Malware Analysis Report

2025-01-18 20:39

Sample ID 241129-l6qgxszkfz
Target b089042ca0da14d87fb124aed96f74a0_JaffaCakes118
SHA256 d74eb60d443188ee7e6d32620da2746a2c870c7f8d04390d2cfeb25f07185a7d
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d74eb60d443188ee7e6d32620da2746a2c870c7f8d04390d2cfeb25f07185a7d

Threat Level: Known bad

The file b089042ca0da14d87fb124aed96f74a0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2180) files with added filename extension

Renames multiple (2209) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 10:08

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 10:08

Reported

2024-11-29 10:11

Platform

win7-20240729-en

Max time kernel

91s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMail.bmp C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_methods.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_neutral_6708ad28050a6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03014_.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Library\SOLVER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImages.jpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384885.JPG C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a2a11eb372246469\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_image-frame-backglow.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_25aca87d57204fcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_vhdmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e8e047bcc59e0184\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fc3e8ef154c20882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..n-playapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ff325000a68d0e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..atibility.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2094082834165c80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1cd8423c61339c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\background.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.1.7600.16385_none_bf4b6db34317721d\TableTextServiceSimplifiedZhengMa.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bdadfd83b0b6c2d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.1.7600.16385_none_48aef4ef4511d002\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.connmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2d0a8eccdd4b2925\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f04371ec21c4626e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ds-ui-ext_31bf3856ad364e35_6.1.7601.17514_none_ce73310d1634318a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-12.htm C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scheduleui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e13a6d8da3c0da7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a1d2e2d9caf6cfa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b7ececafb7115d51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0b87e3eafadb992f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-http-api_31bf3856ad364e35_6.1.7601.17514_none_53d2426eb3eb6414\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_a82ee2a7319fa8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1.resources_31bf3856ad364e35_6.1.7600.16385_en-us_242b7f207b3f852d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b1c047fbb97d6dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.16385_none_ba655d23c4e8149d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.1.7601.17514_es-es_54e81c58c964bc09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\alertIcon.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky007.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd86dfd1c4d5e0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.services.design.resources_b77a5c561934e089_6.1.7601.17514_de-de_eb0bf420116bd564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_averfx2hbtv_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_2973b7e011e9c731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..ation-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0878a76ae05990b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f6cab1d97fd59a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc007.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ced3be0bfd4760e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_a38cd28420bd9947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..networkconfigwizard_31bf3856ad364e35_6.1.7601.17514_none_3712ac6ce5bea376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f77bed28d763294e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-kerberos.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7d2a6bcd29d3f281\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_be60478668a10bbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_db9c255fd4880b2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdrop.resources_31bf3856ad364e35_6.1.7600.16385_de-de_259677fdbc3d1d62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\1047x576black.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd5d3f940c611446\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.1.7601.17514_none_2aa8f972b1acd31e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_6.1.7601.17514_none_7a6b897811df690c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_de-de_2637f1a2904d46a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f738b35ae7fc9409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7601.17514_es-es_905a42a357358868\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7601.17514_none_055d8a4166e66f09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_faa03e0f3146e084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b2cf5a1182312160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.KAAAPEC C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.KAAAPEC\ = "OPHTLBAPSNHDKWE" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe,0" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open\command C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe"

Network

N/A

Files

memory/2744-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a70e7c90f6f2ea9b2bfbf81a9f624db1
SHA1 c82bd170aab5b1782ebf4b99e6f0ad7865ab2d6d
SHA256 4d4cfa8661dce61ad768dd23c81c70bc9b4c3d4698412f3a5cca8416aa826814
SHA512 e129b3b50743db0e8a45ed79e77b7204ee79bed78787a38ea827d4caeeabea4be060a4a59e77ee10ae9aa3233fe4caf89159c81f53e13c8c6a936501358cf4ec

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0a3be4569b122c8963fbe96fac27f368
SHA1 8b086cd6ee8b43692e07e43e802faef686e3a751
SHA256 b6e41a8bab85d2e3b7d61e675a9f1371cd3e0ea537bd8bfb808ac4fe4f5a3429
SHA512 8c5b0f50ec1c4d14a22277f13c36ff0cc93d1607d3390c4e2778a76fba2d5e9b28bfe7cca3e45092d3f89ef3ad82b09e834e6ab7720939539d5a321a9e5c8ff8

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.KAAAPEC

MD5 9e48aa7413d180e9b5ba7185c84a5b94
SHA1 2a6b7dadd58859ae6542ce679a104bd087cccf0d
SHA256 e03d93eadc6bdb7b6d68891c2c1edf4ed41b5dbc0279cd8b3c0de376a1129b20
SHA512 07122e3cc865a7eee87a50f0fec911da846e467adcc3c4413486cefd933acf4d877110a7658fc4be0c3d9d3ed4c058ad30a80fe7a6855eb8e396a34da658b97a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ee9710d1587011b39edf496ace75a836
SHA1 113b721b261086022c08eea6f529ccaef1f905a6
SHA256 23cd87d42562f9fb75f14cd0e39041543dffea8d1c92a2cb686c1fc61ec23b72
SHA512 ff7dfd53c886b21b1e6cccfb9a77e9f161130a5f365eac014a4c3cbb9fb8e5760d8be8c5ac2440c1d9f8dc34f2850353dc46f74ea8d2fb2102b77b686684c3b7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 e105658a1f74fd88ad0f8edbbbd554b3
SHA1 8631c76ccd4cf1f1fd9d374959e3ea517e814b4a
SHA256 78a1379d087d6aba03630e79b665817651e737b89217ab55fa63fa43406c5a9a
SHA512 05560053f5dc49141a5ee82595cb84b212bb508d99cb90b51916b6b1b21d9e8a67efe85ae1b0f41298947e4a85670dc395fcb5dd4c955a3a7f3195331802bf10

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c9c43a0fe4dd6c66ceedbd6458f17698
SHA1 d5f3da4a2ed251c243a74aa1b17bc18ff519e2ac
SHA256 f4b69a33dda0cb8665c5f61970212a4e49f708473abf45f1f245eb9c203bbbe1
SHA512 ad51ba03d02bb128b0623236f9b27cb0463f623d2e261733d397a444ae1f14ff1fb71dfffeb62aba455183693f935dd895b84379d727e57339bdd015c5eaf6ee

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 d7f8f1f7f7cb59afb9da28d81da70df6
SHA1 45d1b7e6fcb2c430f099b84c98e352e735ef633a
SHA256 a9f593b81745821cda5c05010432b60a7ede634769bf66d8f7542c29550ab709
SHA512 c182b40cb1f84fb16c17aad52eea2755adffe3fec8f908d43fd1c1436c84f10f26f6da7e5e37c0a50aa72338e4c55cab64d3cfa56261ad3c7eedefc99605e970

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 51377760a08c50d752d2b3900293d32a
SHA1 2019e524b8ee34f52c41ae6d7e9ea4672fa11432
SHA256 289028e32bb52a434654381c11925be18871a73d3e547b618e91240de4b74ee6
SHA512 c0b5a219a5e5a48a93a884959a6ad346481639011bf5781f5dadc4307ca5280c9e602569071f3235101943fadb65e24ab43e9bc6ca7b0ad03b233c2bf3a53ef5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 d0f2236494496066fec58cbe57dfc9d8
SHA1 b684385503af7b771e6226304b4eb9a217d70d71
SHA256 36930f9de26d8aab5ac8a2f575d5a0105d47441cfeec9a542cb3151af97d51f0
SHA512 3859c65ff1a8f046889a132862f121ff3d6ef1febadf9b11737698f25505794e3b321a779d05d77a28d31d3755b1b00db5389de8513f8d5eaac2936225b75862

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 400e43256b21bed1e513aa29e7244dfd
SHA1 4b8e23fe2c645f8a0d76f63aacbfff52e6ac0c09
SHA256 8a92210fb17bdbd1d41c8e5953417bcd46718b0a57ab50cc9d63bb757e691564
SHA512 a09ded0b3bbec840325347f2b3206560bdd0059fc9dbe561be8dab569d2abd896994bec188a71743acd2fd1d54ea945dd52c238cf2dea4883b62cc6e87bfdf7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 d2b1dcd1c48820504ab623d1f6ae8599
SHA1 01de5896f2be97f0d55b88aff281b0f2ca3067fd
SHA256 191aaa0b39a0f44f0bcb02ede93079efe53514f23fbaed543cb2faf645f7685d
SHA512 40cbdf9150458f97a6bd5ac59a9382656abe46e35062b9e29235f5acf669dbb4a3ce0936e649de43552473181841ac8c2b578610f47ead0b4298b50af4849bce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 05a0ee7a8cc51bac7acc5074220a7b29
SHA1 ef6267d8683131efa513d6bcbe2ef8806ef162e8
SHA256 813c1b77399ee1b0841354997c79bb44d13214e4670f7c608f0990c5ee557e49
SHA512 de37bf452c882bd166d99dcdc084c9ee66eb3cd11131f5d24faf93a7af00f8bb6dda8ca194a327d3fd7beec8386d836f733db44cc53e6b74e420707ac8f4bf20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 ab4778b40ff42a406b0415c825c1e2af
SHA1 2a58a646f0a6a4606bd518255d23fa1d6736bbcb
SHA256 d247f05b48a2f1c46d35ab9d452da41f232987b7a1e38c0e60677e5cda03e16e
SHA512 3d8dd53263d245fc984d5e16046a29febd4799b83a29b322e8b62e804440eda33a1a1bcbe568edbfc5dfef397e1fc50d76d48efedd1f35ae8bf8c4395d5377cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 1a26af6b5b86db4fe571ff8f36f9ed0f
SHA1 6061266b8117f92d209e547f49baa2358aab6b7d
SHA256 520b8287e588e02fbfc88a973983990bc327de4bc3c11ceb53f78e386d56eeef
SHA512 17d33251e46c3e62fbd224c9769ab832e4ed055d26b6d1d3953fe08179985780a05fd12b7b06cad5f5a64d865aba5231dbb8a72bfa9fb6edbc30d2e457dc6d66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 de04c56e47d413ffd79ad48a2d83045d
SHA1 d79bfcef016d78f187234a1744313f6d721eeec9
SHA256 935743656f86fa9423c8bdaed36a214d4cf5fff466cb91d43ac7b126ff6af312
SHA512 97c0dc3b980eeedbfa5a5f13b0b5fce0524818d52bac764e44466cae7f9dc532e20e9df0c895d36c97695d02e6ce1984b970f2a3b194f2ea4c8e93333936224f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 38f1989a9403c480480b790e84d253d0
SHA1 50c0ff533d4eb51cc5df93b87833997bb8f882f6
SHA256 9f3078facfdde093fdea8c5e7f7847ec63d5fea5ba5d852b752bfbd59ff805fd
SHA512 f4490fc065ecf76c5a0794315cc5400c24b0b9099addf824213c7d31cdb37467445bbe3e0a85a033136db80492d4c719c1384f65e705614a851fe37968f29fa1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 76f607926cc83134bd8767466a9e99a4
SHA1 4a71831836d6fdeb7bd8e753357abec12797d2b3
SHA256 b64b9e67de00176a413fe01a48b29764476bae48bc322ff04ac867d3c349ef36
SHA512 423001226db29074c46e85d39d81b721c13d2cd193b2511369221ee1316e21a021fde8ce0909136a7007f5b80d1f876728b53a13cc6bb9d048d5ce78194d425f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 2befc9de8c94276479870e0b92def38d
SHA1 f01a41cc67d4bafb3c80b4b066141ca1c534774a
SHA256 9ff53c2e11679fbe032627f7cfa0d0b5a414d15e2f2ea6ed74b749a34856ee08
SHA512 cf665a5e08e8f25e39b1e96c9c9555946afa763371e849a1412cb7c2380725d90b5edfa8e0b2eeb12951b8c97ae68fccbe2b490cc0aa35bafdd992e51e851109

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 f18a5e63b2b6c51ad496d28ed50ad797
SHA1 4c8882ee63874ed0d22cb79a67ad0ff16519a3ab
SHA256 e80eecdb051a9bc4a3bb718974f7dd470241b2317015a7457b6c5d125c25842b
SHA512 ae176c0165b917446f5fcb1843e0ee315b422d26801c88af3ec6908a0a349056e2fd6d43f63c069cf4f6a2ab4eb765dcc4b08dc6cbbf689ffe236f46f6d937b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5b99ee0fdc7c9f70b98bf29b2ee41384
SHA1 f42a3382a99c01887551e060568cc0fe868105d7
SHA256 b909ddef7630bfdbde2152ea32001de9ac033f790d6b8e2f52bb1b7ed0cc5ba1
SHA512 49b58853524e13790afbc7f8cdaabbe81b79a3432841d3ee6398ac5f0a466c638699e1a450bcb862fb64019fa20f55dbcd44d029c109d98ff95e3a235a719c31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 15a63ad6b3f279ec7d459d2efc3794d3
SHA1 6482595fa6b42e687eb142f85a2fc305e7bacae8
SHA256 0ea61dff859d6fa4a98589929700b3eae1248aeb2adece6a5b82138c1ac1d0a2
SHA512 efcb28abc77bae558449546628d80b88e553642c984a0ff43ecf0713ac12bc15c46f51f3630c0204a2cc4bf84396a7a0c8078148702c38078c34119f41ac78bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 12f037b527dbe6b4810d398dae75d34b
SHA1 d6602beb80bcf48d946cdf46505eaac4fa4d427b
SHA256 4d99430a082d69d1bfcb607612d83802a0586d00efb846971b9efe9490b7950e
SHA512 de1b273e81a3ddc745a5ba3bd922a19b31ae2ec032a54c988dc95606a80a107c5cfb71465beeeb672aa51905d42938d8eebeff79f46cca9b82f3b9419efde9dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 a0a049111afc2e75a005b0e27fd71ff5
SHA1 358d38b1876c25516b5c3f939c5aad2b89426e53
SHA256 881fe44b09a1bbc1f84d8f88fa54904bff14a4e0c0cac9eb73abadc16c8da6c3
SHA512 3eddb18928167cee68348b38539a0fa75e1a7e83eac2136868d5a69b3cbf188c7500368e4be87030ac81fb4865d65c19575a176f7e9d33dc293894304b27e458

