Malware Analysis Report

2025-01-18 20:27

Sample ID 241130-bqsbgavrg1
Target b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118
SHA256 d7171d7c2461bd3c47c480f6a1888e75af2d1122e54063038037ef6293069857
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d7171d7c2461bd3c47c480f6a1888e75af2d1122e54063038037ef6293069857

Threat Level: Known bad

The file b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2200) files with added filename extension

Renames multiple (2210) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 01:21

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 01:21

Reported

2024-11-30 01:23

Platform

win7-20241010-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2210) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nfrd960.inf_amd64_neutral_cfc8c0013e9ede68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Assignment_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_neutral_15940559c66fe8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignleft.gif C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\ChessMCE.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29F.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15058_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_hpsamd.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f5368c8396a16e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1fa74394acb8760b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6d1b0ff59ecab5a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_adp94xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7d1934d0258df2c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0fd827ed45fc1f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_ccd1c51fc6ac7e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_it-it_477403893ec49004\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\reflect.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e610ee6c82def620\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnnr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8407a9ae0c40ec82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2619682953b76b93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-display.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_263d9eada51ba1c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-sharing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c067b1f64e19b4f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_ff3cadaad7bfbe2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-securestartup_31bf3856ad364e35_6.1.7600.16385_none_c922e7c7a7c903d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_058a99c9819b4d8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-recover.resources_31bf3856ad364e35_6.1.7600.16385_it-it_efc42da1d580cfbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hpoa1nd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0dc9aa3c31e4a394\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_98cd3c378d1c53ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ac86103aca9c9d98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9abec9ee3dab00d67b395d1994a60776\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_de-de_95ed16ae85248242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bfa0b1bb9becac9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scavenge-space_31bf3856ad364e35_6.1.7601.17514_none_1b683337cabdc91a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.sqlxml.resources_b77a5c561934e089_6.1.7600.16385_ja-jp_ea24f6cdc947978f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2d0636b8eba02a0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1bc9d99f35f4f087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_0f49a133d6f5d42b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bc9ece8a698caf37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16702848f9dea1d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_black_snow.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_0becd32d7b9ba9e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_en-us_63d1bb5f122695ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7a9e6efb2ca45f40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_profiles.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0446380dc1b5f086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e0c273825a2e0bc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4b1eeef0b3ec7b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-kerberos.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ad59459d3bc378a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_672be8a37ae626bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6dca7f6231c4b760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\inf\TAPISRV\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f5369791f5ef9fd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_6.1.7600.16385_none_58a3b21a93a6012d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ee99ceab3ae3ff86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b1f4cfc5e3f5bdcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdcomp.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_83b87aad561ef527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-rd.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fa5e410b75e3dc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-peertopeerbase_31bf3856ad364e35_6.1.7600.16385_none_c7cd2cb43fb7f07d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.1586a486#\c36d092c02b6fb0dd01a5e061d5bf05b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_669ed37c9f94ce9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_6.1.7600.16385_none_4506fd9c7c9a9b0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1776bc8e5159c042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a961316686ec082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Startup.wav C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PKCONOIIBFRWSEH" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe,0" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe"

Network

N/A

Files

memory/2320-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 09b8180df7a10d1cba4fcbe40874ead4
SHA1 a17d19446016123cef9265fbe95ceeb43f6be6b0
SHA256 74127f4e4e71499a6143e92287aa4da75f50aa281e37ca4c0dfa602a27ac6256
SHA512 94930c91ad55243aff9aa3a8e21ef0b2bd1dde67d868f36a7c89ce3505c4e65e8aa6f014e6503b0829540d85991e81636799d82bedcb804374ab5762a7ad05ee

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b9f5cbe76c9d62c63fbcaa784f488ab2
SHA1 748cb7f6be8c8d982d7d2a5754b575b6a4616272
SHA256 03f8730ab17c794cb342ccfa3d4e7ffbdc8a3fb45690a5816e7a5b4261431bee
SHA512 05ac89b6ab713539e06456382cd8712672bfdca0bef2da75ad8560bfaf549890a202c1606ea239ad5529d9b740e6da8e3f6fa68fbb481ca626828f3d7ef787ea

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 d009bd0e18eca8292db71df533ff0910
SHA1 a4df894633c069592f3ffa68a2c150633bf2176b
SHA256 fd5c48be64d505d4aba332b73bb7a10b80ea040af89c0fe352fd6fb04dfadf4a
SHA512 7188f84305946f493caaae2584e24ea70942bceafd70672824400348348797f84ceaea59c492d4c773cfa8cab890910f4719080848ccee5d8063c6c8753564e7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 34c804a58eead10727be354bed92d836
SHA1 75b03d41ee56428a663e1454375b04270fb85152
SHA256 97a9f2bef204695f3389faa6ec1d9add9f3fa9112483f41c92d3b20c48921380
SHA512 051d8d4f0c9bac87671ecec64c6bfa8f7c5adca009038e334bf9fc540c7a60af75f55744fc6c6ccba00541bdad5fabc3b4981785508d00dfb489992d997299f4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 b24e280cd667f7be82a27072bee24e72
SHA1 4dd2b7bfb667594cafff48557b7d5602b861b400
SHA256 04cd8de130f72311aeb5eaa1925c9b8dc7fa40ed847cc56de2f72dffa73ca0a9
SHA512 74add11570dc44ca891083b34f31dee6b07bd454ed6ecfd20b84b45581705ab897e80dba5bf52a234c878abee94aa35ab5dedc25af579eaa104d77bfb88816ad

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 948486d0171c88a1af8b8ce15785dfc0
SHA1 d91dfb0f25065618329b9832d443a977fa0e9105
SHA256 75711d0bba29a0f8f66393feb636c50975e275f7ed069889647d2f6aecb32a68
SHA512 6c237081fb124d76e2ea63fce416904eac273215cdfb010bd4a46711db22e4983d49d348f9fa273561502b4914197efcbe6c3fc855a551d5bfd05b3776254e70

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 fd8ee63fd1f74bcc26882d9677137322
SHA1 18498233c984c3d1362ef82edd738a1f5315f885
SHA256 6459b9b3a412b46f3251aa7ed161d9f16c47789a423c1efa1f7fadd38f1ed314
SHA512 4182e0f53f8b0f520b596657d8ec20b758973d25707114ad0ce8465f0250de31536f0402527552442e955f6430947d0feb7af670bb13c66164cab3ad6f6735e4

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 5bfe7baa75205e60743e43bf63318b16
SHA1 d2ed412ca1501c6762b4c5611449bf742ff3d7c9
SHA256 41f23b9a8942575c04f969a0ae7691fce14396751d232d909d6b61a3702ad45b
SHA512 b5de66964d0f02c4c6cbb25696323069306f2bebe7db96941c5004e9d3fe4706636e7f40009f1f4379d4b63fef35fedbf47cc8830de2695d651bde54acc43060

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 ffd41c1953d890f6ce8b83b8e42a345b
SHA1 3fea294755250af086eb5cfeca79102fcde111dc
SHA256 336682fb3b11f72d6b6c8e4f0a82080446f44555e5209e50c089c422f508e68e
SHA512 93bec2f842be1e15f04ea962885322303593a107ecad17bee733252de442abf810f5935686c683ae28e98bdead5910dbf2bb955cc1c5c25b66427c963cb25ebb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 014e1f0c4a53339154cd61c71980f8c5
SHA1 802667f6ed565b4bbdc3dc2ebf32e772abf1be26
SHA256 d55448482c9964123296ff5e31201a23cb778c2c793823f2442253ddc8930e07
SHA512 c8ef228066fb82b2109dc483fb1dec6f051430e75d2adf9f9d743d2a55c759954045d381fc8a6ef2898514871895b83f31f340bf848c8483ef9aa66ab28464f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 6e4c8761b470678e7c563dcbf46629b2
SHA1 76e219428b5d194d443259bbcf23e901b4febc87
SHA256 ab96018ac3bba8d5090c7ada7b0baa96e11353a0ee19e8648b49920dac332700
SHA512 ba4592df78deea87dcdb51cd35534659edb0ed0cac27cce1f1790aaebba3b7d3f9a9ac513ec1eae93bd32882d1209fed14ba123a8e6b7c8b1e31b12234a73424

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 06ee63ad2488eae3c84ab89ccb63d5d6
SHA1 7a15e42445efb174f16f8c7e0cf23f0558639813
SHA256 65638142711edb4e144559cd6ecb0110be9b35457c66db39bdb7d765d449b6e9
SHA512 9911809e4bfc565288f0fa20aa51c5f418ffe0b58713cf483c69ac0d8ea609beb08be7e66b217493ce5367c48dae0fb44d57da6453d999a516951e70a0bb6158

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 3a76e2dfcef604f1cefd8292c66666fc
SHA1 103832874ffd35f858f8621ee68ffc76819b7e65
SHA256 b949d8f7e078e56d338ebe95d6c82de025261abe98adc01e72463954d54b11aa
SHA512 b2463f3897a8dd39103d93f2330ae0b2c345cb1d2ad50d612495675d32cde310da3931a052ad2fe0b1daebae5076e035a8fd62f4489e5c59b936daf66430c670

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 9e234cf16c404b66eacb41d2ac82f507
SHA1 258a381ddfe17c832f041b53ff82832e2475d613
SHA256 32953aa76e8303c067a6f8e9e48fdb7ad5d26ef70ab8464f7d98d71566734a21
SHA512 dcb37d9a78892e109a1b8d384ffe04a4f5c84e7bf5c81ce7845c42324ae246e4fe29bde3c389f869951397db3c8fd72b62e1fb55aed8e3fd98016b2e786c9b51

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 ff68ded4a763f5aa954e03951256cd4e
SHA1 fd5ffbf370d77e6817dc17a5bfe230bb7bc55b52
SHA256 18907b3f78f2f9886bbdd7dace7c5830f8934fb236213096fda115c11c3d92b6
SHA512 dcf784447e57ce0dc5e6f878c4216bd553320651bef56874df42865e013eef09e23a7eca1e93124d0b5a9fdefab20db5eda3c4a07d1b271dce9ced2b987dbfe2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 7d2d366852bcdb9150af34f104b57695
SHA1 e14d5c03d28269c5cf6c106d3a036b1c41cf984e
SHA256 76bf46e3adf9337f3ec7ca34ac5180a780fb7a0ec5ce581eb56c3a10a6d1672e
SHA512 e5ed02868b3a52ebbfd95bd8a259bedc5059d09c86d15aaa38e6f139d826ec1b0deec5254d467f2c1935af525b21e532ec94f25558ea0e6200814309f002e53d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 692b7580f9244bf5e145e97326c1728d
SHA1 d2d66ca74f3689ccca7779d8f4ec67412cecef30
SHA256 4559a1768e69bafea2392fa3e58aa88b9e9e37a48408974a107c84ec689b55bc
SHA512 40d4f412496454f3bdb2f1edc97bc6caa7b845d0e7c8a397a433cf54a004ad377204efe4d7aa2f050602dbda6c624fa0463749cce9ea60944d0b8254972794e9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 3203720d7514cc3e0e5fec80de20804f
SHA1 e242d3f7eeae300e10be12d58195b3ea8b97ac32
SHA256 dab1d591b83227ac45b48bea18316d9bfd258cd7eea0e21ff0b9781d4038c58e
SHA512 1bc47dacd4795f9cd8e99589fac42ffd7944afe0956ee9415dfae8bdccdb357107c2347c060f9471e947ef700fcb992d91441fb0f5dc1551a6a0383579416458

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 d9cd16d8f88b959d9e70577403807989
SHA1 811b1cba8cc2ca786a31142b486a0c708c461569
SHA256 92bcbed2c9cccdc5a4a3d19e5fece788d12e93f66ab4daf90f49c27cda84e4bf
SHA512 c8564492fae0a63c0a6e0c6f7b53db2b71e482caea620eebe421ccf5d712f0623fc51b07444f4c8807fe0b8b6c796826f57eaf8d8710d7a816dbecd47c97f143

