Malware Analysis Report

2025-01-18 20:37

Sample ID 241129-rabxjsyqaz
Target b1b01538b44262565488586bc70e34e1_JaffaCakes118
SHA256 37660e81fd065328c702945068aeddda6ff262d9a4850cd0f56e92d23a4dc7c1
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37660e81fd065328c702945068aeddda6ff262d9a4850cd0f56e92d23a4dc7c1

Threat Level: Known bad

The file b1b01538b44262565488586bc70e34e1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2191) files with added filename extension

Renames multiple (2193) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 13:58

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 13:58

Reported

2024-11-29 14:04

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2193) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_d2feb24c2d3b69d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_6383331cfa0a32be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_aa94d04ecf56de1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_12d9f43eb5d02987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidtelephonydriver.inf_amd64_43fa6b1db642df7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\FavoriteLight.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\dotnet\LICENSE.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-30.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7da.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\et-EE\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\file_icons.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\dot_2x.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adobe_spinner.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\LockScreenBadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Rotate.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-24_altform-fullcolor.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-36.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4552da2751cdeb35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OneNote\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_10.0.19041.1_none_910333b84fcf455a\img0_2560x1600.jpg C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3fb851095cc978d4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..yenhancementservice_31bf3856ad364e35_10.0.19041.906_none_6aea8cda8a4aa9eb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.19041.264_none_39a33f9dfdb389ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-events.resources_31bf3856ad364e35_10.0.19041.1_es-es_98b0713774621c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.746_none_9059f094eedb3899\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_adaptivecards-xamlcardrenderer_31bf3856ad364e35_10.0.19041.746_none_b8cd46df7d27c889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc67b02583104975\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_03c735ae8fec8783\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-defender-nis-service_31bf3856ad364e35_10.0.19041.1_none_d3e3ad84b24cfdfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-van.resources_31bf3856ad364e35_10.0.19041.1_es-es_30cc4289c0e02807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\TaskScheduler.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..windowmanager-redir_31bf3856ad364e35_10.0.19041.1266_none_a5cd18cc18a95cbd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_b2101dbabca3407c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_10.0.19041.662_none_4b1d718aea4457d6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..playcolormanagement_31bf3856ad364e35_10.0.19041.264_none_a3480f382211d45a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..atecontract-desktop_31bf3856ad364e35_10.0.19041.746_none_692666eeada9435b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winhstb.resources_31bf3856ad364e35_10.0.19041.1_en-us_92a08f76019c581a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_intelpep.inf_31bf3856ad364e35_10.0.19041.1266_none_323b1cade61f29e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-sbresources.resources_31bf3856ad364e35_10.0.19041.1_it-it_32466b377d8002f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..appraiser.resources_31bf3856ad364e35_10.0.19041.1_en-us_25e9fb8273901032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-256_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.19041.1_none_1102b0871cbfcf0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..agnostics.resources_31bf3856ad364e35_10.0.19041.1_en-us_8d10df31c9fd5fcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.488_en-us_3d1fa8cd01ec54a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_umb_31bf3856ad364e35_10.0.19041.1_none_3ca855eeb7296b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..providers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9b2b211b32807012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_10.0.19041.1_none_a385f17c9780dc46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_7777dd52093f9dd6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d...commands.resources_31bf3856ad364e35_10.0.19041.1_de-de_07dcbbc41cf88473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b5820c33697dce55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..demandbroker-client_31bf3856ad364e35_10.0.19041.746_none_e5f7be7e804b667d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.io.log.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_1bf77603ae37c0df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.workflow.runtime_31bf3856ad364e35_10.0.19041.1_none_31f1985da65cf527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_ce3050f965b339b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ncryptprov-dll_31bf3856ad364e35_10.0.19041.1202_none_9d8aa8357dab8196\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_10.0.19041.546_none_226fb48607847890\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4e5b1d4accc42a5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.19041.1_none_81f73568e4ce1819\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_10.0.19041.1_en-us_647537a1f8386878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.1165_none_a82485b8f343811f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.1_none_5c015a65c60d8097\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_en-us_695f9a4829099e00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peopleband.resources_31bf3856ad364e35_10.0.19041.1_it-it_501b7176951648d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1202_none_72f9f7c7a1b307dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..l-library.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e4b658bad182c3f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.Resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_en-us_d5f8b953ccacd563\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..auncher-diagnostics_31bf3856ad364e35_10.0.19041.1_none_413e615b07209c96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1202_en-us_35b195ccefaa4bb6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..siondynamicbinaries_31bf3856ad364e35_10.0.19041.1_none_3e01b4e0cf21bcad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\invalidcert.htm C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_10.0.19041.1_none_489fc3656f7d39ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe,0" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MGXHZYNXAVKTJUL" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 12.147.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/4004-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 c3f458d9082cafde60db914991db0e75
SHA1 9fe93235e580b3b83e30aa38a41c89ba6010bb6f
SHA256 1692bcf4e7a1235b8d6d2c8f6d820bd2efd8d95e47a4a1d636cc62f126dc47dc
SHA512 5681d564f57eb4831ba1dec21676f48f57699e003e216300380dd1a997b08ac3a756525b2c509c95c129497c6a8be3ab96281172fa73b5d9318dd69844b89d79

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 bbf1fe5ea7a01ad7db87babf2190fa78
SHA1 fb3825c8a971ca033e458faec1627b3bacb51ba6
SHA256 2492a3aae74c905551891043084a82591745a28c2066d842fe66dbc813154191
SHA512 1c04520688e6bd4dbc1bdddd058d849bf9159b90bf38104662a1c75b663daf38c41579fb8fcab6c1ecfaaf6af58094204dbb61f6087fccbe9589ff1793ae3111

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 7f92fd16f6b184a1445fa05dd48a164b
SHA1 80db33a1d314226ddba6b5e94e2db9eb2890eecb
SHA256 589b5148d0120b3e36da7ea44e4bd37ac7af7a3270c00d02ef0242fb3d843196
SHA512 29d9ab9286c556c76dd8f7030616b18178276d404e7de41370d556d3cf9d6f8c58d0e88a36d3a48f299c64bedb5061a883565a14b845dbb5f308e4f140495ecc

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 eaf731c0ad87026ceb19e29bbad22712
SHA1 391142fe5c1e89f29eb231b3e7452cf36a75843e
SHA256 f4debcb66c9416b9adc91c80f737ccb2d42f2ee705df79afee09a89c53d75a7e
SHA512 5192c1d70c344935f0640f49caae6f9bd4aa531644353add36ef62fd458ac262b873583a78bd9dc6063e424ea79579769d108afdc75f7f7f74c62278d3576831

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6719ddc50a588b9a2685d838b235c340
SHA1 f2713aa5a4294f7677e76d6cc2db372c3ff04142
SHA256 6941a96b003dfb7bbcd30a9c615f43f094b4366a8b28ad7c16acb36d674119fd
SHA512 2d5f34d4e764784c210c1051b3e8308fa94c3b53d1b2e2a9de602ff4ef67ffbb62f65f5acb7e757f172dbd37b66f01dccd7cbe983c0b3fef8e24fe114fb53693

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e5285af054da35e0b7d9b5bb9c9a6d58
SHA1 0815ee2c236d87546b3b3f7c90d9f87a8c44cccb
SHA256 4ed0a61f52c21b47691d05d77c50cb3958b51f68b38387b3cabccec5d038a296
SHA512 0a68ef634802bfa8461997400182531ad4d108ee948e37a9ca5fe17bb19116d3d82270160a0854c07bb34f1c3c434d59ef941d22a646e9433b47727880ed00fd

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 929a0f1b88b8413ea163815e4032f736
SHA1 8afc3426ae1c86c42f6ee791a3c6f06fdff12a4d
SHA256 43a5979f048f3547c797087a6276de14c317d59fa879c57e786aa27c19a4554e
SHA512 f0590559dd348dbbfcfecc0d10a925e75e5df58bbe0081e508ea165db378588fde89f39736fc54ee403d7b2c7d1be24f23355b4a442db3e03d41441525ee8b40

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 f78752ef5fc68acd2e6ed36ca3580802
SHA1 b9bb6801c5a7842cb19d2eba630d9f7d8c7c7938
SHA256 ff6a8d0772fbe294b4d007fa66470de993da164684171a00bf3fd309f74c364b
SHA512 4edc42301da418167479fb7e62d02ee9aff1b48465713e322559ec66d273b7b1147416208a12860547539d2144c7db76cf0e397cdb75f22c23fde0a192d5906e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b2d18d394333e4ac6bda0e9c51092ea2
SHA1 d9fdfce9cc16c457a92643975060a3972d067a2c
SHA256 7baf5a8528b55fc8d2a74e81a208ed1173d281fdd6d554c5f8dabd1201f87190
SHA512 ec29fe95bb4333291f8a84e927637d3c3bd5667d339cb4f9702906858eae95b99e0ddbe2c42afd14e593994246209aec70b9d5729db342565a381d8749e0bf2e

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 c55863f46b9e89b14fda151777bc47df
SHA1 a429f6dd67d2349e24e2c6b7d551defd4cdaff22
SHA256 41f57560ffff6f4ea464124022d3e7178043e65041710bd63c7b32409aff96a8
SHA512 bd6e5fd8d64b57aab6850d29cca9950337462afa2fc15c74257e050ea418f0d2e06fce9e0c916b7c7de7048a125596ac118a9fde2dd15067ae4b2f165b57b217

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 59475978ecc81941e35e2360b6522efa
SHA1 2b8636d4f7ea41a08e6c11b141298c2e3479006a
SHA256 f5fbb288518089765d13bf1c60d967638be63676ce6e67b5f04a143b1ac84384
SHA512 3147858cdf37c8c8c56d017d44e71c1946a225b70736949f4df0c5e6b99e05f5662ac8324b38f8d20803f7b33a587d286a565434f1adc03d22c793cc5e56726a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 b8a5bcd78ff4fb00f6e9e5e257086f40
SHA1 3c1f5a70d3bc638502bcc524c583b036d7feaa8d
SHA256 c35fbfc62adbc121b9d3929ed3c1de6f2336b799e1cbe9ac830734e5199202db
SHA512 a94153ab363f2ddee0a4bbde4251c29f78c7cdadc8fe9f1d3bb9da2a449f08dbc31b200842497b951f3e02bf202328ed6c55864b93b97eb312778d4bb867ee36

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2560ef82b42299f83267693dd5a8b233
SHA1 19168305005fe590856ded69e9b465a85cefcc73
SHA256 5eab393068bf7f755cdf2a9975e871e68b9fdbdd6d2aa8a374a9b8f41d020ff0
SHA512 8875b47642946cdc3eb09474ed3e41a4cefb3477d1d6b109a433c67f05c3177c314e34b2bc712b2900a1dda71bc0e23221544dc30e3c35949acd6d59d218ab8e

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 6b9d339803041e31d906b463ede664cc
SHA1 656739785094c02f6fce921f6930a243e44950e2
SHA256 fd046d6b8fd01d3d25c0e83f0672b3b1f99bb3a2fe6edd49e429c661d7bee911
SHA512 202cf09e0984aef9567390defe29a57ec5b85f65a20d37ffab598b437e5403aa30403fa423f860df88256fa68ddf18c084a3c602ad4932f146de7d5383b43a47

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 c88a58aa73377d54504e33d50603a690
SHA1 3e2cc0c86118272fd50531cbfdf634b37a26818d
SHA256 acdec22cca1c2a8a7b68e606db0acb56a9443eb00d1f08847e5fb830cebfc3e3
SHA512 d9f2d3545db33e2aaf635976d8edae5e7ecd97d69bac6d4d0cb52ef52f387c1800c124a1af7bb95ea8be752a6bc402a2f07787c19eb9e792868144e4db668e32

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 10b54b3bedea39bada169fbb55c3701f
SHA1 3af3ea1e49aa99a8f30f3896b48cd79b3c85bf65
SHA256 a8420be805625ad9b251c33253605149fd2d375123b8b46db3c784f2f02a6132
SHA512 aea1d04c90414fb4394ce0b8f5af62a3bd4fa4a0c99bf6da9bd343b708d06957cddef0b595c7487c08dbbcdc65348e8bfbe04c6b1b34c1c28b062f83059d095f

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 8dc64a4b20bbbf8b079ec4d967461022
SHA1 50ef38b447021e15a17e4304fbf5d49b6d0f5339
SHA256 53c51d2b0f6ba6909312223e85e249bbe1ed0bd406f278af307ec72143144a94
SHA512 4c3434cb8ceb5ec5ba9d175931f6ca02a8d1054b29df3c30da1d5af94f163918104b77f591c838d8738f605e2d42806a0c4efe54ea9114408dacb5d9e417e411

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 a6e76f7a191edfd52e3ddace1c42d678
SHA1 98ae284d94fd079a155a9bd1a6c952b5d86184d6
SHA256 322c543663b945201ff098fcef85e30c3070b2a634374434c1dff1c24febb17c
SHA512 02636381385d318f35f8004fb418283db5962fdff1f494ad62c3a43e9837916324ff5bddea733c2f6ce0dc8fc2c0fdf02b335534b3e710b3dca1f386a0e3d478

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e2e1f22b88c92a4af8f4de54852d41d4
SHA1 310ed3f80b7ab6f126baf12562a2b5980a18a5b2
SHA256 1c7806c0e0ae7c1578c02411e32aa48102b9c21f790938c982d14af3182b176d
SHA512 f1d51a16c94ab0b7b32321e0cfc64821b14936fb7f30d4c0f150dc89852f6fca7d18efab12043b87a39551d46178c32d0623eaf74f2ee80385c3fb3942963593