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 649652eddbbfe82b2bd335037b841584
SHA1 88fe58f4c4168bde9274490e9cc8610fbaeead4f
SHA256 a47335fbb84bfa89869d3d75c0fbc99bf82fbee5d214f67b6c5da5185b01b749
SHA512 4f873444e6cd0f5a0ca439d2de3d68362f19be7e5f229cd9e0d2c9349cd62dc534a401254f292b0f900e3ec11409b33a477371cb38c85f1185d26bd383e9d6a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 80b9a14830617c130d698ee0b83735ca
SHA1 6f25ab0bca134a33986a713762d3297f0380eb8c
SHA256 119cea335e7a2c05b9cb275413fadce216fc1a91a29359b5d3f9ff936c54b9f7
SHA512 9cbbba13c622ee056dcbba95f66eca8a4356558d2c9b1022d853c1985f17920ff6e83c57d9017bab1d51eabe64e953d500b09e87a63a0ca540840609541f9d0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 6548552b7f386dd3836dd8a80a8cd10a
SHA1 71e8918d2a4808f11150d3531ca53ca1155742df
SHA256 cfb43d3371267f7a9875beed3fa4535cdb5e92d4993a801cdeb00c9772dc3594
SHA512 da282ebb2bc2fab95fe62f1ce7ca7600cd5ce29c22189db3497d6fce94956941a365a7f511499284465389c0da32b04ea8aa6a1f25c3b5247e8d467aee84d8e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9db133fc8befd469731612581803155f
SHA1 e9aa5afe0766ebb27449fda85db88c278e5b227c
SHA256 58e855c5072d6bcbf0f2719ebae83503082d8ea0b2a23e512b4a252d846545bd
SHA512 92ee6295d63bae2125a6b3989fcd81caad7b7e4c017f62a147bbff1dc9ee7bf7573b2fd5cb0116d16d5a0bd1b00f1634293c9fa2e7ff7b56772c11f729f53cd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 f22fad525d56084d9ca4fce5cdec59b4
SHA1 e4acaa1e193439745f29a50522c3ecf28ee8dbcc
SHA256 deceae1f4e0583384f05554378e27b27f936b5f2039509945ff516fcce626bd5
SHA512 468cc66ac68361f201ca88352c48b5e847e0aaa9427c10ef33902818218a95ecb55a81f3cb51edbc907ba82eacd46ec5b29515646bca84dd86df22a358073103

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 4ee6fd5343dc19cc04cc3890e57b7f6c
SHA1 a04a2eadbf8b5bb114158bde9b8a6ae464fad252
SHA256 c5a1c1e0d738b52ae5df37c93f04cbfc05119ee4325450245a0bd4ae8bc8a800
SHA512 b8ee512be348b68ba844a4bea690bddadb73a70377a9b37d1fd9dc6365f02e18314a723713dfce1522f90f7611bbd78cc58209abd949f4283a13a18cf34222be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 0d6a4ca515bbe462ebf753c58fd2f4d0
SHA1 349d6703246b2d547ccacf67aa2d7ca283a05eae
SHA256 fba1d8cccdae846bd28a8f0990f3cf0e83d2c852001a975bf3c53dec20849dcd
SHA512 b7e02f494eb4a31ef48c283c11ceeb0d1640287b8df942914f2c7a45c35974cf7a82de157606b03c63ce28d6faa390b8219a086b75e769bb1190bdd5283b3f64

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 42b4ee000617b607ea19006ad7553072
SHA1 eddabd5a573048f30cb23e988b862021959db70b
SHA256 8b078cc2fb8434a8c36e48775854e97aab68b285f471e2c12e0bb743d3559c41
SHA512 68eba4f625daf75a81681c6a7ec54fe4cf7cc86e1dd5837a3c376a0d4a27ca12210311f369c684ded2851dd69cf60bbc6bbe6ec160bc4ed02310ee4e1cd448eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 4b3b6d103df306ec7179f940fcc126dc
SHA1 700b39e01177fa92dc9d2a947615b7b8c909c26f
SHA256 22867329d16fe3fa71e588fbc8b79f5cfb228e5a7cf897ec292beecf71598516
SHA512 78f172097586868f455d3c4b65bbbcd50bbab3a3408e8b367db411c5ef6cea2b67400d389e93e507486535f9f93a0754fa4ea5573dda27b518a10b469039cc85

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 3e095b6ed74b60d156f9b5341b824042
SHA1 bf9c4f5571ad90494ffb6a414e89783627ffb7e3
SHA256 b409d7b184eda850613c0117cd141f7068010ba1c796bcdc92185e09d222b97d
SHA512 8511578ebdf926d54ad75144abd1229642068fea9e5371b2044fd778addd4b4ce8453a375c6ff2c50cc64beaf0f0aec1afbc63b289ad49e6803ee1f601e0dd11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 1f989bb687014fdb9ec06e8da4489499
SHA1 31b0e25b84130744c79fb54ed1c119312381f4ee
SHA256 eb9469bf17198ee1b2f7e20cf0f3906faae50af562895c96e96508f751fc7ef2
SHA512 8efa0d9437488b3bf19c27411c1d735535cb998be839a6e662b19abcaa1be3fa2ee0ce6e3d56746678fe0378a3315a3fe2fe546d5a13bc6dab83a511f65b274d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 8f983e6faad632df6717d80c3847bbfb
SHA1 dadea857ba8e6a7296c945565623f2c531085b15
SHA256 e7b8ea2309bd93904248dbfdb19534773deca89fd2fb799b72f484ebf4b976dc
SHA512 91c5328720c4d31867127685a17574318cd917014096a40a3ba3aaaff32af56ba418e865024fd810fce8fca0ea47f28d41f6f3d99ec452686b427fc2a3841d87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 28be84be51056abf39f895d6aa7f3eb4
SHA1 3a3bb9345897a0dd96402a25a4da9be33767137c
SHA256 0323f76fe18b891cab366a576a4e8661e7221ab99f3fe9bdf17af20389cd3109
SHA512 f0729e5b990653aed300e03313c7b6766c77f0a8b76ba847a6ca6086af4dea5a710005e8c3ba6c413279f319fa88c39958731861cfba6d120034d340adfc43e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 339c95ad37ec1049b6f620a0aaf22086
SHA1 33b650f67d90af614efa50facd5ba032bf211abb
SHA256 a7b93c8cf3272ae5cd54dae7ce18794eb3abb1b02f73c5c2e6871d902366fae9
SHA512 57a521e4236fc4c7e31eb7ff365f93af3077952a031522010ca679bebcdc6644cadfb2557fed520c11f83b59170e8067e069a7be06d3ebb3b5e5947459369915

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 31b9b43c3fb5c0ac9f0710449a08a1e8
SHA1 3e70917c644222ae1a9d83cb36be492bca8b73f0
SHA256 380abd744c7a1dc2e1d8174eebc9df1103cd4559d86f4497f179bc396293b8af
SHA512 164290307599e05e903c75dd58eae344ee7e82fe80e7da620f801cfaa56ab9ed4b03d2e8fcdd1245ddec291328664b6b8551c014246ea4729bf942cc3af311db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 33229217f469477c2c48e236cca3c01f
SHA1 2ca2ba7032ec98d2f3e445a0f67d83d4dc71770f
SHA256 fe7a42596f34d4c72c87c0155557118fbaa49a532a04c8cc9a642827c868a103
SHA512 484771d85ae71445f620f9c36acf3a98a9ca834cdffd827ce22c7bc4b3c63b09a0dfe3481ee97a8a7d23501dc7a8ba969bfb8dda3d86fe011d54c8feb8cc8595

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 d591aed24aa639933c2069c0e43bb3a9
SHA1 57da66a406c3cf7af92e5577d408665e6b4b5b58
SHA256 2f8353767bf69a496563f68c113e2e36dbac3477db7b00fe35b1a250aa8e7fc2
SHA512 e6c6601eff64e1138b71151c19d34c13786a1d1b258d4e740231fc692a1e4125717a7146ba1a0249991dc63a428adba1b6933eed9642f824bfbeff3206c918e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 fd4fd87f827943b7d0d6bb90d7eb345b
SHA1 e09d8b3e930d40bc303d4048f32161fa2f2c1781
SHA256 7b943adf37ed785b9c81c34365adb65c768acf91f3eb1986c148d6f1f1b344ff
SHA512 f7a2937e954e060ad0c2aba4d3e3962678d2426374c84f803436fd8e2ac915311fea9281896a6217eb171f87060146064ee1b60486f7c0edc212c79788ffee1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 b25213b2a0e134c46074c5e2784ff465
SHA1 979c0f5c29e1e59af7329c14c90673198809e694
SHA256 e48a69313b847b0eaa6422de4864fcd41134bfa2597c44daf87ac449e627b245
SHA512 53bc6e70611f5c9f0a56cf0cb7dacced46c877bb49312ab6fc182efc8fa156f6df2eecd96e589923fa8c48efccfc98e8661561ff766f3f8e922d66ba42b39139

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 5628c35b5ef0716dd3e1d6f6b733df2c
SHA1 9e2a9a32f759a85497bd6c0b8f2721eff84592fe
SHA256 142ed267af30b26778be1d5f3763f3ada877efab0009d33877aa98a9b71aaa53
SHA512 c222aa7a9c9587dd5a0de36f6addd05652ee412d7a44a2440c3a4af16101c34a759b669a713c889be65db60561387e12c365a104bea51870e002ba84300917ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 99fb6bc839024cb38f4020bed581a158
SHA1 b9591f7c5e9046220201c0dc5cb93764a88eb7b6
SHA256 94c345ca126eebf901eabbd028c2e97427a5acaece7f1605a5c38430ed3f7694
SHA512 e2d2e35a0c91cb1ac4cad87c6da60a9502103667d6fc81044dd8a29bee4cfcb40931409e1d2df53a816acde6a50e529df04acb16d83e82ad29749f1bb9448d41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 fd2ed7592d2ca503f22cd220c0f03774
SHA1 3ab7e877a1756640385916988a0a87aae56573c6
SHA256 bf9217c0f0126362b1eb619d27a1746368c5383b68aa974b2dcb03a0d7444bcf
SHA512 6ff65608aba518a83d2730a4a1324ee4b3857791e317257307fb894f6646b079058ecfeff81650068e5900b7019b064cf5e5e505578f12b6348905257657305e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 909c80f0e3c6038c96e92bca188b09d3
SHA1 0d3ae5d28811a7ba99d8d0bbae53dc18a4d664bd
SHA256 03fd53bebc88a5ea8aba7589dbebb85b45d6c3e8d9cf32b3cf69a4f0c169cb6d
SHA512 13bf89d584484731f314eed96c41590e27ddeebf8d6c7789359a9e3ee43920b84b1520339cb010ca34fd35bfd740f663442cf2bc64e86dcb9dde5152b22c14d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 c667a798bf0e6058b65b49a624517b7e
SHA1 7710fe5a5e35716d91ec8297eaa7771eb035c17a
SHA256 79a9342445f7ff7ffb20d6793507d57b206357ce06c3b2313212f9eb4ff6711b
SHA512 f491a6c6920b44b203b1c9f893182c33fc4992fa0a01683f9328422920a2cbbda8e63f841afe9dcf0e7b32d2589db0ef58349245e3684efef09b0471af18f6d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b2a79b34aeef328c684b0004b85c9dba
SHA1 48206d58aae5197aaf2e30c235afd066a0e26e92
SHA256 009af815081006c78d2aa86952843b8265598a23e2415d993994b3f19819dcb1
SHA512 d7dae84488430c355b5fae41acdf20a9bbe82133b2b98a496c16cf98936d5dc933d0cd154dc9e5c4429eef07f292938e603e084fddda474dc7d118c0e14c5f7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 7f61a3169feabfcda8cf0fe7688a174f
SHA1 3dee0d1f32eb031b4924f7e2885180c399668f3c
SHA256 22123bfb3f31fd24f75e0eeea46527b6d7d7a4ad160702911f17c619bd6db390
SHA512 9f8cbd826f9ad56d10c90438519efcc76bf276299328775fbf1aa23dc9bcd3bda102056a4717f6b0ddf80b325167a717d95051111fdbafb318954adf9f6676c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 fdf7c0290ff0de7d23e5d12180f73814
SHA1 3514553e352a0e1a86e4f5819c2c6837a7d24e9c
SHA256 aacda162512dffb98745d32883bcb97e2ac12b48231c036a431dd1060f97a0fc
SHA512 648299035d0ce67301e74d8cefb33d04e41dd96448045a890983f1f0a019b8df5e9af6378d89c86df1c49ab14a0b435b254617fbf23e10abb05a03513ec4efe7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 560a4334739539684275e0b25bfd7c19
SHA1 0d3d0996b0ccbaf4b59b099f159ee2f9bd5e37ae
SHA256 7a0db6d80be75236540ca5517f2084041d7649fcf7996247d4030cbad2517486
SHA512 8bd92f6e546ad688a3527cd6a0085861e69ec4e3b6b7efa2d479c7f4e81b66c7d59a7c61f1451a30d4df0149ff56fb35207de78fbc1fbd9572e832a8bdc8f2a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 573eead69c7b0b2f3e61c2e67d6a8fc5
SHA1 c59cad4c543113f7c5b62767e6a2a2740c4c77aa
SHA256 921eab9b1ff8047bb30ffdf2dc0aa8053e1a757a38fffcb6dcbe695929a5c842
SHA512 b06bcf05f73fb57612089e8620a8ec70aa7a28708f9664b6e578dad424db2335ba84a4ca0b4954e42858ce0777cd9bfd4a9ecb07819815473e9b42da74113c39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 99ad7eb6fce459ac0d3a9fa5f7bfb3a0
SHA1 580d50ff7796ca1d4d2c3e21e46c80c09afcbe15
SHA256 ebf1a5d3dcb929d96fb53ab41bb0f8e354462405f4c55ade5c83d6c9ad6e8562
SHA512 50eb12a18a860a145d1b904a98a5af6ac1b835e012244d92d0cce8257c74c9d2bdcbc18bbb3626440ee5f2a6c65b945e24f00826654099f02b1583621354503c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 1fddb3ae9d39d7acdf7438a9cacc11a7
SHA1 09c5d8a547059c3260f1e497b84e66b505a9cff4
SHA256 2b08028be1457b8c3dad0f0dd341460cdd1d5379990e8bb5fd5ba36e9e87933d
SHA512 9db9f29a5afd51ce57b617e3be93cd3c97453a544e11c7207f65186031271a1ead815124c0aaf63875435805bc503dbba53580d7f49500e99c67f79ca498c3f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 36369e1455422fcd61422c1cae61105e
SHA1 3159e637e37ac90d7d1f33ed0aceba97187232c2
SHA256 78c06ba7defc0c8dfe183a94839ed48f22bf9a5e753c5211e38068bb1335fb62
SHA512 ca39712a4acbb6df96448cca302e7a4ba43215eed6d88434d100ff9e14d6cfbc62a0055bf24325e4bce95d612299464bac51dfdd6e59a9d61d7ca9caa56a7ba4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 c6942d29c2b29476bc59caca33ff6663
SHA1 58f121f0b2f50d29d5b9b4f58a32dc9f891ffa41
SHA256 c01c97b229e4ec8e9453fe78dab52a7de7af480725a3b2d473dc996cc116c933
SHA512 a3df0e49d581de324cde2697b7bd5782559ec6415d582923298fd588e7ed00fd4457c678afb7c295c3833b874f8b15e77215adcc53997349b6f12a1d174b4d59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 50d2659c224eda40ae79bd589b4efee6
SHA1 539c1004399e2c8520410a6c4d0d6069a5119896
SHA256 34663d5332d00b262d507c3f8b2123a7f0efb8eaba572ef906ae27a65875d1aa
SHA512 88b8ffbda2e1748963d1f020bf388ba259cea412a430c8a2cdac807b287f1885fbcc92f9ba4b9da98170a424ec831d737be7705fdefb27fa066c0008d2c9746c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 3a9aec5b83abcf6161b92d52b831375e
SHA1 f6da0ec59557530dfe39572487709db9a638a60c
SHA256 a3d256e179ab835f7d80681cc0f9f77b1c78e50a005717effdf93dbd50c070a9
SHA512 3592afc00deb81f1e8a930233bc196829ba6121872f2a7067a803487eb4ebdfb803e8900b16a46929c6a13bd85ae17f81ff25c6108357487176ff2e1f02e9bcf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 3477c6dd2036acb623c24c9f2ec28634
SHA1 ad61b430ff428b1af7dea2e01c75dff1ba8d68a7
SHA256 13eb441f06cbf804baaa88fe31ee78314079381a0f4814ba047d0d7d19b21fa7
SHA512 86212f9733545ced2105651dab3c4903db7eb2ec1399cb258ef4ab65b0aad0e46d5bf0fa86e800667c04ae3bc5cc172a20bfd9c4d12bd121c423b29d8e58c613