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 d5b4819564a914e3e729b298c9f7d599
SHA1 3e65229573dec5acfb7bc644ffea90b14d4b6736
SHA256 ad741c319d0573a2274093966726963d56b88db7c586a5a3fd1f6cca28619325
SHA512 38b4b948efca227bfa29d75caa694852e2d4beaa1be1e7e0dd5cb38627a8fd06ecf9ccf93e5d4c721ccc519432e35f22cafa30923c6ae419a9fb9a1655cb4a77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7ba09d527c3727e5007985bdadd531b2
SHA1 47b458f1743a7090cbd279447cb93c0806ff7586
SHA256 6c0f3102f905283548d0c0c9492ffa6361dfc658634487969a9825b07f0c8e48
SHA512 32ae0e81090da40deab1750e219477ddf025112b1dae1c9e98eb7290741d05db5f7344a913fc6586a3c5382901399981ba97b00ddc6130199d54c54e8af84fb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 52239a216a23dce2d89c9d3a10eeb6b8
SHA1 1991bcaeeff4b839fcff554caff81315963b82d2
SHA256 5d108cb0bb4732a28c95556fc65fb031dc52efac08c709001ebfac399e7a1538
SHA512 a22485aa71882aa53033372d01be1719354837f865fe41a916bc81f780bb1690d2983ea0d342273f78468d7609fc640b1fca70d8c3e99506fedc71e382b87f2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 c2bca5c54a35b51e431aff917ce33ed8
SHA1 b0afd1cc126b0d06f8c7fe2a1964fcf89dcf33ca
SHA256 e846a21d903b518c4c75daf6a2f1d84ae8a1f287d0588732580ecf951efd5713
SHA512 bcf1498bcb1a70e2cafb7a24c1b9eb60f6b8848b51ad0a72414de95dad445ebb5de0694717b685e90e894d445a4ac47ce67f14af8304feda6b8645dd33c8dce0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 e70f51d71be05d2fc12a5d4501824934
SHA1 2cdc040e48e6e7ee2394bb99b450f9e3827dcbab
SHA256 e667d2e42240d2f5478335ad33a21bd6a93cac745f2f9131b498a712f154b98a
SHA512 bfeb1a15f6de42c51a45dd77b8dfdc4ec1b31afcf06c3d73fcccd5189f86b42a5087aa451b872ec64fb7c11c4d4ded883405eab83d04e9b1dcfe3bdb0034f2ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 6b9e0cd15935233db9885b05f84bd807
SHA1 c35fa60a433700fa07786b0b96c0b7247028acfe
SHA256 e55549b973bc9071a420bb901264453dfe885b4930dd7631c61c7a5a2d47198d
SHA512 602fd48cf7cc47d1378bb1b5357f64a8ba5c66225e53bb1f4ec272c42192011d8c593b4dd203ecb7ddb31df149caa07de0d8f82e7aabfd4212df30a7a3d4ef0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 e0b03a53ba7e3c3995fb6a1b156b4f63
SHA1 a6ab95f9cf6917d5bbd374cbbdfc92f3c00c2830
SHA256 cb5db78beb49a2da4785df9fd99d7803563351a1e34211771e83f672b8cc3ea9
SHA512 cae3c218d02430d8bbf4d3c073c91ce173cd5281e9ded542aed98c47f3eaf0595f4e7716222fdce7667f6b29deb3784f263cd9e2ce52a9fe973234fb1afaf2f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 12ffb684a891eb6aced4feb7e05531c8
SHA1 923f5afb213e35d6ab1e52d36b20ccfe5bf1625b
SHA256 8d81d61aa2a0bef4f7e569f89de4338127222c14281e0891627851a51019c39d
SHA512 92d568ecc0030703c0caf6ef25e7cd2e6b55b6629f3fd078353441b235182cf3ca90e696164ff907496dce2fe82087872e0b7cb421f3b15b0b1aa765d4d766a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 6eece678a077616360d4684133d6fdd3
SHA1 3f8819f6fc88d994a9cef07040c6e61fcccf41b2
SHA256 d6a573e0b4e465ddda00822c15949403ca538dabcd0e345fafe54ff9e579ce99
SHA512 1e83a59dc8b9f7e74055facaae2222fea0de56a74076fe6162a4f74f942234731336fafed13ce139e1168cc4ddd74e92b5567f33598c91841eaada031a6ff931

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 3f1ed4c7ef2a8ccc6716f8009537f1f5
SHA1 cad7efd91fafa5e5daba0fe427d129d49d18d026
SHA256 956387a9f696d08d3adb8d98dae0a11702892de697eb34d66cdaefbd49d65431
SHA512 1377987156e99868a9a15f3905310ff1838c4a5507bd5b034ed5338c20920253bcf9dc635f04412606f95bec0e887f8cf34d563fdfca894037810d850e3d60e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 96eee646e0a5a843b298541584045a59
SHA1 210e28d5c0079ec26094dfb9b17780fe61190e52
SHA256 3810fe040f16f76636bcb30675b17be8a84fe1f1e66ec6d7d698754667a7dda7
SHA512 1f0fa703d6e6b87da070a4f5fc1a11af78445fe03c053941b959aae43b129f89f1b1d21a4b385b7e272546dc5cf49de530193faec0b9bc0bbd03add8c6b637dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 08f23a605d387a3811835e214009822a
SHA1 1a866085638f53fe9625c3bf03ea297110d90d6c
SHA256 246a9909c8df34ca327e84d8ded167212001e2256d5103a715e303e6f3861597
SHA512 1538fa2ee3add2bcb0fdbba6abb991579f4c20d7ae7e97fa18ed75cee8547feeab0e6cf6952242694a399d4e84599441cf82203da9a8fbd705555c3f04fb8465

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 d79ead36c906a180bfba12b9ae036a93
SHA1 b563cd9cd79c39704cc32193695d51452a03e9e9
SHA256 60c779690f9907e54d946e70422c7b1ee63ebe63a4bc6c997dbb37778759ede1
SHA512 41a7c19efae01aa1216a492cd690c3e77c0dbd9f6e99c8aab96d349e407fd8ed483e7c2bc878cf7b444b7d328e952336b7caaf33e1925f3253c2c5140ff0546b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 a9e90c7c11122aa8f1462b0068ffcbdc
SHA1 2ec556e9bf1a8d0c339593c568e693fe4e9297d0
SHA256 a05e8d629a24b5c80886fea4e5392d4d96813aac8d36281e74fcc43c3e8da0c2
SHA512 029ff15f1ecf86451764ed851eb5f67e48d47f5af3ed32c710adc149016eb849a8348c0cb1bf5417d87d91e49f5f5d5f506ef05cca064bca749cbe80c6755700

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 3dcd03903ec54ea6b3b9bf40c674f1c1
SHA1 9ac62dba7bacb5cea502bc336dc553192217c806
SHA256 ce1a7e6b8b71c0ddc5b3b61c3bb79cfe8cda81bb1a0830ba84b8a9153871db6e
SHA512 337e55b85c6424bdde1f53eb54bea9666a7c9bd65415af1ccad6f454773b2269759dc99a9c471f59736c65ca7cccc778dff839bc367c7e13cd3679593b739aa0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 3879cf1cbee62a5d943d76bb5688a44a
SHA1 034c9359a834aa0cefab462f77f6038d6ccc5bff
SHA256 9cd46842493b06df7579c4742f21f698c63a190bc0a220d0af0e8d3fac221ee2
SHA512 4dca26b3173ab429a2afc5aaa2e76d0c624523a510cc326d37afc03e35c376c342bd863fb7dc70a9dd57c46212bee35c094356ee0bd138034931660fb5a88d39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 c2940384770e5ab3b687d3f526df79cb
SHA1 a733075aa7f56dc99cbb1b0f1751712e97b8b47e
SHA256 b87682ffa7f09d96598e28ab7dfd6a5d65fabab634c2436385212b9e9a208cee
SHA512 a3eb92cc39d50aa1ab3c74f6ac35b4d0c0b088400742b5c211b60788696d1647b705ea1ba3d325e5aeea16d068ad9eced8463a6c21f62f3fd931ba03c94ca24b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 7c9622f37296463360c7881e0be83566
SHA1 b6c9d6a4b92c3301ce700645309b46a0dc45263a
SHA256 ef711ccb49c4d3201c63e1087484fe82a93c1c96f997e2c273145f7c585e99fd
SHA512 47eea2059e8d6e77b5510db258d63d1d9279ead0ecc64b4870dda50e8c4e4471d34e2f930c37da2a968aa57ac38ce1b76457bac212d0d92c6101925631713188

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 d86e07e8af22f799a8cac4d34b038ad5
SHA1 3d11cb21993119a45b78fb05ac50f47e0e00e150
SHA256 47953f3b134d3c56d35f625e96960d9e57232f7d1a053e34aa575a9e9de167dc
SHA512 26f070e1c3a90e9d568a06895faa31dbf429abfb6014dca40e73ef133c65064f6aa0b706aaae1cf433caee6c26db4d7417a522cfacb96d74ba148d8e01a63e0a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 256583d868cc125b7b91bd6909290ba7
SHA1 71132153c3aff3bd7da67de2733ccf98d829a61e
SHA256 207abe8034aee3f4850bf55c20036d9baeca9377b661cd0a128be01ba32c3b41
SHA512 37f7375917f3e6b3878a17d6c0b185e5d9169576663230eb13d77e11e7151170d5a5ef8294dd5464e9b68bdab0a3ea4335f702c1ca0167ad560717935665d6e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 69b6ec20ea402569c44d1eac54294f58
SHA1 bde16b8f6491945812c739b2ced0bdb15d5c15f6
SHA256 54f882928748cde20cc13c8779edb8a78c1b861b8e15a81fcca7bfbab76520ad
SHA512 81c3577907c823d6a9a643de9639b39ad7bd4bd5f670e81f57b0c09c5992d838cf4e6cead5d145fb7bd93a701131eb6fa597cfa49bb29991328a0ecb5fdfe3f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 c84cf561b7245d1b3d45122263ca4cbb
SHA1 185ad66cd1ceda6290958e20be81400ff97daa88
SHA256 f835a0f908551a52093ad8da152a14651b0f64b55fdcc41c98137997f92c5607
SHA512 15c240257210d2cfae0237830abfdd8b5e2fe10fc2df4b70075f759a31002f0526ddc05e6ee9d9756bf96225e34e2783883e7027b14921112ef1a0e94e5f1710

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 641ea8f1d5fa2e79dfc08a114c04e99e
SHA1 2f7943d558798a74ec8bbe95f149c52a50e8f349
SHA256 99123c2f43029c05fdeda9a6e66526348aa7039c389a26bbdb100f0ae6fc76ba
SHA512 a849419ab7797118e2c234f34c8c0396de7e2b2d059b79008bee7e08ad451e705928ec5952f6959513748f45fb1d9ca7bfd9b15ccc09653698d1b64c786ecb12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 a08c7e82066c1e2a1fc8bb18215ac0a5
SHA1 3295abc5969eb2a4cd130198a87f3ab4c2a48695
SHA256 206e959717b61cbccd63c7d8532aa41080fd8e652c4306da04043dec1ccc9894
SHA512 6a845b5771bcf30f6caf7d0a270d16623eff33c7b6d6495ba16297635192e4e8b54878d8aeb6ec3480bda1c5bc533692e50b4b800e9624e9b478c7b7cf85efc2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 913368c8b6c991d4d602874fd9a6aa49
SHA1 1f696c728bcca5af5745fae619a36766a9fa99a4
SHA256 f83bb17d8c7bd8e96b092d18f0a18ceef3d4612a6cb958d7e2b870e389cc47d6
SHA512 8e9510277ce6da789724478d110a9ececa582101f0ce560fe7f2392b8405a57239fdfbef1b90558d94055ba3ba6f200f6aa56a1b49293f45ca0d63dc0768b044

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ab6ab590fb610d44ca6d2717d11feff8
SHA1 d2b31160de8962f1781cffe6ebdd9d06da549477
SHA256 55f87ebdf9769a2dfb2c02318420c584d5c0c412a53481c9c2ef998197644f2c
SHA512 ac087a68429e18ea58bdcfd3de3ec17fb6caf40debf2e0a25d37c5705fc8c6617c9509bed7b090cd73453ea38cb814a0caa9be2db85a2c7980d551578408e06e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 7f2b95352bbdc302cc87b9be7691eaac
SHA1 91ab699e82a606905e6a13b794f2b582fc0cfba1
SHA256 65d39e0f700c77d3d767cafe94e7cde5f6a1db449526e16b5bf753fdf42f2b46
SHA512 afe460be0bd63c5c386ea4d9f3136c2ebd103ed4bb5f5c7067d27983c5f95d74e30037b46e4ce440f668d0b62388a1272841ed3c9486fb157a3a0b9e11ade2a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 1f51f5ae55f6994e58ba1e883ee41eff
SHA1 becbe446143903bec67cb7527ccfdf69ee574574
SHA256 5e37b5a2ec9b0d047aa370993a2cbe178f2bff41d9a183b8bc24db305ffad546
SHA512 971cb99d7117887e93462c48c67adc3ca0eca14ecd4c2aa580f364926613e4d590315af138fd7e52a343174f68d5bcf2b9e3b096d1cfe54657ed3bc7053988ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 31206305f37c9de8fb3f18c20bdf4746
SHA1 4941493409ff1c331f642dcccc573d9bfbdfbe8f
SHA256 010b03053f887795a880bdece383548e6046ea663a54d06b68eee6ae8a4e3e7c
SHA512 8b5efa5a836bd5838722eec9483c39681abc507864c62b43bb8144f7c904dd9d97c034a99f885692fa990a28ccf28bd0f05480a96c251b8b5a13b5f8035d7d59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 5ffd3d391da2286dc82403fe4026363a
SHA1 81d1af1fbf708ffb3d25bb219c395299b154ce8a
SHA256 4158a426fa0a5184659bcad12c2afc6d7f446b7406765ad06f0360c0ff79dc0a
SHA512 edee121ecdd3e98c53683e54963506ce9dabb059bddd8ed6ca0c1b8a73c87465b45757c8c7b8571c9e626cdbc22b0984590f7642f506e5a3c2b40d7d7721ee7a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 b6cce76bd59502fafbf2b599edfcf12c
SHA1 08b12f3efda6efd744481733e08a79f72aba8dc7
SHA256 e0d25727c45487eaf840334a9f5785e4bbb435cb1eef234d34c4850bc7847f3f
SHA512 b22da2abc7c728945fd025d7b6778012e7a32e78b90219b8f4091880ba2e47d718164df395fdf9cd42b85bff5f22f6660d26a70db9a459cc643a1c0c844491aa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 8a44cd8f582b4226723b62f7c4294999
SHA1 cc520c2b3ccb6fd4721159bc08f675b4a0364940
SHA256 f04a4c234829adc684089a124c0563db645fe7d6eaef97df2e5ef21b813791ac
SHA512 28cdc9c2370bf9f09491f38c5c78a0f565b8cd22cb786bc58bebe7ffc9d6d47c088a663320fe26b3c9c88bd5568ee2a19563bab7e400cad7efe66f21ac26209b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 85c43074ad52b2bfa004926da8495bb1
SHA1 99bb954e7e77830a4c59ef665212da7c799e5e9b
SHA256 41db8a9f46ed66eba7997605501d5c549fde0919b5da4095dbf9b3283e34edd3
SHA512 7bbf6380a718b2ea258a7cff18c9bf377a5ac4a1693d2bb962c3930e41f1ef4b9b112ce6a50e08745c97db632f0e9397a7540268785a45afd229df549b6b3678

