Malware Analysis Report

2025-01-18 20:27

Sample ID 241129-1j37tsxnhw
Target b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118
SHA256 7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9

Threat Level: Known bad

The file b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2181) files with added filename extension

Renames multiple (2205) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 21:41

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 21:41

Reported

2024-11-29 21:44

Platform

win7-20240903-en

Max time kernel

32s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2205) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_neutral_49212f5920298e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\oobe\background.bmp C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_neutral_34624840c3163a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_transactions.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_neutral_8087946c82068597\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\AppInstalled.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_neutral_7572473d88d69307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR23F.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnms002.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fd3c628d4c8fe883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_usbvideo.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff02be6f0eea6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.management.resources_b03f5f7f11d50a3a_6.1.7600.16385_de-de_7da74beb436e47b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d7c71f43e6d6e92221717345e6156044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_narrator-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_8b63c5e0db87fde8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.1.7601.17514_none_ea7fd6352ea9de2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\inf\aspnet_state\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_23540713725efb15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_transfercable.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1d937da73521876d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_dd4d05a3a853c1cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_86596fc9e37f42ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_try_catch_finally.help.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b60543bd2d988807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..nspection.resources_31bf3856ad364e35_11.2.9600.16428_en-us_6e3f17ef8f5a4df0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-data_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_4ec86b7dcdcbb974\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-recover.resources_31bf3856ad364e35_6.1.7600.16385_it-it_efc42da1d580cfbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05a824ea7447f385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_082571c4586ec24d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_6.1.7600.16385_none_f352eb09a3250772\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f11b6ff0e4527299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..o5-codecs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff29b0518391dafe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-locatep.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_54016078a970a3f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-levenimmt_31bf3856ad364e35_6.1.7600.16385_none_e0843b84595f479b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb1e4ffaf54e9f8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9b3f12be380546b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7c6ca7f2f717b8e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_386c00971060a77c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wd.inf_31bf3856ad364e35_6.1.7600.16385_none_6fa340547abb81e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_d758b247c6e65f96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-4.htm C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3b94663cb7696138\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\Temp\PendingDeletes\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_46762abe7c82b9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-sniptoo.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f5fb618fd264b811\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6252687e84367fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_b6fce3b112cd3657\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_92d1a7c00a2dc68a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_6.1.7600.16385_none_3b0b3a581d24859c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9d6cb355bcbe0fdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\GB-wp5.jpg C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.1.7600.16385_none_1f7373be61daf614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\drag.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\delete_up.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_bb9f7a833cb8946b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_acpipmi.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_db43fafcb97b6e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-clip.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f7e05482e7498fc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d465fcd71d6172d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-stobject.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f3729ef4613a25fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e84325a814020a94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scripto.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c9c3a700a67ca0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-where.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fca32a72c675729c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe,0" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TMBTQNPXFMFSJFV" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe"

Network

N/A

Files

memory/2400-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e82a9f576d6f164c86d975194bf98c53
SHA1 eccfa932789541dd41482753fcd5d3d51dcd44b3
SHA256 4f29ba8c8d0bfc1fad50f6381c50506850ff6cefbe53144edbe56815eeefd34c
SHA512 607064621abad7cbb6f9c9d609f9f5d831264df1acd7b3f6c8598a50f0f1bd788469c42f393c335c7347c0defddfb80594b859641569f3a04fa56b1af950cf8e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 3be22e87e91c5e8ebe3b619db4f5b41e
SHA1 143c54ee04e5ebb2cfb30685132d0118c647fa48
SHA256 dbdd0b4d38d823d439f961b706dd6b6c0a5874dce8b6dcd73fa372cb0b3c083a
SHA512 769eab2c48d32ead5f0d9e29b4bf1d3c96aa8c843f7841eda6d7e97293ffdb635b9207f7a7027ec10c3c39e8d1c036557d2279b71944a23a02974ffec3e0369e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c6518ebb694c8edef765c8ba026d3d3b
SHA1 4f3b3d3798a2fa00692d3e4aa20584aa09eb8663
SHA256 ba1cbd8dd7a0dbd3e7f123ed4e58e5dfa62626cda6512e5335dae056aa4c369e
SHA512 81d5871b79ec4bf541046c2041cb900a64afdc53995bb4588070f116df9e8b968b62a23ca25b4ea465e9488ac713c27c4c5e89b8f6dbb2ac454f9a55e0254356

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 d81529a4e3551c304148c6bae1556be3
SHA1 e798d006c0e891e243024b48f871ebfec90dfd12
SHA256 d61e8d1e9343b4327511936753e9417feef12edda874f687b72ca97950195899
SHA512 37ed095bfdd2a56b57b21330ed1a4acb63fc1f3939603b50a2995201f5175020ce1481155bb0b57887c6287f08edfcb9df31b54b8e2680cb4ee5673ca2e36eea

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8f2343e80436fac6eeae9a8d0578196a
SHA1 196fb90ea6f4ced70efd8f298ab38f39aa876db3
SHA256 f9d901da19d07cfdf0bd74e049092067b921cebcfebacd2aa5e9118efd160e53
SHA512 392b5497f5b9825092527d89fda731a63fb064d779ffb505c2070b2a18a30c917e078fa2d8990b6271592933c43f560eef85a5ea88ec838bc0d67ce1caccaf24

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 c04907fc9dde039a7f70acb679d882d1
SHA1 c9e61e048a80a8bf74b6d6b218f26de5dcaae818
SHA256 06919ab188fe08deb0c00d505b321af2cc9b2f94314c062d6c5337dfbd4c7a34
SHA512 b738bf974759dc60a1d726e35274684ae425868e3da08c46e80579377cf8cfb0d27c19bcac68ffb140017d5aadb7407c75929a404f18cf881d584d7d27814697

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 7794682d14c6bf299f92ab6c07d232c1
SHA1 6f924399d7967364aa3f405b17cf167c6fd599e2
SHA256 07abcef92a16433d94637f3416ada2b958df9e463eeaa25b952555547cc15d17
SHA512 4575e4a0d7416ba41bfbe5e06cfcf1c6f75a70d62a35e4d881e44be356f44e6f27b8d14d6d9006571b66ef20e313a3524ed021ba65ef4d19962b266867234dc5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 a23fed8efd162524f1591881547a2059
SHA1 761ea1bd1658242a67797a1bb95d47753aa9eb33
SHA256 6cbfe72a43dbda48e1d66a02ddaedda28f4a5412dd7fbb46ecdec29d3b32812b
SHA512 74efe5cfed57015465de1596c1c41eee4da2ab5f66f41ca3ca1a9eae39c5946bbf88a2a25ae9de760ded79fd222d0635b1811bd9f67931b526fe09da8a495d79

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 c985b8195b0c2d7712ffbc58b54a109f
SHA1 c806c54a4ae7cc466cae0ff495605c577f9d25eb
SHA256 77f50836dca60573265181f80b5fa5b3e75a702ce4249005df730314a4633067
SHA512 4877e250762e621dcbfc923e580e965256d89b16dc9065b2c64b25c06df2bcf002860457f69143e92844ec23c7ae89a9f46d60fcdd3a5fc86ee2d7095a2c02d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 b0d96f6e1841e6fc1c653292774ec6c0
SHA1 c81d651e9f042d802e9feccc121ac0757e1b86e8
SHA256 e1e044ac614de5a8a424ff70cc7ff1ae9f62753479865edb5d0e7580764c7295
SHA512 34ae2d309360b8ed73ffa6e26970ab85bb93845f70ecdf3ed87b97c9691309c63550289d32aaed74568aec90d1b277a599eb1b6d7125e2f5fa3759e2f206ce04

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0b9ed4b77f156d439014c80ee5e76681
SHA1 7eb250ab07bf4cf6b25d8cf327dd386d6e852f8f
SHA256 e7228596f7b162320947d357534178c360d210b0f67dd5f4fef84ba61cd2756d
SHA512 7bed71ae937f6d857483cdbab14257fbb9f653c4bc61b9f1dd5f1948c30665761365e620c48e47a90d93db2b881ba576fe21b930943cdb42b2fa1b9e36038d23

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8b83a32f89d0f0847a529a2177326dd8
SHA1 bedc79a71e9a99302b41dc84533613891d1bca20
SHA256 6e4cc2af5e37e2e4a2c29a34af83aef6e2a107459ed41e8b2884f1b2a528be54
SHA512 72a68cf1a82813686a6398b35212826c05378b8c281fa65e75259f4e19724fd2c1f558fc854da3fb0d76cbc4345e37decd72787798c7a483408d5ea3e7f57e3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 3777999d0f4cdad3bf98b09e5af5838f
SHA1 6e3bc8c871a463bf274c0d289a53d811d7ff8bb6
SHA256 be0c50252a2bd2c4a0afa63b1253a57643f05749908ab636927ba7e39ae7eafe
SHA512 4d95806815fcd3d4647e5577bf7b685204325dff348d6920cfa267b5e3d4367260170bb1e99c0706933648bb17322b2844c1f42f6312e7f995d4cb998dbf2f0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 db399f5d2e4a97aa19beb8d8fe30ad0c
SHA1 d2cf0596858d58d3678fc80a6741f5c779493db5
SHA256 c71978b2b2debe10c51fbb7c23f5475971fccd4457b5fa4a3fae9354c5849fc1
SHA512 136cd65fdf5fcb06935f99ebb7e5fc2f5c4db05235261138b0a25cf15bd696f65a4b8e6b0e6148430f0d4f75e48aff960ed3219ab727cd19e627f15e9bbe4e31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 f32dae7e2101aa637f930d58f2ceedd3
SHA1 031efcf036f7d51166c4e22e11d3a3aaf35060b6
SHA256 42591363e5a186465b6a4d65b97a04ea07148066d84fb56d0f6188e2ee001292
SHA512 61ff9bd229c60d87f99e340c99d8df1df0b181bab3be0496ff7aad465e853f0549a0c0bd8104071b3809349481ea3ae637aec18a964b0241b88cda6a3e463821

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 f07dfa599ddb9a7f9a2ce6e3ce248934
SHA1 d1f03de5655eb7bb9cd4cb7ceac178fc5d069295
SHA256 1e1a57b1a335cafe019fa7a387be6c49ca67dedf42654f14c32d386d5f34d1f3
SHA512 3b69cbc3d77b9f578c0986a4e19ab18bc64524fd6748b9da708be41f3c58b7f5de57e50caa207f0169aa27f959e1a8637b93327acf6d513f1683a4d6885ca453

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 75c9d4ff2579cd3a8a03402846045ba2
SHA1 46a63545f1241d15f5663e6dfda0e97093ec24c3
SHA256 6dbfb185e6a2e40db5ff236dc9890a6bbfdc7393a73e04abe9ed0b1099ccf392
SHA512 58ba5f050d5dcafe05b1b678cdb9cf8b2a669c035b9ff595e7d8a51e370b1b242da205c55b009c93b82354c0d4b676c276f1e0cf317b998074b7e08207c50520

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 1a3ec5b8af9961a68682e274b0ca347c
SHA1 f2830614c47cffb5fec7b64b1be765193b202412
SHA256 d2786485d71b42baaec726b0ad42ef23284e19e130fede897056dff52360d547
SHA512 d66d21f6aae7e54aabcab6ec111db6c9c333761689628bdd82e9cb04143b9aa01f80fccbc89b5ba19ed9e3a38c685dce151f3881246e5ba7b12f721480c197bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 2ebb2704368d3dea7c794401c34ff1ef
SHA1 29b9fee49601842f4c538b4546f11becf05d38e5
SHA256 c8c0fe65acad4ab09e8ce7bbdae7db6618f598b2dfe1f8fe35ae1acfc5da6fcb
SHA512 99cdcf1ce5ae485db82ebf91d10a42d59a07ebae66060b684fd3956e1888e852247dbf851d6b89e8e09bc0016a7cba19e9d4894ab5ed2a92363c0a62dd3c8963

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 106853847c48204230f499e1a88242f0
SHA1 b756d458886d0d0a9932b64463da5f379206396e
SHA256 1798005ff017db4f7bcd701a968c957d0a009231627f7c4a44eaf27abf43ac86
SHA512 65bbd99d58cd58e1cf21d74ca7f6a6d16aaa1ca2ad453aef355d7067586eefd9c770c444c35426666272dbc3216e701db2a5759b8561ac0563730f8c6f7d0a4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 ea84b2d7b8d314f6ba080d4eb4ddc218
SHA1 078314378d8d32e21ee38aab247a6d15c278e73e
SHA256 684fa0e11ec40d1b4bd266547df8d5e7010b9d186826ddeabda8ee5f8ab462d2
SHA512 712783a75977964b508e1e82a106d06fede571c5fd4ecdd119ac20d8ae9f0cbfa8888385fe384279e8d1a5289408731d4c6fb58168a3ca624246a82365653dfb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 c79800488a58bf15bac7a8899ccfd680
SHA1 b0986246213734cdf039822f847007d734d5e350
SHA256 735940f1d0cb5bc893e6bd519a0bec62047befe6ac5409bc1605a11d081c28b5
SHA512 7b8b4235e808777c25d6e05c9c19f06f2f294c6dd5c35d92328dc11d6959a6a883850bc090a2fb182f4da378e04a55a15218d8a56ac1b0ca57c487d645cc0122