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 7db60068bbbe1d8d16c28cd6c6ca5aa1
SHA1 ed5729d20c8c0ab4c433a16778635da3c4d4704a
SHA256 09e4038ecc15f0e5a1d7168448281256ad9ace273e6dd5f8dfb493b0aa132f81
SHA512 108e421324ed8d6e81bfc6de7ef89eb672ac6ee9787c24af1af3fab5c528a202cda0c8da5ebebcf175bef1657cf7663c061e12af4261e773d5e2bfc11d376b2b

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 182f122af7231f08660743a14e84e357
SHA1 db6f12b515700c526b9b7724d5292ba557291082
SHA256 233369addd8a06ccfdd900e2e7f9ce446a390ab3c42079e4d614b022abb1e23f
SHA512 ddfc89743a520f1ae7f2855b5e25666ccc2a57d52ca4ba672b5b527b203c1c7876417f1fc8c6c2c20f60d75160f70e316beee8391acfd35b71baf92768a176c9

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 d8ccffaab8eeb61b2e673dc16e7995cd
SHA1 acff4a8f562b7509ab79a285c843a00efe2bd56e
SHA256 a1bd2b12f3654d2e160aa0c73de001328b6b1e8f97ecbc8d01a0c3f66094086c
SHA512 8d8834b326f27203e24ecc7ec94a23014b9472d1518626fadcec78d478d7dfe1a6ca8f12c89dc188cf2eabe7c4a5db3588dd3629f1a2c79b524aa2b535654734

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 9431330290abfd175d220c3ff67dcbd7
SHA1 e8cce10ebd8bec687d0cf770f35ac2c0245e35e4
SHA256 5e82e9978671ab31eb2b9e91886c4382b8610bda0e99db8fbf9cbd068e581df2
SHA512 17e6b033c9cf645ae38d830c545f9083c71616d8a2e6900dd1b7b015e8e233e65dc7398672feb1264b84f501fb29e05d07e55f8ae7277d801ef7b7f50d50041c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 c02ed91a408c3861fc1df992a6508873
SHA1 77e756e7e6d4e032153492554bb26b014e59012d
SHA256 6d068d5b539dcbe89e01021705f730b8697c6394891037c4952b42f977e47204
SHA512 441cca83728634fb51beb8a73167688856c2f3b14f635482e7c2372c95ee0e7370cfc93fea29e90c0cda3b239c61e4b52fe75a82eb2c1e14ca84629532f04edb

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 4b1cd96d04e3b8209a8e72a2ee6963ff
SHA1 5c3dfebb3659c35f95e94a8dd8596fc6b219a7fc
SHA256 2e75e2b15b245292b49a9b996615f70da80e1c236ea091a1de761aeb1984a9db
SHA512 19a477aa3619f5d874d4547ecf31315c51b14ca64bf837fd54e57cadc51f9667da4d4efe1fcf44b0e0110e2ae46c551ed7d43d09f4be2bbc53b0164639b48bbd

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 8bd1deb6ab30258f17d0617113831e6b
SHA1 a9913dde87018064fc6a66f9c041f75c49908637
SHA256 a582c976a2dde65d2a957661094948574fd77bdd9ad43ba66437b092fea6238b
SHA512 9b87afd8f395df7c44fe1b0339e2a69d951786ce47a8668502f2ebcdc5c092babc3959292955b960360e9ebe32639c391883a9a0eac1fa59a4aef8e3de8ed10b

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 26496e7a218cb2e44b122fd55a269d10
SHA1 d5183432d418ad92f66e0965cd3cfff0399b0559
SHA256 56fd030c17633e2f964dad06b104c9a9a7b204817d61e3cec3c3e7366d4dbe68
SHA512 6d5ec5394e4fe18e43133843ffe692ee254374d0ab495287fadb8108cbdd08fdc9a4c7e98632399cf70d853e52f7b8b08195278704ec61df6034656ce0c433bf

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 2364d8549473832f1ad40eac39a963f1
SHA1 c3b42c52702a328ff0124d3c98755494b2490581
SHA256 f5811d3f7c3b3ebbc8e00b728f9fd0a268c4c87c24f6cd83c47e655e766c30cc
SHA512 3f7560087c03226a04359eab2bebf2ad8d0220016dd75dbc9a0e02121731601585964daad283b80d4fb6c173a7629860a34395d8c85a591967b8f6656a84a014

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 0abcac12b964863d1fc88f22b66b83e4
SHA1 bb3a4509f0794e4aca9b6f09385eebe5232893b6
SHA256 35595ad7e0ef8887e7e3be9ab766039b3ecb61860d1076a3a3684afc87797f26
SHA512 7c7dbb5fd19aa0fdd9249c5a89d7fb7e771b1ae1590ddd40841eebea312a84ee1265c7f43d5de46f09366677ae8fd7f3782de9ef06a66af811af39c11964d16d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 d345c39aa8fe5bc67942f9d102dfeb80
SHA1 f6362ba39a0ba117517fad748af60a008005110f
SHA256 dadb15b5672bd92b31dd5ad135484ac008ab333bd0bd73d2b37ba1e934587b74
SHA512 7d24525e04840a42c1ea588b45b4f84c8600799b2eafbbfa6150030709e2d0764f601e85d1c9c74ee1f193dc8373d8c2a8bf928c924f576ad62056e4c0ec4443

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 6b80f82609edef001626413a82eaf0a5
SHA1 cfb7c090a316b0c286e9fb327840b398adb57aa0
SHA256 f5c79c778b0f9b0027f75cb9b79da47789bb82f808452164b7ae456652f5c608
SHA512 bc95a290d17ed113586179ec3e15ccf1743bc4ce77a76bb66d9dca1c4b2a7e5df60000e40e365f495ea8f681888e128e2e8529d3595a60c5107ddc0e551147a0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 c3899f041888c39d36773d214988505f
SHA1 e75273d98e4a7e7a241ff933bbcb6ce87ea8392e
SHA256 e98de94c4ad828ab73ee4100edf6d1fee05e49675cbc12dd73b9c57c78ca2cbb
SHA512 e439cd68fe089ba0ac48f6c9b8e41ba001706a7b7d10df0365513167d9d9006703da8d8409d5f0bf659f6e28cd06e045ed454aacda7bbbee2c6a89c166f7e21a

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0a1341827b898c0e8d61a43909475a19
SHA1 7d82877d291ba0cb929b6f356fe78949f8bc744f
SHA256 a575b0bbd0ace06cf3d6dacacced8191060876edeec640c1aa6e0caa72581d98
SHA512 222780a246ad47e196d398903769c4ee6016e07e73ef169bd49cca36dc312902b9d25bea811fdc5b13e03d592d9e4a7078bc4506b1a9065e7e8f3d2913aca7bb

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 ab0989b38eca93a8ba0ca511b79c58cc
SHA1 010097246a254166476298f1aa2390a8f69d92bb
SHA256 095b63d6f2b62466cd5c1ca7e7c8c3ce785a0b7f30a1e9202e34298dbae5a2e2
SHA512 2f730680409fea2d9ae97e69b757078b478c31fabf9837a492b4d3458906a11fd18856b8bcf19a014339a93db1173621c03db2ecdc218a8f43ab8b805c541e70

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 93d17df1f27771d96b8fb4ab5002fd9e
SHA1 b46274a5961e0e6cb46968984db1af84cc9c7287
SHA256 0f7f3ad5c6dc99246a2849d68439733f06514c8d9793d026dcef76da7b4f92a0
SHA512 175344aed0245b6102ed4b0605b0c2fb2cf7f5f7e43cd595897afc517b01a39f7cb2380844ca44d589072cd692becc86419e41c9e4826cf45d220450ea8c1c9b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 96960c38c957df25dbf9456461110be2
SHA1 2286c93a0481937f875f06856b153378e6319044
SHA256 da4d995ceff9235de367bc00dd56f4a3bca396bdc93422be0df0072f2b6e4a46
SHA512 d872f0f7ad5970a8de504ff9c88c51c7e7512c62279836a2d3a40cc00e5968684b1f7304a23ffd885ca7b8acdf26e1370ddf09570dc26c546e0953d43e1630ce

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 ced3afc079296ac2ad8c8c97d7c97456
SHA1 612343ab56a98269ba51100f677699a75753f2fc
SHA256 efd93f087c671c7f10c4d296272cf72c35837f7b961c199701c075635dae6a0c
SHA512 95bcac67d66586b830d28fe67e21f44f3f0dae386d0d1991cde068a69ae06da663fdad0b8c8e376cb4d376a8cee3c3903b201fd268ca60c5d7ce964a996a8c81

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 2dfa1d8c63f7e0e6e95319d24f3f673e
SHA1 8a2b5f416fe1125bbc9281764a84a7dd53754734
SHA256 0f214d2355ffe52416659000759b0c48e49ad0a5d484ffb2e6630154f8a2cbed
SHA512 2cc993cdf4ecea2490fc6a4c9b508e11ba5978558aadef8bee9f9e7f7b820b3e711d45d6b72c4bdd2fb6561176e90728c5fa803fee760e8dfcee8d9eb771b83b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a9f61ad19dbdbec41499c19795f27d28
SHA1 5d0505d8d90b53adf5ec2ec8d8f7daf4ac2c0165
SHA256 e1538ae8d920147254886144e4109a7921e99d0dd39d78242ed2b11c10747237
SHA512 fd02a5435782bed6e8138b4b86c8108d4dc39f3b6482416d5d88f37a08d099cc3253e5cea2f93fbd2b58d689a235905f50a0c2f95470c83042d49f8b78688a99

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f0527a55a90fa195c303817c832e9bcc
SHA1 5b4146fb8cbafc48508ffd3f8f58b920918e07e1
SHA256 6e8d6983d56b832e0854ef7ffefcbcd4ccb16b636b6ac665718d9cb49aa78fff
SHA512 6e3096230ebdf744e76249780b40f103f716f9a4f752de4e1f18b1ec0d460758fdcf2e04d744803aba464399fb688429d537a56358328146fd22f0c4528618fc

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 723213e424f35db00d6b7ad3412701f4
SHA1 95e486eb500624df1c59961333c6e912720d0830
SHA256 a0562210bbb39ff32cff23695548f957c604299cedc0e29d520e2e5e7d6f939e
SHA512 cddea8dcb8e8424ae04c55a84164ac739ec24c9e6323fddc2209417b27d608bfe7702063770a40e47166aab0981d32fcd5e89192a1f1ad9be696f1dfbd70d3e7

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 4e8c626be183d8bad2c7fcbe0a9a3032
SHA1 9d4cbb3945fbccb5b2a4dfb3feb9618b8fa60c21
SHA256 c966437caeed9c38d99945a47cd71bb2654d70e228e184d12c7dc0b01794c388
SHA512 b7b82f209bf0f0ae1f74b9148a0a12e99cb157f1f42144f50a6b59d279f11a04206fbe310ad026c8038a82666c800c67aeb31d50210b2da98bd03ba74f1f96bd

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3651694ec452b874514dd2480c26f6c9
SHA1 da4e36a7190e4ba9df9bbbd6ad4624e21307ee7e
SHA256 6bebf3517c8efda1072f8e110f88bdcca19212224f2285a547f4a1e7ab0aa774
SHA512 a7d8f99ac5c0bd9ad0d4b1fd9abccc508b2399dfcc9d902bda0f46652052fe3d1c3bf1df6f9c700b8ffaba6cf57d82d8bf050a07928e036baba879b063a5270c

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 de1b8d3f7fca3948d8a7615e296cd87c
SHA1 65a702e8119bb572f2d7389ef3e87f1affc6c166
SHA256 5b6fdf6f08c71071dc8bb766ab97ab4db0c217985351e8b3800b3949dbb68fdb
SHA512 06e57e3f9ea611a99d5ff57fbd49a9b34034f3d38ee2dfcb3d0ff4f2f0191ad9834819bdecb16187925d0db4630fa158a291a067df5cc7c52cf0d9296447ce6d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 987d7f6f5284622a3c533032806be693
SHA1 5a62220e3ef68652133cd04a333b84bb474e3c1f
SHA256 dcb772188eca16ec20f6f7a1c243886e02c9e03e9140692e764e12b0d89266cf
SHA512 0cd7f820d6d2d78c5a5b6a371a9dbc2338d218583571e736eb8f3e172832b20b5b9b0d7e16586ac6d7f989408ce94b41cb5705810a3e520898dbbdc440112863

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 a1a21779176c69a6a9a8e840b3fb6c2b
SHA1 7485d7767e8f5a5c2c6ebb8a955e1a40f1add3ce
SHA256 68c73e7623ced442a3b12c621620d3aa252e104be75d7c96256a0685a61761b8
SHA512 01ea0f135508789215eef94374f5523e6ab3568337811f2bd357712cfca3d8f79feaf983143ecb324fa059dd6f38a4f79be8b5bb36088717752ad0e64442bd44

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 3a856865320409b30416e54e81f69daf
SHA1 9dcadaad80909bb7b4abe3571ce6c6d37c4b2a8d
SHA256 7cb81b9f44aef6dc4d391d5b4b0b3f839049a4ef24366b8fa1ad1f2dbe917ac3
SHA512 135665cc47acfe6c562cb8b29c0ad06585ec0d461a01098572ec31ea7207165266990485a834bface304eb0cf61ac5b3fe8d8f1b82b8d9429e3a226292bc61f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 37613adf2b2e0dcc152d66f7308c7aa3
SHA1 1bec0133cc333b5ab0b31a055feb46e16be85adb
SHA256 14d459ed063b2b6c981a1b4904705408d6c73cdc703b5b0e3fd2f38a414fe33d
SHA512 a0b0b9a37c06288e725c6b6d3ca62529236ab05f38c150f123520f35a41a8a0b0c392862f5726300dd6cab0bf082164b2516d47ccf50230a9c905e56e26fd438