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 fb7bfddfda4fb32da614ed5f6bca1470
SHA1 75e0581091298b98b14d40a0d224a33946d9409e
SHA256 684549d5d72c830540220fad26d015ae3e3f75145934e8b98bcd15c9c640dae1
SHA512 07a8ff044a7ac2a6e2f62e4e9c66f0c101bb9b5bb59c28c443f675f95cf12a0b97bdf32c36dde701a5236da52734477f1ef368b29e2c23cb6dee100452c5e562

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 c2c1c69ca7f4e4f1bb5c747636665aa4
SHA1 30461233fb118d05e2bc9c00a811914c23e7d7cc
SHA256 77d851e7fc14eef5a5e222b2775ba4f045d479faefe1770b7569b73085d50638
SHA512 1c70cc01c2bdf716cd015e4295fef83b50057064cc856c5dd7c35495db6fea81c00a4517960535e7e5f0f01a3578f8caef7142054a2829d44ab401784fc18da0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 b97a8740b3c770881c0e17a490552ef4
SHA1 54b6d5c6a052563da36ca22b1f6f6708f8120a85
SHA256 e5125171169c8751235c419009e1d2462b06c37902752d21b1723242ae2cc8a9
SHA512 32667ea7d4ea666024daa85f0882482091dbdc396dc72d3043ba38e057f74ba1f8bd9453ebe0836dd3ded7e871652224a951b30681f8c93d0cc0d8686a5cc982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a696cb04ffb04ae25db81edd47ba7d0b
SHA1 1a31cb7e396beb7a8f7a016c520bd07d4b0b70c8
SHA256 99bbb7ec0e49285bc549fafd9f22ee392b464a25bc616ec218d3a0ed8048ebe0
SHA512 dc84743082941a78b58900630e6dda9fd4b1b3a8e874bf61247dcb6d35b28644e67ee0a72e6f93993ad4d78fd32844f9430db76c72be2fe5fdfc77df5d5948fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 91cb4f66290842330201f4348fac44d2
SHA1 f3ceec2ff88d97943cf6e0e2b7ff56e23bf95c79
SHA256 31174aa1cec3c0f4fa04fe6df11bc1c9796b3c2c2a403539f105881eb289a4de
SHA512 5167d40fd84812b1c9a4e6b5c6a52fe8e6698603fa648a578cae39aebc4a04aff7b8bbb124854675d2389e59b5c09046b9d9e36f9060eb61cf79593172f477a9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 a71d7d89c55ca164750ad3b7b503cc0b
SHA1 7a4094c61980aab49e5184d607cd569b714dcc40
SHA256 350e2cc7066c17b614de9f579a1f1d7df5c2852d4bf17d011f8bfc2b2a8974c2
SHA512 c92d280bdd0fa704e4ba8c17aaf3325f8759e56d44072ee53243748cbbe7931a7f23dd4234cefd548aca69db5077df451187cf5354264168f21ba8dce82d78ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 e9b2fa831bd55e26e6fca01ae80d8e55
SHA1 fe3feb257793a7fb0de275053f943c22ed3a5952
SHA256 da848d600cbc96c2381ae18df0d4ef36db39f187545ab272ae1bd18612355ac7
SHA512 b0df3a24580cd6697588d61dd4f2a06a904753dfc6aedd6f5a754c38b2509d2a737d18ac957531b735e3f32bbd54d7f7e81824dddd8789c5f7db136115360a6f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 38b913ff170821d73061f5a1b1f5b571
SHA1 54450dceb377e96b34e154569382a732a26da62d
SHA256 009b0dfa13d058d07b895e9f18e8fe3f86a0fbfe19e89302589ce59f89cfd240
SHA512 89a5ae5f3c223ff7252a2d07c9cf530a5c71287165d9d9b7f536af40809d92a14416e2c1feb91a5f03f3fd6841c715d416b4f34a43c55324798efc5e0313c240

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 a3d4150921f604450c723c368b53db40
SHA1 80ac7dfdcc17e892e12d7e5ad4cd2f4f1d660af1
SHA256 e2c3dadb0a1407aa1ec45f70cdec126db431c6c9bed8c5450f01201a12b5b938
SHA512 9172d05c99dff9b7d0f32ea6be5de79ca6937ba37bd59e07a09a1e3f1d5066a1ccdea83a2db33491db0289367b97940548ab7ac6c255dc1d0c63679055887daf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 a41d7e0c318fd19292b8c0e4efb44245
SHA1 fb4e1e311521754ed1a9975c3f99e385e56a2172
SHA256 a90d393841acd7b09784c632b437aad4756aad31eedb43db48f39e8eb1fd64cf
SHA512 4eb2e7c082842f72e64d55338c5cccfe6a983849e33fa4f43c9ee41959bc96afb87451b48a2d394180eff84ffa3b48adee9442b61e054d6887657bf7d2a25677

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 29db219bb89e44138317b91b68dd0327
SHA1 95ad11f7a39bd482340841c7f9d8a9d3912b1a60
SHA256 2532c8bf3f004add3934680ef4c202033b85a7e3ad59c0ddd0b4dd10c0e2b11e
SHA512 f33b23c90853d3f3aa6247ac2800f618750bbd72a60f5214a9fe18efb298081e5917b8e5b2c3dead970fb1370f34eb82a3843f408b6ec89df69be4004664f8ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 a6964076189ab11ad9c545e1630782d6
SHA1 e77192fed6d03e64044442cd47a6f529ef3e1e03
SHA256 62c528bfcc3c859b2dc432b4463f323931bf0eb5b1f0b2bf660a47ff0dca7fa1
SHA512 942bd44f50820b3e8690764720ac01e7bb8bb6e4a1b1e390e3b78a17b3559e9410a92bb6e9a16d1a580d2f040f9bfe11d6808a50da3679fd4220f04f36ef0ce4

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 604e64d74aad87d1e735fb8e47f90107
SHA1 5e0f9a726dbcc4cdddfa45c53dd76516a00e599a
SHA256 34027867fcb4f1a71a097c72871d8ca672e292d91cebc3daece1bafa8d95a615
SHA512 7da34c7a136e5398f31352642959d2fd60d8826f85cd1d787113665e4fa1030d01313a544e651c2578e3ce37513c2be09eb1b6a7daa6acd0649a04547d4acfac

memory/2320-8267-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2320-8269-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a765b50362bd043207476503ff1ac3de
SHA1 063f4c4bb556d0c5a5b38b80e4ee9811e1070066
SHA256 a82e72edb49d0ea62aea03c428de9cfdbd282e61f5a2aa858c349fce1427b2df
SHA512 dd50263cd96b0065ead1a73c02d84dc4be1beb2050701148312d6c313f40b1154413fa7bb06f05db38fe39baf3ff94a504e3e9c2e7dba35bb44017195b24d039

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d1a2c97a2f096be740ab49c353952c24
SHA1 511a7f2aeac0635b741c7a52b887440afd1b53bc
SHA256 3baf872bca6a054c759e53b095d65fea99a987e0c40c65bd354b16da2ab8a94d
SHA512 36361e4b9cee4269e742857c7c03357d06409079b70caed4e74632657518b8ba47c1813de0cf60cfdf261f4bf09bf0a3987fafe705ed40370fa06bcb7aa13cd6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ff90b3c73b332c9b798cbe3430dfb3ce
SHA1 27c0280c1d3d1d683973a18b6e534a369e0bd27c
SHA256 488d8a612961b51552397f7bf37bb3abc3808dda2ecfec05395e1618e682cfe1
SHA512 965516ab64903dd1624ece646a2e559234e6d921cef6d3e062a7922fd5e6ba559519621f2dc67314d0cad156604ccad0e45f096e6063091af00c536b68fa8586

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 9b42abe43451bdc04775eeb47921fa30
SHA1 d250076c4aee1d04d52a383f5e5853a13a719b4c
SHA256 eb17812b46daf307e8c638b27e62b1c4aa1b53dbacb0c7185d7a2763e24b71de
SHA512 92344be9408759514c653bff7f3700e0054c33db677b9af0e97fcd75e616bf4398057a530e72134cd3ef1cc1ff7f744383c4bb49da8b8174fba2b378012a386d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 1a16b7763bd6dcfbee9034dcf055d991
SHA1 3972b70dc90de6e08011c07c7ae3e48cfe18eec7
SHA256 1a19845e78078e84b4fd436040c544980d28eb38a2be326873bf34199c525fd5
SHA512 15691455ccc5d55a31b83660549f463ebc2fbb8656b1ff2dc6c09ca93aee9d3db2c96db1704149e3520ff79d8c325111b6f1a6049ac12619ccb497d4df1f5cdc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c7fe26ed3a5493dd2e24e0ff4a243dfe
SHA1 4e09cf9a3911045a895f54d375513971c3976ae0
SHA256 3b4309260cfc2df173b05c310a1095c036959f9bc87f4821f290bfc4ded6093c
SHA512 0537a046b10ad27364ec4d38d4542e95dfd55d5bedb5f97dc7f1375904e66618ef17c8e858b5c2bee8ebf95888892d2ced2569cb03a38515ae24a670c60dd70f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 37f34ee5b21c698cc670b4e9115bbd3e
SHA1 f3e542454ccc442e6a9ffa012a3e5d43b36c1399
SHA256 f0eadd88b1bf7fa176002de0e5e430c1c8d33fa5954df669dc604074fe6f6f31
SHA512 2b01cc8f8d4477037e5519ac2e432b177cf1428a5aaa8d5b4731ce0fc3c1e4912d52f99773aa917eb24401f0aec89bbbc0f0a363ce1b7109397461fde0df60c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 15823a28ddb2e4af1e91a73e06d70bf3
SHA1 86889b43ccbd0417609c00df4ad4522145d57cae
SHA256 73b3fe71ca45d827370f09e338fd65d3a750d3067aed4fd45d032a6a359dc0e0
SHA512 dbd73873ad2d680425169e25dffe0323324b0277031d37f37d1285dd70b0375eb8c94d93ce3959bc03e1453105c119cf653d80847ee68bc6f2976b0e655ae7ed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 1905f8d589e7dc321bff0c88a2ea2568
SHA1 79438541a5bee6cca4a5c5fde4752c6d4cb81483
SHA256 28f29e6799d4a673ccc8973204f86a3006b2d15cd04d51bc33b5788245dab5d8
SHA512 38244ba73f9cd96166cea8b7701df6555bae7e869aaab07d290e5f9178c94f68cc6792c05de328bfe96c9456916304178aa2ecf82097fb2bf703adab0ef76967

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 017ff9eec228ea675edb4c54a62eccfd
SHA1 60b919e778b156d72c332bef3fe8708444a69a7e
SHA256 3146f190dc97e0bfaa64e51503b23aaea5d38e1555c8877c6e84904123a478af
SHA512 c0b2bcac4c86b5a92513d7f9b1371a939fd6307ff2385d2db07468e390ac4e7d6d602342ac79e9fac8de8ee315c981cebd1b6e79301b1a1c9e0a44d3a75418d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ae156564b15c8f30b8e25891e1c6e55d
SHA1 35aaeaf8f9a5fa5975bdc22d44b915b67f84f672
SHA256 c26b8baf5383b881c769551a4d307bdd7b8c7467d5cd9fb67f1429615cb4be28
SHA512 a08385569c827a32adce738d6c044e1e9cdf13e3719f9915555ccce86ff86ea400b7a195c0050447ff5f642de2bd2b1ddc85c3ed4263de8f9b5b4c7c5d7ec1ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4530c9f378ff2b6015379b9ec62cf10c
SHA1 680d951952a68b3ef07332a80ea5e12517cee163
SHA256 52876db08cbe8be9e599cf16733ff153a74e19de854670ab526c3b5c97169764
SHA512 89d331dbfa2f768eb2a93fc6bbf89fc06379cdaa95c07bcd924a083f75805b0812111e6bc2563d4139fe58d867ad0e4d0f572ad7452dbec806deea51bdccea06

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f5fe5ed615945344a3e8e5e23e5203d4
SHA1 433e3049138c33813e2dad5386393310400f8947
SHA256 509ef3a79c2b23821819c202ffdf7b7c7d6be7c722fc37475bd2e1d0fd2add59
SHA512 3f09dd041f94c3a47b10cbd92e26dbcda0eab4195ef1353ccc387ddc07aac3f229706ce2a4ad5e78770cc1d5a454eb35a18972e0dee6f2014eaed2b372a8672b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7801dbd0528e6e752bedf197970ce2ec
SHA1 0f95a54ecc456d445f34839228258de975c2d72a
SHA256 57ec98eaf9cd4a65adfeb42c802d98c9990b64c64f4eb4829b385df81e556695
SHA512 1e563721bebee30a8f0fa47e8b8b84349477b8c6c6c6e1bff31b244699e1e321bcbb54e41ebdfb6fce2467de05da9ba9ecade1bedf7aa555567908fb92346b56

memory/2320-9073-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2320-9074-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2320-9075-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 01:21