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 f96453d913c0aa11d0c8da46f243937c
SHA1 0b40e30905dcc3e2a82c3f80c0f91b968acd5af9
SHA256 052ba2653105dcdf07cc4bf563d4791b3ada8740f953a398e3922796333c9c6c
SHA512 e14fe3e4a1f897e3b1676add39768e03df963247e3e6f2b7173169e8bcb2d82ebe541fb09ad9dc4c1a8453697eb1919633a05749fb6d071d78f13f0fe885ccab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 d18cac0ee987e427d97e16faba9148ae
SHA1 0109b5d503143a26033f34e44ccecfacf3b4627a
SHA256 9909375d29251c41b0e283405fe4ee32ad1e4ce924d598d88d03e008503dbb86
SHA512 e8a2cd99a2790b3ce24975c1e817ca55be950481ad9047f504aca321330c772298bb579912db97d402c8eed97da731af9753e06feca6140f4a520441117c4b1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 6b196f94d37a6837dac8a1a077a06f7c
SHA1 790c45d3327d96594f3ba9da349d0c8a6fd44a31
SHA256 4ca13550c442a08b7057aaea02a85b3d1edce06d151cff6b818197c751f5fdc0
SHA512 160646513ce918a863c5c0757a5f7d7844a22c87a3de4fcbe59d232402c09ee362b3942bb51f08d929b48362f63e0c0429fe3ace67094dccbde0596c4a7faa39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 47b4cc0ad51436a51ba6848af7d86059
SHA1 0f1b12cbd17aba20158518d0afe3ba7e3066562f
SHA256 fba1fff8489a24e41eefc0010452f85968354f3e7da0d08b2db4ddb3dff1b455
SHA512 5f993ae6d72fdd32340a44fd551133fcc7e27bce95d6762edcd9a4cc546a2e076e66797ee446c95e321941f5fc1896d80f9ed0e93dcc16ef9e7e95f431518f92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 8e835f8577a9f28d90ffba3eacb1b020
SHA1 9583f54f5f4a9f57a6c8a5114b5b6da038376983
SHA256 953af0396e30fc2749158956135e03539e6a5d0f491d668a02654f916903245e
SHA512 a279a0fbf94a142d5d6367467f964dae80a6a29d760606d77f150cc61e45694473c74b3bbdafef3ade764dac1f3f131252f0b542b3d15864f3ac79c8ef438ae3

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 2e807570091704a9e7244b362d2cb446
SHA1 37aeddf63077f10465bece50173e274d8aab5486
SHA256 8c5d3ea4c236110a1ba660a2fcd69a9e8a017057a0dd2337bc78c30424d82ad6
SHA512 f1a63e93c5eee65bd9fd13b2c9a522a64e2a02e4ce06031d56bce85b50d48a62407b145d6cb419f3d257fe1ba8af34f13829bb394a85b9bf6b58b89d9fb404aa

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 837659b2c43603c0faeef7c8b57c4743
SHA1 1d87ecdb61c16eb38b56923f16a3f780ae21f6d2
SHA256 2475c7b7915e1ded6109e43cae4276b9e70e404385dd96e9fdd7750d74c925e7
SHA512 e07fc5782826255742d06772bf4b9c483ce5238e8d8925ca39cbf1afc6078e25c6c151137e1b6f46b91e6819cb430157ee645fe5abfa501b83413db7663a8be2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 cc7a8ce0b1e27b9210bfda5b29c3f636
SHA1 7ef87422e44bc26aec46ed74cd54501801a4541f
SHA256 93f201daa50c5b5dd959e54e11839c2730fa41b55497108153cd91c86b23962e
SHA512 e25910ef6087d693e755142fa0c4fb6f1ae18323f66718acb4ea2a817daf22fca9a5934a9f5e8be013f98c0793c549883208e7c8c3eaa62efe8430f64fe7f264

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b6e3aeff0d47e9cc8a64c22f8170ee52
SHA1 2cb01eb6d51fd5bbc003b10547b58e6d7e77adf8
SHA256 dd5e7527b57e09cb7d53b7314daaefbff087f294d7261c713a497b2f4162827d
SHA512 66d0fdcd08bfea3915c3610a9cf0420eec581d62541f63cd40dd2b83e0aea30f8ba192aabc648b437264e64a81706582e33d65d2ba559a20e810eea503ec614c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b30e23255d3a3e97d1a9846bfcaecf14
SHA1 98703b7940173fc92429cc0d5d2ad7298384ff74
SHA256 882a711eb0d196cc7b1f0a4976f70b27c40f49fb50fe9347b365de198d885989
SHA512 0745584774fa27612eaa58ade6aa7dc8fbf1d3736ebe9c061d0886613b5a47b8b9ecbe8eaa8db6bec38c001f4086d58ac93dbb4b35777ad255d0e3bf5a5341fb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3d3cff968fb42d99e0e2f0722cccda5a
SHA1 79b2afdf16a814ba36bcf6ee7c700980f45fc06a
SHA256 6d900608afe49ae736fcd8923c7b059c0b95639f7d0a375e357ca3ff7e2a41ed
SHA512 f357017c9c01af21f9878ac9096e53c6e3e61e06005e938028c2a917a9e9010fbde4530eeab24fdc9b0669593b0a6a121f9fe7d9a033a066f14e533f97cea0e1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c927455acbee9f5e712368221b240273
SHA1 e6de40a549d1fe3eff81d5fde1e3ca73baa8132e
SHA256 4db06342c6c756dbecc4cf27a64a156df4dcd7a4c5ff8f57276eb54706f53b34
SHA512 c2251e04f9a5b0c838a3cd22b3e7d752294776279a25f83f635cf6fd75b0bcafb8d386552f1a1713ad583c64391ea863e6fe21df1c35f99082d61e9fa9537905

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a32c44f51bf0785f34e1b340bd6b672
SHA1 da5a49203b5e34585ea533e9b1eb6c29909aaf9c
SHA256 e989417720f37aad798d8db23941fd8c89d297597a63e753a5dc42e9e9837a7f
SHA512 1e423bb605e3bcbda2309eefbaeb321ec11fd218df031b170b7f3325b9749c03ff790849c7df8b08a284417cd75f53fefcf8f84aa149d56df5ba93f1337db5b1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 32f75ac729732295e3aa07d15b1e6354
SHA1 02587d66e7b05bde296764117ed19f54427c1190
SHA256 05b39cb296fe4b260193b429be3ae1af291301dabad9e34224321c62352f7758
SHA512 a9e555efce5bc367dd314f8de26f5ebc97fcdeb5c85a9640841b4140c2c7b059683ed7fe68d5d03297f81f386a8947ac23102da51e847d2b1261f352abdaf623

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d01558ba077850c496416171df9ed11d
SHA1 8c86b1f53c065989f41eaab7141ac0a200989584
SHA256 d3ffd42876d79f3198824c0c373cdacf62bb0ef14a8a6576b47f0bc69165a18b
SHA512 c2c24e45e46a317cb60d15a215a9ad8a7f42c79fea89064c98dea5dbde70d5c53e87415b03ffddb556df11f87eb6724af0d5734d84436e9bc0d4350a7e69f539

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 718720b48fbd265314249c4f401b2acb
SHA1 2f9a669d7430210784d01f13180686f8f14cc404
SHA256 cd281ce59b3d934a8490f2426b69f7d2f217a7f781d7e7a467bf50209d323649
SHA512 0b26ff670ea87a612f11128c7be566db4111c553cb4381f46c9e5afcdd862c45496855a4d4e3e8da1195d252b5e096bd36eb605bbf5ec249358746f6c41a1cf2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0f6e528e9ff722defc16cad172f42557
SHA1 58142387a3e77119f84c0629164b94f64b7b66f4
SHA256 aff632c1f63eba0452a4503c0d9644d4736aa35ae2b3342049ac57ebe47cf4e9
SHA512 d334422268cdc36216f72815299643eb377f95087463703f95622f7be0f00a6ebb92e3c3eec28e7f748fa4cc0eeebca291f78a2f40e9da386e7f5ab8c672d8c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 90fe25a5fd05443e98b1a4b7ce04475a
SHA1 e74de92dae374dc8f01def4cbbe08b114d5bfe5c
SHA256 56da39f715356ab30a0c18d30cdf3abd5334707cf7b53216e741b8bbdae99a00
SHA512 003b9110f0f94ed3b7b3e77c3084502ed6236cc739874d12744669f2650b9bce518afe7d8d07a3ddb5188c9e1a2029b449d069b43e47160e0cfd23cf98f3d665

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e068a7f021249dfb9085f9b7f79b520d
SHA1 72d72934fef75fcc35e6f1826792ed27bc427e04
SHA256 2d2e91b9f3174f88778c81f68e29691e237eba9a9a95b0f3611fb0964e280db6
SHA512 e9fa02aae1f2c71e3fa1e24919327b97f231fdef8d2ba77b8d3570cca8ed69b51dc50ac4bc618a5bbcd4ded19ada3d1f29a8324b93815c9f5491694630894f88

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 efc30b62617319fe70c9addf1c432679
SHA1 85f5fd2ac6a332e995f67e4587d5ed5164d2faa0
SHA256 3e1294c53d795cd521b4f515ba259cdb42d2b88e97074a6cf879a2c1e71b8ca6
SHA512 c6ff229f1de0c14a0f476c2f4ec99da30270815fa2acafbea90760040d5061395f40de35cad6ffc346b57cf36cbf749d98ee7853b93633a720317f516a756305

memory/2744-8879-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2744-8880-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2744-9056-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2744-9057-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2744-9058-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 10:08