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 90ef36c92631d9bf3e94ccd7f082b9aa
SHA1 b32a0ec2af5f05c1275df083cc19d1eac05c1001
SHA256 770b9a253fcd8eac3c734b57bccb90f70c528c0386e34cc81d0e47de2e4950b2
SHA512 15582ba1a0ef70864e2a8b951c1c5e4b3e1f1735ac8bd642c6a01808d3b922ed679b9b696e1e4c52ca66b7b940eba0b71b0c76a3bc222d15595313a49ec54318

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 61cd027c14416f75c6aa9d7bbdc7cb5a
SHA1 8ec77f8a89186c895eead144467eefa3518b8cd4
SHA256 f72dea4fb9d3f425520c11cb437364df839fa73819aeefe9630ef31c2dd8e8e9
SHA512 10fae04a3c0c69432fccf71c35e58783ce1ff959247baa63e9f415754fbe01c14f1a7fca7356814c80088a1fd241c6fa12574be2c3f1a3fd54eccf458e56ab28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 6761f2beb07de9358093ae8aab261ecf
SHA1 4452f8cf870e89ffa79f24f1e694a42662681a43
SHA256 c7a050c36536cad31fe23fb4cf2bc2f83eb3e880d0e205ba2eea7f13a077e68e
SHA512 4c7b1d5125060612877a49f71440ae87e0c32d07b3314f79833f3f15a476497bb8acb7d1b103e677a92d0ffbb8364c5493ad86d85ac3b45bb8a9e996d746e044

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 f9287fe713db2c3a1b574867576477b5
SHA1 b64b95985fe84181b1e55f15fd5a14fb5f16cd83
SHA256 945d31efadd301975aa2d0e787ee49f7f3d537e67d881b3ea9ef0bbf1a343852
SHA512 0be2fcae7926c8064bf06738c09a3955deccfdbe9c0914948376c65f912cce20213398f52b627dba3315c3ca0492006259c44a11e586a274feee8106947b71aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 3086282a71b9bb0b3068ffc2c95bc6e6
SHA1 20c848b41c29caacb71bb81e0bc85777fe7fa7ca
SHA256 fb6923e14661c6e97a95fc9682da2af1941e1a75d1647ddcaa40f123213da08e
SHA512 4d6e1c8ea340232ea6e77e7e7afb755df2216561c82e2430cce64d1e8526fbd7438203affb0c51096dd21c9e35428deca1ce0392c583d889076ca0d1da1d9dc1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 638478cf12fab75fcb1fc8f8813a3f39
SHA1 dd6fb0dc27b70de5f2f492c82c2998e65ef54644
SHA256 06ad7de38c924519d17952c4edaf7d69ef2a8f01b408b99e53a92f5d91e0d971
SHA512 33be0f3f17c7fcaef1f7b0a1cdd440b064e345d31e9e71682ccfce97c5c54bad5a2a898d5a8f12744f02819244e4bd3ac070bdce668d248b3e51b9f04dab5b51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4402ea60140302c493470222c451fce2
SHA1 409ac225c5237f6891991929e434adbdcbc13220
SHA256 f9c1d45d135d6321a5677631450c304bf259a2775770dc7461229b05207dc414
SHA512 770c5f493b189c62a77ee47be9454492304e04c98aa9d7a39e371b85ae1833bb7c0f8f5206d706f8ea404e1123cba1759c664a4411cd8d03991ae48de70489ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2cf388c93be011333305ba743128f4cc
SHA1 13e7f3a6dfe7662e6a5ecf6b4befa01d4a4d0278
SHA256 4583d06e88a3ef0aedd168329e8e21edaabca4c848ec85544d2dce760cd4ea78
SHA512 1000e71a5738a947a6ac7a10868ebaaff75cc99ce457b2ec95996a73994a6e805245ab68f2f2daa5fef3703de3ffc08aa462c5b232e506246018e5fcba93cd1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 4942b8370c8ff6c32bfcb61a06519dc9
SHA1 531ec819b75661388ebe28a1af83972400e30e90
SHA256 c72721be6ffecee1c61a20e2e170f7a0190e4120830f8680f11faf48075b8519
SHA512 97b875c65b7cd57f82f415f20fd85ff8af69a808759dbe1312e0d1601fd78de177b787c06d725c979f104a5004081602275daf39c9190fc21f30d47a0e80f409

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 de400a0dad6b75f72d4146674df3b77e
SHA1 5fada864087ce1c56b39d8b618625c690031e105
SHA256 9837da00fe5fb1482bb608feea63409595421c098a08cc40d95bc24b87dd82b8
SHA512 2d0ac16fd32eec180421c27cb2c43240f45ee1764e1fdbac80c852590649635e3b103af82fcb2f7ea23aa7fa284a8fb81a8a8293e2b60e05fe7563b10488da1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 4553ba0dd496c0409f0b97c03920e56b
SHA1 4a2527e1a31531c16654bb1754a295cc19104f70
SHA256 628605c7432e673870ce84d84baa156d451ca32adc0da043cd70e9d8bccaa39d
SHA512 0a35c88503464e67c551602853d32e7f8a9a72da29113a5e78d9cbe4f5b27c1e2b3b750aa1c8734d63032ac8dd85b0b908fe9708227eb8beb496af5995b8c969

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 02a4dccb3923d181df9d5fb104b4f8c5
SHA1 d017588fbae3acea9c83cf4a92589e64ce3a100e
SHA256 1c5aeaf348dd4f14fa40fe4cc8aee4a9d0549bfc8a7706355948386446604609
SHA512 6ed1d90c61348cc88981a7eef7814c5b552bbb5f4e7917da6038292a5ae4098b2e532c13356d807bbf75084679ad1431f1d2a86f6ed2a55af882f4399a7d10a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 24fdebe829faf720ecaa3c018f62deba
SHA1 377c0d48b6488502642d38d1dbd3452a697e5780
SHA256 e1b2da1495f6e4683fbd375b56da9f5705e93c62561ae3a2fce97691ae484035
SHA512 6c2b14939051861f0b1d217051a389c9e99459f7b7f8381088049b2aeab15718b35769d453f271e0dc5019cd78106c6b0d9a92f73673cfd81f1922b079847e81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 e38f8ab488aa44da20a140578c103c13
SHA1 9470f09d13445ad7ae57a7f90ce2ae06d4638910
SHA256 064ee00df9e500024a1e01e5da254a8ddec14c85e1fb5bbb13f40e71b125703e
SHA512 b2991a203616f7b35e9f3e4a4bebe895734486ea2f1cbc3c46a5e4251b10cf906add4faa02cff73cbabcfd807f96690e54b90e4b8dc3e498c641684b4a98a526

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 ea29f82addfea63462a34e35b04b4fc6
SHA1 f683cae7d369a49e64be98165944a5925da8c3f0
SHA256 f2b08d717c290decbbe4747417682d38aa0417c6a61e0bffc6b742dbe02c604b
SHA512 23d38cbe599e624e02bdb0860830adde7936afd4ec5e4b39a5ea6f07edeeb17ed346bd2e369e9e567ecc0f93dc14b9abc7548ff5a57f79e3e6442bab42f6047c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 d59c8a746942410c195a024d9b62c294
SHA1 a4a1786a61babcc301b05ccded5b067129365f5c
SHA256 37685368976f7fac09fe434b448d475d386315c0b7a88e63d8f10126b5184f04
SHA512 eb915354e52990454ed1621a1ecd71b94fe3e866bf1d9e933275ab4239fac59e7f3ce0619cbf1a5addf8521ffaa4d75823c643ed1b91a106a8dcca434319082f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 0ac98a6561699b91c5b568a1640d53a2
SHA1 0a656aecc6d25fc24e54c9a21a2d5bd0d460c91d
SHA256 4dd9f778ab3efabd40048eeff2dcdd218b61a862b68f3449a5c07c6b374f6aa5
SHA512 800ba2cde789738d3460f1d015ca1eea7f1793534af451a718b8259912e58d885d236dff460ff45190185e04462c8c8ca6f15d1ebacfaf75b637747f977359bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 5f1732057ba0718967fb64eee08a0ed4
SHA1 771b79c71b53126c57c6014ae17a051c78b666cd
SHA256 08bcdfc34a96af87b975f3ddb443b964bb21e09d951c8d04f38cda005811059f
SHA512 df0daa2a29a3a0dab237b6ff77889d29e7f122a70dc8ee435632bb160622db3895c597c091467e4e7936a26b099869824a965c4724b5cf84393143c8f53e2072

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 aa0a764ed99ee46e4af19d20a838bf15
SHA1 35bf800f082e458429c9fc169a62884d43ccd3e5
SHA256 38328d9fbc47615663e3d4f732fbda9447da8bc45d6d8fc9734955792fd021aa
SHA512 13009230cf597f20c983aed9d2b811b41fb95e633cc02c3a8332f5b5b303f28257695f76c4bbafe1a22491aebb8360342da60bca4f0ed9cc26390d4410b2583e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 ce18b8e36564c6263ffb50218dedcd6d
SHA1 cbc526ffb0a64bcf06c0fa10f6684ae71d3f61a4
SHA256 1a90fd71275981a60ff2864a907e4199e247fbdd720f51ed58057d711280d50f
SHA512 68c4b45bf72b7b7b9094691889f73bc8d5fbe14645c6e6bc0dec8ca657dbc072d0db855f643152008943cd830e4f370276e83f0b1d23b4a6457408ca7029988e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 ac3866bec787d17cdc6922028178681c
SHA1 9f3b22745fe51144a0d7edf8cd48cac486a8c551
SHA256 f9d9fdd391d562beec06f40258a4f08f005c11212710a433078109df5ba0db26
SHA512 5665d52610146310de37b4ac71ff9c7ca32cb9d921488ea0983fcc032f6eeec87b42da44042ebcc3b025ffb1b991025b2b8f8d564b7fcffc4283286e2dcdf08f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 3481c393dd80d34244e8aa8e03a2b3b5
SHA1 39d66ed5f2b9de8d3a5d87407f6f85826ff4eb09
SHA256 026316d42c7d101fb4d5391629833935ecf4aaf3f3727269eb59b6142ad8f9c4
SHA512 ad8a96b2ed54b7c92a8b0576e23071cb956e9e04a084ab4a4df7686c1adf9816d3a1776be343eb0c485028039f944c2570a1d4c082cb170e79d635afe7052ae8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 ed96079ac0439416e7b9bb3adff28ce8
SHA1 5689a726b3d5e97245c4bb015b14bd7ddc8560ff
SHA256 83b42763daa34c6f3a632fe37401a21f827929349e249f5524cf9e70136293a8
SHA512 268dd14e0f73f964875a0cc70401f6c115b2376a43de51d660059bf0a6ef956a40ec99a3f4f8a3ed875ea7758a114816fc172ceadd63304956dc929798bc3542

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 39f2bba871225201f3d3e0aec51222e7
SHA1 1869b668114df78adb7fe84521fd7b37a7d4a8bc
SHA256 36f91804683cbb567dda979dc839029a045424d03e1eb49874f95583fa6fcf34
SHA512 4788dbf7814e5f05160edd72407ab2ff8db59d073600accfdd8e0b1c1ecf9efaa7937976ac602085430ad67a1fae6bbca348f512e51553a396ce228c939fb8f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 137318ef650b9b2fe2384b7b5084d85b
SHA1 64d42a530ec9abc6298f0b7c15390a58994d7864
SHA256 28a018ed1cf0123df87c1b59a6c78bc2f228632e776568d209427c12911fef7f
SHA512 1b1d882cc0516c48c1380180a8259f726ea8aa29020bb345c71fb699801d28abf42a5bc0e506273091fb7484c127d2e58d1bf13a6556c09499b2f26ab085468f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 795bec9116b5e532dec1d0154a057f72
SHA1 18c7bbbf21d2ede0052088343cacb6dd9b362a0f
SHA256 cab43e72721fe46c70263e224eb009af544cd52bb6171aa9ade15eb1367a1808
SHA512 944aea71f36c2aa104e87c8afe0687311d523a3c2b48f9da9e78b40b1c25b79bcc104c3153d80ca13c02a44399182d421c8738e4c48f16f1a4d1787cb09a8c50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 d3258e68b47203b8372cff48af14f1c9
SHA1 028181593ed23f5db8fce2ab1733957d97e62bdf
SHA256 c8955594e1fd4d2345ac8a86f728c2eb5d0a608bffef12b47cbd6e2f3fdca73a
SHA512 078c8c066c08f3e83783aae2e7949161604f084abec6022d00c8f6ed3d3e39b8db6e650e0c732731c935bb53be6c4db249be35139213467c1ea6bbf497f5944a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 4cfbc4a0392ba89dc6d7ca13c834ce2d
SHA1 839f635f7c179fb21dfa1d10965f063a3c34d4ce
SHA256 d6cc64c643643c282cfb3c98fd748a2674a9b6b30d42f6377273e02fb382a56a
SHA512 159e0d406304d8cb7f58d9d6ee8fe27f24ff061193368e980d82c26da28f617e3cd31c3c32c764fc270d248c2f02f6c2f8d049b981d30b0c0050f56ab01517ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 c9ecce8de1c659afeef9190b435132a3
SHA1 37f2d4ccbe1cace34bd32ef3777760e68d7e9c71
SHA256 76b06723c622a005c838cd3991e8e2bb139cfaef3557a72830b8fdbae3e9d0d5
SHA512 1d254f88f31c8dc61ee8439ee73825700c2e74608763edefe93d847a93d0c875e20c71ad70b2bb1b969be08d55c45ea8445fbff307efa9f03c152033da31f4db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 8c5b53a9daffcc84f2262e9fb71a2202
SHA1 f777a6b8e0a646020515a643812539c5762d9dbb
SHA256 d1305bdebb0e399f420cf2bc0c7f22a7e99e64cd19b87ae3f354c3030f371fc7
SHA512 1a5be48b7029ce23d4d7a7ca6168ad253ea943ec17e992d1f8a45908839ff2b78be7070a3c0a4b8dc41aadeaff77610adb0c5e32046be386116170f0ec124302