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 a14f96c6540f60421fb8d643b47f00cd
SHA1 a7b7fedf8567aaa48fe84d7e9c9ba97fcf4ca1ad
SHA256 73214496bbd0e55bf5bde74219fb0f86efb0a8d9814bb36c7ffea443ff0690f5
SHA512 bf03086d7e4ac072dac44ee6a95d40de251ee045f4a47061ca8ccac6e765b97171ba3ea7a5f250ea5fe45247f60f36c2f0480c889816ea689769c9931f6c1124

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 8ae9bc107cdd3f9c4274e2924c2c537d
SHA1 7b25c39705955b3653c9abaa62fee829d680a042
SHA256 4bf0e4521522a4a1c7034e22c84ceae083c6fa52d464f408a54bf10166bf6fda
SHA512 abfce3f318b177a32963c101792cef2eb482a5249c99a451cb0f4d60e4c27dec432850bf7707c3918f60ed4bf23b8d56950552fd44271aafa194cd4cac70d7a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 d67c91abdb89904cd1ba443b1e23173b
SHA1 f0acd371fd850584a758fabf39d4a927bc0f4af9
SHA256 7dd0ae3c9f7cfa88a151d15bbc79b2c48c2b4d59fb2a8216e306e7d14f9ea0f0
SHA512 0c820469ad5ba834a38a029c8333f63393730cc8c34425d6550617c7c887a8cdc86fe4e4d0fbb411485b59151609813ce0173aa4b48242e302d4a7d18bdb85d3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9220c5e9e4453d5f86ca337d6d96fae1
SHA1 ee922e3a5d93813899ed8db7cae5208b8bde97de
SHA256 067f5d23def766ab0a668313a7da4ff1337abae185cd6fbe4a704e4c6104077f
SHA512 d4f547dd35f800c7c1611228658eab545d254b7b70c1d1206244635f15e8ee0545e7cb5f1f44cbd32fe48a49939a57dd95ebdac1ce498b5f995c424ec94655a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 e99eb7aa56f0f4f8bfabf5e717bbbc93
SHA1 9fc9ac54a2ec3e6d4032fd4f67ac43c67a72eabf
SHA256 f96f0bd34302693fde9185cfb59f28e5e8a2be1333caca0983726d155e04f8fc
SHA512 8e3d60496cf5a27248de87728a01d4a5402df85415f136cf02d1d2692879d6effc298c698931e6234b76bf7d6d31fd3115c3c430a7e48528d13812aa5e779649

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 d81df009f7c8d7512ab1b2c191c8a5e5
SHA1 999ce829e6b9226162781f2a1800021369a7b1e9
SHA256 839a71b3fc1609cfbb4e0ca5ab9b5aea772d9a2a4c2b2935507cb0c1fa4e5d86
SHA512 5dd88a2626a891f30e6fd537199e8ac9cf8b98cf5d2b629555aba1d3ec16eafb2acffadb23b7eacea47ff23ee245b681eaea223137b80ed41231d4874c210a3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 61e9e9defa3e4b9e4ce4b558d4275880
SHA1 efbe515b2823f68089bc984c346962227736294a
SHA256 eb461bdd362b2c3a9073eb3e19db18db05c46295e9c1a7d7ac90b14b6881d771
SHA512 7d3435a6e6307e0e2dbf7999140ca6d383ff23f8aa5046f230c77e6cd4be31c44168163cfb2ae2050312b0cf5b3d8fd51415a6b45bc22a83fc3c009240a1ff67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 722e3e32e3954d7687fd1c10e8f8491d
SHA1 d072c7ec03377b512213c30e794c222bd1bcf3bd
SHA256 2873af817ea7289f332ef7dbef339478181ae1f2e80d344d54af37820a0fc82a
SHA512 135db45adc8d7b9fcbf4afd682aaf0f0eec1c28b892015b74532d9c72c134f41bcaa5a1851dafb15d9bb62de1088303be01aa56e507bff849cd804e08f9a6ffc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 7fbae95f28eb60954e9b74f6eaf2008b
SHA1 fc5face059f01d2a216639eaf236b2de4271cc07
SHA256 d0efab412f5ec0f0bbbb176104afac639a7b211ff7767fd53f9c6f1a39b29590
SHA512 59b5f812e2d32585ce81ab271c603839b868e67c93ff7ae26387a8da157794074f8eb51100b50d5c257994c8ff716364c81df60df4a693a71d5bcb8bc58cb997

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 398d16be63903765991f03090b28ea19
SHA1 4b097b93568ec90a17ef7351570e2c59c28c8fa7
SHA256 c2975e5c0e88c5cc8c607d1add96bff47e9900e97c5bf1dd3d4e777b2c2890cb
SHA512 49c1b226cab4dee5b4c738b402cb2a412fa4ca60c580e5d2d3edbcdcf41a05272513f92c09cebbe179d426a686ce7c40daae1a9233b13061cf772f95e7d0e5e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 394b8bf63369f6215b031d23b887a12d
SHA1 16b1bf59a2d3ee94569746a27a1a01db95096daa
SHA256 5567004418db78def8a96c71675df9083a4211774c2ed9c0bf904bad9f01e94a
SHA512 6aee54b5284440a0ecf67da54df2a0fef39be9ba35ba00ff43d1b64d8c9d6fc2cfdc284b44fa36b286ccc7faf77e73975acf4ee0b3e8e5b1fdaef836f8cbed9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 abdd8158ab131469d744c1c45850d09d
SHA1 e6b9d673092e9ea3cba15ef0ea2ad0c8cc5cf3c2
SHA256 bb28042bb01c8133585abe674132375e3288e7ec71bdfa14638e7b22c4838860
SHA512 b1097f84c545ccd66cf4efc55b8917c8093d55a3d5f24ce38e58feae14fa5a943ca85300d1e378ff24c7a04d6f2447e70a8569e33e0d2faf3dfcc37f12b4d0f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 18571a4962f3088ccee1e2517a9d7f91
SHA1 628408e7d69c4051b08278e2fb09a6e351251627
SHA256 b39e9b370eded7fb386320507930843406fadfd1bcdd993e4294fac8a0060b77
SHA512 b192d0cdf7cbd573f71c952b501b65b27f87b2f55b57890d270a4628875ad080c3cfe481300f1d02b136fa39a42291890e297375f42cdf3d830fc0b2d3de8470

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 fb0181c2dad146377dd61beed77b548b
SHA1 f81a9c299ff72396eb3f311f1adfac275e4d33fc
SHA256 1dfe56698ebbb16f95fc6f32616f49b6b5fcdb65c7cd6574864d1f01b33cbdd2
SHA512 f4782c08f68c2c56962fa8470eb38eddc9a68464c298e7903485adcc99872b71b30a2678b6a7e31f4ee2d14c64ac65adee8c568317ef4ca574d0bbe4b13ea6e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 6d22df39c22a72143c83295496c49b18
SHA1 26e51d41610a2a4ee7a1405215bf7af8920277a7
SHA256 02a274165fc2014628309012927f34f1fda0b87bd5d531d12e3cf0ea1d98e48b
SHA512 458da0eaae778eab5b430e05f34f46c5d1a6121d1c25e95cc5a019289e2c6bff64cb8a63bd544fc7c9bb09e3c277eaabbed0158b1d40e8f876232b1fef308073

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 1359cb5e63f1d65a00d487cb4091ec67
SHA1 e9cff75349b4fa70c94a78de1151d0d579b33150
SHA256 596c3eec8f476ae10f99c2ad035286a6da9820d1ef167e8d3e6d471d174d080a
SHA512 0658dde53c8f4d570b9c72c6c2ed06434252b7e1e59342c37cf9e65d89baff0ebd865751547f12a700d0bad5182edb31afbfb2c492417663708fa1916a12b1a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 ec94a4698f28f3355ec2f47bcfcee613
SHA1 6185e708f74c1c242a577a8c98a2cf803719b566
SHA256 236967c23b31edf5431701aabd612a2cfcdc977ebc2e6bc94afee0044ead2a7b
SHA512 b5ac1f7306abd153fa0f048469cee49808c20ff43a9c8c2a524973316b2f8ee185e288ddcbb77a91ffbc3f7349e890f65f2ded3d5d76186dfe6cbe31b1bf180a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 2a477e38b47622c2020b2bd5a47403c5
SHA1 2f62abd60d0e8ed828feb212a3190749417ef098
SHA256 e3f22b0e95b9010d29e4ac57eda85ec744c5c1d42fd28326fdf6ed84cbe93153
SHA512 7fbb02a47e204af497b5cb235ebe5ee9bed7b27f0060bdfa42fd3e638259947e07327e2a22dfeddf0e70e1fc5f2bb9be0cb65ba36809839150fba84392dfe637

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 baee5649604484a0239a42c4348b0905
SHA1 f06d58828cba9ee044f0fc275829b0d057407720
SHA256 9be8b900a22ebf9ffb25919d96c0635f361ae7c9f3e683634d61bd37acd2a352
SHA512 89f5dfb0ce213b3903155d0e4ff55de92053cfc6468e0047fa188cb8811f2ba6d54bc8984a655ad0067acb57309a775cc6ce1ca9a6888c6f887a6e2b70d1d0cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 147387eb2c075a22410c3e59911b3281
SHA1 5aa1d4c25fc2ebb6c99b43fbd7447b305b67f569
SHA256 3101916eb5bc5dcae0a8cf57cc73b4839c92fe68c947baaf810a6bc19cb057da
SHA512 613956372978ec6dd9246f88216b183dbd3058234d1c001ae87e74c2423b0f8f8f45ce75b2a3b032ece268ab26a28ac32ecfabd4b6973ade8425f3a808768de4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 f1c7d8566d15b373840d3c4a30d0f728
SHA1 3e319fc14e4d928e8fc8a079886926a2c263079d
SHA256 4fdedd061d3dc5ecbacb9eacf11f8d324e5aea3132f6f46ffc585e9d822a94fb
SHA512 7354252394c9094d6cf45c6f90841a47f8cc12827c620bdeb562fc529047b664daff76e9f142cb27777c4ec73b3bd04ef6ac96fa247736c9c8267284d3c94a9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 065bf22e1f25c82b1d5d4717daebbbb8
SHA1 964c023fb4d3e01ef560fca75f9a3f23c38ad177
SHA256 d0ea4e63c5e600c266f13836a93bf762bccb5ae179c635f1e049f88b36e60f29
SHA512 496dad91272e908c57628384603aa79b68e0fcef584aa4b6524c879f5e130bacea882baf0bed1253f43d395e6a177b5c3a1aacc12913fdb173353ec4dd0a8aad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 0ff4e7465917b222b758118f8fd69c05
SHA1 1f10cc1f17c6ff8ca782cdb48d3352c564542ba0
SHA256 9ec680148faba4e87929234f1e3ca3f0ff59d237befbc0d4e7e425c16c0beafb
SHA512 fa81de71d8875da635eeac13d3e0130abc12e05eaed4e549e2acb7d713a8d493c84ee01e33e6d2d76773bba796067f41e8d69505c487a776a1431954f6759066

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 a33d22a4fbe0aa2fd218f0734b06dacf
SHA1 89ef5c1845e6e8421648357b02dd2c95020e1dd4
SHA256 df8276c43bf8508b232ab4383a86105f8f9e52582514bb00cad286b3d45a9aa0
SHA512 c808ed16a1e651c7d45c4d9da8ac5225675b84e4cc289a20cab9249e10fae6e8bea5db66d6bd1937dace86fe1f7b79caa68a14bf6d8d16a4bddeaa3f3680422a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b189cafe189ba608504174113bb1c1b6
SHA1 77d76f49cf564d99f62dd52cf1f09f25e5c8b27f
SHA256 35eeefb2991af943f03c75a9df13da04cbaaf62434ecf73a3fb42ed1976799e8
SHA512 49a9c4657d1f5e27d21c18607af43b57d0fbd9df8ce422ae6db9be7f56a745939ab267e01a0ccb9f8f0185d834e6519569d5eeddc2d07bc98c789462b95fc15c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 fa3c28bdfc5e9e7c3479be309d8b9321
SHA1 cf427f8399a01c92a8a2049928f12964c752c345
SHA256 966ed9419afd40b323773c1f3525861c612f1e18285b62f5cb92906f2e5613d7
SHA512 e83e9f293c7cc081ccea06abd9d0c884c6f05d20fc3fce7940e3a2fb012c7d4b9a560eaa784f544178ecf37717c724a8fa3b6445618192802efc1d9d0fbe66cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 7689415e7a1a69fc01d16988a06ed338
SHA1 432605b913696690aef88ceed0a3755bc79824a2
SHA256 afe4a8457d58636d2e9920a0dc12cf273987aff0061568ac80a7012e3ebfc122
SHA512 696d668aea33fc24bd8284b74d3d9555054acbb3aac8a96d090217d4b78d8d276863584fb255df408d397ff44f5c6831b13944b643b8dbb81551bedd3ef2ec85