Reported

2024-11-30 01:23

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2200) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fdc.inf_amd64_fe3599e7eac09e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_7cfab61cbab23e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunCalendarBlurred.layoutdir-RTL.jpg C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_2x.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\6445_48x48x32.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Configuration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\IsoLeft.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Wide.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreBadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\Ringlesscalling_360x120_2x.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\iheart-radio.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeWide310x150.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_processor.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9265c67e547cd785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headerclose.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-i..inghelper-component_31bf3856ad364e35_10.0.19041.1_none_c45cd08faa848a1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_pt-pt_624beab99135c25f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c71605cba1a4db20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_10.0.19041.1_de-de_6827432ee2e4a158\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6ba21970485a99d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_10.0.19041.1_de-de_5d20d2c4e2f6443d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Management.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Keyboard\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-base_31bf3856ad364e35_10.0.19041.264_none_00a98b36e844917b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ef4c56fbd0b438fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.visualbasic.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_b7d090fd2a3275ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-edgecontent_31bf3856ad364e35_10.0.19041.1266_none_b4f47dfa8b363f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..pprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_cec03dda34804f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..hicalhost.resources_31bf3856ad364e35_10.0.19041.1_en-us_a20d98817332391a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_b84e385529c68af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.928_none_8573a187d4da526f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.1_none_44197b0fdd55f562\SplashScreen.Theme-Dark_Scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-classpnp-minwin_31bf3856ad364e35_10.0.19041.1_none_c4a2c41a8ca495de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sensors-universal_31bf3856ad364e35_10.0.19041.746_none_44cad51625daf5bd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.windows.forms.resources_b77a5c561934e089_4.0.15805.0_it-it_f39eb76f55f5cab4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-devicevirtualizationlib_31bf3856ad364e35_10.0.19041.928_none_674d75f41b8bea75\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.844_en-us_78c4439b7c2e5a95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e02f8b2d2fc6f3d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-gpupvdev.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_098bc1a5243bfbc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-es_fcde5a75fe44e11c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tartup-fveskybackup_31bf3856ad364e35_10.0.19041.746_none_868c87747a5558e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1202_none_dfaaff89afe4f3d4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_de-de_a9b5b2212e5855d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.0.19041.1_none_0799f1e21b66ff67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_10.0.19041.388_en-us_3b9e163a021f3ac3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6ccdaa3a0e5f734a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..lmanifests-inetcore_31bf3856ad364e35_10.0.19041.1_none_a2365f3193b35a08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\WideLogo310x150.scale-400.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-id-connecte..t-provider-wlidprov_31bf3856ad364e35_10.0.19041.746_none_1d7b3edde1954a77\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_arcsas.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_95268c1d1fa84778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.19041.23_none_e0ffbfbf1dbf1502\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-searchfolder-library_31bf3856ad364e35_10.0.19041.1266_none_0499e0f02267f631\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..platform-input-wisp_31bf3856ad364e35_10.0.19041.1_none_91652ad0b089c75c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft-windows-p..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_aa3f51c848453566\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_hidscanner.inf_31bf3856ad364e35_10.0.19041.1_none_39679fce900d4938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_abad21f112fabff3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..count-profilenotify_31bf3856ad364e35_10.0.19041.423_none_7a6c51e331bfdd3b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.964_lt-lt_ce47d201c53c798b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.directoryservices.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_9464669fbebb956f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_10.0.19041.1_none_b9939f1d632ffb9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_10.0.19041.1_it-it_5568930e5f7a823e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_6f497de45634a0b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_b450d9fc108aea0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_10.0.19041.1_none_91542f6a0f605e32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..recognitionadapters_31bf3856ad364e35_10.0.19041.1110_none_716fb22d165a336a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-settingsynccore_31bf3856ad364e35_10.0.19041.1202_none_ee329426dc7e0841\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.19041.1_de-de_a5ca818c8603e4a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_10.0.19041.1023_none_d2e23d980197bef4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile150x150.scale-100.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sendmail.resources_31bf3856ad364e35_10.0.19041.1_es-es_a52f2da221d3c3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-400.png C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PKCONOIIBFRWSEH" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe,0" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe" C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b44f52909e5932c99cd3bdfc909c560e_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/1944-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 09b8180df7a10d1cba4fcbe40874ead4
SHA1 a17d19446016123cef9265fbe95ceeb43f6be6b0
SHA256 74127f4e4e71499a6143e92287aa4da75f50aa281e37ca4c0dfa602a27ac6256
SHA512 94930c91ad55243aff9aa3a8e21ef0b2bd1dde67d868f36a7c89ce3505c4e65e8aa6f014e6503b0829540d85991e81636799d82bedcb804374ab5762a7ad05ee

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 b9f5cbe76c9d62c63fbcaa784f488ab2
SHA1 748cb7f6be8c8d982d7d2a5754b575b6a4616272
SHA256 03f8730ab17c794cb342ccfa3d4e7ffbdc8a3fb45690a5816e7a5b4261431bee
SHA512 05ac89b6ab713539e06456382cd8712672bfdca0bef2da75ad8560bfaf549890a202c1606ea239ad5529d9b740e6da8e3f6fa68fbb481ca626828f3d7ef787ea

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 090b5fc08ac43348731e88fbee4cb25c
SHA1 fd9c5b4efaacf94f1768e52c9611ce3eb55fcfc9
SHA256 90f75bfbdf34356aa9df998bb2c16f83c680123b7c84c36709a1f52215be12eb
SHA512 394da2ed4132ba94b4a34ad3c9a4ba00c8e035ed64e2dcd271ffcc582c6b7071b8b97ce803257c880b83d259f9562c76dc5186546ee51d7a69fc42108fb28e26

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 f8546578f718401553809525517cada9
SHA1 e8f0383b44e2fc9fd1c31be627d3efe25609a073
SHA256 c0bae8ab0d9761ec3ad65fdcf4f1526a42ef1c19f5a13b77882dae0e4195b12e
SHA512 cf5f8b304166decee4ca95af5a6946aef149a2af2e4ba893e5529f1f3aacc032ff394e9b5655b56b9807015429772a420692730e81909d13f3c53914cbd1813b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 6a6cdf3604c87fe658539e0bf980cfac
SHA1 355ae9ce4c024e3dc1fc852e3f99f6cb531cb299
SHA256 a86d4023a5e6f4d612f2ebbbed6f7e1617a144182c63a9d6e234c761ca9f035b
SHA512 f5a05b20b49963cde77142173213de1f39fbedd4d0de1a4d8a90852aa6128db763fb0cc743b42625fa016bc9eaddb217527813edd20bae21a98e35a0abe99d16

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 1cb184a9c9d12ca036168cc7f4d14fe0
SHA1 14d0cfeb15a551fbbe546dc3b54a8e0a4bd17830
SHA256 fb997624ffb2a1dab44630264aaa69ae51241d1e832f94f3cd30cdfb774dd161
SHA512 3da5bfba75dc811e93272a9c00aeb4fad42b4b0c3d51e90e9a3e6831859617274c4a7c52cdefae472c74d8c43aee2c2b7e7c1ec61398c766bf5fed3656b0a6ab

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 a4bb72ade3a08c06d4c41ef876d0ae46
SHA1 26ed3428e174f3ac59bfafb9acf2663fb26046bd
SHA256 2cf618c51c7f52d13e7f3eeefb85980ac305d36ef906f64a02a06754a368789a
SHA512 4d8ac7abee80817d2267b94ad57cb242d73e86f79320831f66d9e630412338b82a51924e092489915a90a2c8bd06e2325f854da8b55ec5d47a731124731380af

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 8b0004f62dd5d925d12f285859ba578d
SHA1 91b0ce744a0b8d7ee3a5de2a80629d30be5f5196
SHA256 d4d2b2cfc8d38796a0ba3c681bc183c2e15a10d5bee625e15b20df8c293e5941
SHA512 722f11a97f1e5b525b1e797ccff7aa3d2a0eb700a67c0fb97454514a1a4737377fa09e27ba61809e5f07aaedb0ed2a38c5d2e14e1c3771cd6b28b86051c9b3b6

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 13a5bbaa4cecf91643cc6cb0df7b8569
SHA1 1130edcbcfd3e0c721090888750f3c735c4b060a
SHA256 2455d90b188b7cf27e2e15d03ebddf4b3b63bcc7b5f7f5fd7a0b515543e864f9
SHA512 8e1fe16a013c19f03680804d56e780f1e829e6e40135798cdefefe60d2c7c99f2f08094805b4843eccd1bd6d899c0710752a90a67b65ebebf2a259a4d0b612ea

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 18bf0d6a1b5b737a62003ec7b46044ba
SHA1 234b629120d0e42bb4d78e81f28b87c1fee65afc
SHA256 941b76b87f62bf7c0a9bb144db6a284b8f0c91486b2a173de0f278db75a77bf3
SHA512 21138e51435ed3239614602eb1c8fc14ad322f48b1681bfb1f11be2c0a759646702df23ddd6fbc79363d6360492e524831a15069cfa977e65e90164f12ea658c

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 bd023b40f687342ea10f405d520b01ef
SHA1 5b7e4757e03dfa9ff1bafba07a595df5f9a56b38
SHA256 c697eec97c50ac718ec0a107845a6db8b2b217a44baa60ea0ed5f71102b0ebe9
SHA512 5e72aa7a0c1ba5eaec6f58bd0e9e0a68dd63111b49377f491047d115fccfa71cdbcace03917c5f5e363028a5beb8dba818b5d3ab80bffadf21ff38e248b33a0c

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 c6f06ecdd7ddfad4a8cbcd55c24f7917
SHA1 e0d799794661e4316dde95f7db5d64c6b28783b8
SHA256 e8e4983810e7bfc0882efb9f8bf06d563466be5aae2c3704ca57bdfaa84629df
SHA512 703e2546ff46eb3447c99d9060b4811aaffb23ec375472e94a8b6ccff227605a3cb549508e809bf9f94bd1090d5e7cd5501f89d6216e50195372fe294b0da5a5

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 2918fc5fa9c26cca480d50e649411074
SHA1 16bdc2362b2ded5711f7c6d94d867b9405c1ebad
SHA256 70ecddae93c3e79dd815838ab21930abbab6554ad3ee4e37001ded55d1300ac3
SHA512 67ef23dfb53f5c4b407165095110873f2ce3111c8ac59136fcc5c6ce11de15d20ee1b6388ea1a35724043a9483648f7af09a6fc85eaccbfb717eb6b60b471670

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 430325779c4f72eabe05ff41cb4e91db
SHA1 354fa0adddc5d32d0103d25076a437093529e0fc
SHA256 49e00b8bc090144502ef88686d300850508195baf264d78a52a26257c48608b6
SHA512 bebfda4100983842cd7f7511294710763c3bea76972dc8c7ae0d9ff08b6c63f4b4ea14a9970a94e6cb42e6b143b93326cd2c3bb0b99773f2f249cbde13b535ae

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 e9afb55a7c96e5614c328904412a5c4c
SHA1 a75f3bd873f4c50b54adeefb1ee1e8a963181729
SHA256 4eb7acc3729f7a0fc3bee72a0909de6708c3e62b81c22a075a5b2eb19ffa94f9
SHA512 bcf099c34e242ff16119b9b95508e0e67f213d2fc8c4bf470c29cd94e11c27176f1e650f2a8f2e0afb60000b823b20ac8add5ad30a4167b16d68c4f08a5915bb

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 dbe5beb3a933d9fe8cd4b09c2bef4762
SHA1 0ccd45f82c100e533402194c4678f95773314f48
SHA256 9eff37b22db43362165d46bb27982a8ab510e27ad08117c8840208d5e61c4a63
SHA512 0ec50d3446e25c62a47bcae380579b3a530599005643e895688e03efa1cd7253603209887c7382d3326284d9835c842eabb25c73e3addc4dd1d4bdb8644b61fc

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 8fed90287b14af1ecaa9a0683b819134
SHA1 49d5b3bd73a88116b89c636015db2ec2d8b34c8b
SHA256 2405e967b1039c09350706ce7c02406f6fdc80ea7b1582c13223b16d1645f834
SHA512 efc1d26392091c297be2da9892d1bd098f871e6311ceae2f1219123968e893367e4d9e66d0e01771b06923e19c183efc69320ebb29b97ff3a04b6af71e43c311

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 3eb9d537ea183651d80fe0ffa87f2ce5
SHA1 b714a43253e5976682d68fa2ce5fbd876f631054
SHA256 85600a7fcfc917ed40be8d440e1edd64a34776d78398e5d8cfcaf72d6c4b217f
SHA512 1a65273222fcfddbcca8baa1841cbf1e5db0e998c7092296c57f548ecc217c35710ed1572c3a3e544681d41cf819d156ec0f4762b2d112e506cc6860e2590cdc

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 e824ed0aaf5b8b61ed916438d89bc583
SHA1 37634a7f370fbc2722ae21658f9c7777a6ed3d0a
SHA256 6c56ab1e2717b5377250f60c214a8e40aca48195d503bc7d11177e71ef6ca1a6
SHA512 472bc3797ff991c3ad79bf6b15b12ef8863d946c3977841b7978a578849264cf16403b6049567c2b353c46b17ed8ac5435aab4e8236ec20e81ecadfdd6ab42b4

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d48df3537753029f4d3e002e314d054b
SHA1 375369a8f758bf33996ec9443cac80c0c0d1516b
SHA256 2584457bf66143e24c462ed6671e10560b4dadc5538f65af0e81d40de6a3afa2
SHA512 c2aa0e38e3e0da8f4392dcaa836340ebacf7c569a2730f87a2743af8b567f0d90dc7c47927d3b8215f2b04f136b8129184d1d675c248dcc0bfabf71e300d6aac

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 9a15e26458369f412c61b7323bba2eee
SHA1 5f742eef93c29e65a754f44743456775f2159d45
SHA256 261f9215e6379d31816e3081d471395d3503605388de973ca825175dd9f534b3
SHA512 88d4d14982c32f0fc20c7ce754468ed19c4a9f230b4f897792142163a7b371336a2eb901274365cfc86bb1cf9e573b093805bec18bc1d0be2ac64e5ecc58a6e2

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 9f7d587a1cdd9e9c7059ba5b94a678bc
SHA1 de6d950b0cd9ecd67fec8401796ae8f0e3fb6f66
SHA256 950f083082732683c182719e6111371f034b1642f0344e0ed4bafb6d34413f3f
SHA512 e00a573eea0af05807ba4279761c68bf16f2b311566c1fc0d49b10b23be788d9cd8f939aedb297b4c26a16af3c250efd7e4153e0fb15d18f3adba85f57ef6d41