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 3e8542fade87d061582dac9d0a7d4d20
SHA1 1d7520c40b2883b59ffe2fdb401b9334b0961811
SHA256 28a81b94bba67483523ee69e339599b9dd2a6254be2b43c8251fad0d749e1f73
SHA512 1b47d0d934ecd613df43a7d3683ad96b0a26784ced720c8e204cb54c7922b2a2b27fe4288c27a65e3deb963e3777adf6a2cbd656fc1fcc7fe34c0731d994c4e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 95b4c395626a8e501afeedfd73674e05
SHA1 b02bd58d0aeb75ce861c59c1bedd04fac0d77b03
SHA256 5c1d789d53be4f5ef447417f69dfd4c3000c18aa5d6ed097e388b6a8ec7d4411
SHA512 cc350e603248a87d652245953a4513b4ac503c5000b0920acd20764e8b33817599436c89c6a54d75d7258c3ec07d96ddb3bbb9c2ae1d52f0baa188f390220e23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 12676f938c452f06ad3a88e90628c39e
SHA1 119ef2216950f6109bbf2df5e9858879376de6a1
SHA256 d6eb5d234176705533511cab5590f81a01d6055fad411531e72d19d177684b7a
SHA512 93a7fb0b9d098d31cbeae8eb126a08512f711125f1b16ce969bdd5e2ef30bf0be94acc68a0c0b3bf5eb296965e668855f27a3ec68b58093d881bfdc3fc295896

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 c76d3b7ca6800c520ebc1206bc35e2d8
SHA1 3bdb47fdf9f44390e05033a805f9b8aeca2de692
SHA256 0a58aaaa4a73c37c2297aa6e399672c6809f23d5251b631ec1aa1027b0f9a386
SHA512 92c08359dabdff68d85ac9c4ae23cbba4d0032ee0458d1fbcdf4eb64857290b886456370689bf973f9d360ea780ada72c85a7fcc48c2aa467b3a31dcf8073310

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 d7896366b7e0f81546aef58e011a5c20
SHA1 41837c378b4c4715478e30b35d698836dd471dd7
SHA256 56aa8fccd6e248f466eccebbc9f35d752c05ed96d53a885b0ace6c070c89cd0a
SHA512 2c23ff3b00ee1d3c22bac3c6130a51a2b53337c8eadfc5f60b23e735fd2dde6882274f4eaff2db995ed7f3c6be49abb711ed8306509f743a20a61d9013bc1fc3

memory/4004-5151-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4004-5162-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

MD5 5ae214f2f61946d96c6a5d3913265057
SHA1 31643d0d786f9c1c146168eed9b36a23beb648cc
SHA256 6073ce79ce0c4f41525c202dc71e23eeb3a6593b704abc20e29693e030b02c32
SHA512 a7a9efdbd53e5960f59a0490130f8fb8b7566c2289b6f6fce6d95ff06579d478ba00e2d96aa5fb2b48744ec40d81b5052659abded858b1dd04e71dfb24fe23d2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

MD5 68e9d687b99c60f913e82f46c0185589
SHA1 ee8ea556a175036dbaddd03dcfb5c065d5b87785
SHA256 34ccdc47fbe577c62f1797d03931ce7601a9cd19ea2e06ecc80b01a2301ace51
SHA512 6a0c80d4fdef1c3def673c56e4aa5b3ea99a4c872e1748ff6d0d4e2b1b3dd3e734858423ce5b03b2df6c108e34e2309212dfb964ecfe4946ff889aae5e717401

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt.EnCiPhErEd

MD5 635d1b7a821895956bb5944cf6fd9f34
SHA1 49ea418a1542a0c5918683b34ba76b39fb905953
SHA256 bd280aa0cbcbe10a31523b3230971e2ab256d119be4e4a51eda7f08ceff6e228
SHA512 33ffdb1787713a3a666dce5d54d495939667af69f3cb7a047db5da27c0be964b871f2dffd2b5da634a4fae8b266ad1105adf506b9d4c97216c42c7d53c42a158

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

MD5 499f21f90b92219b611c18e54ddab7bf
SHA1 c3aeb5c8ae9e7603ae97820149c890ada7ac02ae
SHA256 78eea4fbb6f145164875888d7a125e5b345aac5e0ef0e232ae49da228070b5dd
SHA512 d723d5ed09f401428b7f4b408b49a9111789a45a55db63adee79b784c08b48976c8e50b570a715240750a94f69f0fa964eb767201e59fade84b692185d7c13d4

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 c89809069d67ddb1e335486d571b8924
SHA1 6f2d791c48d5339c6880c355fe6f92021e295f31
SHA256 1dcc6f5e3d541cb980e18f18e16ce140b435a597de6a0dd4b552d517ebed42b7
SHA512 3b49df6fbadc2af028fff676b509e5a38da61c268a36e594d54e6dcc03e49c7d4f7c93dd0896f32ffcf020e68b27af0cef4c5defaf9ce70dfe1e176084ae79df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d902e242198f7975c14c789cdf784bd1
SHA1 1a7e49a34d95ec3525b4e1be81ad9f576850612b
SHA256 4364a5aa64af1bf4cf615b1d14754e24d33212d257316151b5f7bbbe2ed26139
SHA512 6f598c0d6a8eec74b87060e6a03ae9fce511e70d0b1539cad14181fa34e8cfb3830b3ca060d0833a4354ccc99d056d4573b36bdb3d3a37376dac3dbd8e906b24

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 750c0171fe23c6690a4b2451f1a6827b
SHA1 263b6dca532b87e904b26b068eabd16582d66e95
SHA256 a6a6ce9a782a7e388cd1620ecff51e29afc6422025d04b90c1dfd6f40c9f581f
SHA512 a2741dad54c1d94d5f6fa21ef703137f01cefeaa9a5fb28087658a9fa8402c60a204dba0a73532746ff3ef221cd268e15619b0956d62b5f2336e5f22a56151f9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8c63332a24cbdb3380eef6c52a781957
SHA1 1c674c286ac68823d404072f6b86b4007aca4759
SHA256 557dae5c11a602c669c08832c16006ffa9725a07089d59c0901dde3575900b26
SHA512 f901f716d1d876731d8b9d21ed9de6db6270fa1e05e0fe9fba54baf4d29cb229be48c0495854b114b9903c67198cbc6272264a778d9b259de55d59fe0cdde247

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b343e7e47fbd6929397cc2a34061977b
SHA1 7aa40224ae79164e78fea7f748ef9ee24a3eceee
SHA256 89fda3b4e284b0964748027b434be01633bdac6d2f2ff7e28e715de9e62b69ed
SHA512 2c3ccf74ce6ddb825bc53a2ea391a23655672fb7f119ca179a5961d549351706e755fc6209179352436c5c96a5d58decd1110bbc1abab654398dadebb511acb3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 fe246cc369e17e5f61d3f197aa440729
SHA1 3c08c6bf6fe353ed71aacf84a82ab2db29ace248
SHA256 3f02e03a42660069b1c927c485d6bfce4805ea95165892b7cc72fc30404c8796
SHA512 b2dc246e5f3d5eecda2a803758fa03278a160f51832d08fd21aa84389b9555f74bc58117056eabdc921d73a020f9e02e1511a9b6336be7a8bff95c1c9af8a178

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3bcb4f6a7e1eef70ca6037dd2b0e9942
SHA1 8ea3bd0eb928bad0a7dcc82d2261ce832df47540
SHA256 b0ade603097613c20207984aa2fffdea134b3d9f9ae401726beb326530276835
SHA512 4697748ef99e4535d1f1de2c83731de8bedd23273a84c8bb7aff277c4475b0edb650ac5ac7076067ef5226779f6052e76335df1746686828137a33fc79f9810c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b88bb39b8c30dcde6b3657b09b752758
SHA1 5a0e924648c6edb56bb457b2cdffc2a77693c618
SHA256 fb177a63ffdb89c078e61b16ac163540abb0ad0b5f5c3baf4a2c12daa09b2d02
SHA512 980d1614a0a1fc0c7a07764a51749df0fe76ed810a37bcdfd358106134551e2a8a9c1819cc308fad096520f5fd9dbde3f0b2adbc6869da28feed191300de70ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 733c7e1bf653a6828dc4fad490ea3b16
SHA1 326d8495dcee58042dae874304cce2e65709af29
SHA256 fa0f02a93fc92eff63acb6cf6cdf5e694ff93fece358c56017aa325ee5abba12
SHA512 793d30feb28568f1b36033944414bda7515186c1c71c130c68925ba59d742b9337a4f9ed33eb3de2ceb79b1766d20fed04e1a7f380804a10448fcc70495bde7a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 927f23c3e3005c0e3c3259528926e4be
SHA1 566e8d190d709d322be95bfe6932c291a3659336
SHA256 ad25fac4bc40215175519f245fac61cc196a2ac1643cd520659af3f4a197bbeb
SHA512 4f02262f97575d92da89cb4d1f31e855ef4376e96e608148ee06d17ba14db2a28789acf4f1f7ab488e5d385f1a6d8d17f7477db6307fc65ecc81b3b26b5ec357

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 1dce7214fe73c3e2c03c233e65dd04ad
SHA1 6bc09e2c00b06c6fd7a1428e137faaf8054bf732
SHA256 91e4241b813a855410eb86690ad951b1f1f64a22e382b30899bceed0fbe4e1ee
SHA512 2b8b015a7a0dfc8e77791a847ec186a4f0fd37aaaef9bf1609125ef0afab2318e711310313a435a1a72e58013890136d1747df1d2bd9b6035d2d4f24649b3edb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0512660bf82919a497143aa15bd55198
SHA1 f391aeff22e832c3faee1caf84f969ecfa0e9b34
SHA256 cf9e2da48ecc3c97a4453776db46ddaf92fab1a6019c49c8ead5ff48ab95dc95
SHA512 d44d8335cd628dbe72a56c7563a342d675f80f0a26f56a8d1c714dee5326f99952d0144d89a83e749ce60001655612aae070a2ed82dfa48e4b69d920ac0bee7f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 b4e46db065756422b0ecdacc8e261052
SHA1 1381ac0845ce8a0a1d2e47b83d0e793bc2422a5e
SHA256 75823c2ad0c11a1091090bb80a0a5855c64f86ea7842961e763dd4f78a075b46
SHA512 1f091a2516dabaac4f3ba066f7ec194e0321f85e2e93dd9d01b966949e0ca700a57ed702276a7f58bd477e34fe57c54709842a2eb86c43b3a1db7bcfe90b3e20

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 969eec058df03fd42e5e3877a4f98af3
SHA1 5f6b360304623c53cc3ee9bde939101028b7cd0c
SHA256 fc1e80727925ecdb7d20fed34d59b9b8999f7872d6928d068f2f8ebe8112d646
SHA512 202b69852cd2908d5010ed0402b60ecd6eb0bd5dfc4d48467820a0c0dbcb8d2010d3383d527784f406cf682155f0e2c71ed090ec9ce303597e923c1b59a68fa0

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f56052a1586f83c8f1940be52fe60fe5
SHA1 6f79c432e95edc1ce457681db53acd26e6f17e3f
SHA256 72d58b160a66f82836d4e69d877d054a615e4efb9e1adf1c0f2578ca29fafcc9
SHA512 d1bf57b723aae752f1379dc9d10ec9494668b0adde46bbc4307bc040aada1f56f2de49c9dc0ce445ce0f8d5a393898adf97562d315f24121a671301fea939eda

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 708e30967e5df374ebc61fce5e823a3b
SHA1 43e0b4fd3fd99820a2ab2b4604b540a03761b2b6
SHA256 dc4a0573bdf3d89a277ed63fca720b296f4e090a66af2c5d244d7b9b90560555
SHA512 b733962c9056f32eea999fda951dc3db0b8b372ebfeb5b436bfe54560ac841d2850c8530c46d4af2d5760e065fecec717f49df0886b13420bf962d1eafd61d0d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 c406f0cb683c658d58c8c7ffd9fa3360
SHA1 9ff6c95644fbf4dccfb8f013ff23dc9f4c3fb16d
SHA256 f2c6629f14df6d6dc709c8030bb819000686bc7b7d8bb11947ed0ffddeb1dcf3
SHA512 6597adb448048dfef5b3db32dc16e2559282ac2bb6428fb7308ed25e33492456ac1f256ba4c92ab99d2e81a83f30102cebfae795ec189693256a317f6f42efed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 4bc39f98f4bf411bec872f2a8ad9f6b5
SHA1 ec67d8a40bfe01d4b89d79575549ec8b97f9044e
SHA256 118959d24b4841c09d082b7b8a5cd4a2920ab5c1465ff5c9f5fce0ee1f9bb784
SHA512 7435f2010fdc810308e800a3488692c6d1abd5ddc2eab2d1792aea83542eb9b82d2bd1d2d2851c7542dfc4ea0f0229aeaf48b09c1d396a8309d2a550071195c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 b08b9589fe5db95e0c784476e725ce53
SHA1 6865b73621e6104bed62dd149a4218b74d328d37
SHA256 377cddf3d736695ef72f6feb1d6d1bd514dbcc2ff7d23576867275435a423968
SHA512 d51f67acece3be705b3a512caaba34eacc85284f606ef7d4fc242992f68ff2cb966c421d4dc69f07bca28a24857ee7cccaf060020cd49df6e6bc621b408e6bd0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 4b1c29b2497d5450f98f21027bb88794
SHA1 3cefe97eb1ef9d16c9187015f9caec9999de4a76
SHA256 2d0a4fa7105d9e892810f170eb69e9054a618b2a93e2409d965b2f0305c23c69
SHA512 e4ba9290e3da827bda3669cc8d6359b309f6d91cd930831252ec8406bf35a1399a7ecaf0067bf0ae65ee3d234c6bae2f40dfc1febe430451f0f9dde7a558cbad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 1dc333e69e9a7a2c3317e75f8e44450b
SHA1 908e70c623f51cb166d19aa486e71dea01971886
SHA256 ca40e2041150f1f1c405fa876e07c0d9e47673ffee6a71463f20825956d783f9
SHA512 0749396cb33279d1be6ddfaabb5b7aa9a50e1fe7f30d47d4f28a6b39911247d2797af8745e364d363b3baaf60e7fb85b3ec3a9dd88c696b8216b230b5784fcba