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 98670c3d5a646bc986e6da48b81419a8
SHA1 dda593765866a638db3d1c3abb8f06ce1dfe8576
SHA256 1269b7930c190497b51a1ccc72d49d946d7a6fc0601f55602c0251e509a96984
SHA512 6a2fd08d334971c05f644a4138760eac176c6c61961125a7b3f88f425b9a76206a918cf4813e0a03c683d0f8a379053f866d59017d6e04d9709e2d1539190bbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 7f168997d1537796ff8597de507a213e
SHA1 e50bdcb9545e4e821d10f54bb2ba517ac8a17f1a
SHA256 ae45329250bf93ae9a590369a61ee33def5047a1b7cc37e12b0e87629c2e6b3c
SHA512 8ad6d87927024c0cf352381b1fc6fba6b79e20451e0e070239df07a529b9c0938d111cf00a44d0c40c0eac1664d3e6ef11bdef6268c7245d8ef18a89c319bc48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 5ab331a908e7f50397fb194ed2144050
SHA1 f42c06ebd649b54af447ff6822dabf41bef3101c
SHA256 728a1783da4b02e0db76c0d086ad740d06e7c74bf150784d4d831127e7d27dd3
SHA512 96adabec63a19955e173b6d573cbd6b355c925f463b9649ec1a1c43a9c72aa666d22ff18c6a1a6c0da7a673fb03e7d7794b75331335d3230418f60fe4f72d378

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 326c53c61b1ad3d044b52af95ed99e23
SHA1 ab535f3225c19da14d014b7678a7fe94e535656b
SHA256 f8f4df2bdc34db3790bb174a690733c40c5159d2bc1b98187a18b8c90dfd3a48
SHA512 bbf85d2c82b2b1e628e14947207ed9590f5addfe93dc3f3182b0393e4b913d3a0938940663e0aea5fc687d33582b829afd5330449033916feb6b915254049f01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 6292f6e7b39b2315e8237e79272c7683
SHA1 06edaa445e8e68a377f80ae03190b0476d6e2724
SHA256 9cafd8033ea2cf5f9354cdf211c6977807dcd387f769a873cf1f6cce8f1e275c
SHA512 8e6c32197e09fd742e83e96cbe505e438d08ff42ab306f6dc1d2c14c1641fd0614d12e5e116371bb8034662a22117fa2517bef8e4afdea2ac1b5f9fef095d040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 e1096c88a612a8d324f32b2b127c61aa
SHA1 8891dfca06d040e36643485bfbc63e8d3dc6fc6c
SHA256 6b8a6535b6d6a13e985943bee014903b03e7a05a1a9fae96e3f44d32ae8b9c72
SHA512 1d6c5e9f6079ee70666c2f6ed91d3d68bae773a8d686cae577cf468ebe8370f81e7c57815beb13f276e99a92231b884ef98d16b46e816ed4b72d81e812bdcdd6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f054f67edd494c2143c89018030f4ee8
SHA1 d60e24dc4c96390d289c5e94a62dafa48c16c1b6
SHA256 5ab5800be6b2b8530c3a2362fb36b604b83fb0eafe70cc7b348e9bbb39112fa9
SHA512 59cc08238b89e90f41cfd482ccb8a249863c60df19f9b1e6ee3e678dcf1d5860aa1a0377c0822f375b8d824670b508f91751dd7f8ea363ac5ec9f677a6609b55

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 5774fd85a2c93ea3535f31fcd48c1d7e
SHA1 d16ab3ade58606ada1cc037ce3c30a1630be37d2
SHA256 83c5ec2440b806b8dafabf90a4db96aa864ac77a31fc67bc55ee449316e974e2
SHA512 ffd057a8ef1eedf4be1a7a69b50310214edc927d846749666b88e3061c91de7df587f9a8e10ea9903d5316c323a9b9d5bf822552ff159a82eb313f7719eb17ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 c79ef8b06c1100dafcc1c4f5ad2cc32c
SHA1 7731a3441eeac075228fdbfb4a7dbbb2c559f3bd
SHA256 bf2fb77cd3859f3f14e31325891e1199458b8d9dc8e6197b5adec1ea5675aea4
SHA512 90b21d363d4c0ddc9349fc344f454e7be2b84c7a8656844e0f95e3bdddc676f9fe0518b2e0e198bfade4a61a925667a4e995f2d9e34f175b525e9528c33464af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 ac9f73a947d6c5fd49d7837c16c7020e
SHA1 0a55d4125f2791f7ac4c20a40f527ffae8c772bb
SHA256 dad9f770ba84b22826766990661ceab1ce6f01e9e2551f571f80c5ad1b835425
SHA512 1411a11fad90f52c463dae90f906bc43f6174b0e481c4990e1a6db06eb585f87f2df383337896d1200c97f0a8e3fe7f257750b634bfbb07708047b24f1b9efa9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 bc51237b8e418c36c41655a13b2f6435
SHA1 c23232d172e9258a111eb2791effb37167d908b8
SHA256 4e164e4acae0e3399c65cfde2567b489f203080b9bad426b027f9be549dff274
SHA512 b1e055c13f20798ab890d92152703b33f2a3f6f31af725dda5e47890fd5f05285d556f1f1af07c64c374ab2f5ba19fafd8c22ee79c1579ff36a848c01ccd20ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 b5e606dfdd088b5ce6692e68c7fbd8a9
SHA1 e03364452a2f18be06441c04336ddba5fe506d06
SHA256 16faa09b618d3bff8bcbf0bb8ea08a8dabf45c017d504a67fc2f36f219e1d79d
SHA512 0033891fd2ec5681fcb06479efd17faec4a2fcd623d1a430b6fbcf2b9e9001e92ffb6ea18bef9025cd7c726962d62edafadd8daf53a0b8702def39577b77469d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 310e03828e5fa41d2475d6813401fbbf
SHA1 9a4d816580116b3b19ea75e2ef11dc6c3162edcf
SHA256 ec913ca6f46c198c31333c06d6a23c1927d2ed614a9ac73eeeff0098056244f3
SHA512 ba4e346f80e2de2c82abd2ec14f984fe8bf1fc9134c4780e2e6d0aae4f56d8ca91231d31fcb95fa65b291a42109806adb9b68c335f8f85577adec99dcc4c830a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 968099b9226b5ebaefd8c6d9793a4fd2
SHA1 140a21c5e511f653d6e3f6cbf37d269bd96ba28f
SHA256 8828713f5c950e3e62d9a899ff2ed04ee284a2e09671c22736cf9ec29bd62317
SHA512 0c97b1676f623d2dc390963dfcf29207878b8a72bbca765b2a00613b493a4cba16bca5fe709760d8a68f23e3267ca56f55b86ad98a45184d3d25c47e4f675579

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 f307c3073f350c9a9826f3f3a72eff9d
SHA1 8947636c3bd0732ff5a3a066a4b488d41fd50744
SHA256 6dde82ffe91509ca35e0bbfc0cb00d985b8977317426f147edaaadf8e02de737
SHA512 6d1250551550c5865d6e3a634528f3ba1bbbe1a560f19c06caa64dbd8e32af4addad4fe54cd87900c0999b704c3a8fe62d8dbac4f61dbb952452920c343ca332

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 929bc86cc6e8178678e6a56fd530297e
SHA1 7a1f71f12a84e471c12143dd697c3c9af4ec83c2
SHA256 a2c174d695b50bc58888e9dbd999229faa935b186380b598ac0d0eace26d5345
SHA512 002a5580794e0063843283c8096f29b5ead50b7268e541dfaafe3e8fce4c0bde65aa5b14480b92f6dd98919bfbcdbe5ed126cf2c30f892a08bcb96dda13c24fd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 42402693115b751131be13ccd773ad03
SHA1 65becc33596bbbcbb2ec404f50406abc2b793afe
SHA256 597a54c0c8a23870092fb0688c07184db5187fb96a2efa44c2d809f9065f172e
SHA512 974f6fe683cb52782dd269d7be3e2c3f71ffd3a95658bdc901294a1e23dcf6c3334fa272ef4f95a7cf9641533685800e613058dd5cd8da7ca745fd8e2c96e712

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 93a1b8d4d17763eb1ff1b796b3f82383
SHA1 1a04994d4b4ee6fd72b7add91cccbba02e8e6997
SHA256 4d87ed016e2f7c0750c1168d1f2e683c41f4b378fde87e31a5594aea64818ccd
SHA512 8a60e03bc1e22dc8f6b2eb7756b10275820dba55b8462c2e6d6e565a69e637813a357608844f397aff96bd78eaf2669935c91b7932559cc43a25143a84fff7c5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ef3e4c44a818f92790e4fe6391e29d4e
SHA1 f4167795ad8eb3989dc7561fdac4f78e7b676192
SHA256 373cf40ead5c04ebe7c217f64b7c3c68f378f770541115c3ce653ace9c398714
SHA512 b20e8607b0a5ea1d4d1a06ddbe2cadbbb0f0ae7ccec2f323b47c4285e662cdc88f60524d01be5012d71047facc9f89b673f841bb9d10fa10a6c8611ad2eb025f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 407b8bc62a269d23107a46e96657ecd0
SHA1 7bea199d056bff812e8f401f5af9fe25a18880a3
SHA256 290adcbc1ad51df18af9fb26956df4daa1a8eb003d2638bd804057c638115fb3
SHA512 125c021d6043e47d85fa345a7dd6ba2c45a9fe858ef7887a6ddb9c2d15199bb0da91047c0e6260e381bb60cb3012795a4bbb7af1ce211dd574575ea011384e68

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 48d0367d4af5e7b60d60af682f711348
SHA1 b88528859c1a838bf290f4620e404fb175fcfdaa
SHA256 7ee317dfb3ac09b0fcae91e6057089e92117a53104a0991460de2e2dc939ce96
SHA512 7100c7432f64d0b876448a2d123aeba12fd622bd803e98b58ce3bcd88b5a3303d2e713ba23d8538fed71c8372910cb6aa20c70266da1e5ffb317c5b6284f6953

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5f644b26521f58149e92eb9448b4726b
SHA1 895b350af56865ee56e0ae5d52da6aa39b7c8372
SHA256 ccfa8c4ae0748a0339e5e3c9fc45d80d5fe1a9e2000128f9a732019f432c68e8
SHA512 0bcc1bdf9dfee943cbaf446fbd1844b163d9a0610eae4cee42ff352e88bcbd6edb830a430fd172cc21815b1bda77bed13d4f9d2ea68e8a98a19dc9c16cf65a2a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 4284921a686976667d1985d042382352
SHA1 45d218f06c6ed1400676555cf07010f9f81e81c8
SHA256 c06f5439c72862de812057eac62e42f140c481240cf817bab61d5b1d513c9fe7
SHA512 1eba7db82ab9ff66325f2cba50dd1365c047d94c424ce45b8a767d050962980faeadc7a0fea3111477a12f5fc057f3c9c7505b834eecfb66450ae6e43c610d20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 23880d9afb42cb65c5f963066cb854a9
SHA1 6a4c82e6ee3b123ce410fa2d4f2078149c9f2247
SHA256 38ac15ad68f79f9c141391dd6c18f63f0c0878752cafbf32497c64f266db3bb0
SHA512 d0e05711a364738367304cfbd4bec14260a902ff3b9a928275bc819ea19cf99920176ca701c166c1f444d43d2f4ecfc4039ff87b5dfd9f498a095a67519ecb1e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1228ab7012b5e55c7a966c5eb47a4d5c
SHA1 c2de48931ce524a03fa8017d38fbf8b9954a73ab
SHA256 9501e97370b467b0598694c791f85dd37d5fc53067c56526caaff4e56b2cc8cc
SHA512 3aad787531db87dcba6aec481029ec33a49d661ea62e774faa6445218e3c7c7b80b764486301d32e8a9d99974bef64971abd354184b5f2c55085a60d5c1d4b99

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 6d12d9d39d1f99797e9eb96b8be022c9
SHA1 0011af6d258be6fed653858d13696d08a473a22e
SHA256 ea0cfca8da98b0517fae562365e400a0ad1ede1fdcb94d0e11fdcd2c1ba72a52
SHA512 9635e681f66e6c0f8bd7b766336cf51a8816cc292c455997a09420416b2773756c138d20f0490414c26bbd4c74a7a9bdaa1d24ba4861c5e920dec8ed369ee46a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 a9e5b24bd2b36ce57bb7d91b87557dd0
SHA1 b5b612653e8fc616f8834f7a6d6ce8a91076e770
SHA256 2157e5f24c5b82a78941df31bf4aaca2103102ccf1a6346b5bd0456387570113
SHA512 e9b5e0903ca5451106919c7ed5b76613f2ecdbd9e95085d1b0a09f0ec06cf7f5f878f9eef2519067fcd2fbb22ac3925522ac84cdd469e8a79a4e226e44a5a434

memory/2400-8787-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2400-8786-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2400-9019-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2400-9020-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2400-9021-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 21:41