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 3e03e9728bcef1bf5b2026f425941b01
SHA1 fd2dfcdd828873460dd16e6dce682cb4eee992cb
SHA256 d3c6c98908c29eb9243dcdcea9201e009b35e567c13a399bb174f3c5857f280f
SHA512 1ff4e1d6d1090d80383d8d671849793acc76b4cb5ab25c21dec6fff49d52f0a770b8f3c613a5ea10d568f9e6af7d0a15a82ee054c63b1c700ec51456500e7396

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 096dca1281d8571f82777a847f62bbe9
SHA1 4766b9f75781616c85564942b1bb9999b4221247
SHA256 ae2650d8bfc8c3852107d59a8302db016dd0d869ec50bf4e643e25418ca1f630
SHA512 364431e9c328000ed19fafc526d651ef672862f4995b757d40985e0d0181100d27b6ad4039a043f84dd236bd84b6799de300d51cb55959a18fad517ba0fa5fc8

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 3891c8968256f89a7819cffc14a809f7
SHA1 a04e9f2bf4b5b5210d35e4768b9ba8aa0f4a9284
SHA256 49939add67d71cb3293e44d425688f1423f5db5ae94f3ee173084755702f03e6
SHA512 a772745150119f5de9638b5d4c08c7c11050ad1dffee1afbe635414ff733092c15c0749c46ebd4fcd99d56bdc1ed6e2210c33f9d8f687c2bd82bfc505856f728

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 e50f9f9554a3e9882918da20b83f079a
SHA1 e0ae49e50a838e050822a2fbd440a0a199c4708e
SHA256 abb59025dbcb72d0e0331f79c9543e44a9ce214d15cf71683de19e11b0434425
SHA512 10ea1fa8547173168cb2a38a2e48ab6bf746773c652c37a5f3fc6678d8c115e81466233e957b4538ae1fab306400a99e32eb88fe5708f5afa79cf686707c6cd1

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a71dc257abd21d24bc5e6dcfc9ec1faa
SHA1 6f3cb37a668971fb6a506e237b6288b412c7c2ca
SHA256 528171343dbf5f189e205d9a3d9618a831b8da19c5d82cedf30423959e5439ea
SHA512 37fa240956d8b81ef2e02df50bc6ae9ec44f55025fb9b07cb48eaab1ae464514eee1d4f0a07c751c92ca649b12f25a8eaa661cbc8526dd03d27b94b2be4c5ed7

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 86b35b1c2d8c5a8daf12bab6df8a4610
SHA1 1b0babf617e268597a081ca0c10fc4e402a9cbb0
SHA256 a32cb3d0e154aef55a53951af4b6e8d63b7897cff519d6af1d33f9b29c793a64
SHA512 74ca9d8bd41fa2c20945e4719bcb11e1f837eabd47c67862fdf734255084c096f4580330a61a0ad6c3a0f65f954dedb17de831483bb5766af2720503727076d8

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 f02a8895d62a998e70ddbf8c12b5fe0f
SHA1 d387e946447cd0b0fdbdb5fd997728a2722904be
SHA256 1888b2098cf231e40487ce6255129d3f9974aab9cc1f92e70e754c80e60ccabc
SHA512 a84a03f05b99a846c69b700167156429f55838c3cc1723f2cabb1fa9524f1697c253529ebaab1c5fde873b16e1d033529469c4c252e4390f33001ffcb336d617

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 a80091918feef102efcf3826f0711d90
SHA1 47d6ee507afc176a4674d0fef8a54532ae1f8376
SHA256 98ed9542c43b1dad9aec07e5b78f4a178367a7b5cc34569c8552faf3ce94c60f
SHA512 6ab4a28791163bc8f301fa82a91eb7b8e03dbabf1a7c91adacd2aee373fbd00c071a00dddf192dc1c62bb7520ec175a956c7664b1dfd5122702d3dfcd8dd5656

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 7eb52575a060c62cc0264573a1766e9f
SHA1 6e7c0a617df29309fb4c499061c0b8a75447aa30
SHA256 07e7f28c3c49d19bade1af290ae07e03bf0b7d9f547519c3b00d3423c0e0968e
SHA512 06363be2b182d770ee822ad1345b50bad15f60107dc84801baeef92b9998404d477463c8420e77c8b2762c523889979855455c6391da28b5d524a407356ae2c8

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 887aa1e10e266071ddd0d39fa52c8729
SHA1 7eee19cc16ed0f1de92a1da952748c379abce221
SHA256 0c47fed4a4343209d9df3cc4009e18e2928ed326429badf37045fd672476dbf0
SHA512 7e97ced8044a8b302e32ff70a6c60444aae7383aba87e5869ee162a3cdfa3ca854cab71dbc697818ec64e9d39fe6537339b62a374907d47ebeccfb28ced39c0d

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 f0fb6a68043a81f3687baa692da52413
SHA1 319aa21fe9ec8c28c80f24f4c3442bacef03916d
SHA256 c89284586984b3de4040a06a5eeafaff9f8bbbe7168310ae7b333f6706ace5da
SHA512 8fc5ad8bb007bd795159e6dee953ed27d295bbd643b880dadf5bf5feced33dd5e30844a90c59ca0d582b9cafc3c7e12fd7a6dabda55f9a0dc6d2c98aa97bda8e

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 77629029f967d2d881fe83e26d31577a
SHA1 6e2abe8ec091e4c4f8584ac34641cf41317593fb
SHA256 929510326a5b577b2c386b8f352802d12eeedeb8e7d571a6285a39def51298bf
SHA512 b35179ac2e64a04caf1a3e6b0a058efdb240b9d20858449bd05c6beea04aff0249622658a773ea55f91b8b9049b20ef78d1f512ec1affb84e739d1eed20e84a6

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 069f5d7b7c3781b4be9cca071ca804a8
SHA1 3d65910674915e3a76f9ad4943d6f8fc7ee87625
SHA256 6265ac58378be735d8971808a88782a9be1b6d17bb9ce1997b801375bcaa8e1f
SHA512 84754419d20d73bb055911186d68f5fcdc7f1549df141a4cc07b42ac5e9a92fd42ab1e11b30079609dfbf1e07dc2e894299557d1cb644f522ae38a8d95b19243

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 971fe8af710ec9101a0f32eaf6e7104c
SHA1 8ed9512e7ce4ffc8c5a0b42ec9520e28ecd44f9c
SHA256 e12b6d72776684d6690f923b2ffadaedb3ec95c67785478fbd27ac89a0e73d7a
SHA512 15f1bd6d6e3d7ea50dcf81b41c3c900a67e1584fac20d27cad13834a6b63d8d166dee5a3ff2d91589139482d715cb6c13e411dc7a81ee6883bb3d4a20142bea8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 30c0b1100ee10220cdecbe7a338c4ea4
SHA1 8d4057f338b83994686ff5e2bac1ed4d9edf5bd2
SHA256 7f5a45fde58aa6872e6b56bd58926c0105d205745882ac986b08964f047ceb85
SHA512 e332d24e0bbca833ef7ef5d7e4ba0c89415f2fa5f057ab46b00defa8b1326ec668f7f9ab31c1be78d9fec5dd24119434d3577ac488c193f03c661e32af042bf7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 4d26dac5e08935499a281b094f8a237f
SHA1 4b8e96759e91cebd4ec3db025051033299868499
SHA256 9a92ff5b2a13457d146660df88ed2c409f98b4f0ce936064d8b05050223f8475
SHA512 0b587db1d1811398515c383720cd699a1c0b11d902bc752c78dea056fe0b10464539937841f77f21ca89fd0f938feb4c9b85d671c722de4f34254723fa0019f4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 7b5625439255926062effbe8f6a4366a
SHA1 72440b827f5976443b11a4dd3dd940f7201c55ac
SHA256 0feb4ee08224897acceabb3211e640dea4c2161e231e516faff0161c8dc0560e
SHA512 5e437149f70056ca6e58cb5a6e62e6d70919f3698ad6b01aef59b6eaff2240773c339a69012f904839564782b0bb2373341a189a68787432663a619a92ffb3d0

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 6632f2afdaa3287239a8d9cb5754c453
SHA1 c63f8379d44ee5a1cc1692fefe9aa1476585fa6c
SHA256 d61c79e5b8addd71e5903f87681825eef69f6632357d6086f95298304394f410
SHA512 be6b61ebcf7316539d4cf3d20be6847571efbe8399db4add53055cfd704ecd1baea3cd8a5e1ad305042732b6bea484f7bac53eaeeb76adcc1ae35c22c382e9e1

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 49c21549715ae49cc02337758ecae6f0
SHA1 22744359ab9fd7bd85922ade3de140dacc808f2b
SHA256 2fd1246ffb23527dd75c902f674ba0ad966b3b33bc0ba8db949ce5871f888c99
SHA512 5442ee5119f95235a931ab2c04f8d424ed1536c760b133739cdc2aa2f1ece91c4162eb5101f360a6cc0ed8d3a8c70ebd0a0006e808d880ff0a51b9da1b130298

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 6feb190d2f8957cd6bdf7f68dfce1427
SHA1 ef78c94dbfdccc074e3808c455999571bf2d2697
SHA256 46cf3dabb5eeaf2bd50eb3742d23d4b78f9ce6c44fd8c4b193df719d4e999c0b
SHA512 ae147bed4dfdde3b1bc5857dbec18e5ee286c7fa96513fb4a7d67f7966b89b39bf04210845f25e8ad77e968206dead906c02e091e731d7f87d7e62b012f7171a

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 1ff5cc91b1f4dcf90fc0d5eb667a9918
SHA1 bacae52b3148b1341df57c447aeab9cec3083012
SHA256 83f73e14e742589796fb7710fa7c487d93bab6fda4efed9502679de87367064a
SHA512 47bd72e5bcd071f84efea2b50a4e38347d9b0402aa29b7547e9e28357a1047042fa317ba7145dfd6fd4725b25953bcd796bc94706ca56f9d20fc4ef57981e314

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5686d2bda1a7a2da3f5679c58e4247bc
SHA1 cc9e750d5944395382f23d303c438ac26c34d6e0
SHA256 3b45da8d2d213c87b319950047941422a8e773a9f51be50206a7a6f96f4d13ea
SHA512 d29f91a634556617edbaa7cf4352e4414af2b778b8d01d35181d086a2ba43107f67f0f50ed06863da9c304524858289fa2246997fb5e4e2b806fa6e7da25ea05

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 f7353e51a872ce0e21e847258ba3a259
SHA1 eabf1d39a5e65f287d591d1688ba2c01fd23a8b6
SHA256 e52d341b81340a4555bdd101912abfca3c56687fa6346e4286e1ce522d9942df
SHA512 335c23c12b8d6cc962092e80bdf7ffad834020c7061f4ee4439aae0006d20a69fa789158ab04c15081499a028f54aa7c2cf6e0cc51ad018cf1d20042c6821c52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 751e34aa3b5dce693abeddeac0d25a24
SHA1 8a8b6b6369d64eaacde8b2475e3805e2b107d2d6
SHA256 ef9151c3b9cb88ab6bbc2c4a8897275602910c611168c9d4723d4894e90d1f29
SHA512 50e3c363e471fd91ed5262f49c9288a6a3a5865f61d4d3606c20527687b9a38e52bd3f7ebb999c86828899449984e25ff7e01402b623cede3fe6ed88dc655fff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 31dd7d5beb85aaf3b6a3a9fb5cba80a7
SHA1 b81550446fb5587316cbee75b965a82b14bfe8b8
SHA256 7b5f49701913d42530c10e1341597ddcf28152fc505ce0409ff38c54b10d4b01
SHA512 f2e92d24ca349b179d52d3ee3dc12cad54cc982ab7f00455ab469fd8af3e1a434eeee82b15f92183c9f3a2fcc4236cc835506de55a1d2cbe5edfbd5374d7c99e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 626f97289789179740e0326e3cbae476
SHA1 590ef2259eae207bffab25e02c8af82d51e6831e
SHA256 8e835a6bfc4b9e1931c98c726719fd2421a923c390c35259c64cd9bbe6f32946
SHA512 ed4b8f2c0c8b3e193b1018d7e902c399dbfaa83c66132046fe400871f7059a5b82f78ccd8b887c372ac5712e4e5ff9338450cc1b3a24d3fb3c5d3c030852f9f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 877e1af38df375eae7aa9fa8bafb7bc2
SHA1 d158bbe337d85f7cd91bb747d50d369e0b4e6fc7
SHA256 f1e6d2a597a3e6da1897a041fe277d06c3f3138b92549730a801e1f1361bf96c
SHA512 a877ce5f0c9a8996cc2fe62606e193ecb80102edb443334868b61d596e3720db7cf9fc600b01fbbe6bc6b09b8b24398071922c148761443fd1a223ec5a9f5267

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 ed9ff9f675779aad01678cf9cbec0be9
SHA1 f18d5b19a78ce8704c03247d908328ede2a8b4a9
SHA256 a9b62b66d80b041db5ba601a0df5f8547e22c657e8270df0d255e9d318efa752
SHA512 fcadaa024fccf2869d7d7ddebbc57fe0ef209147ea449e4fee37bc968bd7f88258f16b3b1b17c5260a196524b084acf89cb63c2f67658e60bd435bcee8161595

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 7ee65a91ce854fa21dab05100ed20ecb
SHA1 d4cc0f488268f5b12e42adf9e887cd9849b6d837
SHA256 7c3a5a29e5e1b8ff421d5a1239198de291ce3206015727aa4e9ee9647a999767
SHA512 5bf6124760345def301d831944c1a953fdacea5579c6355018ad4c4e5f440892daab509d9299b823c1a7475d46c9ea594394142b7c914be210150ce3de3e4389