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 8ab70323e320f13c1d4eeb4f413bf8f4
SHA1 6e2eeddfdaa403839f9091565720f0b55dfaa7e9
SHA256 371088b9795e1a8d058b2524f96f0d6f0a45a8da95479a4a4a8aa3277eca8a8b
SHA512 3c48ec80f11379c880df8044914b59c9eed9ff16217fc59a5cb2d86f3e8f8ce3e4b2ffe98b770243d3da96f170ff8c651bc6d8e0ac2b41f51ff3d0df07e96a87

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 66499003a38e8594d084d1b78e6f56cf
SHA1 0d41294dac6a9a23bbfc5f1206ec0fc2826a76ca
SHA256 e38d809eb9cf1b6787773a55c540e5131f2f6e22be4d4da45fbe432b380e0b50
SHA512 bd548c81949b6a861801f83b610f6a47e16656114a9b6fda38b236d226989c2ba8ac24db85ff7fe6a0e33c84cdf992b1280b434f156f6b2456bc83ecb74189fb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 ff8e5683e567f09fa027b2fc36c4a389
SHA1 ba656632365b40c93b0251cf4fada4a0f283ecfc
SHA256 cae5a8071eb68df964aa0882089ea6b09c8e6bb6dbc9984fa88eefe3f609fa13
SHA512 935a0a956d4fb57f93594f0ec1784539ce9bae81e1bbf7ae5f66688d989340223610e798b48b93270c828a918ba6438441a3ad1cd3e7c3090b4c4c6370bf381d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 c18d18a232a717cbda461b4d910b1003
SHA1 ad90ef45ec859f039dc5a19872e7a958e97ae905
SHA256 2d25a32a007813841e49648b4536d86f0290e98b437fbbb939adc6940ff70759
SHA512 170b5a2a416a46cbfcf948ff1c95be29343e1ed59657da6de0ce0c0da0df3a506bacd927bd95beb48b421119f84b0d9ab2fe633f939065c36866a5311110ac12

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 14bec307c812b136fad84cb99898c51d
SHA1 ce35f374120e9a709b6e9f6eeff5fa0e168b9bda
SHA256 4dcec7a9037a3c5e1f64c614091201032ccfdf34bc1ee7502ac487a6e3737b34
SHA512 490134824cea21e1b46f04fc0398a27be77f9511312a6d3dd00d42c54d2bca4e95eb73d75b76e7e75decd79ef09974dbb35e1203585f234b4a6849a768a81738

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 edc49d70fa9b9c9133915c1c33a2e3b8
SHA1 c4774d815d90e234b8ab4238731533a383d46f4d
SHA256 5ae9e27f835c3e9a0919555d9bd0d3dc521b7bc13b23efae872b495bb64b3220
SHA512 962471d5279599e4cc1e72c10caa882ff4fd3e51946cd2bc857f73bc9da3a14d5e07db77496a10464bac40c380a64f6617b002f59f307858ccfc91b6ab4bf1f4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 bb31c36a1e9dcdd02068d174956d47cc
SHA1 7a7aa523961bf9272d94f3dcb71ccd14d905bfe2
SHA256 c8413276befe71755140c36da8b39cdedd1aa7f0c0422bbc619703ae0df8ba61
SHA512 eb3bc94001109ddb66233812eceaa6e749a59a0ca71a0d33f60e12e4533bda2fd21b99a36aabb0e20c87fb2d77156ef4609e5961af2ac135df3bac1c875e353a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 d373a123ec36e03dbdda69ae7ee1c65e
SHA1 276b3b7e1d131af729c567beedc697b2420b7896
SHA256 d6435a30199545c6ffc6d6d80be6cd8752fb4b3c2e24fcfcb299f84ef814e3fe
SHA512 cee663c116f6c232e89d8d78c596d4e2f375509484157950de2170e2fa24df1a7fc091159cc9da3d3e6a58fe82038621eb3e33581e4016c3d9cda55799c06acc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 bdc67abccc60f96f2c29c5645bf7bf44
SHA1 1c556e43172b236153aaf74f4497286908617cf3
SHA256 5aeba9bd02dbbc15c3314fe8bd39d2396c7a124f72584e4b5f64e34fe08c13bf
SHA512 db8ecaa4e1d34c5fab6154b94e25460ee24c0f23ae51ba4570683d9840af1a97c1087d83ee0f142dad3cdf8e01cb4b3426bd3ff3b354bb4c25501e8234def2a8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 baa28941a2e5aab8f8ff0a3a9db95da5
SHA1 b85922938f27139da4b23ad38119c57f173ab743
SHA256 d44f77de788d247f1ab7f8301c44c57d4eb046cdf7c4c3a37d4f40ea34e644d9
SHA512 e9f35667e61ecfa82cf9a05c53e122daaf4ba7a90f59061ebcfe88b6ba9081e7ae9a5c66b6a78359ba34e051052205fa96b60b0209a7faab50fa72203ffa010d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 f40fb454f09384cf243bd50e3b22ba99
SHA1 b01232483a5d0d926ddafb50a475e2e6fb2d0808
SHA256 8e1090714f7ec9d0c268c687255acd7bf625efe06de555f42e5c831dc0f777af
SHA512 a9967610d0df838ccbfaf45c17ee274a503c9d95cc4b5b36304d56920fc6927483302d19f4af8ddff77d2804c5c18c43558e9b3479574d63dfea6b985748b0e6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 cbbc0b0ce7da52c53f740df82dd5d7e8
SHA1 97738f4247b652f2ca23c7b185c92900c9aac081
SHA256 b67c448e23cc92417db984652445c1713cb4c3de3523540e55b2a12afed81aa7
SHA512 223f817f15c551ac4a1987b96149accf455c7e420b2ef9a905ff9d19c31e9a8fbe7238a2046e45577ab54f7108a70fcdedb44e02052e81ff43d62e12cfaa360e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 dffda428374f287758a94b83f0cb4046
SHA1 978292029a52aea818c79384d9e82ce4677f68ca
SHA256 626a216a2419030d67b7eb65a0adf00b5ff91156622fe34837582143117891c1
SHA512 06a5614c45d372f671eafb52d710a29ddbfede7ae8f9696b4c11ccb1c8393c63aab55e579db5010537ff87f223f59693940d3c41032869555dac8fdfd1988b7d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 c93786be5915a2dfed90aa471c193953
SHA1 98d3733323a6bd072ef7dae502ae496cd40150fe
SHA256 da1995c6dfb888c988f02a8bbae3aa05be575c70b04e787221c28800c4f6caec
SHA512 d2331ef2205f96df368ad42353967c9a680dd0609c9c3784e7485f8d8fdbe78eebab9833a485167d177ca34e79eb6457335a3809c4e67f62e2cbec6960716a4c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 ceffe639f54afd2570adfb489a3f1ce4
SHA1 3452330e95dc44c08cd96246ec2d790348294671
SHA256 ea185edad7b9ca47df85bdafea8839ac4eac935eee6679be86bb0a92f9841f50
SHA512 5a4f4322fc2e1e87ba992d2946d4d9efb3be97aa49936e5820fad0d9bc73683173006554eb791cef480ccf4360db88b9214cd1d310af6db970141e161e579331

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 cecb0d0189532ab4279c8dfc9834c2ca
SHA1 8840fc4065607db44437eeb4a89d79c4c6a452e5
SHA256 8ebd94287ff889297ad5f0290632d755dedab9310aec48e2bb7af5b384ec8b61
SHA512 53444b91061ade732b7d687404bedddb4e9356758813eada84b2273b0b3882169c735565e77c8c67bf7904ae11bd8c03393eac9b5667441a4b6936d504940774

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 84bc15ea20ffb2759d3268163b492de0
SHA1 88781fc1e2186c5e6b8e2cbb047530b38abec434
SHA256 2b02287facfa88e89f2bc005bcf249e5d6bf361efecd6e1b96d0a2d4d0d39a34
SHA512 46584409487f2f3ff0b28160e55dbf98bdf69b5158cdba0df64a6bcc6a018d5b1c237ccd22c6c6f5f70023f2be8a15342a098317ea21e7ab490e49d49d64154f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 3fa5e9293aad26edeec293b2d473b27c
SHA1 8869774d6dc7efde204e5ebb45de1aaf2ea8510c
SHA256 c7c66544642e4bc619568e900f610a2324c31f75bbe140c4b5a36289100fedf0
SHA512 19ec7ac91892e92a21c823bf6368f888f468f68b1a5eddebe66d4d98e98019935d094c10bf72adbd1f05bfb0fb0ba26df6a6bc3b8ef2e33ec916015876399122

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 4465591e5b4cd6664f53fce2f7d42cfc
SHA1 552d51eaa6fa1d9c0af259ef91a4e2b5f90e0b34
SHA256 1cd497914940bfb3d03048fb2fc78c4b92b781e1c5d81d19882a3b93005fdf10
SHA512 aa3852e4c85d0370fd986bc4d7bd2848f094876747d5f75ea651714d070aa291a8ec3fe473e9d1ea856c624d5868e8e9ebce7c24e553d84ed1b02e7ee28608be

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 65ac029d4741972f2ffb5c256b66e8f9
SHA1 83279aa8888f025e4ea6a9d1e228bf0caaa232f8
SHA256 89b2a4f2ecc607cfbd0db954a03744d2203b8458586133f99870828a1ff504f1
SHA512 1bd99c2a389c5e373490f3e6704b4057df3b5db88b48c6fbc766e2db024686526b720c2e74275753831b23e6d2c97f0ac2443e04312796cf990f57650ed68d8d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 8f81e9da44b73c665f80ef93aa8ce5b2
SHA1 26906ac7aea3ef7bcf0eae087876477207c727f6
SHA256 f06986ac9a362dfd0a4c1bf8237a7c7ef50ec5c942825e7225481cfd6d7bdeac
SHA512 861333efb280fcda8eaded3ff6734821ae84745c33ab9322bfaea23e4b0f4b695f90e8da9a8ffc74f49a73cb31003fbe36f37b6eb8b9f77c13a44b9bbc9eb26a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 653f02317cd86f85132722cc944c9c81
SHA1 2e85f118c441715c23ed51f7f4d224fd2958449d
SHA256 98717acee83a102a3f1b61d549e6d8a4e887c622d04447fd66958410eaed11be
SHA512 0c49f519936ad712680288f6b4b722bf351dcb535faa71d362ee15533cf7ba7aed2dd2378c123d669f5337c3f67ddff392a39547778430284c47deb1a5523c03

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 cb5165b3c6e44e6a5ce2cad93a64497f
SHA1 3929e3ce75d7a86a47e9c561a1e960b32c332ab3
SHA256 dd69a3beb65623429b3c2a9ae40d5eb8fe7349448f86b5a68487d4271ae2fb49
SHA512 cc4cca84ff6ed71b645b51cffd1bfc113972cfbcf6abbd73cc70dee5901e7fc37c3c82c872f9f8e51043b07d3f83b797e53cfd248119fcb57a9cf632dc7e5f60

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 b3caebddecb4af7805abbcc571d5a1f0
SHA1 a83df0c063951af557e0210dda069694ac9732d0
SHA256 90d32bd018b8b53a7d97aa8ddef01002750c93fac9fb7285c08ab68ab02f3c50
SHA512 c7d8e9d5127c85d54b1670a440c0b9ac7151d5664c1b0f24d849b498fdafbe000d74809babd895f08319664e19a75eaf5d35926ecac1d12d658d6fbb72508c26

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 28c4186cf420d6f28661db8684b9e537
SHA1 0b3a8045c035e7d632367bd4102bebcd2e37d234
SHA256 fc916ba59e01fdf615e63464a4dc76d7e21ae8aa314a657d6f27a9b6f9f72bde
SHA512 23ffd0daf58ef2198dc63081e47cfa42c4d5999d914b2f0318d589bb8523946780770140e560d0826901ff08acfcb270e2f5fd9cdde14d54ffb3b48c3c925cc2

memory/4004-9806-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4004-10805-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4004-10906-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 af13b5409d841c1f2f7d71467f863303
SHA1 0dfd77e724cff5e88d4325128bf629493aea1e12
SHA256 c27ee44aaf8c7d3f31a90b55c276c387edff1f26604bb70ef646682a626d4559
SHA512 e30ae9bb137f69188ac59f778ca1bf73bddf3998e89cfa2971a76793be9750a8352743b4ac41be428aa05dc59f76923448002c53b5848b55af2e7b120d4db50a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c6a4b2928d132da51c3ef23e69aabccd
SHA1 66b4c11e7141f7c7f569924db3747b03f887bc2d
SHA256 d5a821b2ac25935a03da202ea6d8f9ae21e7b9bda4b76e193198247ea7a85cf4
SHA512 ff4af8cd533760ddf9ceb8c31620eb2723dd99269d6d49427bee42bd40c2436923df93b2599e96a2c6f815761be7b4248892620c5362e2ce2417d49e87f8327b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 995b5e5aeb3c0fd3d5fff883e80822a0
SHA1 f809b921c45181723735a66a49e6ccc2c953687c
SHA256 395296e5fcd677b03d4d7b596f4e9362be3ff4ab1d03675150322bec35575955
SHA512 90faca3ea39494acbc24bba9d4568b82d2c30cc02bdc0f0e0e594829cb7a970b9d924d5ab8497cdb5031951c474af5ba7406e6a46ff9f7d9a65c1ad158d8c650