Reported

2024-11-29 21:44

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2181) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_20c8782372e47bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-colorize.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-100.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office 15\ClientX64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\standards_poster.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr-2x.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-256.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\BrushProfile\BrushBump64.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_jsc.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_33b566d71f6b7812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_d8f7d0cf7e2906f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_ee614da092435ac4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..esolverux.appxsetup_31bf3856ad364e35_10.0.19041.1_none_7180b229ade8dd15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_7f3ce865b633ae51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\INF\UGTHRSVC\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..m-manager.resources_31bf3856ad364e35_10.0.19041.1_en-us_eee49b3b2905c488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_scrawpdo.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_75154f98c47279e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..etintlerr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_914b243583fa1ee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Security.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_bg-bg_716e22d250901c5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.scale-400.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_755fa162c0cf3fc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ipxlatcfg.resources_31bf3856ad364e35_10.0.19041.1_de-de_d3d414e9400ec4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-powershell-events_31bf3856ad364e35_10.0.19041.1_none_8ec330b742668224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_75ed3dc76e3818ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_7999baeaf356e869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netjme.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_37ea4262450515b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netk57a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5205ba49a025de3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-powershell-sip_31bf3856ad364e35_10.0.19041.546_none_50bc923095e2d4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..kux-rasmediamanager_31bf3856ad364e35_10.0.19041.1266_none_ed5faa94f32d5efc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..efiles-ui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b94ff247f3cc8de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.1_none_623e57cb80e184b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_54fc031bd6317175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.746_none_5e2908237fd796e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_400.htm C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_10.0.19041.746_none_3fa22ede0412c9dc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_networking-mpssvc-drv.resources_31bf3856ad364e35_10.0.19041.1_de-de_5ac486cc36468b2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.844_none_6307f7c901eceb7b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_it-it_058a8d9aedf0761a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_10.0.19041.1_none_8b6323099e7e4441\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_10.0.19041.1_none_b27c2f4ef5e67fd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1_none_9fffda291c87114e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-twinui-appcore_31bf3856ad364e35_10.0.19041.264_none_79ff08e5ee1537be\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..datautils.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_04784fc7c1b1989c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ffd87cc256dc4f7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_volmgr.inf_31bf3856ad364e35_10.0.19041.928_none_30299b60c292d748\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_aad5eb799ee955ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_410.htm C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..mentmanifests-minio_31bf3856ad364e35_10.0.19041.1_none_642743188b75ab27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-000b0c00_31bf3856ad364e35_10.0.19041.1_none_832eac48986c5994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..ap-rastls.resources_31bf3856ad364e35_10.0.19041.1_es-es_346452e422225c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-resolver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0c91e4569078d78d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_it-it_95a1a37ffda61620\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_84b5a1946ada9333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3cde18c9f18b8b0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-corperfmonext_dll_b03f5f7f11d50a3a_4.0.15805.0_none_08e6554895dd9e18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_es-es_0be570c9ae221c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasapi_31bf3856ad364e35_10.0.19041.1_none_23288cedeee2b8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_de-de_91f1eba470aaf993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeactivitysyncconsent-main.html C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-xboxgipradiomanager_31bf3856ad364e35_10.0.19041.746_none_ec68f424f2203d62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_wsdprint.inf_31bf3856ad364e35_10.0.19041.1_none_79f1ac404875c784\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..notificationmanager_31bf3856ad364e35_10.0.19041.1_none_87de5d573f7e8b1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\common-toggle-template.html C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TMBTQNPXFMFSJFV" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe,0" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe" C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/2304-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 e82a9f576d6f164c86d975194bf98c53
SHA1 eccfa932789541dd41482753fcd5d3d51dcd44b3
SHA256 4f29ba8c8d0bfc1fad50f6381c50506850ff6cefbe53144edbe56815eeefd34c
SHA512 607064621abad7cbb6f9c9d609f9f5d831264df1acd7b3f6c8598a50f0f1bd788469c42f393c335c7347c0defddfb80594b859641569f3a04fa56b1af950cf8e

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 b59d486751cc9352bea509e4f6bb9af9
SHA1 cf7c87c3f98810d78b6f4eab4d30b1fd3d2f9cbf
SHA256 b163efdc4dddc2b81cf1f65956db53c2e54c33909cd1f04407c9859f271b3882
SHA512 b0252708596797c4bfe5ba24fb0e5d9b2aa2473578b74603ac31d5e7f904a5a2478d031da462030177ae5d52e9349884aebcf421dda02cc52c3e8cb4615f8d31

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 85eef2f84aa03b7d5eddcad1e0474234
SHA1 282d6ac8a99a6e0736d967a1ff83fdca1e0dd432
SHA256 b82e8a950f5856212a8c818792a5f497015d6290bf08881e41ecfb3c4fd946ca
SHA512 4cd46eea563cbf050112a030c7c755d29a1404e0de0254b29e16f941e3c79c5fc9c26be03e67b2b9bba3111650bc65f6f7f13c6d7e87fbc22ed5602a12119c0f

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 10f2b7057cd2df536c864ea583d36f6f
SHA1 b81d9928ab10023986df1f23a3f3a1cf38783dc8
SHA256 f4ac3a1709939f523c303075017f60514d90c84b0706bc18b933456954a0bc19
SHA512 1e8c7056ef0cd0712128a374505accab66037328c512ae1630ec8438c20fc75d374dd3757e2c7d6245359697ec6afe763aecab2c1c06dfacd822350f245c2c87

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 36dbc40434092ac33ca8433b7904268f
SHA1 f4c9a16352d77afacb3116397a7a754ebf233780
SHA256 1f5acc2bc4025e273b53550422b8f9dab2da9528438670ce29b1e0376dc86390
SHA512 b9f80a4ec526d182e3d19a2092ee236d1041d545d5be342acf854be463203c0e1cb0956877c2826a2331f383e97890a483002f7b72c220cc97e83067ea32a4b9

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 d71da9319bc2febeb9d7dbe79e80f77e
SHA1 3853049ee02a817cc3a992eed9630a5f3d68c42c
SHA256 00c15fe42948782c270b8f9dc57512ad124b9dfe9943799fb340183e4e58c539
SHA512 e10971a0a7b81241edc16d04f8ada71b5f8aa3dcfe59a8e2143e668d28a9a6afcf8b30b2a777ca5cd0f712d0b52cf6ee5ab074f992e52853ea2d2addf534a077

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 29e34240f7d1e8517203e647a1836f90
SHA1 6954ff59148131f9a475c62d7a8fb00c98fd75f3
SHA256 7ea6774ae3045eae97e10b71dd252844f5394ece2abd3ce8e53b7507a5745673
SHA512 804fab43af4aeb39617689c4818e5ed88d715dc3c7acce3c70fd7a0d9faf0a7cd6d2d920c3d452653a64b8d05dc2913e4dacb2d1622d8446d7189ec0869bc9e7

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 cc93f52b20c69673f9cc37b3ff9159d3
SHA1 d4f8e6a545a3826bfa8b41087da3bba38530a75e
SHA256 ebc6fed676af7b5c7875e983c333f2df409628ac6b276ef117b4c888d7b9fa52
SHA512 5e5c2aa112fcc28b94beb05f83cf6d9218bed3916e3b58b0752e1455be62d84a0b280e8170e77b333902558f763e2fee866f13b046899de614a541a5a56ae597

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 9f2cee77c87fe356a6f6404f3488e8e5
SHA1 3907608de8cd732bfa127f9d514773db30507df0
SHA256 b0df50b1f2cd83f2e69f03a29601701baf10db10675859c082759f46a4f308b7
SHA512 b10a58b3edec5ff3449c9bd0c8548ea3e43c371f6ce290371d9cc5044f7906ec6dca44219fb2b00666cd8ab6e84bb4a0f4ee324672aa2c7183fc9d14ca02b4cf

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 09221ebd76269bad426d0887b2396666
SHA1 8d7ebcfc6b925ac381cc45aad016049f5eec9f46
SHA256 adeb5b4aaa092c9acb6c24f16c62493c0a00a9e37af8210b97d61522d3492833
SHA512 60974c09cbcc1dd7a800c6f3a318baf4d3c852005c559813fa94169f209f313d2a02d9a22ab7a360545808d81311a044ad3280acccda0aacf4c0589219407e9b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 fcb9e2a88fc56cb3dc795305ddb6b091
SHA1 e65fa2057367154d3ceb77a138c0c91318ed51e5
SHA256 e2b74d164a9ae95ff7d6a6729cd92b82b5d0d360ed607099f83c09322e46da43
SHA512 dfc5ae2fe19a4c47c5b2729c9b7c5e86bd20ead43fe43bcd3e97f6b7bd1ef1d1f7710d878a9eb89159823e0abb1d832305c61d51b235e1c08ccddbecfa9533f9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 8aed0c2f9aa4a04b419472d659d2829a
SHA1 6cdd3a684173970f5ba2f3652226c4d6f2644e15
SHA256 8accdfbf4a4bc6bc7345133a4712c8072c655281af068d0eb94f2c4ab9eed978
SHA512 a7825ace043305e39bb28671cef2d14f3469d3eaeb32949dbcbab9267cbac11f8a2eff40705023932828b8ffb516b17677ac7b92e7fa9bb80dd6efed470931fa

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 4dfdc11dfd838aace3518e2e003732d4
SHA1 4c32b2ad4fbe7d4f8ae9d6226ea0aca58150a64e
SHA256 69165f2301aa021130d8d03d2b22ad42b8901d32b86bdf658d7f92dd068fa808
SHA512 a29a67c125ed1b7ef19add87eed6911b23eb0bbaa393e20c2f277acef73bfd10134504f47e74c56f7e35418425d1e34dd00c8952479e23514f15a68532c6c6e3

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 ce15b0b9e1496cec881f656e6f88b00e
SHA1 665bd7304da3c1261435d64e5f381324b6370603
SHA256 abd511ebb6648c0af983b478bf7f415234bc3616839d71decc1b687e5b5c4652
SHA512 8e3ae94518fd645c65fdb66be196d4def414c88b175f4c94164d3aa6fa232ff230fd07712e1d349a321e52902593ebc39001a948487ca7474ef695c100bd6682

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 dafb3ef9a3a35a06eedf4ca62035b2d3
SHA1 22b77fb6ab3263acca0b4dd3e71a17910ced3071
SHA256 3ac8e340b1ef0bdd76501321d4a8a85265e1498d5fafa2166503f5c63f5e599e
SHA512 e2a6877f387dca72493bb5debd9334bee4d17db26452d56d35145d9d058065f8ddc80478ebd6e114effc049237f441b45b7d47d094af2844d486fd9b4bf1c073

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1f125ad28fd417325bd9060fcb3e40d8
SHA1 8b4ed256687176106e98312a969e9d4f4ce89051
SHA256 a2e9c7fb1755e3716b007cfb4c88ce99814bdc5a5144a076afae165a4af62df6
SHA512 91da425ff5963003e558ed9191180864dd881d940a4532578cb4b152d4ad552933513284e096167a4e34749a7581721835a9cff6b7558630c5ee39359868f0d2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 3caf8dd8ab4fa2e9f507b3df68f8f9b1
SHA1 8871d42bb7fb820a43f5c40a323bde94ef728b13
SHA256 ebb94f04c833032fc66ee9f6098440e503b5b39d35fe68dade2c9e0c773ffce4
SHA512 caeef75eeb4612773aa6dcdd31291afee82ea36ad2da0fc35f1ec2d496026818b38962f8465eedee215b86d59783b73d63c110da6eae525b2f34e9f9855e11c6

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 0a7dc260a36908ca30e639f815377de8
SHA1 9cf983273639255dd8b324d4672e192e9bd8e49f
SHA256 458d5a2f08370e9221ccea32d255b703428ded5e4e0e5a0378adbb98f70d4e1a
SHA512 614f79b8158d0e9b41bde6d9667f021a21880c2497e2611fff4a4943efb4ff6fbe36d7e5cd4c33745e98d0d97c1b27a0302816429c59516294c91f7ed199fca4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 08955110cebebdb47c067316f7070bd8
SHA1 dde54817b9cc4565b0e5fcc8ff401bd058651f10
SHA256 9ed16c752eba50b1f36d6e77a06c87730a0ff3d2a89a2fea948b0a4f868a8755
SHA512 edc55a3a79e31aa5bf70b0b814d09eae7b63a772b11402cade11f0b2b65aaa40c0d42edda6b4eabef7ef4dfdbd18ab9d46acaca49b347c9bca91807e903384ca

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f0f45ff7944e13aaa4729bbe9791985d
SHA1 5dcaca93563f983d2c9fe270b5351d5e1fb9d6cf
SHA256 8f142b1154d34ed6c85d4a6d64733e06165045de3ec56bddff898fbb647b8d0c
SHA512 9e3a76ae8815947dba782460ab4b2b6e29a697d350287d9112f5dd3c1de831b44bf89a1c14be47d72747179cf7d1fc752f6cef649d7bf649b235340d84f55f0c

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 748e54215c5539d9ab3c2fc9fd49f893
SHA1 158638eb27859728437cf013abf11879aff5d77a
SHA256 be4fe396ce6545d75f39b7e265776cf2c513b66052f2bacd65941f56e18a5181
SHA512 8963a09959918f50c6e0e62908e242117f64300f2c1232fdbfa009a682cf90127a9a51f0b7bfd6b8b5389ccfde921ac3b5c0bd89516815a40cdd8256dda2a6a6

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 200a2d49b64d143a388432a11fe5194e
SHA1 69522af151fb0006bddc03f25f24f289fefbd552
SHA256 06117550d93a0b81d79170de2b6572af8300e5c45618f1387d7c8384f77dfcaa
SHA512 78ac1911cd8589f80f9a1979061b9224afd62c3ad026560716c7238ee7a75fd31c3ec789eb5222d33b438b6a93851f0ded8e31c007da6137befcfac7e4cd47a4

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 bb8fd8cf1555fd6c7186b68afc2abf21
SHA1 d8bfb963f5b4180b00dc3045776d7ca9c4e3f58e
SHA256 b2d9543c876f8920b0ed346f16c0c985a4784dad44168ddc345dcd07df6b319b
SHA512 4c4c7ca8aaa0af7840d99ef5fe438da99e34abb56bd0b92bc437f60d45aa8965427d9c3e2970f946a37322dd1f310e3189b04c8b75e76d820a30f9e394f6bc93