Reported

2024-11-29 10:11

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2180) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\GroupSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pnpprinters.inf_amd64_0c653d53a35b896c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-de_de.gif C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPP.HTM C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\redact_poster.jpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\pages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_pattern_RHP.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\SendJoin.mpg C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateHorizontallyOverlay.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_10.0.19041.1_en-us_8688a8c5dd24bb5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-terminalmanager_31bf3856ad364e35_10.0.19041.1_none_b46e311976b918b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_10.0.19041.1_none_1deaed401cc6493a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_acpipmi.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_931a97cc4c0cdc6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_e304dcaa2490f61c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-efs-service_31bf3856ad364e35_10.0.19041.1_none_0c35d18ac419dd97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_nb-no_fcb006d87b6c26da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon-mof_31bf3856ad364e35_10.0.19041.1_none_1f2bfc8915bc0086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-brokerinfrastructure_31bf3856ad364e35_10.0.19041.117_none_3c1920f753190d57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-iechooser.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_48169de82114ae34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9e1a31e2b8ad7d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\TabletMode.scale-125.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\9.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net8192se64.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c1701697e2b88225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-c..dexperiencehost-api_31bf3856ad364e35_10.0.19041.1266_none_3e4a1f32fa3e072c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-l2na_31bf3856ad364e35_10.0.19041.1_none_6b099896edcb411f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\scheduled\Maintenance\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..installagent-binary_31bf3856ad364e35_10.0.19041.1_none_64eb1934f79c8eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mprmsg_31bf3856ad364e35_10.0.19041.1266_none_8853c7d008945971\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1_none_595f2a7acaf53bba\Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_05e85eaac34f638e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4663ac5f3efe2d8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_10.0.19041.746_none_122faf636b919ad9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-waitfor.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_12309b2a5c2113c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\http_gen.htm C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_10.0.19041.1_de-de_40e4fbba8f30dc0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\pdferrorrepurchasecontent.html C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..in.deploy.resources_31bf3856ad364e35_10.0.19041.1_en-us_5727c2a5d01f3a60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.1_none_1b68aed5d36bd3af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b681db5e55187de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-mscoree_dll_31bf3856ad364e35_10.0.19041.1_none_6b5109a8f5872e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-lockscreendata_31bf3856ad364e35_10.0.19041.746_none_17d3b6c9a66ace77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Resources\3.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deviceguard-gpext_31bf3856ad364e35_10.0.19041.1_none_20ce8bc197e8d685\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dssetupcli_31bf3856ad364e35_10.0.19041.546_none_d7336849176fde95\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-100.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ontroller.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0b3b5017bea897e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f6e019c7fc8deb4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hwvid-migration-2_31bf3856ad364e35_10.0.19041.746_none_3ddaf77eb1cea517\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_10.0.19041.1_en-us_2524e44bae82de9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..riseclientsync-host_31bf3856ad364e35_10.0.19041.207_none_ac38fc33d542b487\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.906_none_6723a46eefe53392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_10.0.19041.1_none_2e5b3e6837bf270e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_fr-fr_b59136bc7aa040e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-networksw..anagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_6a467a558c7b7793\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasplap_31bf3856ad364e35_10.0.19041.867_none_f01b2255d690daa4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-custom_31bf3856ad364e35_10.0.19041.746_none_74bb363b3580cc90\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msvp9dec_31bf3856ad364e35_10.0.19041.1_none_06c0988488a31db2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ty-common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_60412636834a21b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35wpf-system.windows.presentation_31bf3856ad364e35_10.0.19041.1_none_3b5cff45a7566775\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..tprovision-joinutil_31bf3856ad364e35_10.0.19041.1151_none_e9f3583235551cae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-2.htm C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.management.i..mentation.resources_b77a5c561934e089_4.0.15805.0_it-it_c280d121127655f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_es-es_115a05937b5edd8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host-api_31bf3856ad364e35_10.0.19041.1202_none_d95f3286018da969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Splashscreen.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-internal-taskbar_31bf3856ad364e35_10.0.19041.117_none_bef628d45a8a1615\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.KAAAPEC C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.KAAAPEC\ = "OPHTLBAPSNHDKWE" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78ldJ46l75Z3Cdn.exe,0" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell\open\command C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OPHTLBAPSNHDKWE\shell C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b089042ca0da14d87fb124aed96f74a0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2588-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 a70e7c90f6f2ea9b2bfbf81a9f624db1
SHA1 c82bd170aab5b1782ebf4b99e6f0ad7865ab2d6d
SHA256 4d4cfa8661dce61ad768dd23c81c70bc9b4c3d4698412f3a5cca8416aa826814
SHA512 e129b3b50743db0e8a45ed79e77b7204ee79bed78787a38ea827d4caeeabea4be060a4a59e77ee10ae9aa3233fe4caf89159c81f53e13c8c6a936501358cf4ec

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 0a3be4569b122c8963fbe96fac27f368
SHA1 8b086cd6ee8b43692e07e43e802faef686e3a751
SHA256 b6e41a8bab85d2e3b7d61e675a9f1371cd3e0ea537bd8bfb808ac4fe4f5a3429
SHA512 8c5b0f50ec1c4d14a22277f13c36ff0cc93d1607d3390c4e2778a76fba2d5e9b28bfe7cca3e45092d3f89ef3ad82b09e834e6ab7720939539d5a321a9e5c8ff8

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 5a71827a17b852bf299d0d1bbae4bf27
SHA1 621d5270bcd7052e932f690c07ccc68ff818f047
SHA256 81e60739512485120967ac5a6338af4206aac84b22ce77e31c1aa3a8ca068c73
SHA512 ced10769c762774c87368945d957309704c945d92062c7ba9ae8f1473abc351fe4089d836a795837a6d4a737568c498faf69353e67a8c8ce26435a2fd0280aa9

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9b722cf3893519a733062ad8a7afe19c
SHA1 807be3f37b7b0ec6bd5a236fc442ff9300dd20ff
SHA256 b6fd02421fd79df598c87387a47a95bf869ee651c4f485dfb10b973a30ea2844
SHA512 9c199f242a5f526467da3447355a52ca0a9693ca8f2b1ca08ab4e9a37839e968000fcf2bf070b798f18a28e4bfc965797901e0340277adce53e7000fb7520592

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 6fefe8983f006474ce87d182a7a48604
SHA1 05ce45338a39ea99f1fd4d4ec7ab06b114763dca
SHA256 12e004cb8578c9156446b1b6537461fe8b73fcd68624457ce706388bb3927be0
SHA512 2efd34c41724dbe8d683f84b96670a16218ece2b121d78e6b9adaa2c57154e9788b3ce08e9ebc4f93ca27c15fb084d6444fb0a791b17ce81ddf51e165ffdaf62

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 18969146e1207c466297060996ae2858
SHA1 0bc80d3ac69960687815a57df2011e6f9859f02b
SHA256 77b2208f00af6b04740b5456abf1aec897d86a38efd4010f61898a2a47a34f3a
SHA512 885dbf2064ecf04c83d7e62882d6a1caf94cde07e14309cb68eed2d207a9f177647b6d6e3544b614aebde6e2e2bf904082d094ea17395ca0690f046bc5ccf5d6

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 28fd2495dbd3f0b141cbe3f7ddfa7986
SHA1 a82c4dc48dd321d5e06ff92da61601b4affa7b24
SHA256 c4e6c32719f697469fab339375f636d83ffc5e43d33db0f4a4e9cbb82982d879
SHA512 ac91942646b46ce3aa0e17c23dff8df3f4f8957b1f554bd291b0cd9b873066db9848dfd3678ba867b2727df5aa9d8c915b97c1aeaa2646dc11c8fbf544bc9476

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 0955a5559a9e59372fd5316a612f2e2e
SHA1 5599880559a8f269beb0beaccfa769ea9ae4a961
SHA256 5dd385e7e25f41fbda74b28a7e6585dc17ba67ebdae867a18f48b31fc18937b2
SHA512 c692698198ec07e537b41a3b138f615e0bf1ef78f394e6bab3979de7846dd1d16b70c218f6ddd3c953e3da78337831fd9a63eca3249e1f5cc7c2078252b21b59

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 f41a48379649952d6224bdb20e38b2dd
SHA1 2bc0cd58a8967c89ac6dad3fe7618a307950317c
SHA256 64d2ed64a0c36c2e1dedbe71cd033e1fa3fddca58aff3749bcafdd85ffbe7869
SHA512 90671ec266310b7c8da7e6c5bf7a79a7a6814d34ec2d050b1b2af4f36e9e79671844fa40a23701a5a61abb95a39005abb381fefc61b372cb0ceba12e0f34ac07

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 7e46fc5e613ac01dd18257272eb270e2
SHA1 8b4f3c7526fd6efbfda1c6a6fe6c331c3cc3a090
SHA256 7c183df6cc5c7d3732c57e4e680e294b5ed84ff62159c28d032f2f546bddc772
SHA512 a6cec07964b6dd6dfe206d193307f5d06f7da9f4bf0d74cd33ada75ed2831f62bc06a2ea74c8feebac292705070a40a8f899f5cb841e554c1a99f21d2d22eb35

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 f6c06f30200eb3186dc05679cee31be3
SHA1 91e8a2b7e492dfdffaff2c5623ed4905b506ed85
SHA256 18f5de1ed5fda475c9add3e62684d4934be3594a6265aa7f504657ec051de2ab
SHA512 859c04e6dd854c71ed58068b3a04d222c5365c7029f812d944a7ae3a147a0e7ceb6f06054ea59db68d60cc8dab9f4dcadcfe786938660cc40aad8dcd27d769f7

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 a997441b30f4795fa23d238b648e51fa
SHA1 027b4bd3a8305ff2dffeb286cfc3818332287da0
SHA256 cd8da9ca202cfb9d6a3b07f6a66b8734901e158bfa4ed3f84c7fb1bb5c9b13c4
SHA512 cbfaf217c21f51bb18cda5b15ecf6c8602fe3cc59268c9706681fdc47298c3b6d1d3af69efad1c5e21082f373386d08024805e1ab2c5255f5fde408bea97736a

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 9b3599caa16217fec228f1c01a0eef55
SHA1 0878ba6075574b1fa6a596c587e92a353656a742
SHA256 c59801ef1d310c87fa0c75719fcaf74c552220d8b506c1962d105fe665c331c4
SHA512 dc62d505782a1465ee5878827e1bd25cc20a0cc5d6b209d734676d3487b5d4fdd66e6399289de3ad2638194e2d9ad426fb2fe5a40635a18b934198d422271030

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 bf14e4d8d9f39cf8fa598c0b14d2c9fa
SHA1 0a9aad7c9a4bd9489cf82a32a48901be9d02e6b0
SHA256 3eaf4f55c01e4b1685e1bb80c7bf849ed146334e3d19175ebef83de4f7b06662
SHA512 eb944ffd0d4e7e030940567eb168f763332befb012fffb4592ac1376eb5eb5f49500aba44b6771e3e488c53c415414a92ec8298eb7f0b9102dc4ac00a37ba706

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 5420c2dc8d2147ca0bd0cddbf16b6068
SHA1 8f12d0b8bafe478d07fda281356d101ec154d5d9
SHA256 e8a24ce2e82e0c90076ba690b9b3daa5468b085d66489e410256fa9a2ac43e39
SHA512 63987f0544796d80d24464425afb11dc3506d13af8010286af98776bdc6aad366a815e4f8b52d8bfbe8214e4bc912aecada12b924e7486005b42a9fcdffa6ebf

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 05105c632c8f602aaaf3c743e6182fcc
SHA1 ea5a6f70fc311ac212f75f09fc540c537ac9915f
SHA256 85d95c4398c76044a921d261e62df2840042fe23cbf84c8ce60d1c98d3d2acd8
SHA512 755478e359f4e6eda5cf9d0d384c446ed7aadb17ca1576e4438a9f42c6a19ab2190c523b676bf6082f3305ee0af76fa3b91e9975867c99c815df39630d4e2ede

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 14bf993fae399b21591bcea9864d3853
SHA1 ff51d932591f91b67f6aec2e6e4b857c0d3c46f8
SHA256 f874446d6744eed7e52b1e99e17c563130c3b32dd5e33c50beb787c033ea954d
SHA512 9d57196ef2e880e14933c2c8a4629ef33b0452ed3fda6be3753b93223b9ae7559c8c3f32a76a121da5a025d0f38e364d670adf6f542d7f442a7a3705037ef81b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 f3d12765ab068e2b50e46838a25d5836
SHA1 076c86a43fa674ffcd95df2b796bb6856b687f33
SHA256 a0544192f0e49f7844bc1db3967264384cd8f824c767a78742b3266ec01fa886
SHA512 c6e52d850f8b5852229e330e3ff1b9cff87edf4041495a8e2fdc4fbe2c4fa323009db2e82860f900bcd703680a142b26ad9087e788f950ee527ead9167816430

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 92df93e51f397495f45491d53f078e55
SHA1 50804862255f5bff42eea0f2e0d7ee8d2b328435
SHA256 4ab98967d5a545cd8fc0325fa46408fdc8908c407e9535df77d287b00c38fdc9
SHA512 e50d66a31501f5d7cd8e880ca22b67b9cdd6c020f08b7f82a770d7cbc3da6c5a1f73cd29f074fdb712e176c21ad287e62360a95aec5a2d4941058ae55f0e25d3

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 f3cd59eaf7a3efcb9e257b5c6deb6fd7
SHA1 bef52fff7256da02e1f320976dca9c3b881f9d8c
SHA256 46a30dc00094e2b202d9639252af87d9460576917c75b89750068e3531067dac
SHA512 179b036876e1bc971138f95ebc16be9d5e26c4b142a8ba0faca9bda7ce0e96ae0e3ea421f57fa2106c4a3344043725dd0b0b2551fd2df96918720fc7e3177e5e

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 0bddd6a8a5763407f22fefe6d5985269
SHA1 2e8ef2844227b526cb3ca6733c765a5a6a935d41
SHA256 e076b8196a3b2cccbb44ffe9a061a78bbf75c5d43bce657d5eea80e761472548
SHA512 e5984753294adada825e0e40debe21852680f8ddcafcae43a666f43472fb371306f97b1cc6bcfc2c7372bebdd294b9766d5ffaccc642aaa9af99e76a256c0ef3

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 e48e71f9900519d383be4f6480126420
SHA1 79e1ff9d521c3aa75ed4a07cc6e446f752289319
SHA256 2183acb0480699b8e38b4798381fe2f6087deb997768294941a4154c1f929078
SHA512 b01da32e73e374860bde363946261a55b035333fe0cb2ea4403e7ae76e6343be64d19ddff80a5daae2a5eaa1faf77d987540b5f26f8bca6b7a63b2ec08e2cafe