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d0d2816b213de36dd202d1ae1f28a521
SHA1 beae0a677315b0b655de78063a9ac42e2f0fd53b
SHA256 2f54465bf46078bed88851ac528a5ac14ee7a383575eb70f808cea8a9ad19f34
SHA512 722e3b24636f64ff2410bda88ade3845b12702fcfb4f531ab63324647caddc1f9c7335abf487466c7b4c7af0a2917f997a0bc4c6be72141233cb7a30ffac777d

memory/4004-11209-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4004-11210-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 b3d1a790894c6ef34e93c7b176994196
SHA1 2a01d4a052d3ec601924a024e982d35a1173bc7e
SHA256 3879c10106737eccb61fe2adfee51c461f39c4ee6b7f8522979fb4e2c0fc63c1
SHA512 908ac9ea74831ca63ab315d9174f63b96a29db199aa5194946b0b68eae874f225cea8c8d0bff9f649bdbd41767148470492f69a2bc0e366ad13735c741f7b90f

memory/4004-11215-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 13:58

Reported

2024-11-29 14:05

Platform

win7-20240903-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2191) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Failure.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Library\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_579f12b3962a0f4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e140a5fe0d7c6a54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sethc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e257fdaa3eae63df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dcfc4adbad7e2f2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_6.1.7600.16385_none_a77af0ebe7f8a1cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1ec173f83bb7093f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_774124d428119f08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.wsman.management.resources_31bf3856ad364e35_6.1.7601.17514_it-it_b96afc9bca6d1bdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..icsprovider-library_31bf3856ad364e35_6.1.7600.16385_none_adb6e8740a39ba16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artui4.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_140409b2c46fe238\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_442c6606061fb492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.xml.resources_b77a5c561934e089_6.1.7600.16385_es-es_4bd2e4b0dc5dce90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_en-us_75927153ac93fb86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9ed373c17361cf1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnod002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7145c9418d473b42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-v..re-codecs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5705ef4539ff3bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_b43babf4e5786588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5c8a8ee4f97b7f12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f847dfe4592445eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_s.png C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.17514_none_a20056db9d9602b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..chxreadingstringime_31bf3856ad364e35_6.1.7600.16385_none_0f8ba5ee52454454\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_faxca003.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_90be8826dc0f35ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9e02565e9f6c777c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-van.resources_31bf3856ad364e35_6.1.7600.16385_es-es_705ce0d74e757502\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-notify.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8f5b5c33ab81fe03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\gradient_onWhite.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..mprovider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_127098b7be06ea5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60eecb3224301366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_832741584af98e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Sonata\Windows User Account Control.wav C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a54395e36fbc277\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netg664.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2682446c93017f7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.resources\6.1.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_divacx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a66ddcaa051c22f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e27ea1a169962df1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3f402d2a88e586bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_755ad90a15bfb5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15000b5ab67645ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e1d445643f502f1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_3c1b29463bcb5626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_it-it_88b29d2ad597c39e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mobilepc-sensors-api_31bf3856ad364e35_6.1.7600.16385_none_5e64cd3b287ee4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_policy.6.0.microsoft.ink_31bf3856ad364e35_6.1.7600.16385_none_240fb5f394757090\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dc1fbb2561620aa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-whitebox.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c6b7009fc64943a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7601.17514_it-it_bc836c8aee486dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_f10effcb5278fffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_31d6665d77a39138\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Windows Startup.wav C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_msbuild.resources_b03f5f7f11d50a3a_3.5.7600.16385_de-de_80aebca910ef4374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Hardware Insert.wav C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\6110ecf056356557d5798a1583a1c434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_6.1.7600.16385_it-it_553bd466877d3eee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MGXHZYNXAVKTJUL" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe,0" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sWf60P7W7JWZot7.exe" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MGXHZYNXAVKTJUL\shell\open C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b1b01538b44262565488586bc70e34e1_JaffaCakes118.exe"

Network

N/A

Files

memory/1744-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 c3f458d9082cafde60db914991db0e75
SHA1 9fe93235e580b3b83e30aa38a41c89ba6010bb6f
SHA256 1692bcf4e7a1235b8d6d2c8f6d820bd2efd8d95e47a4a1d636cc62f126dc47dc
SHA512 5681d564f57eb4831ba1dec21676f48f57699e003e216300380dd1a997b08ac3a756525b2c509c95c129497c6a8be3ab96281172fa73b5d9318dd69844b89d79

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 bbf1fe5ea7a01ad7db87babf2190fa78
SHA1 fb3825c8a971ca033e458faec1627b3bacb51ba6
SHA256 2492a3aae74c905551891043084a82591745a28c2066d842fe66dbc813154191
SHA512 1c04520688e6bd4dbc1bdddd058d849bf9159b90bf38104662a1c75b663daf38c41579fb8fcab6c1ecfaaf6af58094204dbb61f6087fccbe9589ff1793ae3111

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 9f14b5b3dc7cb396fc735a30180b613f
SHA1 caa4c3464a064733cd13ca2a0cb0a3387594bc6a
SHA256 5710c275563d304c1ebabc019cf4887827c099f4b62b52923eee5b0954853de4
SHA512 10b7d3eadd926161a98368b8c2f2442426bdd924521a4c1f4ab923e4bc2ecb4a4e085e2544418b9f2700061f2a112324fa62f908ec2b57ea1212752b37e7596c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 a34d039ee5b1c8a1effc01a709492463
SHA1 7de889f02091cb46b3c2ad6e0076395849b930d0
SHA256 a6da41b5a78b6a9d3a562ca4413e1773d0d4b05be7634a5fd840a57e1db0f3ba
SHA512 86ac5e9e4e82481cd3c0ba945b1b55444759f12868de5d1040611c17f1205af3125ce3abddec17ea0a86f989bf764fe8f16269b03583e71837c2fcf74a5b2840

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 215c40eb7d4232456951dc8224655e82
SHA1 9853fe74b9056aa927ed3529481a4725db82b99b
SHA256 91db728516393f4a459c8ff04fa7ec2775ad97492d8889bca2d2526fe7fd8053
SHA512 465f27bb07864ffe435a97147828e7bcc4a09bc5208eda33410e1248fda712bb302106297fe81286e279b92b9b780780f8c8731c1957b6dcee3bad158f47b848

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 dfbf3bd35548a94d8ba41c9b0f42772c
SHA1 9350eb729c3b93a2f3daac58ab790c0563e7b374
SHA256 3db4f3119a325c3cd98366b69e543ff8785ad99c907ffa95a3c57afda976eef1
SHA512 3f24b0c51913d4f554585ca96e2a0d19ce9a42dee7a851b2951463678de022e0d5a4e946fd75ce29f5f75e9f334ca21b9f31061cf16e1de0684988071db70844

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 5bc6e1576f3dc931a04fcbf1c56b23c2
SHA1 2803d6d974f7304ce7fcdc1da37f0287c5048d32
SHA256 f48b5a8735cddef55b70ab476e4801481f4a5cbbbd77cc4d7a16968c5995dca1
SHA512 20bf90fb3ca878e52c795f0bc9aa93b45c9804ee211efe5952e80a8c6c145317d272ca4fa330395f298ab7222d42ac11718197439661ba2a2f826f4a3ead2ed7

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 4abc72dee969e07450ec2711b5649560
SHA1 3e354b0ee663e6b0ea62b76a9da8491d5a2c0f03
SHA256 68d4ce9f75e0f70deff8483d03585d1c0709db6f3f9a4dbf33a9a220d1380a1f
SHA512 4c0a97c4f93381c87b2878d01e9fe8e250996d8aa51ce94cd059cda4357bc4efb0c73233ba6db4642477d5f5b303b0e35b069ce9ab0b8eeb15fd74cf8479186d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 3daf577c234e027398fbd087b0f473a0
SHA1 2a24c1f0ef17b702dd418c1623bb62acc1b32eea
SHA256 b335be01894045bdcbccbd674f3f410585ad8218bf448250af77a75eab0dfcef
SHA512 953a7064587a6b035ddde503b75248eb72b59b71accc23d37cbffe28e2e10e256b7a7bc7fe01d715f78334e475e0315006f8a323b66fedfe461b8b1085a72e51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 78d37c1f1e3bd686b5dfd420f26e8ff8
SHA1 41f080462c90f427a376babf93cd3f38ebaee6d0
SHA256 19c5bb33ed6f913c33ad49a75bd07eb79710c3b3bfab33648f5c41b03697a52d
SHA512 844dc84b379f71e6b19190958ed12e081a30136e25d15bcc1e659e9c9ea1d8cdff835ff0c10c9fc9931a95f1d34a52dc7d7e52168cbee31ccf06693439008230

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 8bd58c0fbdaae9dfa4a2141c6e19a7df
SHA1 5f346e2258ce68b00f571619fad39c1ab95f2ce1
SHA256 09211e335aa0c097e294d693baca5319c87321e4b4181dda007197fa61d53c69
SHA512 5ec1d0a70efaab331cc9831d2651f79449c51e32f57d9ed8fc893d35f35429d1d1b0f8cb03e831b135621c39fcd67cb7d2fe43dd6d099bd4f7cecaf7d3d05886

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 5cfd122e365d002ad8762440eba2c9e6
SHA1 885814c322ddc1e318243ae9570c7419a54428c9
SHA256 68e7b38a3dc6de6ca04dde4f96ae6d3431860dd51e5b2528f054e3fbbb5dcc17
SHA512 967db88dac739b3b0788d24b8beaf1e0231b2f73116dae72e60159f2e10e3e61fcc4662b3125689a097856cf6d9364af885785d74afd147c8a6496d7d941c48a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 790785f2638306fcc79de6ae174f175e
SHA1 cfe6d0937e78b4a56949aa9ad3a6303f29390020
SHA256 ee57add597c240a22e44c4f0e018e30373974b929f3f1e2753f8ec6bc866a332
SHA512 29558877105fa8e42549d53e56b2d78d6f3a2003b87b2b37bd430ce7cd0fc9de32fd7b5f8f035bd3bbf514192c9e637694952674a70d03600ce6a6c81b993833

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 1812b4d1ba1c6aa8da8056e65baa7529
SHA1 29bcde447eff3e7567ee29a49a4a855a068d42ce
SHA256 a72d229d3174825a168284ea4a396bed3ab369cdfc79f57c64ea4a41e4ebd93c
SHA512 df5e032d2026cb257dde56f1e4644c3913e956d82c672214f048284fae1989ba426f7dabdb240e0a3fbd6208bc51d1c6694288b28c65cedd86afcecbce6f4dc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 f2584537b5790c2bd280ffc636f47f4e
SHA1 e4432eddcacfd59354695256ae9193062a08ff11
SHA256 de9143979594af8d7f2fb7062c149c25255b77acbbe98f1000e523bf273d364c
SHA512 41e0b2bc70067a343e552fe82498c66279e7994f91265f4dfae98d0fc0f668228a75b6ccb99091e0572b99223b78da0489942b186b943ef165a8bac624281bb5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 5288e22694e13927a2c3be257c1a9f34
SHA1 153c3eee896d96d5ef0cedcd1e6893f5e8fae9cf
SHA256 867db4d2b07439822fa0f348d54442451c11f50d741db5c59541d94d9ee8f1f8
SHA512 baeca0f550fe825ce6c248696aededff527000ba368fea0fa8f2b02674d9324f8625483c2f3d42e2970cbcda45cd1bd1afda620ff891b09d98b08b2b4fd63ae2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e3e11b68992ee4c266d16864fff36272
SHA1 b6bf85be3b0f7e06672fddf0e33aed04ade878ca
SHA256 c9d5a231c92e8ce0ff5a989c07e97fd1c6ee1a01d828b741ea1459192b05c3cc
SHA512 0351682ecc75f877bd03c18d756bc542ffbd944544b204c8f8f072113275df5d214907639463653152d82be40f2ff34ea9bbe4553959202d4eac1927256cab44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 a5dd66c593e5f658a221dc55f9f813f4
SHA1 85b29ff63650643584e157c73370ef28dab4f84d
SHA256 1c82b05260e8926facd9060b0d3493a051d16a1e795aa035b7e057d7023caaf8
SHA512 14b575d41e1dc255adb323a06626994f6ae94500b033ee76cef9e9f23b90a7ded64fe7dcfc8b0a62c5128f11bb19d38bd6c0846c0740bd347a41df1a67c1d4a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 4c35438568b5334290fc6e645ff8948c
SHA1 25c4cdf76e76fe07ad80a69b687d83a4c20a5ecd
SHA256 dd47a34f487a36db638febe70c75691b3ad38f18a1cf183f179f2874f8f391eb
SHA512 b513dd24cccc1d76f901f4dac4509b85c85508c1cf1730f902102e389fb766e3e3b011dee43cfaac444f2b0abee0c07f2bacff5d48188793b0cc2eb578920a3d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5a9c12947857f697d07e9b607b5ce3f2
SHA1 78d9d60a56197e615b5b587f07d38446da47002c
SHA256 2079d1307e7f8c0e59cca4fa51cb33cf821afc0ade724a5a5e357297c619b7f6
SHA512 e5dcfd2525e55fe33622a8a14d10d4432303e26dbb5564fb0b273807b73eedccf22390def027c07d27e6727b8dc0c4cb1afb556d54f64afd4fd3d1c854c19610

