da309b2d283230366b9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 4560ed98709e382dc110f03021c724d7
SHA1 f7f7068bc014d0e51f4f85ed45f7765fe13fa1c0
SHA256 c225cc489cd0255f5194a1b257dc9b1c2db8b5910c245d331501d5cb42107e73
SHA512 e50563d4d0b2623b1ada90aec8ab8e809f77b76ec0bf487bb7cc5599b71510061ca28c9b6c2f7608b70407d88c9df5a6a49c5e4a9a80e74e94bb9f3e6f473976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 f9d97825bbc814f01bc2d45954c25a18
SHA1 e73f40ca364e7b187daac9b031e7bcec93fde0ec
SHA256 efd6a494989297a0b50b762fc60781bb4f40571b0b5eeb1998ecfdebf3f8b0e9
SHA512 cbbed56d6b8eed70ba7359f0a27b732e97b9a81fd5320f8dbee4ea561c08171baaa834d41056525615d8e63dca8c4daf084fbc0276d96b03466dc61a1f313029

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 4dc8e9b17df60ca84c49e94630f241e1
SHA1 f9adadd8f106b7ecfb02c9143b3d6d87f6ed9016
SHA256 4d6f3445adae3c4d3002f2515f4c1b5e172baade9d5291f4299cf0aeacd93b2d
SHA512 59a9945507e9a994fdacfd1d77ff0e7cb49e8a0a84c174a911af790ba293e1e3ea110926cab8f21844550e4d12f49b1903c08576a6b3798cc9c2c1dfe4da8d3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f069378bfd6cf9c4362881b685971481
SHA1 98da127b10a141a3dd24b5783794bb29508a7372
SHA256 5eb713648daababba370b99a3ae35369528b984ba84d73bb80f1501befaa7cbd
SHA512 46cb330c053b8166dba4c66cf0b9065a3497cdc1b0669b86169839108addf94be81ad788705dc951aabeba5190a7d59c8cfdc661893217bbe4245ef6954df35d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 83b91ddcbe8b7815f8b0a00a1e721a86
SHA1 ade0be3d483805f5bf5788e4ab4436269a3a2656
SHA256 c077cc2e5213314466618d5acf10a89221a5e2c375c287ca64a0cdedd5887b07
SHA512 f7640f27e6d88e5f70f5b0bd18b7a81fbc6ef19a02dbb0ee21c9da8357f14f27e8b8e6035f13494e838547cd746524d4095d4032560f5722759d8ae3577bd8b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 639cfc47c58c98b466b63dd77b203608
SHA1 14e328f94189860795192bb9357496cd331dfd0f
SHA256 c52fa1e2d2692e5e70af21789bd694878246e52524995677581495a207550b58
SHA512 25ee9ca2b32bd1ed1c6d66f323d7084d188ef8e8941798804db7be2771cbcdcdb2b3cd01199e47290588ad9ff3c4e598713dfab221476166896366c600358e62

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 0af0822ae322c3f35cbd389ea0227e26
SHA1 93957ecbd66c2c450feb69e4888ab7ff70da6808
SHA256 bd1a51421aece20666494bfb9ed7505a4349ae8b3d7345482c6d7f48c36db310
SHA512 f3cfec43188973d83c2796c0a6755ffe0281747a59bd522512cb5bda069a7107ad84d78731dea921f4fafcaf2e4fc3af48e0c60a1d7b9ffd11c45434393feada

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 ac35a679ec6287c0dfa46e01d4dc743c
SHA1 75c334b6c3e64c6f22f7acbb4ec2be01a614e717
SHA256 eefb4095d59d7dcb287e2c502f9608de1daed9459a41f7626b022404a9d947f2
SHA512 81bef42d791fbd6f1f0f64e3a9c1993d07d8e59e268e80fa7e3179a8ab5297f2bc07a4eaf11d169d61bc7c6886257aefe63e1d15782480013fce3b107977acab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 5a5da2c54361c3a6fa3d94c74d8ae653
SHA1 b5364337316f4dae12a6d5e41ab3a9965f1bec1b
SHA256 4128c8ea56923c0749b26f27ba22ff09e355a3a4499a3e1717eb936092c06639
SHA512 4d786f922339dfe059ae7622ce2d8d5aa011357496edf0bc3e38a17fea59141cd98c3aac76562e0fc4e946086a3579db65d2c74d8f54b391837b8b657eaa4456

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 fb1f9fd11e46017e452c858f8ff9c956
SHA1 342323adbcf958eafaf671ffd4c00494a90806df
SHA256 42b5818046bc52a27a8ee44e70ea9e54d3d49f4ca571cdc128f6bf7103b6d09a
SHA512 388b04b4b6509c82ac651f2767d86aaa8a759c47163258f97cc02b7ddfe91a27d7ab20da414bb551449162031847b51cd7302b63bb688c80061479b6bd106e90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 70bb09b5a9c64288bb63a2029e9d42ee
SHA1 10625715331a48f085ea6d59e0a198e5dc814724
SHA256 069af79d807b0cdc8115a5c6f21fb9db301d87aeb4917059a8e14e5191741dbc
SHA512 8e54d203ca1a75ff7e715510573e2b2b0c0a3b30cee90877e201b9987b12aa8ec50d41220bd4fb4284078a529370f936610802a6290cf8a5ce1421c94c33bf86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 f14b231711a1ca46cd5c71988ee24580
SHA1 6b19ffc9b0f27fdd3d2725081cbca2cd00b9e73e
SHA256 a921828c584f37dbab893ad7b3705532358edc1f1e256aeed0750f87a8b9d3a2
SHA512 49518f62377fef35100a1235f9936296c27cc0267d122ad9becc553e6357f359994bc3aec367642372adfe64c101efc6fb255ae88ed540cc86e42c4622a51d31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 d809cbb066b4bab1216ae8ce8a1e4644
SHA1 8fc4e8ee89d794b915d0b7897890025478c7312a
SHA256 14a5cdb6289e0aceff22d2bb7a30b7a7482bf1567cf870290200f8ab4190f248
SHA512 f0bcf251b30ffad53688ebd58afdfa88cb8e824209ac9e6ccb955f3ca4cb0691ac05703c5f1a87b730137948fe87fab79cc1bde9018bce582dcc55b27771267c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a5dbf6ef68a9a2dde3e34a2f630c52fd
SHA1 b8c915ef6032cbfafa453b6ff40e565695144378
SHA256 dec8940cc1ec1fabae606f47a1c45fe035621ba49b5b141da3bf184fb947d5f7
SHA512 3c0356cc32f31d3174bf9dbc87975c876f2d54ac73134cfacd384e23e8e8f92826f5ba524f856247d8813b2594607289382ef8c87c203f05de85a708f2dda467

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 ca6cafdb367c8a99d84769c058654c7a
SHA1 7f62a20537880abe74f5d62235ef9a06a874d8a0
SHA256 477a9a96819b42c902153da4481e39d1249714f19bb4eb62c2a27cc6a9b176b5
SHA512 4fce3da685dc3f7c0db869ac8dfd8f97f95bee36becca705ea5475125e92533111803d2010ec8c3837bec430ecf5dd69717fba5cddd0b1e384ba83ce970b5c8b

memory/4952-5650-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4952-5664-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 9384104f7492706dfdd508d8a4f11c8a
SHA1 3f84c3c746f1e93cdf109bfca4e584ff79b2ece9
SHA256 b62f98a72f5758af01fab806148471f84b12c0ff24bafed4a7f7b19c9cd42416
SHA512 c25fd8f65e72a7f71cb3f5b525cf56ed32cd426e9eef0d017c4815d8e40bfbb30b08a869ce206c26b29e590835c5915eddf0f4a127f529dbcb655c2381b5092e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 1a9eedab3547b5d857b6467d18fde35d
SHA1 2a0958c0817c90410de2efc9e78602266b9436f2
SHA256 aba96d715070eedfb388781961cf8f0445d8d340ac707943f1802e06a188214e
SHA512 acb7efab9957ce3eb30a056e74218cc17640276d6f99f3a89c10a2ee49115fb8a9273316ddcea680a0137d4c3c1dd11c8a8a105d403e5f309ef406eeef5beae6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 dcb3c53cc809bf4ba2b8f1396ede4f18
SHA1 54bb07cab079bb7debfc4d32ad44876f59fabb0b
SHA256 f4b66544e0366d2ff8bedd00dd9ed30d5dcb70bcaaa3e688918d5b1a95ab340d
SHA512 0f1182dd455e5ebf31de2cb635d96206ba65129382b9fdb15323dd038fc7572f71ac10373878e5731aaae8deedb22b012b884f70e51fec033d6d842a59943ea8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 bb7a8ca5e7343f5ba6ec9e4de9d569b2
SHA1 f4a55b56df6a0e8878960fd9c2f495b552e37a80
SHA256 98f114971ae3176107738ee43daa78f9cc19fa83bc24982391763b869d71c711
SHA512 ae706d6d7f981c51c85527b64d38882c903207862bece34a7231126542c27d902d548d3ce9fed9f32eadb671a1a7df6634bcffa69fefe0595253712b8a41b353

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 6ba4d897ed90a4e26223eaef2c562739
SHA1 eb21ae3c215e1946baa1aa6514eccd5d128bb316
SHA256 e678e7beac1597b986b62f066a4c9a3d05e3644e6a2c5d72e0556f3316ab5909
SHA512 5e1fa4f70c19d46b4b9ac1ac49fcecc3e6d74feeed4b32430ca9f2e9579308a3f5a558151e868d4ca3ac99a963bec69bd20d41e50475c85df8faf5c377c9a985

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2050614594f9f58f0176f530dc43a11d
SHA1 b7eec33cf1be36bd943e78378291f7af96a05800
SHA256 fc1e6e2f7ff06afa973c9b12ca4f092fa96c4bff992e67b160358be2975099b8
SHA512 672e9333a0f461bf5112bc4440d010ddd599787821eb5b741f1231ab38ad4bb72c813ea37b2b8f9c584ee2e6f85caa8c6f48fa18ae9422d3c9444053d95613f8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b385c5e7142e9524618ebd9db39a876c
SHA1 24dc0c88612e952c262bd9dcac4d2884874b1179
SHA256 726254e944bb7b25c72550ecadf8aa19e33b38dc020bd262414d3a358036e73d
SHA512 d3886c761098d4503defef442f162c471b21a8876b2756c248363db0880d846e16e966359000e100445ad3c6e3a731cbd6f5acf24a36e66235c31e8255287064