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 427280415ca9cdeae6750c16e0c27ca0
SHA1 14ac9a0215281ed0d9cabacc224edf8e9dd47ca3
SHA256 988f2b0535cd9d3634e005c892939664d618a32ec5ddef935a10156ef4fc07fe
SHA512 b5c62885294d0aca7701fad86267d1a6dbf7a2d5deb1690b6da3561704398c2058ae47ea02be67eee55cdf74bef74a16d0628a4d8fa22ed10eb277a35687e62a

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 302455af719d90aba1e723501c50ac38
SHA1 35f101a16d99b4c11ba8d7fee7631a8451ee6615
SHA256 6edec20bff0868ba94ca2fd5077a411b46247c701dec45212c5529603697028a
SHA512 7e44196f764d04bf9bd3211c5a7e26c8e42b55f889bacc57a5069520353740a3896aae224a541d432cddc3b3659f92fa5b6d69877db6d0faf2198f55fe6ef864

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 89ef4dc116163b06f3c4189bf75fba8b
SHA1 674a9f0e755e0b2a60388aba620d1c9d96c768d2
SHA256 4d86ded8ca4c06b134b20919e1aa5518643a1b57c331c9d694834a23e9eddb81
SHA512 df8c82b5d643ecc584043b6f37197d09752128b895acd973fe42fab78175734a05234d660f79f9cda0a86e859fb0b53d2b9a52f1b347a25b31db7e72ad6d7500

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 80191b601a19eda23e654b6e8c2f7cc0
SHA1 cd5b4209308aa3cc8d8e381ff2fa50105fd897f5
SHA256 a70804575f220a83d4adf85aa8b40340a0555f1f4894c72bdfa592aec93413ca
SHA512 5c84627b49607446f4d43206d9c09f99c36d02d97acaaf28c9a1f29d470aae80a579bf65be7ee0c658fd0ff48398cae229350a8abb0136946f90e84bdba9ca69

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 26bf342b2fbc271ec3194d5ee7a52479
SHA1 457802e46df3c368e43daf41143a6046c1ace0e6
SHA256 0d36af1ba5fe7b0c90aa1880717bea6ba4e0d340d8cb14a32d1d5c4e117f403a
SHA512 0e80bb8c3d0c5d6b973b322b522d5f3a3ea21a128b230253ba724cdebe8a85bd0a5fad1ce7116fe9540ecfe3727e94dca2e9243804797ba8c572971ce592549e

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 76232c7b452997c4c431c2decaef2409
SHA1 7aed452b6696d0d060862519dc3ae0dcd322b0ed
SHA256 9d1f2b085ca127b746d251bc432ce06b1ae41825b9572d0cec396c9a66090b80
SHA512 18f1ffad1a2487c640797b7db8668fc5b97841d41cf76aee16902e43b531d47099c0568247f61d79e0219f197a14806c6531fe415167e39781b143ab58221402

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 8e31b56a060b6ef0ed336686fac0c5f4
SHA1 250d80532ce604bc515b9ed54406182a17f3a4a7
SHA256 280093b3e46ee430361dbaa68b6b8928a379d072841ab9ab14fba7df199401fc
SHA512 109a5ab6b963a312f90986c33a33049d8913a1c97e67a2c77ccf166f02f9b7705f62c53fbc5998472c85688b25fd29649d164e48f8a89174f60ccd2b1393005e

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 87400af99ee6b91980042f50418f155e
SHA1 4036bcedab1a12cf8e343abd45f27872e748cab8
SHA256 11691c5cdfd910326aab0b7b2b3334cfe45c53f5bd4bc2662d070a42ae46fc2c
SHA512 aa353ad5d9d81c627ac089f74b2c15aa2d80ff5794080f0c64070a50deef3b508400b64320ea07c6b68243d9093a9ea372c02d471e1a387fe230df975e3b6ff6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8bf2fae33736ac6f2b0346153ae5d365
SHA1 a3981915788919ef468536330a7e785610dc5d6e
SHA256 77a9139d0262a42934a4edc7a6752814df41a309087a5efd8c91e27ea5c6d376
SHA512 b9ec08dd96c44eef0587a145ef45da09c0ee3db74574b2acfb99b110405341da7c42ed4a5eaad632a7f367f243cb209e5ee2bc238eb4a3b81fee574048efd705

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 63bd2e08f108a1e44089584965a4712a
SHA1 77d4bc806a8bae4e57472b07eb51248501c81df0
SHA256 7d59c1d4c84aced0cf85840099254d3d7a05255fc9c32c254c28fd5138ad03ca
SHA512 112715f10abb0b2b968b2ac36d95a228e4c390fb7beac0b9fd0eb37a04aea0a29d8dd43e55fe9ef6cd1439f1c99ac1690cf2cd13e0b004e5c292b3d99ed38d63

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 fc3c7c843a41351b62c84a581d823d9c
SHA1 e453456a3bf212d287d31d01fd42ad0bedc2aa31
SHA256 2d14ab88db737cb3422511c00445e1e555cd96428f8e167efca244934fe6047d
SHA512 228d9f3d5c2e55e670ce3d1abfa0aa07a8d7922bc9fc91ba3eaae2acfd8ff9523bddb710dc274b5a3518772c350b86977b18a0027a69f2430211303cd34b1d25

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 db9188f8a558a47211285fdbd20d147f
SHA1 b16c60ba1197bd98b419777e5a794a02f9808372
SHA256 421bd306d050abbe8ec2d851c538775fbc666b0197768efd65b7645b683b8c96
SHA512 c370f2c3afec1491859dd099bb3fb7f263c28da67ae008b43ce31acfc4a5362a92af970659047dac5a3cb9a0aa863adca48a8506e7900f4f4cbc98dd6fe95feb

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 d4a17d434d8095e4127895db8e869bb6
SHA1 7adfb5cda85df135669d0a6fe1b089c5478a4743
SHA256 4a6ba9568b3f92c1fd27e66163b486cc6f2a41bbf72e2ed0dec83e6c3f84097b
SHA512 49301cac345d16e873ea285ebc32a6244eaa1f50dd63568fa644128ac1d70350b679d1fcfd8a125156e3fe1671f778bf748ba080a189778557160bf5a494fa1e

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 8ada02bfce88137c008deb244579607a
SHA1 0fb12157843914f09b05ae1a1ccb2381e3d5424a
SHA256 8a23835b6b6127d58712a4e490a46a856e8063786f3bf505942fab1447568376
SHA512 20a009fa15ffd87a94fb3e2ad4cba15c5397cf94852a118c5bd13cd67a406c7cbb45cace27f7641ac46b0fc50156e1e693d86d1c1a9625b3856a710dd1b2d3c5

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 4e166104d829b33836c6fd210d93c550
SHA1 7e8e9529f0466d6b040d0d6b2e996b8975b7aa9f
SHA256 7b2e83551536ff06e884922e3410cf085ed5b1f86ff8789e745812a6f4418958
SHA512 6d06eb90c68d2589fd51ade0b8b29b0e8124904561310534cea106b17ff452a57c3db509fe62d71710f5e2554d0fbb375bb345dd0de43b536e21ef651265ffd5

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 62414a11e4161e568338c21246b2c5c5
SHA1 108319f6d6b2e9fa7de6589381a0423502f4eb6d
SHA256 5a8683396b2f0061debf4601dce7092a5b1f60d3044426fcfa77a903c5c033c0
SHA512 609dd84f6b536aa6e539bab7842cae3b0fd33e76abf406ef8962c6aa4b1a682bcc2c6cb309becb0c2a5e3f3894a8861798508b722e0f806f1f732b19731cce29

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 fefaf2890a04afe7b671394ec1de06ee
SHA1 a2256e1de51a674f7e0f6f38b5519ff526627063
SHA256 1cf21cb7990ec731b9087982806edc25460bdda04f6f924144cf98be870e3505
SHA512 bff917a4d620a3accefdaf0a6b45f50e933055d123815aa24f0933d806831d55ec4e0e5fe3c532da26533b5a2ad07bf70be4496ae08307c1b1f0dea45900752d

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 bbf4f736522776af3230fafd28f98cbf
SHA1 6af71b672d7f230fc1a62ec264b13aa1c74e52b0
SHA256 364d97380208a7bc23c67bcd55985436f7c62637e9a0998504226bae8161aa37
SHA512 de86a1c7beab4b2fc76ed57c27a1d0c3ec68091d14ff9934115a02e8f7ac1d5bbad023efd55ab30e88c18be00b3d7bc0c569b83c14095552554f69dd15b0fe27

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 8b41751b4f3fed8e71f5260076b69809
SHA1 e96ca1c45c527a8d42db262632c4cfc85bf5deec
SHA256 d13baacfa5857e0e5b8be5f8faa9ff6fe24c49e77ae798f3a2296f5f011fa769
SHA512 5c4c618da4cb18c67b44c5a8e52370950f67bc76deb0d3d27475b5c7324bfac41686d55b883deaea3b8a8e1e40ca25938cfc1a38db6a5a50996010ffc2b9f80e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 16a2d2533786f729452f004cca30c7ee
SHA1 e81cfe71aff682880ee0e3b8aa86ca589235db6f
SHA256 ab0d9b1f068de4b2bf1d56610da9cd0c9303d129527f6fb2f28d04a726396ebf
SHA512 d88e0a25843815d47a600a96884d3192446553ec46373956c9f0fe11fe1678cb5d6cf21ad0e81a0677537c98d87add2d5f9cfe1acb0fd3259ddeebf38861e58b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 a4b45d6b01b4401af33c44083d2d91b1
SHA1 60f96b8438c1337da569e816c7fa38c5258fe391
SHA256 81e000ccba490f9debd80fb7b2009c5a9d10f470f6ba4d80eb9b323632c94ba0
SHA512 8088e2e8baeeb5a5f6654038505888649fdd8fa52e9a74e40817e86faf868d834db576e260a85174c4d96cb8a821534a414c0db271c0240a45c1f7d6ff3db824

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 319c6e93f7ff85550b0106d7bb5b8b47
SHA1 5e83e044d247cdfee2e267337b5e5ddef00ae4ac
SHA256 993312811a0c1581eaea5e7730cb24ea565ea04199932aed199b33f3083a5b4b
SHA512 cc94edd47b0283dc48148a889b857c8ce5217753fc092ca245669e6b9dcbc87b1befdec0836008c094f52266f76be01c23ea2ae39a69b11adab8b76e940b674f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 9aeaf4d644c78415fcd43aebbfd226b7
SHA1 40b855373bfb9728bc3e6baff1b542beefced874
SHA256 89e12544ae10ae534413ade4c522068ad92e16da4e9d3a554f45480e02053d54
SHA512 270989b3a13d3be831e8ebe70d2561522a26a657c9ed6966610c81beb452f6f2f696a86630bf1839f69541ebbc295e114eab1826de8670c3db51c304e8cf79f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 157fb8c92a5a71619f9faa0e515b455f
SHA1 2de774dd80b9f89cb4c84e0a8978bedbcf838469
SHA256 043703461227659e6fe2ae1dc9a3f0adc2ab0013970be4d21f149077f83e07ef
SHA512 f8b9635deb7c0aa5002c90bf44812f35993057f748d9b0b5e075655c0bbb79871eb5b84b013db656430cc61e25c27e2e62527d556117bc65228ff4c1373b796e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 90e76e5861c3eee5f58540aa8d2f1033
SHA1 c98507b894df257f47ed9525354ac7aa6eb3d746
SHA256 23afde195bec27e58d0c3116455222157ace15029443f54954b4e22d82f28b27
SHA512 fa090ae849ac0c96c21f7200c4a3dd6ffd1265b8be55d3ab44c68d6d65277604fed0fffdca20577ad8532eed1a285fa18068b3b7e0a6b809447aa6ca0ad6fa8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 0317d97f8d083ad2a023a729f40fb2d3
SHA1 0f5cbb2b94e211e640e00c850ae838680f4c6f51
SHA256 b4516e711ef3dc0104b05e23f724ba684cf64f8dee0c5c2cf935ef2e1007393e
SHA512 a8e77c53791c35b2b0847c5c93e8212e1ff79987089a952c3d818a7e559d66115ca2a1b684e1e411dd164e9bb2dfa19e51abc9a1a512156e6eb623dd9d1a1e55