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 4d14ec1bd9c751eb3063ad7cf89bf389
SHA1 7a2491cb9abdde719b4309bd11af8d5a476f5c46
SHA256 7587661c61ad867695ce7dea26f387e61129a91c2eff3c688dffbf43fc12c535
SHA512 b119800aa1d58bf9469f5fb76238fac7bbbd0c661395d3a96700b828f548fb1c7f7d3721c4100f6ca674bfada6ac4f330e903e2f2f45ee5ce808f5c403067db7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 2eccf5982d2684dc5d3c4cd18b32c086
SHA1 baae53132e934f65508cec217eb26142923d4845
SHA256 e03187b262d28076283d024710149b96c6f4d07b58daf9ef58ff893760845d55
SHA512 cd4540f8354b017a1fad73524401974ab6639396330ed6e21094cddf4e0d5f66d4a720f34d913d3e9f2a3ec835fa83f86681d6532c9ef1909687795eb97bbe00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 713b1ee34b0386195fb19310e9bb08e9
SHA1 91dd863232af8249977d9f01cf049aaa32922dd7
SHA256 f1d1bca301da7f545e193e680eaaaccdd1ac6a719f64a50dd254edb9a5a2add0
SHA512 dc634b057da9558c2306a6d36a043c15984f898fd33818604fcd31b9c8243e09c818cdfc0ac21b1670cbda1dca4e474cfefd01bcd6ba6201409720256b4da933

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 f78cf0b127fbca0d5808c4c9f8d5b1a8
SHA1 defbb99d1fa37fe2247c3a9545555e65d2986bba
SHA256 fa472f3e222e953faab7ebdc785d4604a75d08ad11b26c2fb0c9c1266d3417f9
SHA512 7c01650f429821406abc6ff5096335b3030b3aa1e5255e17617a36cab36f9e3f5ad2f6a54f9df0fd533ed774f014fe26579b0dffe7732272735656db405c1441

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 0fcf9388619e997955a9ba40f7e7b655
SHA1 788333832fab7acd437ce93421ffe12eeedd7c10
SHA256 b7d3e98774ae2e995db32d26765f4043ef52b083da5b44c3babf64662f58fe5f
SHA512 65c1ef2acc1891186560f81afcc9c92973a7ae970cc9b1f35987302e30c670848313144da7484a89a20a4fb833f160baa7deabe1ea39946e135385ab720330d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 a85de44bfe26590b44ca801b7041fe1b
SHA1 68dbcfec93561ea5c4aa16d67d3613dd8f018b9b
SHA256 7f0e645e797e7085de0bd36b797993b4b3b2957048e18afc9039bf9a0ec9afa7
SHA512 1449d19bd3161aab97fa09666bdf7c7dda95456415b5782b0e205704a5b46bca4d532563e17a8af02f64d702407ea444dc32cdf482e8ab9bd84483f55f50c694

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 caaf819615e9c4d97bc039b876dfe881
SHA1 887eafac38486ab4eefc6e82a3a81ddcab9fd68a
SHA256 4d4ba2fbd2c757c096174158a284a7af6c84ae796db3bd985a1b7fac67acb172
SHA512 e16ddc9c4948a5bc01e0cdb76f82ff8768e216a609a22aa4dddd650aa5ecaa1ca3650fab7f9bb7fa763231e194a79e23f2715995d956318dab14ac5aa5a2d1a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c6cf5d0cd7e477a72a417bd7b4a5201e
SHA1 65ffdc34b070d738eb05efda76a2d613c285639f
SHA256 8c2cfb8e67e5ed219be22d31519c7d81a2b3d60c740ea62f140d57d32adf3d02
SHA512 0f85161f9a37248864cdadedd959375ababccb468c3b14a7227e7b90f1981ba832e107fdd02ab290f7d2e159dc92939ff159458182bc2e6b2c015ced06d63a93

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 2c25c626c8e22d3b1b2aaa8c2246c363
SHA1 cde3e6893665ab1874d79ef5291961c1259f4b0c
SHA256 8ed71004004de08278a288890288bfbac3f0ea350cbf96ed352c33f165807eb9
SHA512 797354f841e48377e2707f2cb8cca3fc428c6542ec061715e55cbca913dd5d13f830c82311f404138488dabc771366a160781f8ede25af15fe605a3297c4ea2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 8477b2a5e03e28b22a42aa2115154bc3
SHA1 640b0c1495a9df08a18af3fedb8912f4b1051ce2
SHA256 afc1b9df68e2e02f5a1d6749bf005a394532516341b69c2c9356c4e23c6ff8c1
SHA512 83fc662835000a01f6d2c28333d48f357c844b424cd2ec753049be3ad7ed5384170ee3d696e2e06a9e8701f5ac05a45cf7f161d6f1ed475b6ac6faa7294b4153

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 86e5cb2172ee1b7211ee67c4c668af22
SHA1 b093af0b280ad322594a4e590e02b795ed85f68b
SHA256 133766e4af6d723ec6c47bab759b2ec4d5c96ef06100e986208fae4d1476f7a6
SHA512 8d4d52189444442f3c5c01168ded2fb62de3f759a78d6dfaae19ed56e0fc9a1c40822e2fd6994862227116d0294452dcca2114beb3b6bf99c2e100105f088789

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 a2ef68eeac00a0bdd5f57ebcf118c9e8
SHA1 c7cdcb1a08aaef601e76c19cf8afb9f29cf1f4a0
SHA256 da6af3cc0458d21092735b9101d9a4829df01567ea630a00cb59aacedb36cffb
SHA512 62714a03ca89d28b82e4feb480c3d3f444488f69200db44f4d62e0fbc096afd4ca2c082da4db7346644ed7710389e8aafbedc5c7ad5ce73a2db11eb295f3b5d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 bfb3dac36c07011f616d8132f09283ab
SHA1 31afcae250c18ec1e71e621a15b4919e5f44793e
SHA256 b29b8c19a91d151136668f42822ff6f01c9f897b56c4ced864ba6dcd0a6b437c
SHA512 939f5d1cd4b7d7290c8b932dd006e3e051fa94370e673d21a3466260e2429441bed15ad73593865d30daa3caafa36a8c0a7f66a895bf7734b1be67bf97587145

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 89104b6857de6cebb6e766d0868b6747
SHA1 892a3546ad08eed815a57c831c6de796031465e8
SHA256 1c853e99f75b497d4ee94e667a273030849a09118ae6d1f2bd86745543d4772b
SHA512 71cad439dd26a0f098cdd3eea3d1bd33e8dd7d98b85a56382dadfe38738ad201d4f5156e4be55029f56d7b5a6ba91ed77e5743eab87a3fcfc3c22767f6ef75bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 994c7ef057b4d6526c9d6c19af5d65e3
SHA1 bda10aeabb5632287f7787d8150185d5c0c8d094
SHA256 c0e48440cd37f55a232913def64bd1295c61884444bf49f30c77585e21d7802e
SHA512 2ed765ac61c1c882e5ed41a210c5ed0febe49b107420106b58d2264cd523dd04f996fd6e4036567a8bd1955e7a7b642c104b96bb7150da8fae67fe9785c589e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 5f3bfadf6729547d89a1350547478231
SHA1 757196045a3905cd0bb835f04f82956716a8bd0c
SHA256 989181e461ceeaa26178fb9290197a66643b1c867103719169e5aef4ec788490
SHA512 55ca7e654319f9fa08b2e8d7b261ba7f3bb038475bb8b8fafc484f019358d6cf5cf2bd512d05007ea550f59d34c7b31ab1b70a51780da1cf4052e13ca446366f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 988567036d42e4991d522daa620a5320
SHA1 42f17e4146831f7c3eaec9fa183d71a6757e24ff
SHA256 94843c24eb8be8d59c86fa3270698ef5a6ea31a3c313ee40fd8e82608503ea12
SHA512 202ed975d3701860f7199330521be54412aebf77a0f34655afaf64d361751f535a2def34f61c3dd5b4b78a61bff245f0d6d14171266716ce19a1d7abbc446962

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 50c7fbc1a92aab2ff5de47862d8bc0f8
SHA1 59c5c4c9ee9f0e5b16d6ab9409ce91e498682d4a
SHA256 a6f1213d3a6f89dd9eebdec5abb2fd1d71eca822ecf4766e6d40d47dbbb2d521
SHA512 61c7477836236d0b3534e2fe932a8db49a2b251e7b75742d2d21c1156f4a3373715124b67c780bd23509311d35d08e59b85a33efcceaaafb7a0740e6efb302d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 612abb6643caf2a2068428c7583b09c2
SHA1 612430444579debc7f2a1ed3d3d94dba774020a1
SHA256 8d7fcfa238af87997fb9f2b3bd1008649f0e942fa8074222024cf7e6324cf6c1
SHA512 5056cf321d3bf6a20698851fe31c338a126ea635ea001f90107d6acf88f0b4086db483f74513b2ce9b3bc4f8eb954212a2ded3bc0d19beecd1ab339204b21d1c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 8854f799475fcc26642b5103f73e027e
SHA1 964ce3bc69a8cd1b93137a58c21d7c93a98236a0
SHA256 dde0c08c8b745cec4fe845db1d250acaa2c8f073325a6e592af4ad44fecc94b1
SHA512 0395a2c478fef7dde881e6599444e94dc8dcd25601ace8766c74335a79521981cca74701793aedb49cf4ac2557b7bbfb1436021dcd5a91c783e99a7fd6106f4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 50024c4516785bd880179f645c54aa06
SHA1 f3d96767591e9fcce2b6e7928a037d1c5469c57b
SHA256 34d0e1dab71609428c1d26bd075b3942648a725d79d37dec9b2880d169ada131
SHA512 256a0ea2b83d6b908976a43992ad9f28aa2bc8f73c07e4ce0bc18dba94fe942da83729d8d5016fc516337bc5e4ad0f865fe62432bf5286984727e97586fc0f0c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 a08399a5913bf80fe141e927aefc712c
SHA1 53f25ef24e821f9ab155fce2a51fb8d7510a9d16
SHA256 ea8b0bef1e7c3a250184482bdef451a6e410fe1c5989b8eea620bf8fd74b533d
SHA512 8977f2815e48200cf76eb104788bcbb8dd4c41013eba13e8919f68f13350934316e81b7a365f54c05648124bf38095bb8adabeebdc50d7784826fddbff94ce6e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 f595d9f455ff0d0d02064626dfb61fec
SHA1 8cbe1971026f2efeaef9afbae3bb673cfd0ee019
SHA256 f97fc69a7bdb2d1f08808b39cc09ea2dc024358f3a6077a670daa1a017ea21a2
SHA512 ec173b923e53bb43550034abd0373cac9901961b426cb3f0f6dd9e6d02612b81d91792057ced622b51693fa6a0d17280d5925c4dfbfdcaa1fe8d130639ba8bc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 12128c5af55e8081fc78ee59d85735ee
SHA1 9ffb22e94f547ab7476015a1d833a01a449eff68
SHA256 593bb4a8537f8ab41617b61b107428fe8f6f1da0d1f7663d29a93e5fe4a1f309
SHA512 15c9cfbd71ed0b173e9a2cb6bb2140105db425604782b2ab5568b9cdb84e1aaeb7550141ab6951c607a880d2af9ffa806714792adc7c3edee276ee399c3a0ddc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 96e5b2c6c62e1b99974ef777dd840e52
SHA1 e448c557190a99b7707379249ce9a2345ec19a22
SHA256 70bd2c98502478dc00d2806e454a436a8fdbc8e8e0b66aef6b515f2dfddd1052
SHA512 ac5619ef0da25378ac8b847fbba987ecd293d3e32707853b4f654f971248d2ca1ea4478915c4bea9f1a2e61262b64cda63febc9ea2d650f39907de28d2a226c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 ed656624ca691c8d78dd886c065d17c8
SHA1 6fedeb4db6a2a855f232b281312064f3b03a451c
SHA256 a37c81df2534cf5e57aa42fb954f3873bd3daec7d21a5dbdf943ee517cfa91c9
SHA512 4ccd68487c22028544e40933ce0bf618e905b4bd2130ebe5bb25a16d9dafdf0c08a13d2f6975b3ad0721cfb1bd92ae314c763aeb343dbdd2e6478050f8e1a174

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 0b94cb36fa701b87bff033296d27071e
SHA1 cab46a42682efa4eb065c7fcab14db298d931c28
SHA256 f5c19dca4c31165e3110348ee405cc2675e225a8cab4d83af5485c38863685e7
SHA512 417a08fbcc880af425fd2ac99e1506882e1803e6852b4af70f8c8508205dc16d6d97c21a700a9e9d1d3df05b00a83f2dce41338cfd59c820a4457deec8bd1258