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 9322449f9fc8543d2a441648df8702d7
SHA1 32561ca615be680f312635d8a1daef374d16347c
SHA256 a466174e7baad23f7e43f4aaeef0add94dcd84021e7e61cfbe53316a70257161
SHA512 65bd0853e8185079dc61825f42870ee1314436f6b00c29ec32472d945da475cee2424d5e0864396a861eb5ca6acd77ec8388c3354e31f5bd52f397fb199f50a0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 6ba47755c7e6270ec02735033d4e48cb
SHA1 9e14af2665f79deb9160a046490977764161ab76
SHA256 f898a813f9dea3a972dc18a1ebc787c282e3c58d1951b24995bc3f137613473a
SHA512 f498336d278ae6c2de911cbd27653e446b86f3334ba37dc7304cecda2599db010abb863cd329005b2650557176a0e2a939c98219edd4e2f7fe23af4a9e64e0dd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d4944bc5d9b67cc7d7fa46b514ead064
SHA1 4d734af8569e5dfac338c912307d7138cefac189
SHA256 bc48fd775bd8fe8281119ef70fb44a68a37b253d56ab8f429bc1a18bb57c5176
SHA512 033bb3495fb1af73e97409179b567babbdc2d40666198d9b9ab7e5df12db2a32e7298016a6c6243599cf5bc91cee8fef557b52c73fa63f8ec35f490f1f2a3bd6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 72a4b75600a685b57a9e4c3541236ce4
SHA1 4f1691b0f641f8c25feb737021cab9479477ed17
SHA256 983c40d0e24ca8a504502bfa449ee8ec9e367b76bfdd9910c56660035be69286
SHA512 ef8a0b144f8bb04bed433b27499d1420f52cdd932860de54524af7637747bf71e3b0d9be61b0715243164125e1cb8b48092a7730a8df6d1f8bd71c1914b44ba4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e87c9d0b15819e670c376f8ea22d267c
SHA1 d37661b8460ffcc45f7aec5297ddfbfa2dc20bf5
SHA256 d00104440f98c0830f00fbbd829468a761923d256fc865c02ce2515bc7092daf
SHA512 f9bd75e9af18e0ecbe16f7c8cc4b1e8040e774df028353a7f328a4fd6430a94fd2c959e485abd7974fcbab5c0e8f3dba5433fc3e82df0de23ecf44c84b83d465

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 1ebe63484b75b3b84423f7b7d3ac9445
SHA1 c434567ace639ba52c886a9a88224c4aaeb28425
SHA256 928d8647ab626e95700c4ca23ea9820552bcc16fb0471730d4a39f910f6ef55e
SHA512 ec7a15d27420bc973dc1180b8ebe43fe8546f90a1f09ef35c8cf03dbcedee6ea5e975638cdc58279d15f0f0920bd976c0987f57ca15b89fe7a6da1049b6bfeef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b73d401ad9b76f3d0647c1ec73e52dce
SHA1 ebe9140ac981b3b637d1c621ccbc7d43416ca8a1
SHA256 25c6be233bb649f96f095aab472e80e54bee0d7f1c9efe962839c5c709a7c841
SHA512 021640d7f03bffdd526a6f8dd8faafb2eaec868e661850c0273555d029b688955d6d4e362cfa4f300326a118500aec42c3a958b949e69b52d4030fbe3b9abbbc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c956abfd57c1f25e1eefb31251b7e69c
SHA1 c5df68b00b93c9579f5a9b50b5425fe1166a8d42
SHA256 fe6366f2272622886cab3168cec2cedd67915f010a1fdd569b678cd9391f34aa
SHA512 84705343502ef6b4d1076f4b715a8943acc43b7533afb1ae0a87fe3030d8b01791f90f24c45b11548a89a12874324a3bffa74c080fb2bdb9031c06e13e413246

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bdde1e109f712d24a5fc06c07117d0dc
SHA1 590f4a5615e26a60e91029b561bedde789b53bb1
SHA256 dab708021fa54e38c8312db6e17cfbd23562d91f8084d78b4b65aa44c95d5bef
SHA512 4358b973b68f121cbb086b31c99844578789bc06c931dfd9c62225f2823142fec157a6cfc9dd85b18171dc48574b202e198f80802b7d9cadc8b4f6057a879c17

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 48598e6ea39957dbaafb4718eca02e81
SHA1 8537e3f3d4312fb40d177922c538e7f241249d0a
SHA256 5ef0e648c2c9f2569ef5bab60222a7ac6e65b2b1de8e7e87d47cfa47a7c5c6ca
SHA512 68c10897a1e3bb30bdc79558057c25382933bfc2fc0b806756550a0370615142537bb6043ea8a83f6554702d5a776dffa807d9c5bce84a66958a0b312008bf4d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 69bc66fea4a9351177d6c01c90e8f679
SHA1 4704edecba8b22d061db336409cf33dfe226f67c
SHA256 72b7b280a012ffedbbceb57fc4e44ecaf2cefcf43908411f3db7272eb66720fb
SHA512 ec1273b48b27b62aa33a5d137bdd7ab43c207b46c50e6052e0610b63f06b2b05429c838a4ae64becfe46026f6448b18298eb4f163e9ac6793511cb0c97ca36a5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 24d9509328b0be4be357ab27b34aebae
SHA1 db20d5767c4bb58ae99bab02aecc95110abe51d2
SHA256 00ee80dfdc8938913d5becf2312156dfca8b2730ca84632d9bef58101b075be5
SHA512 41228d5662e4191d76e63f23c247c4d533d7467810b23b76ba3676cb46110e3984b245e72c85dde58ef29400c37cbb5208007664ae194f2528a767d644f5540a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 74b85f694c59baaf4cd6072ae7a9c0e5
SHA1 3953ba296e5ebcde9b082590e877b76f433d2e85
SHA256 5e7927981177361874aee8063e79760f2df36d4b70339600d8260a799cd77584
SHA512 a8e1aa5603e6b4b7505e77c6288e2c333161a1ae9bb68a41709c4f67d455e843f5941c1ee319698f676cc2cc59660ebdedc63b84d1080d1831dd9dd63303ef05

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 47b9f9d259d8abb940b76f99264cc382
SHA1 eba66bf174b309ead746d4b83f35c9eb52caba88
SHA256 0806a9597cb3c9e1b8e1d3dc3f3bc16063ea6bd9f5b4e9d0a2e12b922b4a3c48
SHA512 4e0dede4f9467b6327dca4c509cffa15368c9d609df7bca713804d9a3394a1a12502dc096c242658f66d4eff91f21aa26a5de419d21e9f2ae3ffd3a2c42a7e3e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 29499bbab5c6b7775733da53c3b11d5f
SHA1 6e56188b9d0c18350f835da00d6255422b902f3d
SHA256 5b21efdeb8c87b34f311aef632b56a713fe13a27628a97ef504b3ab26c82dbf7
SHA512 65a6d9b4dc1b7d3222c583e476e3fa444a3660ccfc0cef928ab74c1e4de272cbf0ba9167e80681e22369affe1baaf39fc5487fb06dbe8e43c8ee69ecd2c813d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a0373bd52dfd5457b056bce4c966ee8d
SHA1 37084acd0decf22fe16f97c71421fd48326c7a95
SHA256 d0a14022bb01751fe98ac1aa956d92689d88e096a08266a7b84fca4a114091d0
SHA512 500207ed4eac8e8413b3211ff8e95f770b174347cdceb0aa03db677dd57c2e5e975c1b4c50a53a08a29298cd88fb78fb0a1a863f75cf62c6c1b12f6742c75a55

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 0ecf3221aa1e38fb120220eb86fe26c1
SHA1 f180c3bd3a5e54c70dd298b97fe7352e11f014c3
SHA256 103d6f225bb49a65924c1cb521622af3818ac36a08db44158dc32e85080e4532
SHA512 143ba1c645bb8b3fc805a8503b609060fe0128ceca109a2be41ec2db29aa79fc498fd6909c79cd3ff373ebc435685be11acd0db65b117973610d53c084300042

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 cba28952fd7c37e109dab56971d57f0a
SHA1 7841275d40bc7248adff4c94b94aefda37ceabef
SHA256 b01de1e53d04ad76f89221ecd9beff06271efa7863a85f8eb4e5572c49a888bf
SHA512 8e97f89cdf4d9ae98ea162ac8437b7e26f6a463385f5af53ed00f7693d5f635b29cc87d4d326188f996a4db01308a1accebf8c4aca1f4f814dcc533bd37d56fa

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 51628c1aced46ace046a55793b69e0fd
SHA1 9a3fb0cb794a514f415bbc88a47b84799a82f76e
SHA256 6670c0936556d1a25f62ef2b725c538cfa3c627a82fd2d8e369ac214567e6d41
SHA512 fc07185c105740cec978264b1222dcc7fd2c18c96ef4fb7f11acf3cec27827a2d7be0bb07a2af2d91c8df1155c57ea8403c206f976a8c72b6d6fad4735f07793

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8a4d2cd1763c36e2917db2e7aee7f2de
SHA1 d1a0176aa60b15b48ed29faf79f901a32025ae6b
SHA256 2703406d7e81dccfe724b8bf6922c03b7bf26af46fe60fdf17586241c9d86ca7
SHA512 0fa1e4433337a642f543d781c5a123a95d5a2b4756f0298184347c479e6086fc55276e9c653efaa9eacd98d7eef5614482d03a30d0f86505ba15ca98ddd4e102

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 51b36e9bcc79955fd6f3ae429a5333e1
SHA1 f8991c4e83179056505504bb7b96d42b62bf8191
SHA256 72a9fbeb99c5da94623bbddd5d349f2521412799d8df218edb6ddbcb9a988a00
SHA512 8eaaab32598ffa7669f66b0d537c4a09dec42d94c0967296e98f8e4a32ec11b0527ec8a6b75d5f2b03200ffd2ecfee260fb4c9750abcc97ef6291a5994ba0d68