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ef5c568f778f35393e05622f43a94483
SHA1 cf6853a7c201689ec40f66416996ac931dd49ef9
SHA256 d2b6d695e9aa1cbac647393a8715ac0b3887f031c4438a50ec8bd9f26d6022ed
SHA512 e153e16b8fcb11d2af99278adcced91c4a279d14ae2ff13b30a5a6dd1a9c182dbb961cf37786af3c84e14098472d7661d297aeaf8c593080e153e3909b71d09a

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 832e97ab1cb2ae6dcc2f4c8473b12c51
SHA1 3f9d3af39ea9491f5db29b8dcf9a30e163115c3b
SHA256 46101c5f7558897bdf6497d3536a2ccf43a3a26467242e98814fe498d653654f
SHA512 92c8ff5fc5d91e62bc1660323b42b4a40fbf535bfb340df84fa8be4a665f110bda0960ffeb0c87dc1bb10faedc5e2aa39ae47d21e62999b015e2f8b140a35aa2

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4c75188ba8548173a051b75b73b71431
SHA1 6960e92bae9ded7e41446ed6815b3f7d445b9147
SHA256 2302d52b247b8ae74adc2223d1b0049d12253b8976da002069402305673d655c
SHA512 204da92ef6cf7fa782d7c81978a1d1491c4f67305d497541cec4dffb40144da78e1357539a51d2a3df5d5b6002463fda26b4af389ab8e448398f2b606ef5c04d

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 95bbd53d018316ba8b6b097c65e0794d
SHA1 d12d6df9f4ab29e8d67425d294762c48bd9d456b
SHA256 d98e772a6ea6d78e0b285ee83a63e27f7c52891cb861dacc3a60a668f2d6177a
SHA512 1f180575861a3cf4c3b4cce9a9e0f697fe66d91d708cf6ae0f3002f56b24e9b3b1b3031cae6651bdd9c2893f8b88e8cd38b6b740a73f30bdf0178a6312ec2399

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 17ff95e5e30d28c393fae365dab9bfcc
SHA1 9978a2c8f11277d160e0280b743760b28e2c8f95
SHA256 ec2517713283f65098ae95eef46b5691e7ff9d6d85f649cb8267a745694e9ed7
SHA512 955ce7b338bef991c86e2220399351c08359a8952bd23bfa8d10bfb45398472ddb915170b52375c71f4039cf7f4caebb8b2db16493c4f46e2e5f7c03d6879630

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 7aea859eb2c3099bd4c9a03ae054f1e8
SHA1 50b71b82318f45b8bd0b61c14349fb37ad2ca71f
SHA256 e61bcbe8f99ff085ff02e3f7ad1137d443e720cc672780bce8147674d94ad198
SHA512 293b69146cf2b43cdca41326c3aba7a9f3077109c4780ed1793370b53b9e16195b3364db52983323bfdc69847ad2ebdb8b3fcc36bb2f124d6109b029969aab1f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 bfcc980c7dbfa803b6973ff106ca7709
SHA1 2fb308dd78ae2c0927a6b65638e809a584b2694b
SHA256 b680ff250f51e5cbd4d8a5d3aa2439d280a1e7f44263c3d72240f8b7be2936ba
SHA512 921283cee3d8b0791a3a586690bdd8dd220dbb4771ba25b38ad28101c95d17d1c2e5500c8825ab319860cedb14318a01f4624b6cfb336c83e15c21e65f81e2a5

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 2e19a5063c1c1071c289f81217ada4f0
SHA1 3d3b269547a2d13511232fc8209d24dda267dbce
SHA256 529da3910a7c7ffbc50f4a923d3524d723f83c40afdffeabd761fb4e2f38adab
SHA512 c9b30d55778238123d616cc39707933601df6ec5fde7c9a5c8b77a19e3f1d76e9ff0398ec350781d94c020f878b9b74c3b6c2549e3d344915d383646db4ee634

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 872856b903652a30a865e5a75c236ec9
SHA1 ac3fbb0fd4337a1e5b83158104a7d89103e563fa
SHA256 fa066724606f35e8699878f658f9c5fcac45b99b2db544207664a3f34a1efb11
SHA512 b6a37855716b85b2f0e5ac5622eab5971445dcc576a752268aa8e9e2f8a0c8331628ded7d9294272151c5900d56fd32c6b1fa21299baedc5a459ff54002ed388

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 315b531e4a59ff3ad870f3b9218ec42f
SHA1 6d85eb57f89f88f67a92cb9d755a58b2f24766dd
SHA256 2d236a8eddef8bc8593d5f1e24186e6f004e76ddd42e2c436ffa5cc89071571b
SHA512 3019f52b6875ebd992ed5914625ef388906de4b735507813f7f066200648f2a4d0623e3040560f85f2d2f0e765869e45b5aaa2c120cf918a3aff712fa6ac7d53

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 93e168239143dfb762aa96e94d0c5c4d
SHA1 0c9511606b8a7389e1dd40349bf55675dc296399
SHA256 3c03bc9e1de2888d650eb7ff0e029f551b74dc0772905672835e75a4b987a570
SHA512 f3d5c506303822283e8c1eeaadbe9701eb4e606ed3ed4c5c07c59cfa2290bfef0ef9ebce6b45688cbda2760bb68642c98ec6e08e463482fe99f33f3b192b6fd6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 0a1a1347434e204324ae0c9f3ab322c5
SHA1 5438a7ba69e91f792cf613b95faba0be12d29c06
SHA256 54f412c238ae54524e06ea597837fe93cdb4e61873b1bcb31a418536d0c9c6b2
SHA512 b2064323a27ac7b0475caebe2168d4a92021a13f4ff78c30c56fb657ad3b7565480293d8fe83e22031b47810d04dc1f95bbed08f1167aaa679229b50c1c3d457

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 b1b4c3a9b267142d01e424f32e8e5ee6
SHA1 523d5109813c89088f7cec9020e49416b19a0da8
SHA256 52e0b45e5ffc43ab52db507669b9b6c2fdc397d133f032e0216bb0d1fbd676ed
SHA512 694dca8442e6885dd996b534e1a010ab699a11920fcc9295940b3731ff4a4e0231b719256c3415797b29ebba046a955fe465754ff561c002b84163c80e244384

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 dc49d2451e3351f330797d43c6a7f24b
SHA1 6f06e619b3677679cb85e333564384a99757233a
SHA256 02de4d699d5a2fdf14069b650907ef7a21150ef7c9c15ef60d116e3489e95e27
SHA512 f817d8d478d1f76cc59df974df4910f5d1007e1b8cf4ed6077906a74fea7310f426e894ccf3e3b73053f76e59458ec027e6f30e6c62446076db1c4b6746f6cfe

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 811ed98d9a28053decacc21877e5d257
SHA1 47a317efc27c082b43714fa866fff31650a1f2ec
SHA256 3c1c6903a08e1ca2301bd6f21813523181aecccd4181514b2a66abda3f1b9761
SHA512 58b82cc7aa19a947f37be8a0562b12261aef7786d5cc99a6c212be42679f60f50a8ad103eff1ebdeac64797f409938fb245a432ba4ad9e015481598088589739

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 595361129cacf3de7ce4d6526a0a1cd6
SHA1 7e7eadf675b697e8f79af352a48005264b83e378
SHA256 d493354b925dc567b93e052f92cc0b21b0817313d4e532297ea02851e5fe60cd
SHA512 16da8093177f6e82a9479aaa94199b5832166e626b0d5519b315eeced19018a22e776f331e4f9d9ede2969ed272f43de984b4e11865fd7f3b2b1f2ba751b4ff9

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 bfd91e1416fef458d647de550bad295f
SHA1 647c91dc0871a9f229b9277f6b56afc3c0450050
SHA256 3d7f58eb8fc050b121bdb844dd01fe6fd5e5277efd9772678d4a60c5d6360acf
SHA512 a4cf6aa0a19d42edada3f763eccf99adee1cce07135439bebff286bd544df8ab36d88a814310628c440bf56b8b304e42737df610fbcb3e80f6872eed9da91822

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 d186684b0bc566c158ab4fd12559e334
SHA1 111935c94e1d512fceb156ef750a680d4ba370aa
SHA256 98b477b04d0e81dd7608b15aeb473a0af38265071dccf3f6edabd74f752881d5
SHA512 0837748af2a26420d98d0b4f3e182a34e56273a993fa44c07f3ed47f08ed02ed5907bf4994f9d40469e52c84fefad104d54024a06b9c85105a2dd7fe8e9315bf

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 21e66c159a9a55aa313428086fb9799f
SHA1 4ebd2f0be07212352badf9c6daef716558f7bdc4
SHA256 59e178d57afc266d3bbf5d49adb9c3311605e715668bd810480b4fbefd23ccb4
SHA512 16eae9367867236820d2948056a6d8a71f96e2d58f21cadf6463f107b25cb8e5b11bae114429a80975051b2e6ea7dec55cb3a5f6276f7966cb752f799d180bb6

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 9be8343c8261d7ab4a404f27b10104ba
SHA1 b9cd57ac1b8b5c671c1df9af9141b6e60e34abef
SHA256 810196f17898861e793b460bd777f755becf54033ddcbc5dfa347c41b2084e76
SHA512 01f017cfcdd91f23c0ce375718d0db32e3e8fbe5db7a4d70b728f1274eed778a22bbd7b047748d3a9c71e04b3a60e951b61e888ffc4112092d2a36f674bb8500

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 3097ca7aba2b51fcdeced3f9a711d330
SHA1 f25fb29185d267a8776317af9e014e541356ecc1
SHA256 38a1effcf4c823f1fed9b9c8f775a97418106cd87e7c3c5b0d107cd228094a9e
SHA512 4acbfe2d4c8089810c3509d5d13b66bfcef3006e44c5a1ed7e4e47d4f074b32185d43216a80f54358bb240b1f169196d49a9a15b0c27b0a84ba1429820431c91

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 0e6dfbe81c4b3cd703b14705f2efa1cc
SHA1 014cc54f82d6648efb545744306c7d9531b6df8d
SHA256 284d574255375c7470ec2ecbd5c7633ff7dd1b098efa78a1b6626318db15de05
SHA512 4499219927f75772ceedade68625125950c85af5ea1c993fa4e13bd2f50f981d4aad59ba4851f036ae146cae18b5f5b20daa8035a6952afa99d864833960eb00

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a1bf781525d99916a239f9391d7d989c
SHA1 24772dd810bd390ba63072b3822bb8476a05196e
SHA256 c358ea532061f0d2596841f7bd5cc10b325b9aa6a3aa1e24f7916f8ab57e664d
SHA512 6ad9e8b34aab4b815a556d765b3abfde8b945194eb6234afa555fa1f42d0f20f8c62569ce141cbf1f485157504be91520c023cd6525e28c2a51837bbaf148a75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 5c60d87fbe3507f8f6393e2257ee6c6e
SHA1 71f6be82786e0e85c3be6523c0d9063fd987cd90
SHA256 7fb17afe9bae375d26d779bce3dbf4616f96c4f9e18eadb00756fe9162428248
SHA512 d76e02b6c5991446869690de744a4527f14fc5850924efad1c6e2cd0c613e3cb65d2215bfb93c468445c208457641ff2b8e6cd8b461e692b984ca46b1c520c9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 98b5bb620b508be2af4066d9343719a8
SHA1 71e4c1a535d1f7ce48e5f1e8b1b7a64aca7a2dde
SHA256 b0358535211909af26ebd8fb4ae8efb7f1759fea321a63351550b61568a453a8
SHA512 1577ca339e5ae27aff517db2d99ce2a42c791cf409e5970857253ac4d025d41610a912b7d535fce16fe44a5788151693aa78c0e5eca048c6188ac943ed9639d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 ae0685be47ae9077e9ed7a38f9d35db6
SHA1 d720cc4a7888af7f1fa66c34ff377c5ba5efb66f
SHA256 4c1cbb8a53895311737e97caf31ff7e6f99f5cbcab57ed7099776728df93025b
SHA512 fed755d79f2434425f2c0ef84f04a36025362df2cf60fb3dc3bf5e4ef7f84359ee6ab562588539274b0911244126289791a4ca6dee9e08a2282bd81eda38acc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 e5d80260300b050441b1804f6dca992f
SHA1 5887cd3bacd532e95cf4b198ac3f9d80e1c8c2b2
SHA256 2c4adec0d2d484e30d72c14c95c3075145d9a10f070cf2fe9b6bb6eb8399cd94
SHA512 20250fa015f07dea235cb68bcd44f7f0ac020c63e4b87c417f2002d1dde079b61dc953dc0555cda3413bbd10c0fbc244e49ebfcf0a536d86445b3b65b152eb64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 a1ce2a678f8422685a4ef67e74e1be7b
SHA1 94c28d8dcdf6a7a63bdb4538cd8180223e874bcb
SHA256 610522ab6cf838708620056ac42300a141a3285cdd204183169e06dcd6de601f
SHA512 923eb52200169c86018a1cdb5a808ed7c5d1993b035b4975481659f07862f6affe4650d2437bed4b57319ed6f5f6dfe2283f577eabc3a9173b9f8209500f35a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 70b93c66fa8081422acf0bec95d9568e
SHA1 b64a84032cc02f82b797e9a72430b40b84c642ae
SHA256 d9748a840081784474bac6239484e412387c03a733e8c01f01e3351cb1401088
SHA512 7865bc8ab50cb7445d336604e920786f106774c8f85f65a7434bb046441382954d9f4bc9753bf8508297da1268df1f6981b37f87e35eda3c918e5e20ce8c3f86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 a544c1d18c0725ef69fcdf44890bf8e5
SHA1 9c0a99dcdaf0f2f477df704da647c31eddf6f81a
SHA256 f07c1fc892f27682761774a6721c931fd5ddfb0d156bf5c8c32e17d326c00dee
SHA512 f42336bc4a3039b506789ae5ff3563f625bf7feadd0be7be4647c2fb3b84cd05844f9662b206a8d9749281403107117457466b590db16c2ec016789681ee9b05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b2dfd7dab22cfd469b7861040d0215e7
SHA1 64ac99ad5910a84a4d220be12424676730cf074d
SHA256 3fe6f8751c27c0da2b4bc696be43623e5782c3e650ec291fe4344923ddff2032
SHA512 329c946121830280c884531ba283296a9a279b99f1a1068dc2518c0afa50030bab2f8436879c55173495a4a61f21394fa8893db76493802f3b80d9948044b562