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 79e48e94b49b1c721a72d43b811a6a82
SHA1 6879d18cbedf39da30e09bcd83ee99b35104f59e
SHA256 ac95022c72df011ffe2b703896e33b7b5e05e8d5529d7307f72297230fac7fe5
SHA512 7cb93e471bc735aee37ffbe43e76b6f338a2bc02a0549238a200fabb438e836a4f5e04b5be0ee77db49f1fb2b2bdbf5f803cd62921f363eb6847efc02f21e87a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 b5f652e0addecee593afd8b4d9c76493
SHA1 6b832f51b9c4d1eda8e92155df8e59f8de2016dd
SHA256 b31dd50bfd4a2027f623ec16174488df8a2b4e49a916adf4a55a72fc29829fae
SHA512 5337a467ee5bb727171a79dee2cd46c25dc2b20efc8d45027feb4b61341c82afcbc58cb35b6d459efc9dadd3ac9174b0ae00e35e4366de43bfd959e429710a23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 ccf668e8b1d23f42ac06e3c4ef4dd692
SHA1 287788fe5fed765456796df11f92e25f9b841f64
SHA256 fe1f393db2755b66ab556d20fc51a1cdc480cc0412c2473cef74f27113284293
SHA512 d977322bac5d8ce408353916bf982776e20dd445147537c355f9fa538f3882c0ea77a226695d8e60cf7a0b2a75530cf8941650247f202b823d0896ddaae5f9b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 ac03a5c9f344e8707db06ae28425ff65
SHA1 854709856dc1866c6ae3016822d7488cad6c2a40
SHA256 fab1a905a593067036209f3dd880d23ad67b72bb8865e73b5b343a95a01b2578
SHA512 ecaa1fd4bfdc5ed9de6effacc305342eedb06e043cdb451b85212b20b00796e91e35c2db2810ec60000ff938c76606d89c337d328b4800c987c09603ef6f1e35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 5964b776ad169b9a4e7fb758c0ca64e5
SHA1 898f1405c3a75e658f2a5af55122a39e78e0345b
SHA256 bd62b9d3718f71e2943d337c6b993b8e00e7e0d02f16133b6542676b8b79ee73
SHA512 774e4ba9d64889e55c4749ba7fc30cc2c1f59cf964e5ba44176c917277c52069a647a7aed8542a794bf8eb679e81fdc04f08b89987f188f15c5e672d6b671396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 71b8ccf69db1e2d67170c5e042ee0524
SHA1 a41604b1334a7b1107c29b0cb53b5f009cb0ab34
SHA256 38def57f6d2b97020d58433b5fd29e5fefa1caa4b6cba38c0989fc4866120a03
SHA512 7bfe9a43b6767d37bc01fe6dd6fe6046e26586e059ac0d6029299ffd6f174c6e5360bb34c8486792f44af6b9260c961a86b59ee47809c9a2fb7975fd47986c72

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 9071c4775692719d95ca64ae0cc3442d
SHA1 1e7030d19efe9d672ad9998153f09cdfb99d3304
SHA256 ab969327a87ce1a9ebb1cee5d2f96bd48698a2cb307a87db9ebdf21ea30b1fb1
SHA512 7855fe74b08304d5886c170d67dabba7e758929570203141dabbaf5b58e32b4f5bc3bb92bb09c5cbad6489a980e21d1dcdc8d6723799b2cccf6cd8da8927033e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 29ef8f03608df4f8d7d903cf58831384
SHA1 6f067a247f77cfa72ec1f410413a6c92f7d71263
SHA256 afcc4ebfcceef6c1732e58dae163355a01a9735500f2a28babe15bf23d0e3194
SHA512 10544920ec384397ada52e533e8b19b446ad6846801b38786c4585d90b01b2eb723eb35e11b8343a3502e55c270b9b28fd9a7b77fec48a47d6a9b6d8066d70b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 4baed04403e33a3f6fb030105164f45a
SHA1 c49fb65f163c8fdee0ba5b5b07261926e26b4da4
SHA256 36d476785cd26980c9afa7544de559955b3d2309d7378c51dd5430c8508ade58
SHA512 afea2e6d6858f993b66e88a3c0e7a68c383502ca3895d3665f37676463051593805297aa86d0fff468f5cf3987dfcf1fca9ee93c1796eacb83e1b91b2b586234

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 2523c6adfb6b655234b4081e26f480ee
SHA1 56f908185d30f88321f3071a467aeee4247973af
SHA256 c31e8910fbda0ea98474e36534b120c5715b43faa109c6b83226e12c31c09934
SHA512 b87f6a423c402bb71510da0c825e09ca18f3c0bc4b29a09754dbe31569a87ecec27fa39ba0d6918649c55dc99944a4c64249199c7498d61c5d92ac77c9a04c94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 d1bb593addd8e0b5a2bd16294cadad2b
SHA1 05de3739901fbcdba4c96b87a89400494b368f30
SHA256 ef270b621f893481d8cb65d57f72e4a3f56e408b78294baf2d3b413b06813187
SHA512 142e031d2f5e8b8eac8857cee81c18330451ea50c67e9418a7f3af4196d225419631b37b9453cf0aebf7371caba98c12c6a3c89a10c120890730d19f84074be7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 0f4da6e125b4e78b21eb92aa7b62e474
SHA1 6272adee20a0812f30bfa43650cef94ef8736dba
SHA256 f9bd55a0321866b7f7d13e4b662f3b90839a55a9629a549375ada61241468840
SHA512 f169dd5922a6eb2b4402bf4690270016f7d394c0db9e0a851629d4caf821ff3e225f6c3b165e9bbe4eb2a48d07b7cc1aae59678001da7500865c834bfce0479b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 cbb8dd483f1813fbe30681b6161a6196
SHA1 3435358091b75ec5d098194d5eaef3a4d13a94be
SHA256 ae0b96c21226795775ab2d0368819bb50cf42668d3aaaf8fd55f5caf3a5124fb
SHA512 ff0f7f52da86a9777ed19706504002a9fcba99c48d6275bf8fdf2815c891b3111ffad66218d4d883ee3a786ac9a7ac7e2ef37f05fa33604431c579476d424014

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 36fccaae0d4cfd1bdca3ad140caf90bf
SHA1 14d8c29468d52c6742f8970d64e91392e1041d50
SHA256 9e948e691c81209f46b0ca5255c312ed688604de4160dcaca6922d7c0a993af1
SHA512 fff17d10795d134725d793dc4e9570a124484b991fd84aa29aaa2c520e9c190e871232b9004ed9de13c27b05a1d8a21b210a5c3acea55363bedc18bf6cf4674f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f98f58c441c2a44e8b09698e10b29735
SHA1 33070994f57123db3fa30083080333f9da36781c
SHA256 34cf1400f0cfe4b93dbc70e63747c956495a662d5fbc192bf2d67f8cb7dd4487
SHA512 68caaaa30381ebad9425801fdf36d83c211d0ee0774a52eb8fa1a15f1c00cf5370965ccca3650060a533fdea95e8c313b58af406180af4951c27e204818b41f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 d38ed7170a95725aec5bd053f956c69d
SHA1 a90e589c77f9bc93c69e47f00ab7426fdb213062
SHA256 e2212ed615a01605fa940ef5e6c7e137ad44e1a9cefa21ef12d033d3ba36f8e0
SHA512 772c1a4289be05fbe636ef0eee870dfea5d8353add8933549960d353d727c50f9135f661ff2635e3eb89cb43cc5e4ce93538131ef5874cd3af6fe9591ba21406

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 f3ab93ba85de92988630595687bd975a
SHA1 951d8083ed79e4bf3fddd22f514f7922264c95dc
SHA256 91abd36269ea2f9ae4da795563dd60f94db2de609ddacb8e28e2564941c36161
SHA512 f7b23d3c90e688aa156a960d9a33eaae7ccdb2f905ee33bc2fae71d1bb441352a38e898509675dc073390cc8dd314bfbbf2618496df0851d98d675bc5531c9a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 052b20925fd38a0688510561f0620a43
SHA1 f4393b2a7c5f9e505a19b447cfdf9c22f4cd54d2
SHA256 ed5895a1f737d78e5b6c8664e22b8a1f660bb4a839eb48c46df22604e914182d
SHA512 04d23278cafbd528561e0db1e83215903164a03bb9934477e57fcc68ac9f5cc1a4539273ec04a805829cfde89ba66d5624c61244f157423f0fc4056a53e9ad7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 25b9b6d19edbd56e5812570b708c7ad4
SHA1 96d4f9cedf045bf19ccfb552048e8f11a6e2a8e7
SHA256 980d827578bed1386696f77187e924f2315992fd3deaac30a07c64141787495a
SHA512 2ff7376ac5a3ddb81c2d49ff55a3292a018df9223817f45f0bb4a92455ef84986578245278cdbaf1ab438cfe827c72c23fa1e8054b1f6eb3c8c3267016510052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 f86e20107cdad2f9bbf2e85af9633fc4
SHA1 a6e8187552243b3eef0d5eefd7410c4b8cecb400
SHA256 79df2dcd0d1097fc19cac233e5eb6ec989ee9f9665aeda877934facd0b9aad8d
SHA512 5e8ab813018cf2ce8e939cac4940bf4beb76466d00d93648d32d1707a7896c9afb9419ac95fbd46d563ee019c7816156f321317a05ebb146b3b7663ad9923722

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 aa12317adb0658c451a02766a5db383a
SHA1 5e05b234798be34b66d36dfde9c3398a84c6ee13
SHA256 a31b357b9484b737838eadf6899998e0b623f61a20c6c4f8eaac633edc28ca91
SHA512 9541ed804573cb4b732b478e275c4843f9f5f5fcb7261ad52d4f9bf73253dfd03e99b3043fe81e403241a04252f7e2879655735cc961ad4d1f5116178215f2d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 a970a4f48c46259ed876a28c7d95836a
SHA1 29ffd57b1bdb699ee6eb4247c133a5981e2f4a6b
SHA256 d19bf83beb5c7f8e5d8e0f1e8711d3a81c8edeeb8a397ad3fb0508077e17ad51
SHA512 841e1d2feb691dc2dec2ca90e7f261eb77226e7e1c0b761b44fae29370371af4891e9c226da2e3c3a9ab1127bc06eccc2ae76714a7080e8b322d25887c7846bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 add7b66d5cfb472d9f8dcb5b8f85027a
SHA1 7f673372e4e7361e45ae62d8e606e17f9c714c60
SHA256 935949e0f67f1f08778d1cccd6edf8f28c27042c6625ddcb8d33dbb1fdfc4dd8
SHA512 c570438061aec925d846b5a806ec0180d4e3fe30b9e0408fc21d6616c343e984262f148a939a43ccc726afa603754f1d80a1627579f39d81df8a0fcb10feceb5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 48c431ac39a95728baf53ae5f0c773f3
SHA1 f78d623bfa67ac3f29014262a0a17954f221237f
SHA256 ed599254a0f18d27cd8d5b715278fc24ce1d48ab7b9f93e4e7e1c630a039ce39
SHA512 6540e3bbdf1df9f3afbafafc899873895365f6c682ecae97ed192821d39d3d917c9995e618655832091b0946dd28ff650feceb096729af0e4eb547af487445a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 33cad4f7239769cacc593a0508119878
SHA1 291737d8a2c57a9bd56df43aa4075d2763c9618e
SHA256 3d92bf296d2e7254ffbea778aeacf6b8e6b59e65494152b8c6cb046b8fe80731
SHA512 6990c548e43d16d00bc063991ea86f674a9d7f0dfedeef3ea401715e36f2294385458a81b292b9b21ab30ac0424c34909e300edc01abc29162f8181191077ecf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 a2d0731b9afab736af35ea370448d0fa
SHA1 6ccbce69e51a25ee20c533849f5c40908aab5dc7
SHA256 0bf5cbcc59c25c41fc449ba49ac0fc69a873f24b71658e99b768a29cea4dcb94
SHA512 97f97148a2ff960ed1ae83967c3d0863d9aad2fa7458acef2784b09d473afebf0b8fac6ace99b15cdc5a162d83f6b5834fe76c93032839b4a533d2c6c987caac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 47ed46ca889a7b96566e26a6146cf052
SHA1 38132c672d7991e14a9a6679e87c60f2fc798d1b
SHA256 782961d677038d297b5bea98ac5ac628523beaa617450a0a57ce7a3a69b8ee45
SHA512 f68992e215116225ff4f33337de71b1d83a1d74099927c1aa2d4def87136164ed93179bacb6fdd26e0edd86dfad34c23f4729342ef45c23d24f21f98bfc76dba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 dbf6161fb400d331a64f5c7e752de611
SHA1 eb85ce762dece680d111adc0f13e3f98c7abbf92
SHA256 1e91fce9e7516a54fd264a6530565992c51ed769112761abf5e8d43673c64f9c
SHA512 3427b3177b655c1ad039b7ef255b0d6f56a61fff52f8f332f7c19e87df9fc5d6aff393b791828a800342f0d722b54bf5f690a04957af1b8581f6cee7f66a9b81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 dc8d032230ae594d15f83fce02ac11e0
SHA1 ec524e5a730fba7f8384c6cdd685d57bacf3669b
SHA256 1f8c2fbaeac0cd7711c36aa1a4884264ac4f357b79a1bce4ba5198a224502a4f
SHA512 651694d2193e5ee83be5f225df8c6c84982080a0a29ea1ad7eb49dc11b9985987486a8aeff0a072288aefd4a9cec2c5d5ca32b62ec62f0630aebd347f28a18ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 91ae478cac3bf945ba7f2ca42320da72
SHA1 eaf3333c386f76e93643195af57eb5d821a5e13d
SHA256 627937bc7bac54dec0a20967c55dd4fc1c3b37b4102cb95203436f86ce4182da
SHA512 fb45f9afc12809abae8ccad6d730c29933c63d347c4e8d1c2caed245f7f621fed1fae08032db521bce7cbbd60ec3486c309624d03e0cc8e9171b376fdc3d9a70