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 4f2c6f23dcb160157203d2b7d495dba3
SHA1 1a9e3c8da7d0bd3769117ea154e707aed8463834
SHA256 6140f3f342a26fce3f2e57e3e79b1e447a7494e0a40be033e6a0e27e9d327378
SHA512 4547356a28bf905da2fd8d4d9902cc21017fbc362fd8d1c95386ffc145a4e378b4c13846db52f769b3c9978243517712029be83270ccd5c45d1752338409d2b4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 d91db3edbde1e8f344e944be88e21621
SHA1 7741caab7417b2ef96c474e434b5c677618fd60b
SHA256 922c9575f990bbb89f179701c763f09fdc386f6a1c4b0a93965e0455213470aa
SHA512 d453dc0dd369a89b73c256a824133083079ec90ef9bb60c85214c430ced78a9bf59ae92dbd8a1ec5269fcae89b6ab410bba70dfc49743e91ee51a58c56d5dc94

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 572fe380c0c72061ed0ad93cca533b4a
SHA1 cf1c19013135cb9025a937fcd723e593716fb050
SHA256 9aedba7727ce71d2b7196b4f521cb53716639f8c546bfa35862e6c79112736de
SHA512 398803812e24160b0f95c3580467b9e75061db4d52915b1b2b11dba9f13985cd8e7ae0c69949ff29aeb187fa97b24ecb885e53aef00e698cd89e4f7f307d82a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 24f449f11276b7ecb530f9a9416c3663
SHA1 174f1793cd63c863b56cf10955e10be6df8ebc68
SHA256 ab2065c05969710ebc0a0a4f8cfab47231d93de807219705d458c7bfa2ecbe82
SHA512 e3b5fcf633c3625140a8264827e98b783f4bbd6c78f7a17842d22e9a21859cdc1aa446f9000d3c66dfbf1a23f4a061c30936bfd237ee0d871b476f467821a27a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 170cf905eef40c796bda145c93d90bf0
SHA1 c87c72fe8e708802e3a10e7d3b28730566046e72
SHA256 c2b2ad765f86299e8d8ea77b3de3b4ec80cf532616720241afee991672a505ff
SHA512 93835275c4e29837d4a36301ea955f703e008357c899dfceab2b089454cc0804485fb0b099235549fb3a9c716233ce34c454383e9a03b8d09fc03a901def2eb2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 501a08f189e4020d3d55d476888a84e5
SHA1 2bc2bf0f4bfcec1771fb42ab7af93b78533756ef
SHA256 4e37ea838f32aca32b6c58d23bafefeaf2386cb5baeded32bb847b2b656f1de2
SHA512 56f7bdb9c3f0163b629984033ba4055280053ac6b55e26194fc1f70207bdd03987aae0ac8c6126fbc578795759bc74e2ee11d977d32d0dd9aa82409f45ff85e7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 ec1cc3b80479b847a58481e5c4126259
SHA1 e11be62c964e3bb3208141c7d3ca3384c0de4a2e
SHA256 e012f307baac1c56c0c04ed9136cbdaa960a11277d4e19d8760d254ad27b7996
SHA512 a49d7ac20ae0a1391544a59a63e3e9e843469c2a57e4d7259e692a1977317d52967ee516b9bad15202203238dc71868b90b6f9a05ab9d15ea423169f075280e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 52def99d156d1aaa8a5f19544bc0b24c
SHA1 623666e5acb8087542b16429c6836b16ee98317f
SHA256 de95e2b6bfd9aa2ae458f942fe2047d877b25ecb5ada23c25dbfda96e698bea4
SHA512 9f6860065ac7a7c023ff29013d00d2f32aac38f3ddce1c8aa1c233b01312c7414540a362d58cf754466ac7e209eaa305539bee2b057c4b5e7d9487938a83388e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ba121a854b0005bb694329832b819bb6
SHA1 38494d3a60535556ef8253c2f125db02a1b25525
SHA256 624e6b22e00e00813d2a25047d54bcdf3c930826ec1fcf7dbf8e5193b7d30c7b
SHA512 27ce6f897713ca4de38174b399130ff71de9ced646cfa75fe267024f63062fd9c3cb300304accb13af1749b9361195fba566f57e306e3a26b6c14ede71b297ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 215924f868681d02f907d6ae806fc501
SHA1 db32cffc6ebd0a12c93dc9d19bb5bae0ffe4e4f0
SHA256 f19928e081ac07c05c8ebfcfed2d1ad353c651aae33e0ede73cbba335ba79217
SHA512 d38e35a6029f8dd5edf217ba32ffd763f54586d09785988d68138aa2fc8a9ae4c3e82694a6cd2c461c1621caef0611dbce99e36fdb264ddb56a6fb04c1ffdc39

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 0c7b35dbdb5837c8ab6562bb2606ae20
SHA1 f2296ee783838e22db05a1771913365930502e05
SHA256 40206cdd1b9c8b389c249873fd7dc28d3fc4bd5f92a94f37841c0421c7bab100
SHA512 4c36fd17be26cff94b3aaf1c50974ce76b885a40435e2ed2e33b1ea73bc0b24221f5a79b43485286a2461f700dc9db3d273d5bc9fdcf3e69a7361968c6c4ee6d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 5aeb3f93c00d6b7e8f6dca4f0f1909b7
SHA1 e453ca7f5d3207f94acbe87c8b33d25c79167553
SHA256 36687fa2ddbbbed5288aef473049bb0902cb0dbaa2d9a7feb9a2962b879ad7ba
SHA512 76c7a49290e71293482b4159d8ccb3744a802dc5bb1c16a1701c473c526e4fd7c4d85e8aaaa7a95fd6e1bb7ed465143b15d591b13643aa70a7fdd2a9e99a0c49

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 c25fbefdb7bbdefa31bf26a69e55586b
SHA1 6187d3d026631e4352d201ea2ff86c3d60185c4b
SHA256 cac72700a168f8ccbf5b335de4d59ddffb63f373013b3df30e15b03ae3153e8d
SHA512 cfd39aaa53f1fa4a1fdf446f7f23f7879454d2340b70698ba892a4b39c7f705643b258516f8d671dfb310b7b82c9e23d18756061c6f519a33b776fe6a7d6e3c5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 5bc700c75528a1b373b06b3e8b2fb88f
SHA1 0136196728d9bbed6bf315a1b81f38c9345aeafa
SHA256 b1d42818cc198329532d28dd6281c3fb488f89a84ea9f14136ca319aa4cd765f
SHA512 37f76bf2439947c93fe47d0a9ab044d29eda7b64d4b418062438c7b9ea622094efe2a35cf5a71fa335ec138bd71eba94d615beeb3b94044161ff24185ab58612

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 8f15a7bd0815252701e3898c4ca4dff2
SHA1 72336e6bff18dabb019c450d307ebd2d08c2d36b
SHA256 ebd210410cad7a56b0463b36e41fec4479145b546bab2a50e862d4d13ce6651a
SHA512 be2f0868d779480d42d356786b97827a6be07ee0da6e8467bcdc7e3779978b2fbdb7df42fe24096b70993fc3945fb0af5c237d3dd309969074671ce3bcd973ed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 98f6116307f270b14f581de52721095d
SHA1 5d52caedc59389bf15e0998749b9a6c6da9dff83
SHA256 154330d988ea6d4a9f2bd60172d63a8a840727c95ac58820934202a852d9686e
SHA512 a3bb3765cbf1bae4f5477243611c5534a1104cb4689795e2712d8d959edc6fd8761c99a0c17f99f0036cf427c5028564f61e6e8c3ce3c2096b5a899d50162ce4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 06aa512a5b1a16515fd539aaa84c92b3
SHA1 dcb199f40183da46715ab636b9b5c4901ee06518
SHA256 1288354cc3e3dcfdb6ad7a3e483b16736e3ce0e41349c062207cd94e7eab46b3
SHA512 b05e23e5f86f9c27bba67a79567390703f4e6f6d9fa2a88641661fe39cd7fc4b1e09d18fa5525a7a8701ef1a8c9d44d15ea4ce49dcee72d90891d7b19ebc5b9d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ecd67f6da6785aaa1f431b349b81a2e6
SHA1 ddba42177b349d6e6ffe76b36a077dc01eb0cb2d
SHA256 572562d834abf7b5967991716fca4a3303cf2834d1186e927268d0e3dd5c1396
SHA512 d83c26849e367073c8c955ab3884bc7addfb52ee2f45c49d1361f6f9c17d66feef08b541df70d6275040e835d5fcaa5889419bb9360e869b6ec6584f3d567c0b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 a246e1c34779e9d491552de55865d809
SHA1 483201a6c463249fe2807d4399f3372ad88636c4
SHA256 2a65a799e33e93a5b319538949e7e5a7d6d4972b7d25af73790b0a8e819c426b
SHA512 abe89e60b8c1b8ae49ee76cbdd1f14cb960a4903c2abc4b463ef1db81bfe6439658fd91bc8155fe6709d1c0ac3574dca7cc27d6e41681e602c96077c1e8119c0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 7acb1b27e3b35aa9b643f7be78a471b2
SHA1 4463cb106d8c807938257e1a73e925b7091b496c
SHA256 559ad38b635b0c7d9211db9d57564a943cba57b02234ec022223bb40ccbc92ce
SHA512 ea9e713055bc90acfbf1242a7448bd7fbf154d13c861be7a97e4943cfaad9965ad18f7c01bc8fe9651bf56e6c7a380aa97b699395c7db7ed9582a6339ca37e55

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 0c4af2e527b2566302ee4e8d97f2834f
SHA1 6051d6b5968a53d93d3717bfc3de6537f60794ca
SHA256 4a74065ff8b0f9e41765ffc0608516fa89bf9f0eedb90534e790ee25d6f3b27d
SHA512 584154078fee8e90cb29fabda680c503bee908c6bd9628c77c5cb295c861cde2540decfbd016ead20fc1542f81da42561986c3637d8aaa944caf065aec21cd30