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 e45f14cd33558decc85adedf99c98e3c
SHA1 1107ede6a8bb6ce86381a42f27b7a13e83be4547
SHA256 a2637731aadd89667b6a1aae3580c6c2373420a848b1aed085aae8a129766f1c
SHA512 b404599c2bbb57aca19041b463b7906864a01b0a3fa0c8cc83d597371e448703dfd59754f9f8412d1a5788f32aeaa3a5789919936ee31dcc0335404d23330259

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 c5027b7790fdbb8590709da5a3b57c09
SHA1 2e8629e7991e89fda932a41d4612baf710054df8
SHA256 4d858d25c2f5690bf9d05dfc60937afe0f25f946b5a2cf801c1d88c4c5c08094
SHA512 179ebfbf672f96b38634e7040d787509c723108408e794b0af38c8225d39ca94d917c34d6ac12ab6c3053a159272943c048d524b890bf60a9c27419551e6eab4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 8c6ac9790cec1942831c3aa9abf37aad
SHA1 6720a1fba4af87e72d03bede845e8250c38e92f3
SHA256 892e557c456e8099939d125687f16ed3320cf4dbe25a3d6e0c97ef686c4cc577
SHA512 500caac3bc2fa0fc424d334e3c0aba1f7111e100f8eed21eff3a8b4e0e2aa99221d380ee4d2ca181e0d8dd6c243584618cd74221da936e6a23425d7fd6d1da27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 7f138c4f5d461f85ac1df39ceed5bb4d
SHA1 97f3d14225c027c7e3d4ee18e79079b4c33ef507
SHA256 a85e408bd61dbb64491b470914dfffebd95c894dad49c7b69e8c48a28fe00b91
SHA512 66e73c59099b9b895b6098e89961769d50007f8253783a6b61c467a0c1dc04228228ce00450569a82281931ad0cd4d0af3360bd80bd9a65da9af3610d1f53e2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 bbaf7ba286198272af1e07012beedb4e
SHA1 d668cf35be4b95d4760445d4eb3df2bfd750b972
SHA256 ce7202cad9b43b9361f3faa0c508e0ef81416c7b8f51e853cf99628653d3d907
SHA512 e5cf6cfea9522095603d2ae4815cbe9c1b6bead5643d0df805945bfb6275a25ac925a77fa54216178da92bc8992e62429fcbdea9e884ba5d1dedac6b47e27515

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 d1f54389237bf9602101ba01b3f107dd
SHA1 be621cb3fc76da836cb94f6f968a1e8aa8681595
SHA256 8202b39d3300b056730b31c3722d45f675e161d8bc01f312353df4d11a00d1c5
SHA512 ccf2d74ec2b7e5fae46b9fdbd1938e79ec78eb056fac8b7befdf9e7ac159f8e40727f379dd571ad5d29bfae9885defcfd5e36af2db0cf798ff9ac524dd5c1c6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 9bb06a7e4e528a5e3bfa23fc74228a8d
SHA1 da0d4b9b6586567a5535dbd8e23f6fbaa381d994
SHA256 f48f22f8d3fde35d1958e9d784c6c318736a5a423e2ef0e79aa42538f3061401
SHA512 9f592b2ae482fa7fa566ba9443e03221f8425fe1192084cb6610dcbd3f8a4c805a6b5522dac74fe754cfa667e1de88abd9ee8cec30c4cc9a9cfcf9f3da1c9c21

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 3d8076050afca535f59808876ffc293c
SHA1 895293a2ba673752c1891ebba51a6d2f9554b821
SHA256 cd5b12cfcc4d1ce2ee72315621747a66afa21ccf62e7e9567a0d42fb653dd0ae
SHA512 437f66bfc1e2636b1ba91f7a028756677e75a438ec198b2db4fa13d468253bdb238dead13bc604ac069e3364351c4952a03a7ebd55e5a6dc764f951b2af0f74d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 4a06963e5f9b64098b064051f8e31206
SHA1 5fc2baf511dd53ea77ce71a8426a5f9df872c78f
SHA256 e9fe6e24f97e56d86312d7a52d2a3f1e66bad0aba74dfcfa96985c7d49dc2899
SHA512 30f60b3bc9a5249736c05e1559ea8449f46a7fa027befdb6b16adedcd71ce80bd5ab12677f72bac8a749ac2c3bd37bd2d703ab5130513e18172a1a0c9c6a9b46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 df5614f58a91a818560b1bd3fdd16540
SHA1 14484fe470406d6f60591fa045328266e52456e9
SHA256 e07bfdc8c2c45127a086a2b707538732acb5f64a2dc6c51656eb799f99fff8d7
SHA512 dc407636031f6bfa062d2fafb43b21e54ce5e1f4181fde055f7e279b4ccc55605a442ebebdd792f218f0660c9e2579768dc658d6af42607f91f72c8ec1ba8715

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f58449347f5e9fffda0f3d90ce5a8695
SHA1 875485213f244ac8485fc4f3738edf34d96eacc9
SHA256 0f97f625599ec80e99b2fafb37ef20b87f989259ff437c09a4eb8782ffd5c7c7
SHA512 fbf3e8a6edff2e21bcfe32c9fb914eb658b29219505d496de6fe7ecec28455940021313ac35365a116f212970023f0a82f8671bee5ef6d16921014a7b207cf74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 4a460d0b15f41900a9298e6372ce8b85
SHA1 545299ccf7b7261276495d2391e38753dd9849b2
SHA256 20d7c12db05177500584abadb1fea8c77b1d6c12bc1832dd83de40413a449b94
SHA512 e767547c4400d42f3a685b6c282908262212343dd1d9a6af32fe341827b1ce53a8de03eac6f4c3f1a1e99867981946d0104c6e992a0e0afd36d3f0ca0cf0fb26

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 d0abef29bfcc0a289d89840e48371732
SHA1 a488577017728b7d1893166c136c92e965fb8683
SHA256 88b6fd7de42bcfd1d1882aa28b18747a6bd49b3d5c3f522f80b4aaebc06687b2
SHA512 11c474bfd78791611db6d0a2503316532d626944a19cbc016d78ae5ad5140771c8cae41dc919b6a1f7141e64aecfe4e0c3ea2c647536a68e83c6eedbf36599b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 bdc69eb2f43ec85c785725958ad915db
SHA1 c67f0c6a52e809e339f1c4150be917f53e9237f2
SHA256 93436a7e06f51ecc0444b91a2d4aa5d0355a3b8ec78710d1ec8a4545a7283156
SHA512 fd8b42ffe5a938fb99289ebc1690fade533a8ef45218ec54a9591bedb106204dc6edb963630f1a68aa9c8446a85b25cd6627d6df5541a4d8abcea8ed0e204782

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 895101342126f91c9ec230cf55eb45c2
SHA1 46c4002645a648923138f2a3e853991253007bf8
SHA256 c50bc0ce47ca2da893e78319cf45eed51d81ab8ae084ff1ba69383d03cc6403d
SHA512 f3aa59fc94ed5680832ae235385a6719e0d57700f0ec46983914f02ebb0861b40fe67bf4d5110888f5d689ac01fec1d91c85853bcc0e6bdd8fdaa11022fb0310

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 b98baa8d8e34b5259a2f8943649092f1
SHA1 b8d47ba2c05442156c8269a94f87ce5685c93dfc
SHA256 c7ccc2b376b163cca5a91986b73cf9700d69fbae58501c2ddd31da8bb3a92e31
SHA512 a203f90cf3c67a4758a72f83feee6974b231ac1354776a275ce46d9a76aef29365dedb8ee2253def970d5f8004c1132f340fad9d4a5a30e7ff171b9f6da41290

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 7cb77ee4c5ca26d773255997d01b94dd
SHA1 ed8cde0c42a2af2be82bee24fe7b8467d65e61e5
SHA256 db3bf66299917dacd63cbc64331e487740e2fd2025d98e64f871120c3f1884be
SHA512 5c9aaab9b24ca12edf8d1820a68166653bcdfd7321bd37de8f0f3d7c578c1dcd60d00fa619cea625007d7aa4a2c3877b285fbaf4115ffe46c0a23d70d45eac28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 3460d84eb850fef75af607c6e87d8875
SHA1 f6a620b668477a20113e809a2817470280d30d59
SHA256 1361da53b4948f30af46b41ce461fd02af8606f6eecbc66c8bf85b86db204c11
SHA512 b49ec0d38f2f1e0093e720bdf3fef1a4510b0442510ffec6d6ac0d79f9c35b657e3fdb81b3bc72853c9e1bbf95099c69282d0d81a36eed51f2c0d4a62c958f0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 36fc8abed14d7f1afb81a2a8ffe5f422
SHA1 43f76385ad7fbaa8a8ef59d794f7ce0494e3e06b
SHA256 17f9456c900398ec42bdc4eec8af0d2b7987e9e8ab1c92f75ebfbef33600fd4d
SHA512 9c7245040801ae44c005c774c8606c5980ceeeef3b066b1d3bc56f047ac5ac4989241caeded4a9b5177c11195247c31b4468e49174f923f1e6c6ab2640306956

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png.KAAAPEC

MD5 a382172760b488c38244a732913c6f9d
SHA1 f2d3daf138efdff66f9770277838fdcd07345c38
SHA256 a41a346332e9a3d72eceb119421821192079ad8b5dd7b68cd79eb94c4924e9a8
SHA512 3f50ed8e67eac08fc7eb6c99d33747bf7e5e838ef92697a2bd70f5e0e8b00d09aeaa8ae08346f744897909a00cca2158a9cf616b6848020411ab7429aa63f30b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 c68dd33cf00dc9e0ee1c10450c57bb58
SHA1 107cda1a8d22b00a2265f0977b713b4a7e51befa
SHA256 3f99a36b7b654a4e26cb1db42677a5c0405852f134fe12d3698c190d4f9415df
SHA512 48b7416311849bbe2a7f905e5835971dde9a686a88f8e325343d1e1867d6b8ef64e9035677263d075947c6b7437e939702f80774764cd95c8dacc687a358a50d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 2fcfa53ff5c1817fdfdb3999541cd75c
SHA1 322fa8d25c2d7e2031a81b443e0d60e7f0f02c03
SHA256 04971ab1e7b24ad7753f33aa82e5b37bde0910d8d3235a09d2f8190faa0cd3d3
SHA512 b245b721944967da41a7d8bbbf1006aaa19ea7e5f6035e7445063e4895368766f9f88cee782ff2fc734a9cf0e98f18e5ef6d72751a41de9d1b3e170a71454282

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 6cc7b9eb69debb29c6260c5e9ab0a6f6
SHA1 124b8cbfbace031c12be416a3f10e6eefeaf85d0
SHA256 8d134d9453fcc7859202686336f690015c81fb5b506e83e99ed3f37affd15cc9
SHA512 758199372ea178e1730383683743de6c179b641d534009553e34270035beacff010debb1ee10a0921b46c5408ffe8d1a4bf3d045ad6a9db935097e5bf02380d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 4417d5fa6559c8f602b5b342cda5c203
SHA1 df28c4db3fbb51a46c20c178945aceee394b06d4
SHA256 32ddc1f0d47a6474985e13d51a63e3c2694fbf0ce51335a50a25ff1654db8437
SHA512 b17cb8def5539181cac6f643cec3088c40694bbcf4f25b297f2cee7b3bb936f95bbb659f2a3be53c5e0167a080888369c117898d9a7f2a1cf6cba3015a4c7161

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 ada456c5f25c77f1aafd5d19a17dbcbf
SHA1 af2377e40748b383498e825540aa1bbdbe930fcc
SHA256 6a19310ea76645dc587a91a56fea520377d8f50700c5df94efcb69a4d7dd5d90
SHA512 e2a0e11cf58a4e6e8d5e5b43e03d0b8de941e3f28fd96973d1edfd4accbc84e7c67813a7aabd043270c4887b9f86d19694b6c94d87f391e800c338f804aed5d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 79fd1bf6af82e61648c58d45c73a4cae
SHA1 16211939bc79be2aeff55adae2550cf5e019c086
SHA256 ce03ef7b2d30ec07e2070c5478e439b7616bfb7f6f127b0d873806ab84faa3fe
SHA512 3fc7470e58de26759b7485355c5c148692f189e38e6f5598fc7f94f578ce754241dfe66886cb5c23026966680d198d9e08fff9ce8cd221b94df4982bbfdb8ecd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 55fb0aa58ce4d3280035d46cf60fb05e
SHA1 c6a793366997b8f343917351fd7b98c1f74337c0
SHA256 cf5ce15bb068312acf6e8cb8aba249f9bd12da95d5df8634807c0a56248162d4
SHA512 8d80c298ffc04a35b7ce4bef359579c7d063e09a040fea2a04cdfc06dae4319493888c19a5f267801d018637ed1370e4dab100541cb1f00a0557b9b369574c7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 bde8b0119ae7a9a05cedca4a1890bc71
SHA1 815c71522d92f90fd7704c38773a30d7f3fffa3f
SHA256 7b5c4f5f1e1e39e42627f3be798192a6fe5f312e13a773f486505aee13de6b4b
SHA512 407d1355c560cab59507013fbe70f8d8431678b80c8844ab8cc69976b9f9592448d997c61ad49b8ac27d72c6366a4502d1199a967964ee350b611b613fa95d1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 907d5acbb95ca2a9fbd4c27c2e9aad87
SHA1 bec1da48685f1d28463199c108c2100892ab9208
SHA256 726c7b18e4860f5e34641f5916f1c45eb0c36efc5867fbd15f092059bd6ac865
SHA512 cf201ad67117f952fe78038b0461de416cca2245e5d860d5077f09b2df65df6481ef3c6927ad85a74b9c4a3e3678815fe7541ffbe63d14cbef464c6f8381b3c7