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 122ace9ae5506b0de7d1f0109c31c796
SHA1 d7434bf0de75a25f59cb8ced1c89fae79d06fef1
SHA256 760235c0ac50ba35a9738e1306c51d923619a6a4b3ad72bafed4947c17c8c25a
SHA512 47ce9986dd7116b70ce46a2cb120c7a098b3cd6f388ccf9f6a577d429753a9250e0983202fc12de9c71f06db7066257da39707b83dd9a6f4c3ad992b1513f15f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 933c78d826e2cd0086e77d6cbab41798
SHA1 217a650204c6aded791e7b67501f5136675020e4
SHA256 2546a189ce668073dd3cc1a490608848e140fc9abc982b291ed4390e3be48987
SHA512 9fdf3d3aabd34316bfae7d5c300605e6db367827026da97a64ec0f4cb86bd67f781eb41812dec72662bbc12efc3e7beacb5acf9a73529e076336cb3b12bb4df1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 5a1b7fb13b609d30697e14ea66d4c933
SHA1 8c47c547669e6d98065ecb6dce3e1ab9cf0115bb
SHA256 b54993b76181ade13e2f43a5c7768b05602a87f86584535e7ed376cfdab4e615
SHA512 f73342f75da83417fa06e4699495a1002431659dbc7a9a7a425352e9772f01ab9a7e066f322ab0cb28967204077a219cee0422d2083f6b47c3fe80ab93fbc21d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 22c841983188e9a6ad69ce8a936e06fb
SHA1 510a4ef6695a57d7b172346850b514d84b4ac051
SHA256 f29a08a6d4e38b7c595fcdad6af83833267ca03e5808b062f911ffc2dd6c2706
SHA512 92268f7e0b7fc3ca705909701b9ecaff0cbc03653786a2911f0948644d4f3b0fcaf82518d54562a469257005da194fac1fd2c577f7822f3166d19e5a45b0087f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4b464756b2d70396f95ef75f4dc5e08b
SHA1 c5ba3720c5212ee7199d406ebc1e57cdcb115ce7
SHA256 041cc9d393de0a54394604425334561f3a437416c4d5dfbe4f0195a1a8e283b7
SHA512 0f8a54908a1f3378d97a5f35a4d2d0ac95284eee0df3103e47cc10065fc1825fd0c1974352c6c791618cb511c35917d418ca1439d903cb338a4d28e309d8426a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 973941562e9c73c6bcbad4df2bf9ef59
SHA1 bd9bd92299dd25facf5693a063609defa23c3973
SHA256 0ecb1b818733c7329e0520401a134c55be8e097a7635f66558054c1821156845
SHA512 c23af930052a517ebc5a039b538454f5d719c79dd0bd1fdc0cbe4843d056335d895088201de51c90a4eef156c8b6d021d4d25345fac08de1d7880386319054c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 545ccedfb1e07581595bbecb5cb34ffa
SHA1 aecbd2980c782b8b7c55187db0b2f3cb4b4b97cc
SHA256 c0ce3c84e842fe5722f71e543dd21bd6185a861a7481aa3e79ac749ccff23122
SHA512 a7ed81f65884da94fa82b9634b72dd67b8ba738d61ea2a22e55007d21f30ec3dea6778a975cd0debef47de615d7d0d3f78cd201789eb0be4742484f95df2bcc8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 1b33610ae284de22735fe8221080cbf3
SHA1 f500dd057ebba45c4966c649a4b3cc48a37f2578
SHA256 682a8c72e7c447e97e1dcf1bdb539290a2e51bca85e9744024504e45cbafe050
SHA512 2ae910a31cd12b38f27645682d2a00b43da392d95edd1bd28d8bfbae3f6a090f374ad1dc7906f7f85805c6c657ad7408a3db03b30a26f528ecd4dd93184bc80a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 bf6eaa5064a782a0d6f67c8936fed6df
SHA1 e5a8a1438b7d6c4ff1bb6ee9cad2b411feb097a1
SHA256 2a4b63aeda44c08e732733ec5653f18b128c5ee2bafb39770a872e057ecc8419
SHA512 39bbed0836cb9d956fa9af35eb3300a8adbc133292689068b70f7eef2d5030034ea22a17a29a407d7cbeb8953f73c380bc16bebeaf4fc95717e28e6165d656b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 24582afaf3f1ae0a3548e591b1ad10c3
SHA1 97b7082875badb598259baa3a071fb19e2cbff45
SHA256 a9b406440b823dd79d80541908055c53a4f9dce9ae2b96a1b6bd532095fc6ec0
SHA512 0e089dc113842dd26fda71be30a3d3fc00a722fece018b98234ddc3ba696f388bdd45316d44ffd4972fec4af66798bd6ae18a983e47727ed98766d6b39a3895d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 4f803049d7dcaebd7906f9e6c184b8e4
SHA1 1bd7fb9882f09ed47ee134ebf8a37790fa4b8e3b
SHA256 c841d067765d3cc4145b71745452b99f8a4f57fb9be8c1187e8903bea0a31c5c
SHA512 385eb913c0705d0142604bcb49fd0e97006f6fff4f7ff03b6cb4c9247466288d1eca27cb7bc72cc9ca27f8b54a2f99d0b73d1687bb3c6143eb993d2ebb09ff86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 6f43c1c4768dc287c3c05c70276d075f
SHA1 7e4308ad69bbef4acde308e177004ef0d78862dd
SHA256 c224d88f84ed1dd2c0fa2ebf186c15727e18c8cf29dd192f3621db5098b6aa2b
SHA512 6bc30862c1fadfe080b59a847a954da8f237593b196e0f08d7102cc621b9bb22c9e1b766f288746c028e05636241fee750cad26781e8f67166c71a940f531653

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 4cc424b8a5b0eeb9771a33bbd51334b4
SHA1 eacc1a6b535f1e2102896a79e91d78d7d3ac577b
SHA256 6a181282afee0d34ffddbe1013f37ae321a2fac1c81a7efaaefaa8cfe655b1f9
SHA512 3745ce0f6fd85269b485643bc8faceca35f654c6587854feaf33a8c2e173bf707253d8d659ae388505b206ca343bd03b98f83280c1c1db1a1638efb6393fff3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 b1203907abfad2f5232154e3ad4ec47d
SHA1 152b0c1fc261d1a7a08d33466ebdfc1dbe6fcf12
SHA256 99a5aa224d5089f1aed21e8e0c5355258907ee967affe57c5c6330becebd7e2f
SHA512 312877ac5209ad83fe4ea533df4f0c229ba18e533fff5d68b6fea787171e2bf80cabb6401969d54c78cac17e6177becd378afd1d84cc36a20462a3908b917352

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 e96ef41d4958ceeacd7a6eca95cdb8c7
SHA1 76c9ccaf4a86485eeb10a8e41a032a4199519a5c
SHA256 0bb157c350f9cfe3db8e35e60c4a2faf0c3d6b8aaf2cb3ccb82f0b9e0881d35a
SHA512 db1009885d814546d14a412f41e3e1fa9e4ec925272547e2609f1ae42c49ab539d8169b738125f641e9a607e73dcd5dfde70da5b59c64e4b5ce27bfaafec4604

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 3d842d90cbb8d03abba989465312a171
SHA1 01d4f8d3c8a7be1e01dbdbdf78f5aaa6fe5820d7
SHA256 72e8102a7f1e8838f85fa654e73633467ea7c736c311fd947fb00e254391d389
SHA512 2bb5335fbd5c31b3765ec2ccccd7c47fcf5b4ddc6a70ab248667bdaf5ecc05842fdd2bc4bca72a327ce475384019177ae8e2b520f789cafd8556ca708d949cf9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1177d013f7dcbb51f1bd00a781d63892
SHA1 291f67da3f200ef9e3c76831c0a45465d25cc046
SHA256 6c63627520141ef96f4dce8ef4d306b927c3dacf0db49d3dc3a247b9ba7e43ca
SHA512 9721ab2ba2154370a58d9f30000d57eaba8c86fef6206ad259330e322d8e9120ccbf1b4092983132a600e1c7c377f525833d328e11f55d82d4ec4ea4fbca64b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 1cbf016dd958f96c2d3d6fd9e1a358db
SHA1 30f13a9090db6ee2e8dca34f7f476df8f8317c35
SHA256 89660ce44a47a9754b812135608e69cbe1e6ceb0cdc117cf243a060fa8637960
SHA512 38ba3ac0d0b124ac4a1812bdbfc502580917af221a42dbf5999e7ca3e80bd48a3b8436bdbf2f2d509e3540f910cd5f58424e65faf482eab9fa802a4772fb50a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 fe9f6f8fbec94697ad69458e9fc8d074
SHA1 089554781512e3d7827a179388816eaaefab02b4
SHA256 413584a692e0ac8b40573e97144f002d40eb9ed279311dde2ec287cc1418584d
SHA512 b5a213ab30e674288fe63baae7c588f0d5b69d335ee271723aec0b80e3027dd684c76ceb25890d9763f830dd959861916249d49a4d15050761bba9e6cd18b0b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 e0b48a12a119f09411ecce1e93f8a514
SHA1 8fb1d518158494293839f9311087b39f552c88c1
SHA256 3038b294cf6fab968ec72c3d366506f3a6eb6e349ef8dfcea4a81df368bf8a8d
SHA512 5b43abc430384c3d6e28c6530db69f8abba405412445a9ce3fe69fefa40ce66431c42d820ed36cb75c732cf9c3e05d69633c5a37cd57b2981e0059976fc1273c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 da60a8e460d5774988c572f12d88f7a7
SHA1 b335e4be71e6eb1d833b83c6f0538a191803b357
SHA256 d7abfcc67ff9925e523627b7dff6e3d86b81073857a62fd54d2cb5613a1a23a1
SHA512 21291603a82dcbb261f305f0544d013a953af5ff9fa3dafa85d584f6349bf9db391ec7b8c789695103a05fea7c5ac9a5cf1ee6566fdd422a0f247c14e1fd497a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 6686ca441eff8a43c5bd8d4407985377
SHA1 1b5d012718c7f49523fdb062fb10fd9fb1a1e049
SHA256 94fe9f24dc8ce7a9805c294af84bcdb93c7ec40ee42910260076d53b239551eb
SHA512 3ede087ea2fc65a13fecb83b98f1306f274d414dba3bc47236298c264750fc84fc6965915ff6fd115bec0c0d19f5c7ffb5edb89cbc21379405f18c2d5ba285d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 20c6235de92d01dc647f9dcfac9b937a
SHA1 ab83795e692ff0f11280632c4a6eaafb5f748277
SHA256 e87481900c53e35841f9188588a38dcc296ea5f1bef1f93e3902a6f41d3d394c
SHA512 945acfc3c5f9dc750ea3b6eef7f3a3b0c7ac8250f5d40cc4fe0715cb64ca18191e3f49dd3235cfd9ea0b68d4cc26f85a8b18607aa8b1b50283b47ffe131b7a04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 8e3dc5934c3dfe085b9e0e46236729d4
SHA1 65ad2dfc7272a42ad5c567307078a0055db1ca0f
SHA256 88ea9bccb64c412475e489af77f8aadbd49f50b4de9ac911a519bdea52c1e2e5
SHA512 b785cfb1e00f74595a3f7794aec5b6895d88f8bcf1d88e2664c57b107c5f8b0ef300587a6d53ae901756e45dc6cf447947ec5adde5076f1717ffacf9cfae0236

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 7a82adc35c8693aa349854d1604871dd
SHA1 8d810bed2860e5bf9141adfbc90c68270f6d150b
SHA256 4fa2840ddcf0c5c1964cedfeec526ff96f0e6456fc61401620c18bf884f74510
SHA512 71ed3dbcef2dd81d20e735d0d3c96b608d8661bacab622463a5395d12c40828f3ad688935748338e0137974c61f63bec902c69914a703599f2aff99b7992e72c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 f5456ac5b449cb7df803908a66c3ffc7
SHA1 9b78d17a05f6a493680371f798e6610fea919042
SHA256 9027f0d07bd84612184c8589ca4ed205bd41f3a64d145e98835982c21cbbf311
SHA512 b89febddab017a8265bf0a60d56192b6ab9414febec65d4c40372cf5a30641c06a4584edac3998f942d6dec89f94844cd0f7a4265d7e94262df409759b3f4c76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e6782a264b3f9db8bf6fa7eda1f40005
SHA1 5dbc81d3f487d8c0d9e9e23a242a1a1eade31954
SHA256 86d51ba1206aab56317b5d40800129db8cd85122e30cebc5478231303563da09
SHA512 fe934ed88e9992d146230f2bfbb62694730403c737fbc8eb09365100f1398d2230b38816a6364df00a919a30c20e0e6722a8413e314d2e13ef9c819815971c48

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d418e432dacbc83b161ab856f973d989
SHA1 3f36b8db116a1491e182505302d86c3615c2354b
SHA256 011010c9da59905c3d30eb54402b1b21fff1236bb4a3f3d1039b77037aa46b69
SHA512 06d47c68731a3ef415a782a305770849395cba691d29c99e77087427dd758831ecdbddcbf1b84c5914b1b1bee41e413d11b65782a136d1d0e58611e405d23cdb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 75687ed41c50e46f2699a522bf429c84
SHA1 40f8acedce94cc79a977ac74a189d1193d9b6513
SHA256 6fc01945cab08bf7f66598e039090a8efb518b7680c208f6cbe8af394581d7b8
SHA512 50f0f877904e4b4e4d9f31c989e5ff818c0f2d8b65b636621063415394da9cbc008ee579dee8e615a8dc948506bca6025211f748bb0b04b3b6b315ab11ce2820

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 8d4a5d02c88340615d5e4387c38fe46e
SHA1 6508a5b460e89bcf85d9c58c9bbf2ada38dd50b5
SHA256 5ed42c22077fa473df080b9732e9a333f39348ac21c1cd7ec306a17f9b657089
SHA512 cefb394c40df4899be8a0b86e9a73e0abcee081fb6582a8dc2a8b2d6cd4c2048751abf0441824236fceea07725d3b0b57a1040bc5bbfdea53c3ceedba078ba81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 e089e1422fe4b401e7803e55eb0c51e2
SHA1 e9e030563c0aeb876edcfeedb49d08ad1974cb2a
SHA256 9e5940b8a707a1a95dc77dac6e568a211e240643b5316c2e36918b8d49382d66
SHA512 324ac2a8959488fafac997c59a7ef6b07b279e0a338409907ff2e4c48f2f3d2878f082e5b363c95da35298c88ae7e26321045423f49258236d9444a906737986