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 d25fcbd8bad7f6c2b60fedee2dce3bef
SHA1 62b90c029bab66a09704c6818e6300d790247b59
SHA256 a75a653f40fcb675c32e64cc29ef0056edbc339e31dfe02c5f84caf722182132
SHA512 8c0d311e48abb0d9ad04c2d53225d14785b07bd862a6f8416ef77b783bb0c167b7dbbad091f1e59bc4ec551875ab26237bf4560677c3464675c2287e0c3e70d6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 456fd9d7d174bd5219cd52ece46dd741
SHA1 e8adb8afc621da7a2bb507b3cbbff9be56e0374d
SHA256 7d54d4aa35fa069170275da2e0242d6584d7dd13fe9c95010f9013c736746411
SHA512 24449273de0c5017cfbcb87cfc3aa1e9191e29e4a38285f597a8583f56c9598d211e4bf4dedf43a84e532de62d3ed46fa71e1fd048992e9fabe0b90927ef2be7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 49e3024f5473bfb466a1e49fb64b1b9d
SHA1 45a934a7cd00907676abdf6092d3ccc18e978f6c
SHA256 2c737b1c215f130a8ceb38ad3cb4ddbbacaafd19b0fd7ee233e2b0d9a7a40943
SHA512 6023da314e3ed2b3e9c1abd6a77835222c76583e82a9485d2c66faa2fb43122b1634eebbf0aac3a14f96309789d391cd9de8dafa7ee3f7d8a454aee78d0f1260

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 c3288017cdb7e2a964830c20c92371c6
SHA1 4dd2ad6eb9b3b5dc994b9d7f9c7d4fbfbd8bd013
SHA256 3d195b51d03dd16693cd8f874ab99cc172e572d78e4932803d8fcb08a21e67e2
SHA512 8c8e850179db519b6187e78904be8619831a4e21f1b8f7860104df48d54b86cd2c6757dccd0db9c0f6baca73374a48359cd85fb3cf4815a0e872ca51189854ea

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 1ca34e3695ffa8a516cee4e1eda033b0
SHA1 5cd8ddf737325b38517364b8713f29def3944fb9
SHA256 cc7045143b283b5cae09f8cc475ea989b9d713ce2a72fb029413ae2ad2d7368a
SHA512 4197d26a56f2008cc24070f8c32d05e2e38f3a5f4f752a4746a4a125f043922bef11fc206d3356f956b57008a44a6e1818325cc2af18dedb7112603c0271b8c1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 0c957f5a221dd74fbf6a1aa7bff190e7
SHA1 a467dad4ec1cb74a4c91c1dc9c8238129b8cce5c
SHA256 b4b8a0e2ef700b0406d304b6889dacc766d7341c804c989e3f1c5472f3693b91
SHA512 0464bb0c1aadcd34b04cae48cdb557b894788a701e155daf5d4a5b95b6d23760a16f9ebeb9e43439bf2e8eeb8fe25c513a167b669cbe2ae5174a174da2e0bdee

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 693b23d144c28fb645a3595d971508db
SHA1 7b7ee5db601dba33f43407dddfffefd50dec4d2a
SHA256 a4cb0cb9c80dfe11c8d146b5b3237c61f289bea7e3a77ef2ca18e133a3f0fa73
SHA512 623a898cad06bd9cac2e87bdf38dc61fc4cb37365e0b4a740721d88e6fb018ccd08a808bd3d061f8ffce963725e8e7c686e519fe6512645ef193c1ee75787881

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 0e7856baf8b79554b66b8ed1b302cfb1
SHA1 0b5e285e35db6b2dada61d4f993a0ccd6eb96290
SHA256 0f9c4b57cf185333f548e49e93c6d3ac376a3994fa23ca3caed355c9b96cba1d
SHA512 9829dfd456c328c0634b638b83d64f806a6c2a54c50d90f856cdd225a6afe7fb572802ddf1cb83a7818395600f5a69a2212e8c838526171f008ce7a9229ae7af

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 6aaed72201fc6a5c0ff75b710b6d53f7
SHA1 01062c11f8990bff8f75d239ef6bf8bc21365ec7
SHA256 1001e12e39335a9e4ce1de29ee48a34871ccc6f454fb78ce96ba45d1eda65458
SHA512 41d3c3aafe89b5c2013e8aacb410dfa8cd45cc09a2481d7845c8fcda2c73a15675290d4d34f3e2c4feaa31d15e63f7e632ed6a5e9e6baf17ef34859f38961c88

memory/4952-10020-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4952-10994-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 6ae414196a989e8acf09959674446dd2
SHA1 93a835da3eb56ec0d24ccd5716687ac34690fde8
SHA256 012bbbab60ad4ff9434d0221baeb7fa62ec042f3c2630cf7b1949c29cb4b344e
SHA512 c92d5b679a4877815876b954da48a681ad2a5152de21e56d03636115b7893a606ae054c1f5246059325fcd523128806c31914899f1f855bd50590d64524ddf81

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 b5ce7a8732c8580c1a59c3f90ed53c2e
SHA1 b3dc3f1d972f2ee8c909c96ad15d12d886d54a3e
SHA256 b73484cfcee04a8fe543a81875b381910df79c21b450fe0df062ddb69b531535
SHA512 2dd37b484918e5f9a30a17e30b7ef66185b22d30426d040a38a10c949e47f61c797e0d73aab719b2d7680a42fc533b343bcb1eaaafde4cd41024b480178455c5

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 3cf91a24f37ed68b062444e8943edc0b
SHA1 feceb11e290593c371d70edb3224e6167757fc4f
SHA256 d0aca166e4948cc50c57bfee24ca92fe449cf963ec2ac58461112a4b94153f2d
SHA512 ed3334b4e449ab0242c3603999fa53621e66112b91bb7b808955ba512b30007209ce5373e91ef939029e6fd3d7ea598a3353ab9735fe2f98e23699a0c60e0e34

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 5694ad20ab78f8264969720e4e7eac90
SHA1 82f8c5e72e456dc061023b6b009a882cec562864
SHA256 5b196164e1b8f1c7e220a84271400301238e75b7f530b1b344d05b91e06a925d
SHA512 be7adced99f5b1703bce40422b0f5a22294a20670e4d4c2d083549e954f5c8f60a13b0b42e37dacff3428758862d6761794aa6e88d8c833bf974c94abafc113d

memory/4952-11331-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4952-11332-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 612689dc2dae9df4cb63daccb1046a5b
SHA1 9352d335b89905df8e428367e1bb0bb321ee5490
SHA256 0052fd3509279109180270c13ccbf6db3fce3c28f40377fefa0986226756e0f8
SHA512 92876ab1341c128a358a32fd4970f64841fe7decb1fe863012432d264ec5e70b6ac6a269ee7bbc20ade30d6234cf654997b48432aa5f7fc94c869f1b051d13fc

memory/4952-11337-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-26 07:59

Reported

2024-11-26 08:02

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2198) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scripts.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_FAQ.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsOutlookExpress.bmp C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\it-IT\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CLICK.WAV C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WHOOSH.WAV C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lesystemsupport-mof_31bf3856ad364e35_6.1.7600.16385_none_ef35920285c7f09b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-866_31bf3856ad364e35_6.1.7600.16385_none_2adda600b4e25a37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d3e0cbab6c604e12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14dcc6c966568f9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5913064a54494ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_en-us_042ff2d9a17712a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_6.1.7601.17514_es-es_77ee57238098ff0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_6.1.7600.16385_de-de_839bb6f0689a2fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_eee4e052cd1adbab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-identitystore_31bf3856ad364e35_6.1.7600.16385_none_a80db2b3efe7af3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ef58ba82404e9bb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dims-autoenroll_31bf3856ad364e35_6.1.7600.16385_none_f3e60ce29c29c7d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e604b7bd8dbd1d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmpnssui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c7ae34ca97276b98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nfrd960.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4b5b2024613eadff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_dffc8dc2836de4f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\inf\MSDTC Bridge 3.0.0.0\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ebbc86b85daa0055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-hgroup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e20f1983517f4ba4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b06ea24505da44de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\Panel_Mask.wmv C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.1.7600.16385_none_fe560f0352e04f48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_87a3257675275e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bff7ecd2569a521e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_en-us_301e95e856d36927\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\Aero\Shell\NormalColor\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.7600.16385_none_66da0a24ee7d5fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-terminalmanager_31bf3856ad364e35_6.1.7601.17514_none_524e7eb2b99a5a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8f94aa63624b0ac8\erofflps.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_11.2.9600.16428_none_c130aee65b6597df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3ec8c132f27998a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-miriam_31bf3856ad364e35_6.1.7600.16385_none_7b7a9e11df9f30a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-escalate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ad6cea24cba1a390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Heart_VideoInset.png C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\header.bmp C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_pssessions.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.perfmon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ed5f2e5091b93e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fe8f8ca0a21cfbfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_bbbc7ff70aa969f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershell.editor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_01d84625dd09a6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shacct_31bf3856ad364e35_6.1.7601.17514_none_c8099d957fb7652d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lcphrase-tbl_31bf3856ad364e35_6.1.7600.16385_none_308365e956246926\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..solitaire.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6dd28d3249711b8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_06efd698ce3b5af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5cfb83f6172c9e8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_428520bbe4515f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..itycenter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5c4d282deb61e3b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DTVXXHPLQXPALXE" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cn19Iu7q0HAWKeS.exe,0" C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open\command C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DTVXXHPLQXPALXE\shell\open C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a0bd49531cc1790304dfd9c31e600526_JaffaCakes118.exe"

Network

N/A

Files

memory/2792-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9ae5a4d98f14ecc3d4af1e399fecccad
SHA1 53b1bd82653b4629df5fd2f32be7f943b34cf88b
SHA256 63eff9791c0310c54161063369b1181c9d5e2819bebab5d84b9d98c040ed14ba
SHA512 aedc3c27dab633455e76bcf499e99e23a0f8743e72b77396147ea050360796a474acd637befd48f5e28de74c5657c5d3bb376b1f7c16dfdac2b58fe529da64b2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2338c61b72052360eb3e4ebc352fd09e
SHA1 474d33ab517788b0c1b1916bf93341ba1da40646
SHA256 4f7494881b62530e577fa0cb0fa3e50363b13039aa8850fb1335821f4c1a3c9f
SHA512 d133b6be6e92a4751da47748a9308b905404742b61c729f80fa2555338e8b6732f774bbd024d35d2e2bfc5cb05967b7c5d5ad099fcd7d0d39a2505305fe47a0f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e2d562b0615c18b7b67212f552f21f23
SHA1 4dd87c9637436ee89ec0d2b1e164b0f973210398
SHA256 d83b801194b853c65c191f51ecd299c9dfddd1e88a8940fd4297f4aea5d935d0
SHA512 9ad03b04f7c1b80c14b5b8f949c762de902bc136b4807865d2685964e8cbc1401c56d7241057cc5f9e27e9307aafc792a881f757e236e76a969b75b3eea263c8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.EnCiPhErEd