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 fc41e2b36ff040872bdf64b4705d4bed
SHA1 81290d45a2efa231a0a0b7f4c22346442fb5dde7
SHA256 ff488fae9035030de77f7b885aac03e2d07a6743431b0d4c0ed402888a64c67e
SHA512 78a932279a579ec9e8995c2c5fb591e378ceb89e7175011df80d4f1855936d1e3b1c151d6d5675e2e8588e60babb26303eea62a2d33a66f17900b0ff5d3cccee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 2107b0e6360f02e7d03ab0550f9f4476
SHA1 c04e2ab92de009325793d0b2d2df3b535983c0c7
SHA256 ee513248d1db4c0227780013c1f44e32a44208deed48c9c8843bc1a6b5f19e50
SHA512 a4ec0dfbe6afdd3522f6397a10081bd56e0273cbc773ef79ebaaa3fbb7a69d8e0db2d3ba537eef9b143d326e62830bd614286a2f1fcc83305158fe4b1dc4f3d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 3ce9747bb1427d5eb2a56ce83c50f013
SHA1 cccf978a2de347a2641add432821eab490f6fd0f
SHA256 56d529512377779c9a8dd5e31cddc633c8b16045f04cfc29b8dc1402f1da8571
SHA512 aa6586bf97f990111297542460791be0d4f0e080019089d3895c9bd48a66a88ffdeb5576886e881de1511bf489b4daf67ba61eb60dd326e35fd16db895dbacd0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 a1e5a44de0ac3130ed07089c184b1479
SHA1 0fc70584cf4995922cb829e181c506e7d9aa6087
SHA256 777c45b4f800f566d78caac2ceaaf38d4497559016f8febe2112bc0ba9e2d174
SHA512 89f03a36767320c48d6a620f2a78ef45a7b2a2d018b6b1469d0099ffd6262236e0052982f23008bfb86cd79b58cf622531c0ca0bf394166f2d49c182551e2d02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 083bc1c48121096338295e91bdf247f5
SHA1 2330e27c36ce0551fba83a5046388a51ae9a2a26
SHA256 2eaf628e89685021d14dc933307d9b9531c44710fc66676bf97bd127d343d9dc
SHA512 e900f3aa09d675965c7ac88fdcbd2eaf85a8ec5868ecf14d05e9e1e2360f66dbb517e9e4e6aee92bd8f479e32a2b5767b3d24760c578fb4c5c9cdef2529d2ec0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 bb98848a9b402ed85ea6d97427465f46
SHA1 acae9c9e6b8e7cd87331bed5817223a5ca830ee5
SHA256 01f8bcbcfab4cdc7512201259378c89bce408e6e2fcd122e9804c512dfc13ef9
SHA512 fd07479dc646fc814cf7e58854a948116cf034920624c8fdaad211a1dc9c3348aa1194d892417a72ebfa6ac20900433d9aa07f3aa499666515f06ca234555e58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 b564ad5edbf0d68e46e98b9ef39c27cc
SHA1 07245e898f4369ded02239f73375848d05bb8b15
SHA256 e473878e6ec7a4a907ed23564afca2067acf83ed30ac06da0d99f02c46a55871
SHA512 59f515d9c5d1689b91a41b4d858a89e644c7612930d5bad8c529374c8d28ac32cf0a4ebff8b5d06f7b75ee66afbeaeca76b3bcbf8eaf6a9315defa4be64ff60f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 ed8146497be02b871684a4cc783fa6d3
SHA1 4b42694597e665167fa07036409c1018fe3e00d1
SHA256 5901d3d3f8ed2b25f46aaff4a8715389ff79e925861ab8e9fd5cf67a58a0f881
SHA512 2028eb2fb8e3d56f93cf726166e3c8dee69c88e0a012dceb702a283efa80d87e917fe6161dc8986870fb4344f438e14a2ae81721f128e60dd5fe8aa3c1a85e30

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 df8e82b7ccd4d80e0da8d56eaf2863af
SHA1 46409fdf6897198c9530adf37ad4f272c7b0e8d7
SHA256 f928affd6c2a4a2578c8945408f15760c2a9485419988dbc62352bc599940408
SHA512 42a0742daa3c806495594f01099b5382d15dac5683ed6eb1ceacfa4ddd5e56ea84f45fe2a6860377062b1ba75dc8fbfd35dddcfdd942f0599b72d30e2fe70cf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 a16d6ae8317de5327b5da8b3072ec130
SHA1 612b0b26fa25f2abf44b40908b3117c0e5eb02ca
SHA256 48072a7cb1db5cb02f436e1a7982648af11e78ea000487aca2318f9ee8433e48
SHA512 fd738e3894688d1c2e1a58e351c3ded0efac19ff6296e6bcefc96d193bf8ed068be567b52762b29df68512c2f6b9915405f260f8a04b8289cb0730491f08fc26

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 3883cf45723e430a3ed8c97611180793
SHA1 58dafc7a2f292934f0b148fefcf84fc98c4a7cf6
SHA256 467e034bd38fc8a99a291b8cbc394d592e9d245f151345eb986fe3c3137ecbfb
SHA512 2d86126722f3beabd5f401e68c8225765c8f13673de502d52340f0ce8b3cb59258026611e5cf6a0da9cdbeb75df96f4987af06622d4024b8424460c84b47adef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 276f3dad4728025cab6451d542030b8c
SHA1 162be31503517f03dc69e5e98607edac0d62f2c6
SHA256 aa102cb61836c0d1ebb72e5758756aec2400d40139a1092ff5e7c7c82267f338
SHA512 cc15f39aee9a53800fe7ccc86eac55ae6e96433fdb3869a2f0a0256e416c7aa91273ad0bf9a53ef760dcb7ba57286b14b593c6859756c0912a3cd35f12459570

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 b603591e96f9c9785aeb0b6a3c9b35d1
SHA1 0891cd1888ca4b6f9a50d5830d1d266d3607cccb
SHA256 44ffe38887da9106c7d412bdcea9c049609ec1a5063dc13a4ca300fdbc04ac78
SHA512 52dfd93e83da4c8c33060b0d44f44324c44da37483180aea82312596a36e49ef3f346aab090df218a6b8e683cfc2966f50b6e48984989f0d60e9d455f5030434

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 ebe180d23e0f5d72aa627528b97f8c52
SHA1 d88de66d2c518dd4dfaef0a33b204411fddede98
SHA256 afc06107f7a85b3a6f86ab5574fc710b264001777713f3441edae859989d8de7
SHA512 fe6a1763b5760144fd36ef84c3367f3881de406782457df7dcbd62c23e30d10a8370831d5ec2fd5c06d485f2fde2ff09efca7c5c473316fa27b8a7bccb5a93ca

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 aa926e7b08757b84c0e6a02c66e9e119
SHA1 b8e86fe561a12669c720fcf82d0c21403359b55f
SHA256 8be288355207927655182c4d41b6f10d75781c82f1a7699218f6fed1addc8c8c
SHA512 c1c68e9950e6027adfc81217fc03b781d5b3993bd05d41255b371cca0199f4196e12a7cb3bcacc340010b454ddfdc8e8a3061b982effacb65fbf2e01e722da6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 42cc88792e966fd051cc129d95f6727b
SHA1 55dca18241b82ae87b73886ec2fcbca187f83ee2
SHA256 12892bf75dee208f195fdfac96e2d892ce75627cd7d804f8590c9b48d90ce416
SHA512 4b9a4aa11fef46dd489bccd2dcd398e31d34850cdb465d4f5de42498b06055df1d47d562c68858a3eb3371023f6ff585ba232a0e91130d02184880812c2170d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 ab44d0ae452881a832c569a0891b210d
SHA1 07ad02c9a9671525546614a021786d54ffc41a23
SHA256 5dca7382a99b513c952fb418b4b4ba97a345a3e2b374bb43f70f942e3a2d5e4f
SHA512 e1144feb47b9e9352ada7ccad2b511c1483ee225b30fecefefb6d7cf1d834e0826e1891e169c36b5335011c2f2272cf8722165bd0afa54387444dc0106ee040d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 b45eb52c8e61302febccdf41afd6edd3
SHA1 9d122c752105af076cc7ff0977c362dd36fe6367
SHA256 f598bb748d68255ce96c69230dd68efd44f5a94f8ebcecb9c3a6f66de8393243
SHA512 84f3f717c26f7716cb18b0d75665adb0c1f051350aea36a5c6be6f4f027b0db40f9a7f8deafccf5d1d83a3fba5c775fc2913d8ea19351aaaf8858dc4db33d07b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d902e242198f7975c14c789cdf784bd1
SHA1 1a7e49a34d95ec3525b4e1be81ad9f576850612b
SHA256 4364a5aa64af1bf4cf615b1d14754e24d33212d257316151b5f7bbbe2ed26139
SHA512 6f598c0d6a8eec74b87060e6a03ae9fce511e70d0b1539cad14181fa34e8cfb3830b3ca060d0833a4354ccc99d056d4573b36bdb3d3a37376dac3dbd8e906b24

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 750c0171fe23c6690a4b2451f1a6827b
SHA1 263b6dca532b87e904b26b068eabd16582d66e95
SHA256 a6a6ce9a782a7e388cd1620ecff51e29afc6422025d04b90c1dfd6f40c9f581f
SHA512 a2741dad54c1d94d5f6fa21ef703137f01cefeaa9a5fb28087658a9fa8402c60a204dba0a73532746ff3ef221cd268e15619b0956d62b5f2336e5f22a56151f9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 8c63332a24cbdb3380eef6c52a781957
SHA1 1c674c286ac68823d404072f6b86b4007aca4759
SHA256 557dae5c11a602c669c08832c16006ffa9725a07089d59c0901dde3575900b26
SHA512 f901f716d1d876731d8b9d21ed9de6db6270fa1e05e0fe9fba54baf4d29cb229be48c0495854b114b9903c67198cbc6272264a778d9b259de55d59fe0cdde247

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b343e7e47fbd6929397cc2a34061977b
SHA1 7aa40224ae79164e78fea7f748ef9ee24a3eceee
SHA256 89fda3b4e284b0964748027b434be01633bdac6d2f2ff7e28e715de9e62b69ed
SHA512 2c3ccf74ce6ddb825bc53a2ea391a23655672fb7f119ca179a5961d549351706e755fc6209179352436c5c96a5d58decd1110bbc1abab654398dadebb511acb3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 fe246cc369e17e5f61d3f197aa440729
SHA1 3c08c6bf6fe353ed71aacf84a82ab2db29ace248
SHA256 3f02e03a42660069b1c927c485d6bfce4805ea95165892b7cc72fc30404c8796
SHA512 b2dc246e5f3d5eecda2a803758fa03278a160f51832d08fd21aa84389b9555f74bc58117056eabdc921d73a020f9e02e1511a9b6336be7a8bff95c1c9af8a178

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 b88bb39b8c30dcde6b3657b09b752758
SHA1 5a0e924648c6edb56bb457b2cdffc2a77693c618
SHA256 fb177a63ffdb89c078e61b16ac163540abb0ad0b5f5c3baf4a2c12daa09b2d02
SHA512 980d1614a0a1fc0c7a07764a51749df0fe76ed810a37bcdfd358106134551e2a8a9c1819cc308fad096520f5fd9dbde3f0b2adbc6869da28feed191300de70ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 3bcb4f6a7e1eef70ca6037dd2b0e9942
SHA1 8ea3bd0eb928bad0a7dcc82d2261ce832df47540
SHA256 b0ade603097613c20207984aa2fffdea134b3d9f9ae401726beb326530276835
SHA512 4697748ef99e4535d1f1de2c83731de8bedd23273a84c8bb7aff277c4475b0edb650ac5ac7076067ef5226779f6052e76335df1746686828137a33fc79f9810c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 733c7e1bf653a6828dc4fad490ea3b16
SHA1 326d8495dcee58042dae874304cce2e65709af29
SHA256 fa0f02a93fc92eff63acb6cf6cdf5e694ff93fece358c56017aa325ee5abba12
SHA512 793d30feb28568f1b36033944414bda7515186c1c71c130c68925ba59d742b9337a4f9ed33eb3de2ceb79b1766d20fed04e1a7f380804a10448fcc70495bde7a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 b4e46db065756422b0ecdacc8e261052
SHA1 1381ac0845ce8a0a1d2e47b83d0e793bc2422a5e
SHA256 75823c2ad0c11a1091090bb80a0a5855c64f86ea7842961e763dd4f78a075b46
SHA512 1f091a2516dabaac4f3ba066f7ec194e0321f85e2e93dd9d01b966949e0ca700a57ed702276a7f58bd477e34fe57c54709842a2eb86c43b3a1db7bcfe90b3e20

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 0512660bf82919a497143aa15bd55198
SHA1 f391aeff22e832c3faee1caf84f969ecfa0e9b34
SHA256 cf9e2da48ecc3c97a4453776db46ddaf92fab1a6019c49c8ead5ff48ab95dc95
SHA512 d44d8335cd628dbe72a56c7563a342d675f80f0a26f56a8d1c714dee5326f99952d0144d89a83e749ce60001655612aae070a2ed82dfa48e4b69d920ac0bee7f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 1dce7214fe73c3e2c03c233e65dd04ad
SHA1 6bc09e2c00b06c6fd7a1428e137faaf8054bf732
SHA256 91e4241b813a855410eb86690ad951b1f1f64a22e382b30899bceed0fbe4e1ee
SHA512 2b8b015a7a0dfc8e77791a847ec186a4f0fd37aaaef9bf1609125ef0afab2318e711310313a435a1a72e58013890136d1747df1d2bd9b6035d2d4f24649b3edb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 927f23c3e3005c0e3c3259528926e4be
SHA1 566e8d190d709d322be95bfe6932c291a3659336
SHA256 ad25fac4bc40215175519f245fac61cc196a2ac1643cd520659af3f4a197bbeb
SHA512 4f02262f97575d92da89cb4d1f31e855ef4376e96e608148ee06d17ba14db2a28789acf4f1f7ab488e5d385f1a6d8d17f7477db6307fc65ecc81b3b26b5ec357

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 969eec058df03fd42e5e3877a4f98af3
SHA1 5f6b360304623c53cc3ee9bde939101028b7cd0c
SHA256 fc1e80727925ecdb7d20fed34d59b9b8999f7872d6928d068f2f8ebe8112d646
SHA512 202b69852cd2908d5010ed0402b60ecd6eb0bd5dfc4d48467820a0c0dbcb8d2010d3383d527784f406cf682155f0e2c71ed090ec9ce303597e923c1b59a68fa0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 f56052a1586f83c8f1940be52fe60fe5
SHA1 6f79c432e95edc1ce457681db53acd26e6f17e3f
SHA256 72d58b160a66f82836d4e69d877d054a615e4efb9e1adf1c0f2578ca29fafcc9
SHA512 d1bf57b723aae752f1379dc9d10ec9494668b0adde46bbc4307bc040aada1f56f2de49c9dc0ce445ce0f8d5a393898adf97562d315f24121a671301fea939eda

memory/1744-8808-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1744-8807-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1744-9040-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1744-9041-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1744-9042-0x0000000000400000-0x000000000040C000-memory.dmp