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 0607470d7fff740b774dc9d07ae00acc
SHA1 394e754a03f4f713d8d8dd84156574ee3914f6ed
SHA256 6ceb2b0467ebb66a58451700440c022798a299e4b0ec657e9d00800e89eec498
SHA512 49ecb43a7f82b3665f7e02e5efb0140d85bb5bbb11dc258e17cc49ae10294929b10df8b6a49e09809bb37ad1df4000422eddb8cebca6f820f311c3be539f2c80

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

MD5 6192ee2bdc692c3306ac6d69ac1575f0
SHA1 59fc71ad040f0788c2c7e9750c88d4fea625c099
SHA256 a99c90453e30a4ae768fb4551c5688a079dc3c0279c48ab0eae3f2e237d60016
SHA512 258403917eb344b2df4bfa90b1201173f2af781ebe79ad83ed1621806fa15977ee63dd5ba020ffbd475d1f97a7e6b0faee8a78e1c29d28f61b21db78605048aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

MD5 e54f88f10dcadc037251581fb78f38d0
SHA1 f809f1e0c4a003ca81a1a63fc4ca0fbe355f3990
SHA256 835168fea916e317609dd1c47a9fc517c67f898446b55f5a88cc8c1dcdade029
SHA512 40153e53d950a8ad3ba4b28902b79383544bee66ad8c10669d3d05262357af8d22c5cf6f75fc1c417c6f81955c1fffd80aa94e98c16d6c8ea9c19de584bf9a98

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

MD5 70e9ba1c763f9c26bf8de20f2f5919b7
SHA1 352e6bc84aa1ec618c10e3c78f8296a7e1419b0d
SHA256 e435e08a05d254ec55e2da87f0d0485d1d3c28493450758bd234185fb35bae5d
SHA512 bf4ad282a103681061312356f16c7a37ebb1c205d6bfbee815087e33920d5a2cde2711758f21adae83a200faef854ed4f87d7e1db96f490c8c1b8c4c6c4e2cf8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

MD5 ecab6af05a96122aa739c16d3d87af59
SHA1 34cc498a73e0f54cb5a84ccb0425f826c61110a4
SHA256 e76f03f5c5401ae9e4cd66a6e4a60c7ec1ba740adbc1b61e439e326fe2ee0b86
SHA512 5c9c21003b443df617d5eba558a3b83e121f25e4994ccd667756036519c5079db6b3416f31db94924bf9454aedc112f142ae2358f5fa9f97a5cd6ea821ca9c93

memory/2588-6212-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2588-6213-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 1b0025e318f34f89fc3504615fd7f185
SHA1 9d88fcacf3d672607ea4de3f9ff94e803d7c64b0
SHA256 02505e06f25659711d66755d4111da5b3c65ea9080c43aad212476c9aa05bdf3
SHA512 0350f140e20d19e177c884a0b248b3b1edec53a57d560d609e9ea1d122d8c3f3851a20f2a3bfe4cec8ca84f5f73d156db15e6e9538e9ee27eb719dfa22de21f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 837659b2c43603c0faeef7c8b57c4743
SHA1 1d87ecdb61c16eb38b56923f16a3f780ae21f6d2
SHA256 2475c7b7915e1ded6109e43cae4276b9e70e404385dd96e9fdd7750d74c925e7
SHA512 e07fc5782826255742d06772bf4b9c483ce5238e8d8925ca39cbf1afc6078e25c6c151137e1b6f46b91e6819cb430157ee645fe5abfa501b83413db7663a8be2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 b6e3aeff0d47e9cc8a64c22f8170ee52
SHA1 2cb01eb6d51fd5bbc003b10547b58e6d7e77adf8
SHA256 dd5e7527b57e09cb7d53b7314daaefbff087f294d7261c713a497b2f4162827d
SHA512 66d0fdcd08bfea3915c3610a9cf0420eec581d62541f63cd40dd2b83e0aea30f8ba192aabc648b437264e64a81706582e33d65d2ba559a20e810eea503ec614c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 cc7a8ce0b1e27b9210bfda5b29c3f636
SHA1 7ef87422e44bc26aec46ed74cd54501801a4541f
SHA256 93f201daa50c5b5dd959e54e11839c2730fa41b55497108153cd91c86b23962e
SHA512 e25910ef6087d693e755142fa0c4fb6f1ae18323f66718acb4ea2a817daf22fca9a5934a9f5e8be013f98c0793c549883208e7c8c3eaa62efe8430f64fe7f264

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b30e23255d3a3e97d1a9846bfcaecf14
SHA1 98703b7940173fc92429cc0d5d2ad7298384ff74
SHA256 882a711eb0d196cc7b1f0a4976f70b27c40f49fb50fe9347b365de198d885989
SHA512 0745584774fa27612eaa58ade6aa7dc8fbf1d3736ebe9c061d0886613b5a47b8b9ecbe8eaa8db6bec38c001f4086d58ac93dbb4b35777ad255d0e3bf5a5341fb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 3d3cff968fb42d99e0e2f0722cccda5a
SHA1 79b2afdf16a814ba36bcf6ee7c700980f45fc06a
SHA256 6d900608afe49ae736fcd8923c7b059c0b95639f7d0a375e357ca3ff7e2a41ed
SHA512 f357017c9c01af21f9878ac9096e53c6e3e61e06005e938028c2a917a9e9010fbde4530eeab24fdc9b0669593b0a6a121f9fe7d9a033a066f14e533f97cea0e1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 8a32c44f51bf0785f34e1b340bd6b672
SHA1 da5a49203b5e34585ea533e9b1eb6c29909aaf9c
SHA256 e989417720f37aad798d8db23941fd8c89d297597a63e753a5dc42e9e9837a7f
SHA512 1e423bb605e3bcbda2309eefbaeb321ec11fd218df031b170b7f3325b9749c03ff790849c7df8b08a284417cd75f53fefcf8f84aa149d56df5ba93f1337db5b1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 32f75ac729732295e3aa07d15b1e6354
SHA1 02587d66e7b05bde296764117ed19f54427c1190
SHA256 05b39cb296fe4b260193b429be3ae1af291301dabad9e34224321c62352f7758
SHA512 a9e555efce5bc367dd314f8de26f5ebc97fcdeb5c85a9640841b4140c2c7b059683ed7fe68d5d03297f81f386a8947ac23102da51e847d2b1261f352abdaf623

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 90fe25a5fd05443e98b1a4b7ce04475a
SHA1 e74de92dae374dc8f01def4cbbe08b114d5bfe5c
SHA256 56da39f715356ab30a0c18d30cdf3abd5334707cf7b53216e741b8bbdae99a00
SHA512 003b9110f0f94ed3b7b3e77c3084502ed6236cc739874d12744669f2650b9bce518afe7d8d07a3ddb5188c9e1a2029b449d069b43e47160e0cfd23cf98f3d665

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 d01558ba077850c496416171df9ed11d
SHA1 8c86b1f53c065989f41eaab7141ac0a200989584
SHA256 d3ffd42876d79f3198824c0c373cdacf62bb0ef14a8a6576b47f0bc69165a18b
SHA512 c2c24e45e46a317cb60d15a215a9ad8a7f42c79fea89064c98dea5dbde70d5c53e87415b03ffddb556df11f87eb6724af0d5734d84436e9bc0d4350a7e69f539

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 718720b48fbd265314249c4f401b2acb
SHA1 2f9a669d7430210784d01f13180686f8f14cc404
SHA256 cd281ce59b3d934a8490f2426b69f7d2f217a7f781d7e7a467bf50209d323649
SHA512 0b26ff670ea87a612f11128c7be566db4111c553cb4381f46c9e5afcdd862c45496855a4d4e3e8da1195d252b5e096bd36eb605bbf5ec249358746f6c41a1cf2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 efc30b62617319fe70c9addf1c432679
SHA1 85f5fd2ac6a332e995f67e4587d5ed5164d2faa0
SHA256 3e1294c53d795cd521b4f515ba259cdb42d2b88e97074a6cf879a2c1e71b8ca6
SHA512 c6ff229f1de0c14a0f476c2f4ec99da30270815fa2acafbea90760040d5061395f40de35cad6ffc346b57cf36cbf749d98ee7853b93633a720317f516a756305

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 0f6e528e9ff722defc16cad172f42557
SHA1 58142387a3e77119f84c0629164b94f64b7b66f4
SHA256 aff632c1f63eba0452a4503c0d9644d4736aa35ae2b3342049ac57ebe47cf4e9
SHA512 d334422268cdc36216f72815299643eb377f95087463703f95622f7be0f00a6ebb92e3c3eec28e7f748fa4cc0eeebca291f78a2f40e9da386e7f5ab8c672d8c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 c927455acbee9f5e712368221b240273
SHA1 e6de40a549d1fe3eff81d5fde1e3ca73baa8132e
SHA256 4db06342c6c756dbecc4cf27a64a156df4dcd7a4c5ff8f57276eb54706f53b34
SHA512 c2251e04f9a5b0c838a3cd22b3e7d752294776279a25f83f635cf6fd75b0bcafb8d386552f1a1713ad583c64391ea863e6fe21df1c35f99082d61e9fa9537905

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 e068a7f021249dfb9085f9b7f79b520d
SHA1 72d72934fef75fcc35e6f1826792ed27bc427e04
SHA256 2d2e91b9f3174f88778c81f68e29691e237eba9a9a95b0f3611fb0964e280db6
SHA512 e9fa02aae1f2c71e3fa1e24919327b97f231fdef8d2ba77b8d3570cca8ed69b51dc50ac4bc618a5bbcd4ded19ada3d1f29a8324b93815c9f5491694630894f88

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 820cf8bce1074a5661614d381390a309
SHA1 cdf291d1e394835f324d888aa7332b6b6a21817b
SHA256 e85711468b5ae6fde9b2fe20f9cbbb09e0ac562b9740b7c3be76e26863ab7bf6
SHA512 c0234e2f893e76c5da175e5729d0f39eac688cd45c9763cb389b5bf45f1ebada5248258f6b5b8efae5b7350f5322284470c4ff23e3d6d63eb264ea169f1a5f8f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 16db2bbc7069af815af221326ccb7013
SHA1 812b514ffbddebd3c44fff273b38ccc6b427d8a3
SHA256 56eeb31b8299ae353178e5dc1cd68139c40bdc8414e71744e2b04684450b574a
SHA512 8d5f716a3a21fcd6ca5754825527304cabd4a766184971b42ed3c1f268b15b9d2169c38179023dc0e0414360de8364ce0919c5e60001433b31017c551f723963

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 e95ef53833c093ad3496beb49eacc3b7
SHA1 f2936af0ce313ab4777e3f86d8dc9cd2d771ace1
SHA256 acc39a03669a09507cf4d90745c36a90981b93988cd43ae32a0fda674612d680
SHA512 4a63e18842f2a0ed6fe63297e31a341609e75d5a3023c6bcc070ee95a1e260844933abc47aa3cc50236ef7afa4d920a546c8846d64e5e5b3cf306fe4fce43ed0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 12a4280151ff60b3155bca762ade89dc
SHA1 db78457c624b4a3b8dcc517018aa0a3cd3e16df5
SHA256 9651cb7fafc6c99b2e451f92d2ab572c90efe3c5a265d370bf8d1ae38ee60c18
SHA512 b5dd0237cd797abb484ebab92ff3a54481645d1d08ce9597d09697fece1b41f356a7001477df727a337d5d147cfc2f1bb5d3ab99c2923f93b98aeee2ad58deab

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5e7d9f665bf2da17176c7ad5de7f8780
SHA1 c6e2b724f3b9a655e677328222ecdd1da27d6eb2
SHA256 0077ee981309cc3fbddc434a78d0bbfc2539ab003a121361c78eb4746adc0b9b
SHA512 31d47cda62d6b39bbec60640b86b2eab4ebf4ea69a3e617c90ac18465257c20a48de971e9d58bcf1a225edbdb70dfbb9811a5295a79204960a902ab7c717ad2c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 7f2a111d22e200bc8fe62e965653290a
SHA1 5470fe8a4ed60fc4b4d74eddb1cd3fe6509f9723
SHA256 b6100a63425c80f1484ccff54512920a926f3afafdbebd0f39b8e41cc6c2d399
SHA512 c8ffec6f7fe7ec54987c4245a72ec81a9fcb147c94aab67c8105bfdfb7232c7e20f30c49953575738287518dab83f279aae3c3fee986542c845aa23ec776a468