MD5 9d065f191549946c4ca66763153429f1
SHA1 670724c05ffac757bd222ec9e93b528bcf0ba2f5
SHA256 e8ee3afebcfefa729345ec0afa04d848b5ce42e1b128969345c2dfea70d456a7
SHA512 20f2dfa8ab3b72f6daa3399fda3d2e42c32480b37b415cc5570aa8cc79c5dcee97cba3357ad1e3fbec8f115bc74d97e206c35bebe484b6afa380125138d136fa

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 07cd51e4a3a553e34be8c1bf2cd064ca
SHA1 9b90a6f292fa534bcba71f132ab19e8bd53b259e
SHA256 55f9bfd6e15b70a80578a6b5bbfa742c71ae67080a46d0976c67d248de8799c2
SHA512 9b756d54bb5c9f191826d09d0e5ebacb3050a36b5810a686b4120f56f0d23cb75628dc22d30b6225364754408a28e05e93c79b23eb0e12ce31c596e42831869c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 45a0189d502eb032a178f3ac4da9d85b
SHA1 c4ec32a4cdd3fa708dc3041c8080cac9d82eb04b
SHA256 9840dec77de02b023bcde7946cb998eb326606328dab7d797c649265c5802728
SHA512 cd8c2c0358505856bbf6a01a49b86803c2437746c7d02626e69b348c42f4c7b6e74f10795e68f9df2c827c1ed00787ba1a8242c98930e3fc1b368ce7160363eb

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 08d3274613e6c1d9b1164c1ab71573e2
SHA1 91281f3c696c269d81ecc9f9e25f10daf32635ea
SHA256 0c401b79969ad0499e1cb22b84c5f6626e76e2cf4ae7b51dfd3d775d096fea26
SHA512 4d29d8ef2f44ed1bfbeba57efaa15d4f890e689cb2e8725bfc33d6861ec94b00d7f2ee3f29b890a7b75c5358a91b6a84ce1290f01d0717d779871b40022050a3

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 49886baa2466bececbcf43aa691c28bb
SHA1 46d26155de382944ffb112daf80ae0e4f6b33dc3
SHA256 95b092819ed597063145b7f9e0e034ef3482ff64544114524a5ce5329ad9cd15
SHA512 e2f67ad2cdbbd42b59453e7ec40cf5332da13eba9f2b782306461ad8f1ffee0cf20c99841b4dd0dbc0f34ff269f9eadbd43f2514145fc09a77e056fb8e481396

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 27455a93ac59cf75fabf3084f5f08841
SHA1 6ffb558bf16f5e84d3fa9a6968ba9bd812710b0d
SHA256 f8e9943807413de962281ed5d0a3e695a60ace065d95055a22f555b95efa8dd1
SHA512 2bbdf367758de414b30cdd1d07a4d5d804f1405ac2b9e6863c90d3305203aa99a9dd1e2fe0909550d2c6c8bd1c0d7ad9117b87ddd48e048063459aac9ad18cf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 195c4c9c6cfa8a356bf5ea3b910a94d5
SHA1 8433c4b763b5fee1dce2cf3154323e595bded201
SHA256 c5b87c0119cb39b0d9fe1b323692abf5f5e2bb69fa20d73c4c8b68a08563f263
SHA512 bcff96b299b7c8eccf008181a2308bb4b5f34d8449a4705f078e55089fb73d456a1bf957c29414c159815c78ac8a6219fac16edd255bd764dfa7c8c02ab84fa4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 852387bda0d05d6f14a928832bce55fa
SHA1 7f9a0a5ac05d1a01378eb42c42edd0cb63552f39
SHA256 f5c02c5286d68a304af1c08da9db629bdeb955414a558c30c4aae5c00d757939
SHA512 9b4a59bda550dc5dab53bb27f5b56dff9a8fef8b3e70acc6d6d84f40fe9a7609207dfd24824526bbd5496eb7c35be561b2f622e9bee36d9b128a8e4cdd11d9e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 10cc2319872f9829d1bdb8b57e7cc037
SHA1 d1c771f4879de541aafaad2a80909bebfebc1b59
SHA256 ad2eb9729242498475c2227d2a93fe51c27b22feec916046cfc0240081f9ae6f
SHA512 4065464a0f2b9975f882df46133830c7dc12cce0dc85dce52a1f475e7bb26cb84f33d82c3b9b07df1689dbefc1055fb9d354e4ec4a93025593e94124f401fc32

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 b8af003fe8ada75fdfee5e0b26c84f37
SHA1 d4c4ccdaf9d764f34ea4b09437422129f7db3d97
SHA256 1034e03af94dcacd084f537484d83fc2b864e7d13217f8fae3cebb2b5abb7301
SHA512 87e1575c26a4e4d8ccdaf7970ba8716d35250dd52683f5f377edad638f2c59d642c3f1e078548cda9389479e76dc90b743c7aa24eafa6f4d3ce8d6904c56b223

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 73b5cf7df5018876cbe4d166659a261f
SHA1 caea280caac342f146c17e683930281a033d8057
SHA256 c70c24dab3efbdf5e1bbed209fba02d1e1302eda400ff9b955552311410ce190
SHA512 7cb9fb3713ce19dbaeca0dd891347aead8a5d1a849a6084db1c4200a11b64dce7d5323b52f1c4b37ca5dd73ed81e4be76a58248eb39acbfe7ed6ae295c9f018d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 6d2b9d3604ab9c47f830bbff251bf957
SHA1 a069633540651d6baeaa4c436e26d78b648e5148
SHA256 21551b49855d1a67af44b8859703ad50526562c21fbedf084d23f8705b94733b
SHA512 1c37c9da87b53bdbd5a1b55816b8bbb0ae025b77df3faf787560a0002994ddf1265299647c4e316c98a5fe4e3725e063b1900282f857174bc657153c4758f520

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 70a2a73446ec652ba8003000770b7e2b
SHA1 95d55c0324d67cd8ce4f3e20a1d913ac1d096161
SHA256 89fed6e9b7cbafe1d3f7eada8e31a05c973bfd5242c634475ed3f33c8500aeb1
SHA512 f41223ed19ceb4a0f3d5e2ffc4963bbf7ed57cd2f90325e279b15646f44366aae497b7bc27bf525df722159c1c3d4b9f1da19779061ae56f1dbba51cc6fd4b33

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 c3fbf8c3afe9f7559fbb73491cbee326
SHA1 a25c912c4e734173ff9b5c0d96ad0b563b3362eb
SHA256 6cb946398cdc33163761493d191e073d14061113989e2fcabdd47905d4ae79d0
SHA512 9f4eb313abaf222796e3b5c70f51ec745996a1219b87373d1c39d015b7b77448fca0e2b97cba09dadaa261fc0ab8245f058777dec94a7ed187e74a4bf7792944

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8de8caa833b0fcb11a0b98c78f19b277
SHA1 8014bc629622854fdfd0e5f129a644550e5fd01a
SHA256 1b9ed1d96df4df9942fee76550802bc53a280ed32e1147be800a754c4a985a3a
SHA512 8ccea4179e3b6b6325173913bbf2f6f115699e7b40bddc18537dd039c97e916cba19e3a6842d94256603c33970591bbbc9a4c84c04a36a1d795476df26281db2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 0ca728d05069134249ce79aaa05440ac
SHA1 a4f5cfdec001440d7f70b84dbc9efa8c0ce3a402
SHA256 840fd2c51a9f8aab59f0a2fc8c32a725aa568f3d73c3502f5ac88ea7eee82340
SHA512 942565f1c9aec9026135c2ff591e26aa2e7451da2dd329b59155d6bdc44c4e4f5088329ed4727bf4e800de8fa711b879aec8998e4b03a9c71da17d19e2c20343

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 41dad30ad8fa26c9a7b6313d787bcfa9
SHA1 23b710a59a0621d2baafcb977f6c0cd4b091c1cf
SHA256 6e2f5fbaae5522726033281e523a13b31f3d15e0ec526f10272e8fb6f44e09ec
SHA512 02ab226580363acd4528579a4eb6aacfaae329b6fbe5e45fed40118f46a4a4df515f3dddfe5c20d8e1a426a17cb0851970af583c404c049282d097061902ea48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 b52bbb354580712c335ec2d9a22fe7fd
SHA1 c80a486e2ff8c7315564d628d52ec68f6f3b35fc
SHA256 f6093672dc2f025f3a4e3a75e8edb929b23f6b49044d0a627f714dceafae83fb
SHA512 aa04443de2ac0ce97ab85811666fe173853a79d762be3c333cec4e29b3c02ebefb4908f5dbaa7626f833f7aeead71092ad92708ff7a85618e239911ba440eb61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 47a2fd6d105eef8383602e23d99f7ab7
SHA1 8d68bf8a227e31f00d133fdc09ce69d6c5649b3f
SHA256 d6903ad83a3ec5c2414c76bdabaa59444ecf9b4b7eb436fbb98b863a4648846c
SHA512 e2b2d5692062a7eb01e1465c232a1233261c16902201910d80d45b24df3a911c29f3e3998b09e3e542c284c054555aa5ee2c63f0fc9ad586753709d73769de8e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 2c726b34e12a7e2dcb8cd2fa5daea2ae
SHA1 e280884e5f1d75654877114cb1dd2eba01e8085b
SHA256 3a01b92ee973959b18cb7278170b9b57606c80fb4ff88928ff69ab5ae16e6df0
SHA512 839698e4dc2b831588be651854a6f2075e57c134e04e3182c7d9d7c8dfbfef141824252fde7a8fb6cea7bfa7f12d43dac301c05e44028ed8bc085b0b9a89739d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 15707c6de2ea91de44a9d53e92cf13c6
SHA1 daf1f5d8148a15f9b74ae634921b5cefc208b02b
SHA256 2a990819ca8cf8c3ae509bc103724864363bb63584e64fc75416d9c94a33a824
SHA512 c00a1221419c602e3b794647009b5e223a1fede2752bf91acd61f3e142a08cdf3b5b6f75681fd20f552a97e86f3f57ddb7536a35392bf45053cee51e0a18171b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 6922b29fd57cbdea09cc1087bac6d9ec
SHA1 bf01a8cb2fbed3d1fb21b1cd1efbd8d52df57eb2
SHA256 ca60f97f071ca5d37606901de84022b7ece46c2e5408ed6c4709307ae82120e0
SHA512 b897e2e8da15fe2f5cae4f0f0d1224a3aed6af6751b7c9f563c6ca90fe1481d94817b33e302c8c34aebaa2f83af1611983d5098f5684b4f1a7bd17d83862d188