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 a6cba54829b485368336b56d830549b9
SHA1 af4523ea690eab517edbb48e0c4c9ae581a9e018
SHA256 715fd382b9550b8fb006778d8c8cac3a60ad9e4cc7a27273e6e89b96ed663ca2
SHA512 d0c8be735a049719939f6802a9bfdd0fcace5abf075d3bd14883a7e5d3adaad92c138ec1e988d0389716094cb40a5e5b21777d69adcc03f526cde0af2073de68

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 2ebd5a576d0272299cfb1d74b47ab7f9
SHA1 ce14cbab5eba1f78e71f10b25ec850ff6b48fb84
SHA256 5cc12b93d95a0fc1723450e262e39fc264d1b7b260c5a598c4c1df705f6b212a
SHA512 3a8bf5be118e9249c50bef7c14e90af4160bbb1bf1b07c6168daff7ce5085e8e2856e57199318ae66c30d4ff2aabee0f0594b765bd5d2798af33d1a2d9a5b098

memory/1944-5570-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1944-5579-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 75b1f0555cd2c6dec6b0b928fe92bf6f
SHA1 9f5a4cf26bb0a8480731b0652bc098c11bd9d2cb
SHA256 9be30ce1c3c09d016cb404ab45ed72ad730733f3a39809955a69c1c257e8282e
SHA512 1d438cec1cb823043cd096ea22dd3f500d2c9047de8984d36d0a42218797f0bb5f8039acc333db3170c46e7b12bbc677856df1f02ffbd790df4ba820dd0fb6d9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 49ca8a788526b9456c98642e360b2e80
SHA1 f3eec9a9dd1e710af23e7435e3dccb689cf8696d
SHA256 393ecf6297c898904c3fe5c1ceea1841375dac9631064552e0788bb03839b8db
SHA512 06692f8598e3972f20f444b8d175d48e10974d8b1fa85db56963b68d3358e19708cc800cc2c8578124feeb6a7f100be4e1748e7578ee1942f55e17321e7ce031

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 165f22604c644f0f6d7dc7faab93cb29
SHA1 badf83271ddcd27718d539d67ccb932354633a86
SHA256 345ef1885e361a1ade793ee778b275746431bdd29c6c8904831ca61ac7d1acf9
SHA512 8bf47fda4b6fc0914e34fd110f08af0ad250ede7306c378a8a79eecd86de66d62e0e0ab1e29985f82cc1214923d54c1ad584bc93585b7a0f1effa211544d9a01

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 50f9d3a2781d60d131323f764abb212a
SHA1 08ea1b0f6720cae67f9edf8e374903a9dc6c7f2a
SHA256 98365a419d7384fa288bee87a6c5a4b42b7db9ffd79391ed655ac38afb75a6ca
SHA512 4c4e40576ffff79441c2c1eee0436fab4c72b8b953f814b4958a789b17384ffcaa0030a746bcb012daaee7ed338e6bf08a0bbecdfedfb9796d5f8841965866de

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 0c6d17ae3189c0451a7bfc88900bb6c8
SHA1 9fdb1df1130d604faa897f5501a0490714d8c86a
SHA256 6afb66315a2257b61c5844af6a02e3b72ce989a3814ba2a344bf6ab07f411201
SHA512 65e730d382a2b3dfc6b6e1fab2fb410040deac70ef309f49ead35a1df052892562737f2d926c10e56b069e21715999009e2f6b631d863ccc0a20705a1a292b6f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a765b50362bd043207476503ff1ac3de
SHA1 063f4c4bb556d0c5a5b38b80e4ee9811e1070066
SHA256 a82e72edb49d0ea62aea03c428de9cfdbd282e61f5a2aa858c349fce1427b2df
SHA512 dd50263cd96b0065ead1a73c02d84dc4be1beb2050701148312d6c313f40b1154413fa7bb06f05db38fe39baf3ff94a504e3e9c2e7dba35bb44017195b24d039

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 ff90b3c73b332c9b798cbe3430dfb3ce
SHA1 27c0280c1d3d1d683973a18b6e534a369e0bd27c
SHA256 488d8a612961b51552397f7bf37bb3abc3808dda2ecfec05395e1618e682cfe1
SHA512 965516ab64903dd1624ece646a2e559234e6d921cef6d3e062a7922fd5e6ba559519621f2dc67314d0cad156604ccad0e45f096e6063091af00c536b68fa8586

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d1a2c97a2f096be740ab49c353952c24
SHA1 511a7f2aeac0635b741c7a52b887440afd1b53bc
SHA256 3baf872bca6a054c759e53b095d65fea99a987e0c40c65bd354b16da2ab8a94d
SHA512 36361e4b9cee4269e742857c7c03357d06409079b70caed4e74632657518b8ba47c1813de0cf60cfdf261f4bf09bf0a3987fafe705ed40370fa06bcb7aa13cd6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 9b42abe43451bdc04775eeb47921fa30
SHA1 d250076c4aee1d04d52a383f5e5853a13a719b4c
SHA256 eb17812b46daf307e8c638b27e62b1c4aa1b53dbacb0c7185d7a2763e24b71de
SHA512 92344be9408759514c653bff7f3700e0054c33db677b9af0e97fcd75e616bf4398057a530e72134cd3ef1cc1ff7f744383c4bb49da8b8174fba2b378012a386d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 37f34ee5b21c698cc670b4e9115bbd3e
SHA1 f3e542454ccc442e6a9ffa012a3e5d43b36c1399
SHA256 f0eadd88b1bf7fa176002de0e5e430c1c8d33fa5954df669dc604074fe6f6f31
SHA512 2b01cc8f8d4477037e5519ac2e432b177cf1428a5aaa8d5b4731ce0fc3c1e4912d52f99773aa917eb24401f0aec89bbbc0f0a363ce1b7109397461fde0df60c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 c7fe26ed3a5493dd2e24e0ff4a243dfe
SHA1 4e09cf9a3911045a895f54d375513971c3976ae0
SHA256 3b4309260cfc2df173b05c310a1095c036959f9bc87f4821f290bfc4ded6093c
SHA512 0537a046b10ad27364ec4d38d4542e95dfd55d5bedb5f97dc7f1375904e66618ef17c8e858b5c2bee8ebf95888892d2ced2569cb03a38515ae24a670c60dd70f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 1a16b7763bd6dcfbee9034dcf055d991
SHA1 3972b70dc90de6e08011c07c7ae3e48cfe18eec7
SHA256 1a19845e78078e84b4fd436040c544980d28eb38a2be326873bf34199c525fd5
SHA512 15691455ccc5d55a31b83660549f463ebc2fbb8656b1ff2dc6c09ca93aee9d3db2c96db1704149e3520ff79d8c325111b6f1a6049ac12619ccb497d4df1f5cdc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 15823a28ddb2e4af1e91a73e06d70bf3
SHA1 86889b43ccbd0417609c00df4ad4522145d57cae
SHA256 73b3fe71ca45d827370f09e338fd65d3a750d3067aed4fd45d032a6a359dc0e0
SHA512 dbd73873ad2d680425169e25dffe0323324b0277031d37f37d1285dd70b0375eb8c94d93ce3959bc03e1453105c119cf653d80847ee68bc6f2976b0e655ae7ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 017ff9eec228ea675edb4c54a62eccfd
SHA1 60b919e778b156d72c332bef3fe8708444a69a7e
SHA256 3146f190dc97e0bfaa64e51503b23aaea5d38e1555c8877c6e84904123a478af
SHA512 c0b2bcac4c86b5a92513d7f9b1371a939fd6307ff2385d2db07468e390ac4e7d6d602342ac79e9fac8de8ee315c981cebd1b6e79301b1a1c9e0a44d3a75418d2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 1905f8d589e7dc321bff0c88a2ea2568
SHA1 79438541a5bee6cca4a5c5fde4752c6d4cb81483
SHA256 28f29e6799d4a673ccc8973204f86a3006b2d15cd04d51bc33b5788245dab5d8
SHA512 38244ba73f9cd96166cea8b7701df6555bae7e869aaab07d290e5f9178c94f68cc6792c05de328bfe96c9456916304178aa2ecf82097fb2bf703adab0ef76967

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4530c9f378ff2b6015379b9ec62cf10c
SHA1 680d951952a68b3ef07332a80ea5e12517cee163
SHA256 52876db08cbe8be9e599cf16733ff153a74e19de854670ab526c3b5c97169764
SHA512 89d331dbfa2f768eb2a93fc6bbf89fc06379cdaa95c07bcd924a083f75805b0812111e6bc2563d4139fe58d867ad0e4d0f572ad7452dbec806deea51bdccea06

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 ae156564b15c8f30b8e25891e1c6e55d
SHA1 35aaeaf8f9a5fa5975bdc22d44b915b67f84f672
SHA256 c26b8baf5383b881c769551a4d307bdd7b8c7467d5cd9fb67f1429615cb4be28
SHA512 a08385569c827a32adce738d6c044e1e9cdf13e3719f9915555ccce86ff86ea400b7a195c0050447ff5f642de2bd2b1ddc85c3ed4263de8f9b5b4c7c5d7ec1ba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 f5fe5ed615945344a3e8e5e23e5203d4
SHA1 433e3049138c33813e2dad5386393310400f8947
SHA256 509ef3a79c2b23821819c202ffdf7b7c7d6be7c722fc37475bd2e1d0fd2add59
SHA512 3f09dd041f94c3a47b10cbd92e26dbcda0eab4195ef1353ccc387ddc07aac3f229706ce2a4ad5e78770cc1d5a454eb35a18972e0dee6f2014eaed2b372a8672b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7801dbd0528e6e752bedf197970ce2ec
SHA1 0f95a54ecc456d445f34839228258de975c2d72a
SHA256 57ec98eaf9cd4a65adfeb42c802d98c9990b64c64f4eb4829b385df81e556695
SHA512 1e563721bebee30a8f0fa47e8b8b84349477b8c6c6c6e1bff31b244699e1e321bcbb54e41ebdfb6fce2467de05da9ba9ecade1bedf7aa555567908fb92346b56

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 070e5f17b02d6a28c23503e945acd09a
SHA1 bc826331abd55bf50d68a9afa8f26167e30654d7
SHA256 0ec2988e49c2ff6bd0755c17fd4117235c14a4186fca2301a8c95fcd56f4fe42
SHA512 8e720e8199cc7ebf208d1d72ae54ae58174c08301ce98f3261ab3569ecc0c37b090350a5f7012add4d18b634230a390c9ccc500f5c88e27883e8e9536862a217

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 9ab7bda958f25b29727c95e8e50b98ab
SHA1 c3578da4efb56af30cb058752848363e772f4bef
SHA256 184a69713f5e73d41dcce75a35ca3332e9d1dfc6bc43d3dbe6c03f744f087c86
SHA512 fd05f5693487c431c9c2748d672ae8f6a41e6f5d37f4722616280f730839e1da1baf4722c33ae5f1ac666d1e622dee3b7bf277315e7e1cee5529055eb9de1c64

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 74483ca63ce42a76a7c6c889553b2950
SHA1 700ecf291f65197b05b9aa3fe12b3c92b3ed6813
SHA256 68aa42ced4c63a6716b0845c1583e989508bd46149308456d4f8b3043c6ba0e0
SHA512 eb848b3732e4adeb9badab35f481c67a706b7a846e0af0a5ccf5cda2bc2dba08346735ebf218ff415799da43d055f646c2c73ffceca1fb7a5da0a6daa9a4eedc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 3db2ac57c815e2c23b853515171ee494
SHA1 06698306627203a6a603eafd18c462d9b03daa01
SHA256 9f32b182082bdf0f49e1157a8610e960b9965443c215dd5921097d67003e1935
SHA512 cfc7babe59439175692b238413a56140185aeae4fe352b25bf79d684cbb73ef6b82d9501cb80137f6602e7273423b065414c2a37ac510ca1445ea9de70d1e5c8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 330a024739f54380572e28a2651e4e48
SHA1 26556f4f7685239c772567e97951272577b3ceb3
SHA256 a5099b855102a65feddf02ebcbaf1657572019e6018054a5c9cfd78b4308952c
SHA512 0ba63abed1a1790d2c41d04fa02d7836da2d1d4f389be1bd99298e09f9cc4a000e7bdc6800f68cacf819626dfcf4e6b0695e021abf4f5fdac915fbdcfc15e365

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 41d45744032d96684b98232ce169c9c1
SHA1 49d3579636165ff0a9d9a310a49f998635cc64f7
SHA256 6785b2caa225ea18eda2e66085138e255626d1deee29fc9159b2cb2d234df015
SHA512 3476c9c73db789d21a8355b6baa09cb2925870a38154180cb2fea6158524df3194ba60e069f327945449a3ae29ccbf7b74f4a4d14519f41e760970a9c88687e1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 0c58d6b1e17763a5e4e99a3a76440fb7
SHA1 fcf50868c0c8cb5c317338d329e619327a812ae2
SHA256 12a6d466e94c3dc0a2d8f242244dbffd6e621d683025c1a7ef76cf0276c1e228
SHA512 7eb0ecad097e3b529dfd290e15a7e1d7966ea62af8ab269ae7652a5631dbf397e91735b6ba17208088a02214023a3adbb84e7e868a2e5b9da0598fc6deb3efa5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 7d0120c2cb3fce4f159a71bd1626692e
SHA1 f5fc5cd0bc0d9abdab19455aafeb9fa1f3d40d28
SHA256 b76cb37e31137bc264366245bd9c5220e62ecfbe405d46fe5b3e2acbe7024d1c
SHA512 96e12bdc381306f3dcdce17badf0601f2af47a99d0176e3e2546cb65e217d1c5cf87d34ad1a674dc424b981d5b9dd2f807cefd28f4601aa8dadd613c12d55d67