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 90f522dc402b16f1c41b86ea50256d11
SHA1 6047e5f76fd7c1d514f0accb74a38bf18fe057f6
SHA256 119f9e5b70f3974942f7931c154c0ecf04ae6fa00ba087c324aca49ae5b99bc5
SHA512 2a676c3bd7d5c08091195ab1a0e6ad5122cbbe855274f22f352ed757438e035dccdd7288eddf4f1ba871cb579a92ffecf37770bdb272e6daa2bdae98e41f0da5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 83b80bb740874ea729040798df903ab1
SHA1 dbca50abc56895c3a365b05288261e8604848e60
SHA256 4ef783a088bd7c08995267f425b4236726c6ee83b88590e4001c63521efcaa55
SHA512 370abdf5df0b1b94cf2108bf40e0c05c3566e736ae45cb444aa0508a832cac119c41cc235f6659de8404ead6780bd2e0e5757cffbef031ed3ca8ea99a481747c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 e41cedad783835bde4e1a17e5fdf96c0
SHA1 9519c66aa53c237a8f2f0eab2dc93fbbfa9a6edb
SHA256 b5245222722b5343e20b3a3a9c3928a115203892591a573aca298c251bd92d01
SHA512 0129fe782e1266116c9848a692a577d27b8c13231b15f4e816bc799c9ada2d3c8f2ef0a63f35c3cfd055810245c3384b7af23c59cb4a506f0c5adaf623980ce5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 ff6b6528023e213179dcf181bac5afe4
SHA1 54ad8870b8a34e428fa0e869cc1a3f8791bad2a6
SHA256 0c43902f960f2b7b3462958264364693409429fcd3dd2aa653e8ce7160901f2e
SHA512 a35729196a51156df589323bd29e83f174c9586f1dadc5733e5a083d234d750f4abbfa9e5cdeb5dd51ff3badae8f5d5b8f440f1102647e2dc82baacdd679359e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 69f07eadd15e722ce1523d36192a9190
SHA1 60fa30c4f5f9780e90514d03ca78d7caebc5182f
SHA256 a4977f7dc2e2fc33f933e0f176eff483a0f1f96fdeb5e2fbb64dc0b4f83077e4
SHA512 be6c1eca01afb9b48fdbc4740e24d617a8bf893e19eddfa2d2700ba2eb97758cbfad86894dcdf9f2cddf7c7fd459ae1d9fe31dd3d14d9c7b97d9b12a104aa634

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 cc4229797f556663e2862609fa0ecc6b
SHA1 9b269049594132da9c4eb34c6030f974d246d1c2
SHA256 4d3f71bd95959544b731fca330adced8cd135b4881a5f0cf44cce82405b386ff
SHA512 c24ce48536a6b464d6c7c49362ff0ff96d6b100dd1c8090cca4bac6f761326a364ae8df7a693de176a6b405ab4e73b25ef8b772b2676038fa77c6d70a3dd7421

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 1c6363f5a25703ae5b8fbd825e5e3fce
SHA1 2aebbfc126293accc5f3742dd644c3a05904da62
SHA256 a27b3a8befc13d4b1dc29bf0840fb1393225101cbdf56155b1d5d4da54c6a380
SHA512 afb5ae92c8d2fabcd87e734be3bf4fde3e57b7d643e6dab395f26ec2bd85bdb9ee9176b91cc304cbd2351f0d36bd98efab73c74e796b594199dba829ef16b810

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 61b54f4778b795471b366b33a2d1d664
SHA1 3c1e35f4560ead07972d01566c914cdc0d2ccbbf
SHA256 4f73ab99e5104ad7b75fe1bc2fd7a5d085ef3056196babe123b05ac8654983a7
SHA512 5c143397d8d4729135413936b82a156469295b2cb7bde3a5c92cf86abda77c0506f4a294fc4e8e60b03c9e6384ca3779ad0064598471f936ecf80ce9c9c98b09

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 5f2c68a5d18bd77670a79ffeb316be9b
SHA1 b9afd187dc1ea7a77509832cbeca8e479f1a785a
SHA256 045770b95f9018a9d9f94e59c68ebb8d8aad47f4f43a33a54e49136b1056ea2c
SHA512 05a64be8c40ac9819e57054a5a6bc6d4b0c3d0a0e5b7029239535b2b384239fa974e4c75fcf1490ea7e8733e7c10fc0fedb00d9a7affe20627bfab60eeeca0a0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 3d5cbe485cbd51703e4102c26a970bb7
SHA1 f07e4b98d59fbd18c5fac6af1b2e109b703741a1
SHA256 d43694c3da6ce9b10b64b9435e1f9bc30f8277251309b2d73005b67e7dee053a
SHA512 fe113283dc9088a00bf666d155f48c6f49ad59457f6ae45460501cdb55b4d78d21fb42a1889a6e8c550e8fe4ad8d1765dc6891a3d85e848fe25964140e998548

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 87519740c2fa5c87136f0742d35a8df2
SHA1 e5efaa8d1e7935928ae784cad4c948b2a8b6db92
SHA256 8c1561fcfd02806b321b5e3a6e3e1a68d85b95eb1fe6f871796cb0d40b714fbe
SHA512 65286c1546f7eb34c96d13f348a76fb348938e93b5a5cf5545e5713349d35078bd621335fdb2a4d332f82fe1aaa754956064398ec4ac188e32604366fc928e7e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 4ec846e10bee9c9b6821b4610771bfb4
SHA1 635b565f4075a262aa6608e1318813afc254efd0
SHA256 215224085041d9b3df8be6dcb85195d8a43b543f6e2f382dcaa6e9890775db0a
SHA512 fe325c0b5cc00d037ee45672e792dd3cc6050547dded602539f49cbd6802657d62d5b4a614b6492b57abf55540b5df3e37a537fcacaa12a6abfe5c717e7ad34b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5451902d1510e3451f7490b84c05af61
SHA1 a45abde54d46ec1dab68070fb1e3ea683498a1fb
SHA256 afdb6969afa152f6f32502d5888db2c11f4cd0aa96874cd7e11deba4ea1c965b
SHA512 3fcb0410edbb65889572a43196f96896f74a9476dcc5128222322fa8b4efe511880cd1f328f5e59f1c7e99231c31f65cc58f17c5315d0fadb3435a6df5d4b597

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 655804c9e99b9be23125377ee0e07913
SHA1 2fe38769c5bec93eb7d0c0f6ea45c652cce17965
SHA256 a7c0156e1f5fc31d5e4ecba473b18479f08b621484ed0b0f03769d9305acbd13
SHA512 bda7e02b524441d640437da197b53991235c3d540975b79ceae15834da54f1bf135332320d0e679ac8d5e7b6bba8c5a2f13a1f6df3c65a1f31ea6b9488c29042

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 f8db605396ee20095a3295bfc48e2aca
SHA1 9acf60d373ae3c5c80bf4f9acf7d034ad1c6b641
SHA256 7770077d57376d6f988e7e70c1291d5e7cc1e28207b2405cb69a040a70d537a5
SHA512 13f4bc657342cdc4fcf9c1bb49cf437abae6c52f7c95e201e47a3689a228835d1160f2c055ba587509ec8e5926d30cfe285b94782772812ef70ae0053b4a66d2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 29c0cf8d9eb23578cae2ac9db64c8960
SHA1 58fb90934fcec348d0d53058beb8d6aeb3258163
SHA256 b527e425fe89c8fd6c243fd4a3a50f75a0d97d6bfed3b70627faaf1040581478
SHA512 6d118300546e07fd35713e2da2cf0c1716896777b953bde5cb3a90ee55115f37c009356202f6f32d260d9ff33c8f3df90a84decd33dff269015f5c9dc9bcf406

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 95683b35a19e13807ca49f642ec26cda
SHA1 f27b2088c26f089d6b7f1624aeaa8aedfac7d679
SHA256 924221af82895c8a69e1556c72e7b6ad8c5f448c4a0b716bde4403ac8cef90a5
SHA512 21fbfc2fff3c3c97fce55712185a2781e63d6cd69399f18b816f3f981c009f6002cab1106b7e6675b3044b49cb471203e9d18f6c0d32ba7466bc742aaa514de3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 4ce4cda6db60b5664cfd7afda6b27a6a
SHA1 f35d5670b23ebf7b0011c3af03fe56a7cce7f60b
SHA256 c25ecf669954dc1da99a47919ffb64470704eef55c35293e7d90dac82437de98
SHA512 8843f06a4bbf9efc482224cad148f0d901544e3902ff02fdc80ada2d3d0360b1c62e9e96dd21212dc5c9fca94a1d8c2d71767eb7080e2d740957093e299a1599

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 93ed3bd78e72e5f8ae644e6e6b22850e
SHA1 c9393b8768a2272b79485780b820f67b034fe3a5
SHA256 e84db8e3ad3c9bd02ce745f138780169f4263fba9cc84330371aac923fa6eddc
SHA512 6a6e91dfc45738d201f9284e210e7edaa2f133b7308123a5aa24462f0e20fe30a4f2dbce575c4aea938788d82de417dfaa3f1455cfa1260ab1cf5fa0c098f06b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 b2636f3ea5b1000f1529706f14e4e2c9
SHA1 86c6ae83f8da1368d3f25cf98c836b38448fe2c6
SHA256 5db4588af6b2d73f937eb32fae2b8e4e12c3d84c14550a192a21934f58a306af
SHA512 ece356f654aea005322fc150899d7a3192e7a7ac7edbc28add0a4cb6957fccfa35dfd3192671c9d9363c59a8cad481796cd5518ea4c92d3a814ba632ac3230cd

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 79c1ea93964d7bfe18ae714edad32a57
SHA1 9e1cf1fae6ec3acf0b11aef40a6c1df5a2942e8a
SHA256 4240d8529f2e3f9bec325259299325e036ad884d0a08e6f0fd8c898e1205e7f2
SHA512 0099cfb51faec0ba56528a23710f6ca047c1295305f5f4f91702f8dd281037ae2c392f5c1ea5853202e16fc67e29b5a0f1f98fbbee9daf28ff57381196e010bb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 c4d423374e0cb16d7fd4f7b0b4a09e87
SHA1 9bea236ec39ef64f41ca0f92a1ae56625741c851
SHA256 27e672a26ca0260f125e435282530aa61795817b69da84aa2c1aa7ae83753779
SHA512 6d0b504d5f0b34bd3b3b292d20d48d28620c21723097a850e871f55aa0034cd355d5d094d4e136c917d3ddbc045950d2c5d53ff60eee93290fb16f6b0e787ae6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 543a5665bc41922fd5e5b9f2d5e2d96e
SHA1 69d3515ad9173c78483ba3e2cfdf713239d69d8a
SHA256 1049d85a0f9ad0b770a17424d8024bc9948f908c8befe8cad71ee1bde82f0cc7
SHA512 15f9ad7731bab7d9df9120eadb54d8738a5536a5122eb6435a046cd186ac1a9c5baa320f819a072555c7bba84353fb9dc924e80953796087c4ae262194922b6b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 191ef7194a6a0c03b1cded4a6611279e
SHA1 764a1b0d004c2352deceeb7096c724363dcca13e
SHA256 a13cd02ab92c85d0ba55a7808645c79f258f259807189202659940db2557e208
SHA512 3e2de6e5e2fe826f5e066f5064933c68ff1cbdd5ee91c4d53dd0ccddb9b72d19354a4b78dacdf679c6291cfb1747d064245a7d86b35f2c3eb3fea07bede01a5b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 42acae42b824f34f2d4be76d824853e1
SHA1 bee7fa58187adf900d9b7109bbc19af8ee15bc93
SHA256 6a6462cbbb7358928d1b75d8928a3e81d351394d283eadd178014c929df06b12
SHA512 b37d21a52aab4297320a5e912a2289491a6291b16c08768e4914f9da3066a745b2e0f1de000fafd8470b34a5365f971289a4138a36a7011e376778736d43b77b

memory/2588-10455-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2588-10840-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 88ae727aa425ae10630c4f9fc0464ec2
SHA1 7ca80037b773641b0a8f4e398a7635e9596a3eb5
SHA256 ef80502323e005334fa0b27ed208c926c8d95a4581f218518d7a6a7e9d8a2d3a
SHA512 2ae0acf39c82f68aeffa7645c201e1a074a21920af378019e2fc67e9ad3e3d5840951c6f1bedccd8bfa7f83824fbe0aa8c0a155fc6273acbc03de153f0527d12

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 593f606ee6da1ac6dc5f61fd1c7c7b6d
SHA1 e7c488f6b9391f4121b60199d02bee71d6674733
SHA256 d2edba58c8d8c2f5c95bda8a2bda6653389440b1d2ec8c34e8a58a51d336434d
SHA512 e94657394ec670b063d368c7f0553235ed03f2806d841db291b7b832c0351d67694b42e0717466b82623d972fd29bebde41e9d6829c0b949ff6c99c85ad26d04

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 ee83bbc22e1249bb789e3c4a4f65fcc5
SHA1 ff584c25f3ed8026195f102f25a8430a86d5699f
SHA256 2c5b277cb826b2a9f61952757ac53a52227a6c116935b64412e43df2a4b8f191
SHA512 9b249e966521a0b68d1d2f93649e934c391a2d61e860e400c0c7245892810835b24c052d61042e07a4f7ed732732029b6aa2c103e98c8512dcfda62e33a8abb3

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 5d9739812b0b691fcc974c47af69a8af
SHA1 ef585346d43888cae0ed5e60d6e7415746404833
SHA256 17b4d91b74f9cc5917aea65f4e00ae73c8d747ea8daf996bdd908108a7a6a1ca
SHA512 0988191c01ee483e587814f4255eea35585c36ebe55509370648c05ae4fccb1bf63c67517ee8bb2164a770e1e9986a91e1802ebbe96a99a653cb73de0336e66c

memory/2588-11173-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2588-11174-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 3ad9eca35d6989d08e12c84a25f0f9a9
SHA1 793768d5a55a9849bd78ff197b37556c9fe3e852
SHA256 adea7368e65007d8d570faed5cbf08c4893a0e116b6c1bb9185e351afb6975a7
SHA512 f0c72c57f3b20c0dab45e15b103428ca1a77b10e03a6ed396992af2ed01555fd4341a9c09cb7afbf797675c84ddebf320fa85551d6ec1b01078e35326fc5f99f

memory/2588-11179-0x0000000000400000-0x000000000040E000-memory.dmp