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 dfcff984231706bd57c2807d305967e5
SHA1 2b4e9f3d623e8b5fb73c51a819415a2676cd72ba
SHA256 1108ca2506a221ec967a370ecc3755818d94d86415d131eff45ea8ba5d044141
SHA512 35842538b77c9827cb4a17c12bfb2eed4a8096ddca0e07156243d2edc1bdc8f96311304e442c567a0a633ab00d9944972eb3446dde2e3c870805275449daf9b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 ab1595eb36596ec2e17aa6f90bfbd64f
SHA1 1b2b29729820c1e2339cce555ea109c844544826
SHA256 819514fb3daff74bea4e9469d363f91f238a4842db8f0cd37d029d381bc3c8bb
SHA512 08cf49fe0ca1d5c77a753bfdab4b9ad806adfbc57c63ed764f08f4aae3e24b53b58600cf0a4157482623a79d7e1e010618a022057c835f27ac72a3a6fe77fb14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 99052a33d268eeed4dd8dceb2085d54b
SHA1 51ff85d8a53519cf107debd78be3883c53055924
SHA256 097d8abbec7cda4c0932a5966c75ccdb5a42bb445c91a6fff7e4e92161f96512
SHA512 3e8513d015bf2534f426252333e3616e9529970edf1e3adf186bb6fb5dbe46537b5cbefdb6db7da7e9c40372e75a88f081c487ea580f14d972f73582669a7679

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 8046807230ce5edf4118b079ccd98e87
SHA1 944fbb3aef9eb2616a934d5386afed36b9d8a75b
SHA256 094b077075a81d829c32e98e32ade9bcf89e3e0500f252e75ad6350d0ca2bf35
SHA512 1a02103fa8775251672e8544bb5ed455e2f5c629d1038e4deaaf6cfa5d067f864d5273975bc0e100ed25709fdcf0f13c17ed0eaf0490f4b4d1fd27096a175336

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 77631dfb480c5e03cc5462ec7e0dd8e3
SHA1 14c571c1d547578f6565ccf3c4588285abb1636f
SHA256 528f5c7aee3402003586862b0eb811ed766841755e01207a7b2d614f22ffd5c0
SHA512 c5b7baece863d228e74f42b49974ed2a8487304035a0f1cf49b79b514e85d4968bc5e68f39a9f6178fbee73ed8e596eccecd576a2241ae61c9bebdc3ece15134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 efaa9d66ed2ccbfc85f6da65e7665a76
SHA1 bd236e90b55879f63eec69067fb9b1013b3d6f76
SHA256 56084fad85d54d1447e897290093d6a55d89c0bdfb1113515c13b1cf65ba6cb0
SHA512 ec0f586bf5213eea2b334e4cba74ba8e9da04ccf3106e76b5f8c08250ae5712f0f1fec74f01ee1cbb3bdcb5e51c5f6ee4131858b77713e98ae4503f29aaedb91

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 6b893946706ebf25b4bc0bc8e55a7c6c
SHA1 8ef3d20fa4607bef25830044863cb1e9a38d36b0
SHA256 8cd32d4b84bacf0df7910eca2ec69f4327468537dd602de7919ee3176c711012
SHA512 a04c8acc87de6688465dde4004fd7ea864cb9b11973e62c77ab5639aa6fe3e254470dea2d44327ec1b1ca36eda58165f7325e3e051e9896fefcb2a5256d0fd45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 d57599d32043d81a2165e96b45591b73
SHA1 f3da1795638241a039691e36dfa2c5fbbc6216b7
SHA256 8723a75a4ca048402b2cbcc70adf9c96f49c9b16bf8fe4aafa9dc31a08288995
SHA512 d67d3e8557893f9fd3ccdd26c5bc2ac2d593f810c9dfc2e6e087ba47d48c3fa550970ff96d1e93691800131973da4961161ce04191d1960fb1ba05157ebcdc2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6a80af6724437f9e0d726839f1c8fe77
SHA1 142a9613bd3d37eb877d0b8aba587a1a60e3e494
SHA256 28636e2ec9648e222dcdc7d08641dd2d02ea4cb236b410d3483863e1feb6b5d4
SHA512 8e7efbaf7577004a3c509ff010d5d1d1bf1326af6ef23d5181724f6155acb1cafcbe9def5ea03d9d1b01be41b20075b26fb1d7a07830f0eaf1375b8a551ef90c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 0e0d18e2c0980e39ef7072a7cd45623b
SHA1 9ea1459423129d791fba8d709fce644bdff07370
SHA256 6bc29fff225d519cfea7c77292e62cdbf79820bd3a097eac4c16d01b7549eac0
SHA512 c061099298985113a182e5deb8d37b21995c100167913dd1900a4fb6231371576ea54d4dc11413ff3d5eed61cfc194344d38a56da9d59b7447ce3c2841870bec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 6434a4275ae1f73f0d8f5c742c1481ac
SHA1 41f378b86f21813eec89acec6d5eac12d7dc63dc
SHA256 5896b426bcfeb0f9e8fc1dec2894b387b20ba46dc6b6abee30a7c276e9740028
SHA512 650d136277d92154857d6c538c07c0f7dc3075c37efe1096db13d455ea673232d31a86ed7d0206842d816442f4069a0033b8e2c1c68bae3a4eb0724a1ab6d2cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 7717f6933fb7e9ed9112a7be0a32095f
SHA1 eb46321a63a548c6753b9dd6ba2a60667494d943
SHA256 baee4a1dbad06833aaa02275bf3201aad70a4603cec867f8db7fe9129bd912ed
SHA512 f32808684af2934cd690628aeb3b649b79d9062de29bfa2f4f7b83ee7997e1f8e1f53e9a0fb604f2036cff59e50185906115d82442e7564479b9edb904c353a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 f02a17b5123bbcefbf4bc586185ec8c9
SHA1 f509b3d463fc9fbaee8a8e53526fadadc02e6618
SHA256 5cb9bbadc9aa970597c416779033d9baabc381e42a69d3b707bf1660d26321e2
SHA512 cace019fc6c97addbe19f874bb824bc16f218ac692c39d17df0c7d0ee69f98f19feab6593b8400f9c1aa6340fd6a96fd14226dcdbec56f0672c5768222997924

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 2cff1106994db3533bedd4a373c758d3
SHA1 f27ae7d53c293ea4a7b76893ab00c0c40abaf68c
SHA256 8265bc1b75873ad6ceb959bc3fa5668e55c8d21b6c142fe97e6ed0eb312b1c07
SHA512 30170d3e63678fefcc383ce5e4cdfc7e2fbffb691f3c1fa6439f6a27d4f6e8615344e6946d9acfb6d4d2e48ca023054c836c62b4a873bb290769160cfb0fcc3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 d14b43dbb9ea0130a4c5cb7dfe248b0b
SHA1 b197554d8336270d7c4f762e100f1bf2ca746054
SHA256 5c8b509eb280113991dbd762bc175990697fd5206ce8b0a82bd6e2902a05b555
SHA512 2be4a6b8502990e91198bd0931a227e9f011995831de206c76ddf9ee388c2e46685e13aa528832e8eb747b66cb0b3b54a8eb974e711c64b5d7f5a53ac8958040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 6bf53608001519201948cc59ff4cd7d1
SHA1 135ab3002ee1a57a65806fa55b2125202ce1a2e3
SHA256 e942dcc576ddf4408a5f748f1f29808048c717e1b1f1901a76b3e856a561a199
SHA512 e4980e56ff8046faff13fe2797a7465b7b797c4b86d2b23ac8b1ca902a0f6029d8cf865bf5436de1033f0eaf5b4c86f9e456d96b84165a44f6bc181070ca7e70

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 01be9fe27df916525eba21f1a3a095cf
SHA1 c3203937e4473fe384d7249ec1639258b89a97ce
SHA256 e43a27c6a05bcb09596a860c51864aab872be78d3847a177d36bea0364d7bf2a
SHA512 c89c68fd9fa7de7648023acc4adca4a9feb3e64b0708f2e78f66db3ee719fb4d103b33688870dce9735f220272cea263dbf175d4ac16d4ca6008da9252992d64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a4d1b165b568597aea05a62d3b0e96ad
SHA1 2f9131a2f3f450726f4d1b4c35c1a819fa8fee17
SHA256 8fc05ed273eaaec15867f33c6c02ba29d87deca8df20c759befc4564016a06d0
SHA512 efe299ddf5e93ae7674034f7e00e1ee47e5336022713dec8d9cab71808e806297eaebc267fc594ff90ae4df76e582426bbd309b22fb2f0aeb9af1d2237b51c05

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 65da5a027ca06ba6728a4f2e3f0a964c
SHA1 1ba17ac53ae9253ebf9ffd9d42b67e504532daa3
SHA256 e6285070d50f6b57f9ff5e3fabeb293ec45e608f1fe38330eae584a979f638f0
SHA512 3a362f902eaa014bce8bde71835590dbbe7f44d7928431a0c18a3817677d80f7669701ebd8abd9d0b894fda1ecc1a4b6c2d3038a2be621e09473ec43ca1dd6eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 a8eb210e984e2dc1e11126e34e2d9f40
SHA1 d8421cfddd75b16eab67c95c4afa2061b3f43060
SHA256 80f08f2566bf7f1ac92e107d943bfa1ba9f051f64d77a512928332536b77e6da
SHA512 8a8fdb4815266b17555a15522f0186b4a1771d8d45d4e302d6830e00292e37b992c376543d782a63cd381b9618eb708504760383bd6ea676c25d36c9521b3ad8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 0bc7c632f6fef0a083c1f6770b53b81e
SHA1 4d8c839fdf109a41c612315652c7582ffb932dc5
SHA256 e02bffc48dad44162d301549b5ea32639da0d1ecf8c6c251bcf8d00a5d23a1e2
SHA512 0d21959269bad4f182bd6de7c57ff5b2353b69ba21bd030723a3a90b7552a7d8564eba6f9bc38c063cae7284cb3e92cc3cf586201aa971d85a11d96177183963