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 0d567bed633411ec53230f9e84ec39bf
SHA1 b7d112dbf4294da08ced8b363dda31869bdb4f1a
SHA256 7f446f2479d02a9564973ef4cb997712c9449d6d05bb4a37ea1ed9de1863fce6
SHA512 de4c73c33bf77b1dcef42ad72fabb7929eade6d0fea366ec2e52474983a96b955893265e5545263ce8bdf5cec87fa81c8a7646bebe19760e1048e2a30b165283

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 1f21d4a64c9ff5674464fc764dead4d9
SHA1 f1f5e029aa8c9ad3f85d13e3fcd0aafc5dbe81d0
SHA256 deff85d73f2a4e17a8e531d4e78e946868200275a80f1438944c99a193539861
SHA512 ddc2915ea17ac9931be5c47442ae59d780709cfbbdc0819014a0a282adb0e182ee382932d0fa1045a08e5fed2c80e2d04dda1c0285a3868a1c3197af2af37f4e

memory/2304-5255-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2304-5256-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt.EnCiPhErEd

MD5 2e98568f53b88e59f6ff1ed21e52aff5
SHA1 91b6f8ea23e4d3fe205b156f36b91c55838f567b
SHA256 a0d1111972ecb5682f0d6c16319778e5a88b05869dbc504bd07937dfdde435a1
SHA512 a4d5d13dd27ef9d1322cfeb83cb71b060f9c66bcc240dbc205fb1ca7828aab123dd85c9c80ec654da11b0a264bfb6325e98eaafc458cfc1461a69f4cdc110c76

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

MD5 fd3eb9bafb2c508f191429957285ae49
SHA1 f27e840ff1b4319b1c43b6f7f36917cb4546c0af
SHA256 8556a446e6568c2de552d15cee3a21df09d9a3c405a93816ff5e2952efe42892
SHA512 1245c88878bc96ddb40047a191fa9a1100317f23ddd398ae426868d2ec2de7960bc6bc4c6e800a4953f4dd0d53fa6a802a174743b430c22a31457e8f2218e6a5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

MD5 ae61c513d21bc844cd540150095bb1ea
SHA1 943d32d25dccfc138fb6adc27066835eab09eb18
SHA256 5d47e2c1eb6054e34890202d86ce6fac04c6d335889fb6f477238de0033a294f
SHA512 fec166a944060b0e265ab79e94a9397ffd3e86558288c821f7c02ff7f59f128e2242cdf451e051f3f1ad85a7b33ee816449d8fc0a9e1d3771cf56cde38e6cb12

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

MD5 2f87ca9344201e15b0db2ee1ec8517c3
SHA1 5ccc80e7765d847f18ab32fbe38b11dbc67f6727
SHA256 d461f95f670a7c3683820f740bf467528b6b91eea8cb3d1a4f8796d230f6f652
SHA512 99f4b563af257fa5b74e6d282c5bc32e40a07c3904fa2851bbbb0ee65f73a3b6c8ad40a3f427063d4a1af5aa6365c94e5ca489be7767a94bf00e26523e189da5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 c4409ce7cc02a7c36350d4982cdf172e
SHA1 f2c4487cc4a9b0fdb33e77e38eb782dfe87b13cd
SHA256 57d90c2feb6ae0608e5d39104789fc467f057a048aa01d1c3e7987406a8ba5ab
SHA512 45b22ff12fd9b9498cf2e743cb33228efbe87b47da31e529d020d0fb9aa0258ec09626ecd9f2ebe5db3811e18f0ecc98ef06479a34144a07decf8ec290039a90

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 929bc86cc6e8178678e6a56fd530297e
SHA1 7a1f71f12a84e471c12143dd697c3c9af4ec83c2
SHA256 a2c174d695b50bc58888e9dbd999229faa935b186380b598ac0d0eace26d5345
SHA512 002a5580794e0063843283c8096f29b5ead50b7268e541dfaafe3e8fce4c0bde65aa5b14480b92f6dd98919bfbcdbe5ed126cf2c30f892a08bcb96dda13c24fd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 42402693115b751131be13ccd773ad03
SHA1 65becc33596bbbcbb2ec404f50406abc2b793afe
SHA256 597a54c0c8a23870092fb0688c07184db5187fb96a2efa44c2d809f9065f172e
SHA512 974f6fe683cb52782dd269d7be3e2c3f71ffd3a95658bdc901294a1e23dcf6c3334fa272ef4f95a7cf9641533685800e613058dd5cd8da7ca745fd8e2c96e712

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 93a1b8d4d17763eb1ff1b796b3f82383
SHA1 1a04994d4b4ee6fd72b7add91cccbba02e8e6997
SHA256 4d87ed016e2f7c0750c1168d1f2e683c41f4b378fde87e31a5594aea64818ccd
SHA512 8a60e03bc1e22dc8f6b2eb7756b10275820dba55b8462c2e6d6e565a69e637813a357608844f397aff96bd78eaf2669935c91b7932559cc43a25143a84fff7c5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ef3e4c44a818f92790e4fe6391e29d4e
SHA1 f4167795ad8eb3989dc7561fdac4f78e7b676192
SHA256 373cf40ead5c04ebe7c217f64b7c3c68f378f770541115c3ce653ace9c398714
SHA512 b20e8607b0a5ea1d4d1a06ddbe2cadbbb0f0ae7ccec2f323b47c4285e662cdc88f60524d01be5012d71047facc9f89b673f841bb9d10fa10a6c8611ad2eb025f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 48d0367d4af5e7b60d60af682f711348
SHA1 b88528859c1a838bf290f4620e404fb175fcfdaa
SHA256 7ee317dfb3ac09b0fcae91e6057089e92117a53104a0991460de2e2dc939ce96
SHA512 7100c7432f64d0b876448a2d123aeba12fd622bd803e98b58ce3bcd88b5a3303d2e713ba23d8538fed71c8372910cb6aa20c70266da1e5ffb317c5b6284f6953

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 407b8bc62a269d23107a46e96657ecd0
SHA1 7bea199d056bff812e8f401f5af9fe25a18880a3
SHA256 290adcbc1ad51df18af9fb26956df4daa1a8eb003d2638bd804057c638115fb3
SHA512 125c021d6043e47d85fa345a7dd6ba2c45a9fe858ef7887a6ddb9c2d15199bb0da91047c0e6260e381bb60cb3012795a4bbb7af1ce211dd574575ea011384e68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 5f644b26521f58149e92eb9448b4726b
SHA1 895b350af56865ee56e0ae5d52da6aa39b7c8372
SHA256 ccfa8c4ae0748a0339e5e3c9fc45d80d5fe1a9e2000128f9a732019f432c68e8
SHA512 0bcc1bdf9dfee943cbaf446fbd1844b163d9a0610eae4cee42ff352e88bcbd6edb830a430fd172cc21815b1bda77bed13d4f9d2ea68e8a98a19dc9c16cf65a2a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 23880d9afb42cb65c5f963066cb854a9
SHA1 6a4c82e6ee3b123ce410fa2d4f2078149c9f2247
SHA256 38ac15ad68f79f9c141391dd6c18f63f0c0878752cafbf32497c64f266db3bb0
SHA512 d0e05711a364738367304cfbd4bec14260a902ff3b9a928275bc819ea19cf99920176ca701c166c1f444d43d2f4ecfc4039ff87b5dfd9f498a095a67519ecb1e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 4284921a686976667d1985d042382352
SHA1 45d218f06c6ed1400676555cf07010f9f81e81c8
SHA256 c06f5439c72862de812057eac62e42f140c481240cf817bab61d5b1d513c9fe7
SHA512 1eba7db82ab9ff66325f2cba50dd1365c047d94c424ce45b8a767d050962980faeadc7a0fea3111477a12f5fc057f3c9c7505b834eecfb66450ae6e43c610d20

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 1228ab7012b5e55c7a966c5eb47a4d5c
SHA1 c2de48931ce524a03fa8017d38fbf8b9954a73ab
SHA256 9501e97370b467b0598694c791f85dd37d5fc53067c56526caaff4e56b2cc8cc
SHA512 3aad787531db87dcba6aec481029ec33a49d661ea62e774faa6445218e3c7c7b80b764486301d32e8a9d99974bef64971abd354184b5f2c55085a60d5c1d4b99

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 6d12d9d39d1f99797e9eb96b8be022c9
SHA1 0011af6d258be6fed653858d13696d08a473a22e
SHA256 ea0cfca8da98b0517fae562365e400a0ad1ede1fdcb94d0e11fdcd2c1ba72a52
SHA512 9635e681f66e6c0f8bd7b766336cf51a8816cc292c455997a09420416b2773756c138d20f0490414c26bbd4c74a7a9bdaa1d24ba4861c5e920dec8ed369ee46a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 a9e5b24bd2b36ce57bb7d91b87557dd0
SHA1 b5b612653e8fc616f8834f7a6d6ce8a91076e770
SHA256 2157e5f24c5b82a78941df31bf4aaca2103102ccf1a6346b5bd0456387570113
SHA512 e9b5e0903ca5451106919c7ed5b76613f2ecdbd9e95085d1b0a09f0ec06cf7f5f878f9eef2519067fcd2fbb22ac3925522ac84cdd469e8a79a4e226e44a5a434

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 e2b67546f18331e10ad620a80f863a13
SHA1 ece50fd35a8b4f72d259c6c9168accb69fa2c7ae
SHA256 4b8b96e62ff75896e167adbfa49c84631895432f7192f835bdca8c67f7176e29
SHA512 74cada39a8f1da7611743fdb1ad4414a0d87bbf6616e6c8651cb0675c97a9e0baa0f8d417505261ac1e1c1f87cc885adfae6b37e3f948c225fc1baba94ef5877

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 8903cbcca9b4c79c544d3eed8358fefc
SHA1 4a765dc6910dbcbf230ec6097b148c5993a8d733
SHA256 b59c4d33f7f8824f078fcce100d6076bee5300b7a4dd419b62cc3a150dccf697
SHA512 05f0a8df13faacfcec81df8e4809b32721c7f3e37c9351069d7b8483a18afdb855a9ef9140acefdd7e42ff1a1ec6a177d2dd5c5b7ab17dacd10550a0bc90515a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 7f60e05fd7aac9bca213207f32290c0e
SHA1 631839615dc89c3e699ca669fcd328740786a7c8
SHA256 0e872525c3436cb7b5e577d27fef2b3e4701afa4b6f56f0e164526c1cb1c7865
SHA512 a1f474161b795874d78e6564467da96088ae3af81a872de6178f46b3c75f83c6a6f96532626fc0b1de269af23ca563d3203d5aadba91ab8258f742670e298f56

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 3c89f180a2074ff562d75702614a4599
SHA1 d747a49ef2b9fe9afe6a0ebafaf4910f2fd4058c
SHA256 a2fcf0a5e707f2797726c1c2deb047dd10a961bea0f4332ebe30381b86f36bab
SHA512 1a05e380c48234ba92335f39515710e94feb764f61d1306d15d8d9b5b8e634b30b22287bcf17b6e1e13fe6de723ad2133cb31d8e89c97791a33d3011d401b2f1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 19a1df1836dfa8bb951569424c173102
SHA1 71144a333901d6927ca0e021008a7948edb7b006
SHA256 b050026cb502a309987efbbe5bb9910da47eca911f9160a53ad7080ea4682d69
SHA512 cf6c6b95727702abb73e327cc1ebfded9f51ff3c9f5bedfd53e9237da598393288f5f377c1b3d7f5e45fdce9b2f780b83c2561bb03c77b16f4b786e598b0a6c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ce027c27f956aa1ca2336e8bf01af0d2
SHA1 f848dd7c9cc863bec862ab420305136f9ed051db
SHA256 9d36c50924f8fafa21714ee889483bc8dd961d54fe8d342112ee14007b99196f
SHA512 cf3dab03c9a628768224c97cb58b2846fbc9b576535af2895b60ef71ea680ec3f66dcf8efbda3b250c19f66cce1e5a91851348ed3e8ff56b6903507b4eb2b1f9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 b9b8e76721a4c68ef9e173dbf68807c8
SHA1 a820f698b43f8129501ab22b8321c5bfb7073df7
SHA256 6a2e8018a5f866aa47e07a55b9600f410a33387ec004e64b3142186718547fc8
SHA512 e3696cadba031b086be98c1123fde56cf2a40c85b8a8cf72a7795d80b6b01a2fb885d54c1d382f9346c72c44691b5e9bef35784ef7b581b8bc3dbb40f0da06af

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 4c73c01a7eab660a0a136dbca4eae885
SHA1 590c9b4a36b36064a6af56d97651a55be05c89d7
SHA256 ec45abeb5dfb7650bdb42af86bedc3fb0f31ef1908091b584d9fc781153ef252
SHA512 9f9bf18b7699827a6ef852aedefc2b6fa16783c9db4d37ad2b4d6c2030e040492de350e1267d8357ed2bec41b56dc5c4772082b728de947a0ad4f329de5cd922