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 e14c46524f0d423fce0c4acb8248ae6a
SHA1 d7e56ae1677c21029e54399e93962e6def3b3dcb
SHA256 6e72635b8146e32fd7e4fec46dfb1671eb7b59a2c162959e3683cfd089bbed7f
SHA512 2302c133dee53484515cb638441c672e37df5792f7f81c53d5e127873e460ad532fef17372089fa57b169806c6a053a4d005a7ffa8d806eda884d32dd2bd5f89

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 63f952ca0ec5081414ceae94060c92d0
SHA1 df5f6edfbf1690d762ea6f1d377e36b2d8972175
SHA256 1adc9286b47b60902abf476f40305e1129c1ca17755c0fd6cdf8c04de85940df
SHA512 8d09b570cc5e4e34bf673eff03ec26b4b2180f8cbac8e8c84bb01be8cb80ca6de77294589ef0395df6f0a25eae9fbbb9248a269e3dc591dea67f7391ef4a6204

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 50a699931b61e1d87afb493e32fb2729
SHA1 109fb2ecd3c5202b53a004ec2d4da33bee89b5af
SHA256 6995fba6e6e8b8de5e90d913cb594cd17ec3fc982bb42f98fb8ff9d602136ffa
SHA512 6d5df842b14301d780b6f7ae380459708789d23b5db5e2601b75b8a2eeefd67058977eb92ed93443243a235cc347d06ab08f5505c0166a172b3e438b097c1564

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 64d08afb5d184742f6425079150aaa3c
SHA1 07df88e5023c10f30b9ff8ff2c0912f6d79b756e
SHA256 bdb7a3dfa33fda22e9583eeb8adfa6c4eeb10e148caeb4cc8d97b0a991680d49
SHA512 0b4ed1ea533ca01cb2b19de87e149c65ad179e485a94936d187e637134367faa35d630e1ffed49095125fe2d2f4ccb3dc4dfa24247b12cb9e8e5448600bbc84d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 967bd2cfbea4f877b0295a5d8a0812d3
SHA1 75023c85c466c79678f35cb3e5df1d699060d9a0
SHA256 0e99c6b1a65baaaf745da524ad0bc197b3e68e9fabd1244cb5fb48d64fc01f24
SHA512 014473b42da6ec13d0563df81e4f14ed3aa3baf377c96335d4fd7bc9571a41bccfe453ff98df37e80ba3747df38642b39d347b8bfbdfe91a6b4b12a9bbc7352a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 6c8752ebeeee500a3533476dd0d7f85c
SHA1 7301abeef1d6b726e23cc4a8c8fdc032e820142e
SHA256 8284ab0f98071503aae1422645d5d8f04cb8d03c4649556c89cc8ae2084bd9ae
SHA512 aaf2b44a4be281139f6b7a25f07c7cd23501469f871787d597af712c2595c3bf340f55ddfaec2087a3a14035fd8d2321748e83e9778f913113308401be59e736

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 13ee7b3fa2e72408101af8b901f12311
SHA1 2ad14da20bb91e2623ab93000670175d61e14d0f
SHA256 a52e1eb97c1cc0c75abacae3849933dc8c21e6e9b2fb7df94bf4d884451633f7
SHA512 98926e7ac8e9cb0bb0b99c2f49bc075e9e7e86c61950924b1a12ef339e3907671453b2a6e69d0069a964821b2a572f6464a39208388419036f29897796d9fd45

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 ea440136650b4c9b77b990b6e6884277
SHA1 b3ceb60b2cc6f1ac431e64adc41def625f713512
SHA256 a54fa001239ea8626f62c9ff9505f6e59413b702853653aa2635db6ee8b87090
SHA512 dcf7872186727216160cc3e491f679fbec65eda88f552a07b9fb6e1573ea8b126fdae007d030700c8896dfa9743da46d3c557c6737f8ff5df9410b0e979a21c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 a0b370e1ddfaff1803afe31c43cce7b4
SHA1 b16d2605a42300edcb8863978b7fbca73f13892b
SHA256 99c7e3ffa5ec693f81b1939a9eeb49b1ec526663960588c4f3474ffbd5fab323
SHA512 07e59b1e44e7f854f1d82d7fb9fa87e18fb49b55bf41be0d31f5084f0b757c0a79052ee790b1653e0eb7834de3291b7bf671647c20b28012b47949b3d2968a3b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 6c98f4eaa810dd870bd96a8e9323f9a6
SHA1 16d4c3b2173368b771823412a4dab86dc1ec44b9
SHA256 1f211aaa353c1e9b3949a4c337ff7711b8102729b9f7a4ed7adfd499ee2e2342
SHA512 5e16aabc285f334bd0adc60b95e260341cbfcfed48d0482746711cd67507a70a24a92eddc19df70c760c792fb5bc0c9e442f69172fd49243c72cd01edd3b8da2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 0d5eaf0b38142c75ffca321e0b9c7423
SHA1 9d439d04d667153333610aab1008eb79bb5853a1
SHA256 1b58c294593c03e6ccd7770abad5fd2414f84a5cf929bbf692af2a35319accf3
SHA512 c55a92462a0e6eb8da5252e17d5e984748f8933d2589c6db11a1057aaef03e8f3848d52f44fc8a2d4d8ff1f87be2b38b9becff99ac23590de9cc9ca45bd97a44

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 8d573412f43fad679675a92a0d5585a5
SHA1 eb6e4ef7054900a51d1a68539bc22ecda5316b62
SHA256 cf7a3fb52e0cb775257ce0fd254b95a8ff166e7aa18cd2466e43d2c2a153d073
SHA512 dd8c1f492cb177f855b174b005e9d4528ad99d8605221c8c4edceb65426d6ec98cb93d107d02ff3e9ffc3d3d89958e93256b7a938b8df60a0c9a6e66ca08ddb4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 d46cf1bde09408587f92420c497ed919
SHA1 bef66c48f5742b391f07fcf42b8a2e8428004210
SHA256 74ec18e6a718b49997dc8ecec92bd14d1609d385fe9980ee9da825dbb935716c
SHA512 6a229345de4c646f3ff4d10bf6ab4c99d596db91490b3347786490b9903b3e5a658168b3f9c944d9a586bae0960822b0f1b28a845eede29a6304471dbd6c5975

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 a74f826920a62199034234f784201fde
SHA1 c6524c766c21783eb5ad8f0a67204b611cc8c30a
SHA256 ca51eb3516761c67ac9aac535fff62416590f0492dbccd5e6e2d8ba6f262f5fc
SHA512 2ede13421008daa59840039d45b0f7af71b2498c9a7bceb243f1460461c7c315df013ce14a1a87ecbc26d49579a10d27faa446a0854f57d73915b70e3cc82250

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 1039a4064d579d83a13ab94314ba6cf2
SHA1 34b280f560f6de554053acc2fe583f82d9580fac
SHA256 b3ba5ab81e324c15d78db838d101b2b485dd88e6e488d4762ffcfad8756714a2
SHA512 2686ec5921624f293aa68a824dacbe09bbe7165d45a43ee098b35a98c93a83868179b242740e90fc8b8cea471ef2f289b409345f29131f53fa02c865a4204eb9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 8611e10231f0de72fb5da94c67b3ccfa
SHA1 1edcebf5d7e1d53391e4359554812f8eca0b608d
SHA256 55ee69ae7a3c9c1a9e18e8ba8e2ecc6f0162607a4e7d7d4aee94a52ee267832b
SHA512 7878b5cef5219a7625f2886527f02770d59d6c05cd44ca26bb2541feb431468d19427966ebc8cfc5fd118fc62198a629a90227060f5a9efc7faaec8e47bdc1cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 297887c33ba79f66f2803ab6f487800d
SHA1 2aa7997b3ce16ee7a0c493d8174595b1a461b6ed
SHA256 3fd20bc7ac429af2dc0220f93d6ae5ea53e199e93ceaa79dab59e57c917a8230
SHA512 c4a9cc1e8c4577548dc8529f739c02f69d2584018247d5a922b4b77f7eaef9a288743c7b9d243d6947afdfa0ce0ed7cb49c2654af99b002b8c8f58f507cfb00f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 72a0fa27575fe882d9130c83b7141c82
SHA1 8bcfea0bb951ccaa200047d71ca752f78f35cd13
SHA256 2501b6869c5dce1d080321d93bc60f581bf660b0f471098cc20661493a868221
SHA512 fef4303582b2fd6738d6f225bcedf224166127abb568e35f0522358059ded71f03eab1c550cc5396c4332df327c3e95f51eb98d4a969802d4792d536200eb1c1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 03d0d22e53fe0488ed836af80d70ac7a
SHA1 0b02dea5017d8a6f8ec6a4f0e01a0a3386be913e
SHA256 515baa8e4c160777b4b07467c0f72388f253b58de7c0a663b366bcea64d6d4f3
SHA512 1d28b19e3f49f8ddcb77c0b02b6c242e54c9fe0e3ed7917e2997d8cc60aff5f07ed7e97559161db1eaaa61ec95142618691b906468c884518b82f89f07a68985

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 551ec907fd26013c36ed9fe91e12a3cf
SHA1 59671a31c158dc9ffdebf32412d36a935d4ef800
SHA256 dddb7f97219ba8a35ed42b49aec069f1436209585fd5f578563b84fa5ffee0d4
SHA512 93f6aed3aa0727aa394c48dcc07f41fa7639970953512306d0df05270ac10b66cb8f3077af9dc1fff66e95799674b42790e0e6fd0b5fc00a7b74a05cf11ce08c

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 5529a11d5d7a7eb324f9950e0f01b136
SHA1 e44b31fd29c942dcee81d96a2a772e5248271467
SHA256 a3ecb3e9d970b063c23648e857e4bfd491f595a81a4ecafbdd63a78b5e9ac229
SHA512 1ff51414b742d557cabad8f30147893b3e7146a890cb964ff81a9ffa7855db83f5a83070fdbc7ad0f10ab55e99252b584544bbced0fbaf3ec4532bb121790931

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 5ba06148365274215671973681992dcf
SHA1 1a0361ab37b9940005fd977c6bded5a2bbf3201a
SHA256 aa7b1b7407acbb511ee8929747f5beb5503fc33ad117697c1912ea2d106a4e59
SHA512 d031433918a4dda2771b777cfdabace39cd031296d0b7f81ef7d002d0763e2f939313eda37e0ee6783581d6681caa523c861f68fa320889c9bf0947e7991d49b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 d3a5d1e4ba3746a9a9ce780a1ab2c3c0
SHA1 8b9bdedfccd80c814994122bfd76ba04ca478a77
SHA256 003549a0af7f37c137ee8a2f09569db17137b476c0c6b12004583e95397a1b29
SHA512 f960b89bafa11703ae962ec2073b48cf68cde077b848313846c047308c4585022449ba3343f999fbfead6a209c8a68b01ab81a354be29079ffa10700d9aac241

memory/1944-9857-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1944-10884-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 35fb3d528ae394c2dadb28b94b0985e8
SHA1 8c82340a75658858fa1fd2f9b274d70e4bc9dfb3
SHA256 fd3e8af2ea5c4d12347b595cff6d8664c5bd5e70a7e75408089a3288fd074c12
SHA512 362fbd47650812421107922ac2f510d5946a520dd08063943f694a114f55c3e5d7f03f7d9347a803bfd7c1b265c2aa4dfa7bd652b0de3ed25fbce6a708a965d6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 d4f5b256be1b7b53ee7436e565e62917
SHA1 04e6f3aecd333599e646f3e71922f192417f7d43
SHA256 b9232a0045bf577a2aae7008f491c031b9ff60a07e7406c106d0f44c2dad6f8d
SHA512 a9d8834ef2427cbdb7b95010662484b59c83a84b552b724a0a6b015908239cbbf329ac4facae8c79632e6ddb47888ac520645899f04a22927767a82ea180a333

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 715ff5f8fdec11fef1b44dd3654afe9c
SHA1 2965d3627c64eea41c3c84421e9114b8e3b6a03d
SHA256 f1ea71ef72063919f2ba9d19ca960f17f19cdf897e93b2870d92312fb9fea5b3
SHA512 509c9099cd3a6f00b3338806dacbe1287e457099b212ce1f3e6bc55252957a73d157ed9c28cc4468258d7e2ef7204abb0b7c09fbd924ca8ffeb3579430d1114c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 b6d0ae44969a4223862bba821d00f3a5
SHA1 6dcf04097dc8ef31c0f4955c1f4d8cb9bea7f157
SHA256 1f52ebb36ecbce91bbf27cc92916f9978f5b93733be5400ab888e12a702ffb29
SHA512 983c91dd3e592c6c92937cf1659bbc79605104d442020f24d2a805d8a2d2bd3224719033569eab23905272a707fa5e7f49a047298d71f156e8126456e9287596

memory/1944-11201-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1944-11224-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 159426c169ce7a331034863ba26f897a
SHA1 571cf982ee0c9e95de737742d7c52057ebeb889e
SHA256 79afc08921639cf72ac8dbf5b35113c607244b2a3c35d0e7d68383e74a115588
SHA512 7018d97d358d3a57f001317e8893ddb205b775fdc9023509769146ce14f8a8d2af7d39befcc03265fa993b6b87b004933867ba3b767547421fd83cb00c74300e

memory/1944-11229-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1944-11230-0x0000000000400000-0x000000000040C000-memory.dmp