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 71035786b87c39243d38265067b295c2
SHA1 97526186e161ef0f8c8fbfab8f2b831398031a16
SHA256 98362a6e0169897b3c01d1d43aea1586dd5232d1b4c846ee410bbcd1da669715
SHA512 11add1941ad9b35f0cb8a994e6968e1364340132af15b4b89716cb453f21eab86f17a6d65e1602631d7afe44825e4b6bc1693c1d1be84f9c098dfd124d2b6bb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 254dee046fac88c9425633463ecddb4b
SHA1 39c7116c33d08ce5f02e65dccdba60593350f810
SHA256 8f16b94d35c3a2139221d6a4b22bb03c57fe2944b0f73e95575d07180934cfa0
SHA512 830ab00ad16435df731ef652b25d1dd7675b0f0bf972e6e581c4f64600f1e679e48f4fca6e1b815158a09d0e004096514c2b2e6f53959194397bf9dac674699c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 a4dbe0d1489fd21c3efe9c4820ea7e6c
SHA1 474f5d1e3205b64ca072fcc7f920abef3a7e4dd7
SHA256 4f9714ca745ca614e4abe0fe8bc5fd8b47aee825d1feafc0b1ae4453e3d5388d
SHA512 fbebe6ab10095508aeaf36768c63f708eab140638ae12868aaa2fa3ab3b122e0e6f5443cfd0ee10df1304bd00f694eed453387dfefcb6f61d197f87d2f068006

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 2e8b68a97f44843d97dc4ff9749d0977
SHA1 45bbf279120efafd5957c385fdb579827e3beee0
SHA256 80351a4eba298f00e36cfc9acd2b1646a4a4b46884f736b589a6a350186a5381
SHA512 740c6d00f30601c91f2965f5a547ea664d286a3204fa76d3409c978dd97cff4afba239457d0839837da0f9568f2428627a17e9e1a132de40d6c3b502bcd72c9b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 e11d39724de4a7cbf62237f65f3942c6
SHA1 90ec223c55353113006107e45bdc38abd4a55849
SHA256 5a0a27b5df958544b0bea29aeea5c1f1e06b97bf40220205ce129a1214b56657
SHA512 9f387b15ac0d60e76dae80758da290ac626fb55af5d92b2434273e64015736f2edcae848d64dd350cd59e91eec2a9cb07e7b1c87d38130d40bd25e677750520d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 cf4dada716b4ef09886fa1b65036c2b7
SHA1 d8461fcf337cbbf41d7a2a7119f6821d2c67dcd7
SHA256 d55e5b2df5280bb43b25d2d656b1bdc5fa2fa0e008671f90c0d8ad876200f268
SHA512 e28b20e8c569d17cb0d33864935712a5ae37d5158d23fd396d431893f6f0f281391f1a965e6fb824260a9fef2e7defc3a8f0608f7dac77e12159bf83dc6ba6e2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 d81625a7f618ad64524b5b5034b95ad9
SHA1 eb572a5ac833f0c28e2eb7ebc3cd2bd9d80250c9
SHA256 a4e65387468c63270c7c80c722d27a2f2f0f03391f35433ebd6608db985ff859
SHA512 b231762117081d0451de36ec59af6cb61191b68d4d4061a6d6b9222e59067e35b2afafb32bfb23413046b0a68293b980bf7520e26059543f9a1878be04fe70b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 eca816490689f0566dff0b4715c5ebe9
SHA1 4e399c0a02dae975b8ba3425c724e9a04d3e2009
SHA256 a51a7164d4b897500f40de28bffdd7e7a402af387c2714d99fd193ae89ef35b7
SHA512 a3a4bd4099cfcaff6155301ec16ce1ee0675b9a530159f5946ea7c4b48ad18f7063dca6e9f7b9604dc2217220c4de2cfedc7ec98c1e3445a48242ed3a1f041d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 d5948b48d35e79dcad113b46bd4e1907
SHA1 e01e527c705caed49cb429b38da1e3147e1b3943
SHA256 b80b9776603b02a73587bf19182edc313599d3af34c2e3ed7bcf522db5025e2a
SHA512 3ac70bafefcb7e9905e6159356384f3a01ce35952da9e9a545de68bba93a9e36eedf7732bd88fdaed0565d044e4706d2aed227ab58e2e969d76323a1f91d0501

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 95a83fc9d97ab428bdd827452035d5ab
SHA1 c87d6c11d50ec69237238b5ce782e1f6e122e781
SHA256 2497b323720e03ff6d4530a6f6263032a4bfa3f501897ef1ffe2ba0857dd9bb3
SHA512 a19e51e107385014033609ce9238c6581ee4ced08f785fc35abea22b62df0af0a28f6c79fd37763f694eb4ea093db9d25cb15dbab3cdbb66d73848fd7a1ec8c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 8faae15dc2ccaa102fe578c5135f03b7
SHA1 5b945b406760434cde67e1b0e690e031cc61cede
SHA256 39f7f9a1e4c5deff6fcd94c873309034f14d5c378714d777c0269b93d0073890
SHA512 274a1ad813ad927c871b5d61532d6410c5e58e4eaaa16f6573f76926e5d3ceebb9c6b487284265effe3a7734a0a5fc24d2d7e0a5a645e92fa862deddcce61283

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4b628ac6484de0931dd5153adf1ad393
SHA1 3bca62d2b2d902cbd9ac0fcec244b93f2b8176b3
SHA256 c92229f4b462a02a434375bb680a3abf6d8b9532cdb54b55a77f0a0cf0572b77
SHA512 e4d8964a1294c32ecc43e5ada82cf04f01cb3d37f8493f4e66df18fc6ef1ec5d9874e976e91018475892b01187cc47a915dcdc609f68210c954eb919bdbf1be7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f3e83b644942d5183647e9d1bb84ca9a
SHA1 07c6d63d6f934d8c8e8b6e58bb7e3e728ff0a4d3
SHA256 09ebd01057b1f35c3cc83ae4454145cdaaceaff0b05d1fde8e154c76532c9312
SHA512 b2778cd8efdbaf5600567b8b58e87742fa28d19720eb89f58025b3a1f2f064ee2fa1496ddf47cff57434825fa8f3613117beb488c371d0f614a010dce3b640bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 640e2cc5dc88f4dbb91047847ceb9982
SHA1 0100382d95d3dd517e9b2f81c9fbc97c61d623c7
SHA256 40252b81d6b0406b7707895185c3fae6d8e9e53d5a2ddcca97148f3165070156
SHA512 414eefba47ce9afb53eafa2795b4a3df7b2240b5c606a97dc38deb1dd404d67c3214c323db6064d1de1ec27d86cd73cfb949fe9f4a678843a833f997c59c7a14

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 d37ef62b938e065bbf3000e460ee53e8
SHA1 9cf42edb95e2628a0675119db5dd930887158d73
SHA256 59ddaa9463c624b3a98356aff8095760c4420b10f81ffe09ee1243fbf37dc26d
SHA512 b58be07ef27419987469711bd6e81a97c8fadd6439e3e576d3ece26b35e81221edf606af1aca7061ba0ebff298ac181d3d001fea69d01c9876318aec02437ccd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6682c1d9896c4d316252c1cf3a8ed639
SHA1 38f5e6fcc81e7d1707faed212a5b76ee89e82d0e
SHA256 0ef7983e3329969495f7377b3cb97a40c41354d9a57adeee1debd4af251e6f34
SHA512 9e1c7c56d3436218bb2b16b1bb3b1a32a8adf2a3291a372526c47e3401dd85e6edea90df0ec120fc51d16a0526f28ff4ee33aa3cb9b816cb4017b49bb044dbed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 06c1d9ca37e2daf272203ac26bc805f9
SHA1 e1c659fdd44f206909e65ff62aa3fa3030ac6622
SHA256 683aa04afb5aa0246ba9ba30dbd51234a1e9b0623922ebb2fe3b692a37ae4527
SHA512 f314d220a848086d36bd16e99d98b0ee9f40457de43c5f7c6d0cf23180ce823fabcb2ec8a807ce5ad7e85c444102f67d72a78c022cdf93be77d6f5d938b9aed2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 f625ab7132f0d920949c7f34a50c6430
SHA1 958715c9098e757f588d24719ff3b1a25e896320
SHA256 28ee6b6a43a813992dc21367ff07d2a6430f784cd3f0bd444946e5b000b828c0
SHA512 4f0c32d7c3a870dcb81c7294bad5c50564acc273caee191c2b8d33cd00524e6c2fcd9a44668b2b1c8510ca04f1bfa7e4dea4d9583b0a073375cd782dcd67a2a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 7ca143e9e5f583834dcfa883f8375642
SHA1 a500bec5e940183bcddce86bc402d068b5f1249d
SHA256 a4efc92cb7c7be563e6cb85bb3ee0b3a160710c64e31ee5b6a3db85a99b53031
SHA512 04cdc6740fd56ca234ca4a9271dd4bde60bc3c49facb2149ca1c8351f90d3a4649a407ce7c57f7f0a3fcded1d284f89ba007a6bea23935fa18b6ccef928837bc

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 3f2e77b056d6561296e258a46a376efa
SHA1 9e868da9654bf65021691c04bf2057f6d8b8be36
SHA256 a2639910a69c64a0098fef3f87ef6b0aef54ec5a872bd2d8c482b474d6b722f6
SHA512 b9c6d1668a992fb548f68ff38416cb17458c10c18c2f41651b7d64f1a9ad1813e4ef05b350671082a39440185ba9dd581818effba040fe6751ef5cd994e002ca

memory/2792-7604-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2792-7602-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2050614594f9f58f0176f530dc43a11d
SHA1 b7eec33cf1be36bd943e78378291f7af96a05800
SHA256 fc1e6e2f7ff06afa973c9b12ca4f092fa96c4bff992e67b160358be2975099b8
SHA512 672e9333a0f461bf5112bc4440d010ddd599787821eb5b741f1231ab38ad4bb72c813ea37b2b8f9c584ee2e6f85caa8c6f48fa18ae9422d3c9444053d95613f8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 b385c5e7142e9524618ebd9db39a876c
SHA1 24dc0c88612e952c262bd9dcac4d2884874b1179
SHA256 726254e944bb7b25c72550ecadf8aa19e33b38dc020bd262414d3a358036e73d
SHA512 d3886c761098d4503defef442f162c471b21a8876b2756c248363db0880d846e16e966359000e100445ad3c6e3a731cbd6f5acf24a36e66235c31e8255287064