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 95c88d8dd89344c16a52aa8068f02e11
SHA1 5e06036414195f06c37c22c09563e6e889a371a9
SHA256 70c679a9abdfe351d1fc427a5085dc7a3889d1def38ca6bd1ad3429a93896b94
SHA512 c0a60ec67fd63f57ae3ac6736036c8b33162fc2463ae5708b06f9ac44f186f69f579e42439a425392078b1e36690155988615f36616e5cae35a51b89acb0ddcb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 022aa580214930e1b7f32f9b8680e757
SHA1 8bbef7686db7286f361ff506fd5b3740496b92b4
SHA256 354b335cff054c70e671107c56b4d9a2a0ad7ac0a1a6b9fc5a4a2e46101dcbfc
SHA512 0bc2862e4dfc0dd7777e9f6c9bb2fd44cadb3d60ede26c5448cd5344f9923ba80aff7b6807f012008c9667836e327ad8b3e6f72f278bdca886f09b31723022d5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 fccdca160f0917b6b793c5c3733d47d9
SHA1 36fb23fab7b8addae783f5dea22117f49695f8a9
SHA256 c208570627d19c199de76819485e1b89eb3f5849b184b834c8ccc3ddf5a89db9
SHA512 9ae12d9d8f25e926218105f07919519b16b5d71f1301bfbde4830742e54cb1b041b3c407cc16a87865d584f937d40e170072acacc4377ce3167ae6a227c44bce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 3b02db9a3e7a1807e3a51a9e58603201
SHA1 13d19ccc4b27a25218549e5db3b6f6a73045d4b9
SHA256 74d3d1bc45106becb609d208db0a34319606744d01b0bc01c7bb180287ae90af
SHA512 d6d22bda5273b9d2c4ae4017e6346afa780f43a89723fb80e2d21669d6ac0f551963210c53c0889760ef2df2d288882b398fa0b5f5a7214bbf4fe6c8aa9f593a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 f3857f3233a8d19a3647ac2cf05ccd24
SHA1 0a79f4c5c15d82731f389e271053d0ce56a7c23f
SHA256 ac63d118cfb0b8eb86edbece578cc4b88f5806792babc17adfa9615b6cef646f
SHA512 b23e0a61809eb213a8d99b9dba6fc38abf0a266e2de0178b9a7182413ccd513e9413eee7a631fd41d40f04d4908f7937ceacb81956ae7aeb412f47bf956117ff

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 1943709addf2f624ab2164a4999d46a3
SHA1 f9e19c501aa2687acb03fc62b23bbbbda48ea4ff
SHA256 796fab3b5d44664044ea146e0185ae908c4d2b37df9f89e7f32d40082d0257dd
SHA512 93c1cbb1fbbad0f174639da1885c6bd44174ee61a346b97765ae00206fd9578079068d5f347a77a2a32aeec26ae5fb77ca7542ff7141e7700b60efe44c79b0c5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 585da722f5507e6e8ab4b9c664d36f64
SHA1 b18c9144869c89a2dc514ecaddc028e993a15940
SHA256 fb5d0cc898cbf962d5cf3c2934107e660efe8ba3a2b809f6268a0a3e5f24cc02
SHA512 2ec7e9420be6ef4205cd0bb21524af21b200c5cc07dc76ae14ae488094089922bd64c7631afb5b20a409d6d332bae011049a06da2c1f8225f335421e8a1e3fa9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 c670494bedeac03ec4654b4d134e328b
SHA1 5ab4e1de3e17c3031b48abb8c73f21502b0b59ef
SHA256 3615285c338fe1a1ea0df04bf6e2435f21f7e4df6f11bec2f8924d9fc537d248
SHA512 7a0f5c268b2cfd5015742f2498bbaeb2024fb6ac961b2f335080e39da02859a01fd383e783711858166e1246ea9597e2e383d19769cfc9c66c9b8dce760cabef

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 4fde38ff1befbd62b8daf20bbbf54a61
SHA1 0f621f1fad835b57b9e04d3c87d670ef909f221d
SHA256 5c47468770025624eb20aba187d42f4cd498d5ee0f2fe489229eb067c7cdd65e
SHA512 a57099821c70d0838d69d8632b248f367146fa79c07821353245a8ad34b76112a76a1e033814d5ff781eac7fef53a9d7003e1c56bdff8b15781e965b32f951bb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 314a1557303b281b3eb094916c0b5913
SHA1 3a119a3969cc1010d197d612188bd5e0ea93f41a
SHA256 bd9d14803c829f256250944f60f22d643de0ca773ac45bcfecc191e6461c71d2
SHA512 5281351d439a21d022a54330f755fca70468a2c5e73f5f30214c71bd7200749303c99ed6b4bf3421fb2bda4590fbfd40060cc9d9a826cc0208dc951659ff310b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 b2c8a73b841d809e22880a083341f816
SHA1 f7e7cd9e964d67731a7ec69bbbe3110a80139db9
SHA256 3d0079b3b239ccb9d6122d45b24a2131eb9062c8aef0418e4d155be4016fe836
SHA512 f426d2f6075002e03ae76996e0fa95cbadeedebc7ac505c348547a280ff4f3573d5937d5bc5d399dfecbe35bced6971913edaa695e4e6dfffd615710a98f8f78

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 e5ab704572811184a64672f0d03a084e
SHA1 4cd5f0448c8a9782388f0f88d0eeb94b0b66ba47
SHA256 253f01dc284e59451e332a0ac3e198dd94755de27f61398c71409002397b86da
SHA512 154bbca7ca713f85c286c4c97e4daf6be7e45f3d7def89f2616d6994b7ee1741439507b9d66bec2682a89313199def58e1a1a2f4729feffc2aaec1f871e390f4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5e82ef34d28f3902dad5683d08d3807c
SHA1 78e6ac68daa1779a94f1ee546e74bce7a308313f
SHA256 2c09213c057e662e660f86a2c68d6b3f67eb79172d5adcbedd03e744321560aa
SHA512 d9fdcc1400f42246c4d3bfcbfff9c61f84cb0c410f99fe6a01d802d7ece2912d402e3d5a3644010e6b06fc34bbf13422744fd271757b47ffb6538db3de2d9b58

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 909067c66e334cf29cce06df138f3291
SHA1 0677d15f38429423ae0728246eb265d0ac4762aa
SHA256 7ee70c828378321a21fe3a69247a4486b8b7389df88054bf5e310c01d4e18075
SHA512 60536e82b815f951dc9a7f9f9218d2c92f610f0fa6952de790b5be0993c8a66a06215d123127a0e2c7fcbf5e1d7b03fc2ac4f33d651304eb0829a7c1db5603cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c535408a9f97edb1f921542aae4f99be
SHA1 45ff0a023ffb45bcbc57b0f398987eb33530b863
SHA256 03b54d012d21421d3d2b04ed1b2751b74f834e89ce2c02e1a16e4d563c3cfdc6
SHA512 5840d094a8c8028d93e08959816f5c82f253289ca40eb9dbc8b44bd1e7b9f84f7772ed97c5a4818a4650c0cf367eb624546fcd8a1bc491c8c273134f4eae8a7e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 5c874ca7e00009c3fff6d2c0d9aa32bf
SHA1 742109f1deb2958421ee5e684f637ecc4331c5ab
SHA256 273a1c91ba11be1df7b6679dc1d639904d5e5a0e31ea18b788ba71cea627f798
SHA512 e937392eb1afa8b735b820100917fc193a938bb6d5cc193da72be14c5d7473eadfb51c5df569a8d463f7e5b1022dd95ad9833b91211aad772dd562990ddfc416

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 3af8dc22c0bbcbaecd343dc14a1d2c88
SHA1 a4d27153f29094b4d0470f367ac954026f036395
SHA256 3f9cfa91d82e17d3bcf6cfd5d7eb27fa15b0186b867af9c7eda977b538824164
SHA512 ead9a802e78e1a63f3d4c638419de3bdd0d9e3278ef055bfbbcb9e7aa5d512170ae0be87144eb34215eecdfa174a4a978ede7ad1758c0791b5adf634b1ef84f3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c459edb1b30fc6060a32fb39a3683ae4
SHA1 993c7b562c994e90011b4e5513331e9d8213fd45
SHA256 b3a876f4dbf67e6832a2b2cfd33afaf28254226d762d357a8a0e047c336f7aa1
SHA512 3a0e7ce115e28d271c718026cd85d2aa23e01fa47504b53009c313a2ede650d5c24df4fd49cb832bb78a1cc5707a288d213cf26428a266332d5db4c62edcc6da

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 b423bc3db52edb1e33b040082d4b6b23
SHA1 42903d1a2e4ba59ec6a11967eec29eef4a77b515
SHA256 41d016c9c77fb5298979d82b6c7df8e4cd42f12fbe6ba2c69e8976c573cf5bcb
SHA512 141f360dae1dce71f63e60ea46a8c6603ec1f0798ec60b533b1cc86f3c84426ceb45f4f5fae027589e53bba4270aa925832c906fcca8e5085f0e40f0a23c4253

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 a640b2336ee4d0d5428862289a8ee008
SHA1 e65a75702afcfd11d940c968cfb27704259cbe08
SHA256 c1f151c23e6fe382393c7d60a9bd309a5e7867288a4dcb8aa6c6090dc3bed730
SHA512 f8a64edc7e0ea2be941bb5d11ce115d559c39c318f10afedf66e95853b50d5a2246ecadd67774f504987060f70835b6bd3b92979b5804376e4e20332191b6855

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 8dd6998879472035c901a28e1ef3d521
SHA1 5fe57c1f49f7039371636c4e2d461fa8447c3b39
SHA256 f807f22bcbd8a0d2c481611a53ab4f9abc2b96249b9dd431e55621d53e14dade
SHA512 caa6702b8d5e829f52218eb2d2631f3fad50a7360d294683c444fd34b11960b86f298c899f2e813d6731b05bbdc1f249af94152fefda81283e3d048a9ddc823d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 66045da806a1b3a575d7ed6f9894c178
SHA1 07ec2b1df175f6617a0f73a3bd06f852cb3e210c
SHA256 bb92a65651ab3808609ebe228057b91458549e413f5dda836a8be7b59df15c5c
SHA512 da169fb82e915ac52a31c5d468fadb8a83cc99df8929c6c1cc4dec552138d502180b990ac832b5c601c83a24821c3a3281249024bec387e136ab33686187c0d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 775631358882d5ea9f7b70b10017c2dc
SHA1 8a9d36ef2e24af0bbb906ace3dff571c8b2d873e
SHA256 e54e27bd1e4cf0c61bb3109298e8d109ac839a8e359aef5ae9d77b6d56df6318
SHA512 ed15b5a42f040b044438d62a03b1ad9ada72913f7718419e2c97f3e459d99d957165dc4c11a89b0b7a06afef29fe03b2c0ba5a6e348fffeaefca95296d82dbc0

memory/2304-9758-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2304-10761-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2304-10884-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 98f0c3406af73d03f289f0309b3861ea
SHA1 9c80f4ce81990f8d52884f2012995dd1903a15b6
SHA256 4d1d0c46cf759c4f26852ded34ed6e1de30240f7f8fbb8b215b4f1973268b667
SHA512 01c075d681d199bc9cc477b98201a79ee93d03e28608de3fe9b87d096838b460783f7e4f0bdf2d404d8fec90f585400c91fbad73361d96e7273f7973c531808b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3aecb790846266e1199ea658f7dba943
SHA1 5192b4af636415c9fd15f20836ec25649a0b55e0
SHA256 c47ce27a7233fec14b63b63f85247bffb890f58dece5cb84d2df79e2c3378c67
SHA512 d48a9df6763c7371064b46abddef6e154d0b451051e64cd0f257e64ccde6ba8350f84ec0a42898714a5e92a630a95e0a5d26bf0d86dde5836d9494c6cdc7aa4b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 c40a1c107aaca01dd5fbb49cc467a582
SHA1 ff06644e633a71bc1c58316d9cff6fcff35dfbfd
SHA256 09d732391cc9db68f98bc1f93e38d4cf34dc5bff31452b9a7eb45636f3922051
SHA512 06f6788db462e518fd3a6742d3a54d7dc7aa5a51f8d41d90883bc46c937ecd60b9744ce38fac558dd431b0d61a62607875598e5c9bcf9757ad0761c16ece4ebf

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d14281b27ad4120aac7e6ddde76f932a
SHA1 4bcaab0226ed72b6180e33c08da6fc864982e20b
SHA256 e1efb523f312a054fd72a7d273fa6a713b331ddaec4456d2dbfcb7ef9fc02078
SHA512 a40f6592298730387e810e53915a87f245bdca6182bceb7e74215166626fde5bc5eb42253081fac408659906119c33166f915931c786f88f9229155dfcc25deb

memory/2304-11161-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2304-11162-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 44fdee7c8d48122443bed7ac1c65973d
SHA1 c90abb36d2aa75ba64d225daa8791066e48e6237
SHA256 7e1373f5ac8d446d803c1d889f3f4a432a91f8574232b797dae9555c7da852d4
SHA512 7ea4aa279e02d5a7207b556d1d2067f6d99b70243e4c13c6e93f6ebc837a2067ae953ce903c749bc77a6e996e6e6eca7b376477115628184fd412cc8c661a244

memory/2304-11167-0x0000000000400000-0x000000000040C000-memory.dmp