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 9322449f9fc8543d2a441648df8702d7
SHA1 32561ca615be680f312635d8a1daef374d16347c
SHA256 a466174e7baad23f7e43f4aaeef0add94dcd84021e7e61cfbe53316a70257161
SHA512 65bd0853e8185079dc61825f42870ee1314436f6b00c29ec32472d945da475cee2424d5e0864396a861eb5ca6acd77ec8388c3354e31f5bd52f397fb199f50a0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 6ba47755c7e6270ec02735033d4e48cb
SHA1 9e14af2665f79deb9160a046490977764161ab76
SHA256 f898a813f9dea3a972dc18a1ebc787c282e3c58d1951b24995bc3f137613473a
SHA512 f498336d278ae6c2de911cbd27653e446b86f3334ba37dc7304cecda2599db010abb863cd329005b2650557176a0e2a939c98219edd4e2f7fe23af4a9e64e0dd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 d4944bc5d9b67cc7d7fa46b514ead064
SHA1 4d734af8569e5dfac338c912307d7138cefac189
SHA256 bc48fd775bd8fe8281119ef70fb44a68a37b253d56ab8f429bc1a18bb57c5176
SHA512 033bb3495fb1af73e97409179b567babbdc2d40666198d9b9ab7e5df12db2a32e7298016a6c6243599cf5bc91cee8fef557b52c73fa63f8ec35f490f1f2a3bd6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 72a4b75600a685b57a9e4c3541236ce4
SHA1 4f1691b0f641f8c25feb737021cab9479477ed17
SHA256 983c40d0e24ca8a504502bfa449ee8ec9e367b76bfdd9910c56660035be69286
SHA512 ef8a0b144f8bb04bed433b27499d1420f52cdd932860de54524af7637747bf71e3b0d9be61b0715243164125e1cb8b48092a7730a8df6d1f8bd71c1914b44ba4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 e87c9d0b15819e670c376f8ea22d267c
SHA1 d37661b8460ffcc45f7aec5297ddfbfa2dc20bf5
SHA256 d00104440f98c0830f00fbbd829468a761923d256fc865c02ce2515bc7092daf
SHA512 f9bd75e9af18e0ecbe16f7c8cc4b1e8040e774df028353a7f328a4fd6430a94fd2c959e485abd7974fcbab5c0e8f3dba5433fc3e82df0de23ecf44c84b83d465

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 1ebe63484b75b3b84423f7b7d3ac9445
SHA1 c434567ace639ba52c886a9a88224c4aaeb28425
SHA256 928d8647ab626e95700c4ca23ea9820552bcc16fb0471730d4a39f910f6ef55e
SHA512 ec7a15d27420bc973dc1180b8ebe43fe8546f90a1f09ef35c8cf03dbcedee6ea5e975638cdc58279d15f0f0920bd976c0987f57ca15b89fe7a6da1049b6bfeef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 b73d401ad9b76f3d0647c1ec73e52dce
SHA1 ebe9140ac981b3b637d1c621ccbc7d43416ca8a1
SHA256 25c6be233bb649f96f095aab472e80e54bee0d7f1c9efe962839c5c709a7c841
SHA512 021640d7f03bffdd526a6f8dd8faafb2eaec868e661850c0273555d029b688955d6d4e362cfa4f300326a118500aec42c3a958b949e69b52d4030fbe3b9abbbc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 bdde1e109f712d24a5fc06c07117d0dc
SHA1 590f4a5615e26a60e91029b561bedde789b53bb1
SHA256 dab708021fa54e38c8312db6e17cfbd23562d91f8084d78b4b65aa44c95d5bef
SHA512 4358b973b68f121cbb086b31c99844578789bc06c931dfd9c62225f2823142fec157a6cfc9dd85b18171dc48574b202e198f80802b7d9cadc8b4f6057a879c17

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c956abfd57c1f25e1eefb31251b7e69c
SHA1 c5df68b00b93c9579f5a9b50b5425fe1166a8d42
SHA256 fe6366f2272622886cab3168cec2cedd67915f010a1fdd569b678cd9391f34aa
SHA512 84705343502ef6b4d1076f4b715a8943acc43b7533afb1ae0a87fe3030d8b01791f90f24c45b11548a89a12874324a3bffa74c080fb2bdb9031c06e13e413246

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 48598e6ea39957dbaafb4718eca02e81
SHA1 8537e3f3d4312fb40d177922c538e7f241249d0a
SHA256 5ef0e648c2c9f2569ef5bab60222a7ac6e65b2b1de8e7e87d47cfa47a7c5c6ca
SHA512 68c10897a1e3bb30bdc79558057c25382933bfc2fc0b806756550a0370615142537bb6043ea8a83f6554702d5a776dffa807d9c5bce84a66958a0b312008bf4d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 69bc66fea4a9351177d6c01c90e8f679
SHA1 4704edecba8b22d061db336409cf33dfe226f67c
SHA256 72b7b280a012ffedbbceb57fc4e44ecaf2cefcf43908411f3db7272eb66720fb
SHA512 ec1273b48b27b62aa33a5d137bdd7ab43c207b46c50e6052e0610b63f06b2b05429c838a4ae64becfe46026f6448b18298eb4f163e9ac6793511cb0c97ca36a5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 24d9509328b0be4be357ab27b34aebae
SHA1 db20d5767c4bb58ae99bab02aecc95110abe51d2
SHA256 00ee80dfdc8938913d5becf2312156dfca8b2730ca84632d9bef58101b075be5
SHA512 41228d5662e4191d76e63f23c247c4d533d7467810b23b76ba3676cb46110e3984b245e72c85dde58ef29400c37cbb5208007664ae194f2528a767d644f5540a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 74b85f694c59baaf4cd6072ae7a9c0e5
SHA1 3953ba296e5ebcde9b082590e877b76f433d2e85
SHA256 5e7927981177361874aee8063e79760f2df36d4b70339600d8260a799cd77584
SHA512 a8e1aa5603e6b4b7505e77c6288e2c333161a1ae9bb68a41709c4f67d455e843f5941c1ee319698f676cc2cc59660ebdedc63b84d1080d1831dd9dd63303ef05

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 47b9f9d259d8abb940b76f99264cc382
SHA1 eba66bf174b309ead746d4b83f35c9eb52caba88
SHA256 0806a9597cb3c9e1b8e1d3dc3f3bc16063ea6bd9f5b4e9d0a2e12b922b4a3c48
SHA512 4e0dede4f9467b6327dca4c509cffa15368c9d609df7bca713804d9a3394a1a12502dc096c242658f66d4eff91f21aa26a5de419d21e9f2ae3ffd3a2c42a7e3e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 29499bbab5c6b7775733da53c3b11d5f
SHA1 6e56188b9d0c18350f835da00d6255422b902f3d
SHA256 5b21efdeb8c87b34f311aef632b56a713fe13a27628a97ef504b3ab26c82dbf7
SHA512 65a6d9b4dc1b7d3222c583e476e3fa444a3660ccfc0cef928ab74c1e4de272cbf0ba9167e80681e22369affe1baaf39fc5487fb06dbe8e43c8ee69ecd2c813d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 a0373bd52dfd5457b056bce4c966ee8d
SHA1 37084acd0decf22fe16f97c71421fd48326c7a95
SHA256 d0a14022bb01751fe98ac1aa956d92689d88e096a08266a7b84fca4a114091d0
SHA512 500207ed4eac8e8413b3211ff8e95f770b174347cdceb0aa03db677dd57c2e5e975c1b4c50a53a08a29298cd88fb78fb0a1a863f75cf62c6c1b12f6742c75a55

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 0ecf3221aa1e38fb120220eb86fe26c1
SHA1 f180c3bd3a5e54c70dd298b97fe7352e11f014c3
SHA256 103d6f225bb49a65924c1cb521622af3818ac36a08db44158dc32e85080e4532
SHA512 143ba1c645bb8b3fc805a8503b609060fe0128ceca109a2be41ec2db29aa79fc498fd6909c79cd3ff373ebc435685be11acd0db65b117973610d53c084300042

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 cba28952fd7c37e109dab56971d57f0a
SHA1 7841275d40bc7248adff4c94b94aefda37ceabef
SHA256 b01de1e53d04ad76f89221ecd9beff06271efa7863a85f8eb4e5572c49a888bf
SHA512 8e97f89cdf4d9ae98ea162ac8437b7e26f6a463385f5af53ed00f7693d5f635b29cc87d4d326188f996a4db01308a1accebf8c4aca1f4f814dcc533bd37d56fa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 51628c1aced46ace046a55793b69e0fd
SHA1 9a3fb0cb794a514f415bbc88a47b84799a82f76e
SHA256 6670c0936556d1a25f62ef2b725c538cfa3c627a82fd2d8e369ac214567e6d41
SHA512 fc07185c105740cec978264b1222dcc7fd2c18c96ef4fb7f11acf3cec27827a2d7be0bb07a2af2d91c8df1155c57ea8403c206f976a8c72b6d6fad4735f07793

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 8a4d2cd1763c36e2917db2e7aee7f2de
SHA1 d1a0176aa60b15b48ed29faf79f901a32025ae6b
SHA256 2703406d7e81dccfe724b8bf6922c03b7bf26af46fe60fdf17586241c9d86ca7
SHA512 0fa1e4433337a642f543d781c5a123a95d5a2b4756f0298184347c479e6086fc55276e9c653efaa9eacd98d7eef5614482d03a30d0f86505ba15ca98ddd4e102

memory/2792-9165-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2792-9166-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2792-9167-0x0000000000400000-0x000000000040C000-memory.dmp