Malware Analysis Report

2025-01-18 20:41

Sample ID 241207-ah69zsvqds
Target cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118
SHA256 397009cf4ffa0f080835f9f2a43e50fbd91bd57763851a280a75aff029a7034c
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

397009cf4ffa0f080835f9f2a43e50fbd91bd57763851a280a75aff029a7034c

Threat Level: Known bad

The file cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2182) files with added filename extension

Renames multiple (2169) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-07 00:13

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-07 00:13

Reported

2024-12-07 00:16

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2169) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pipelines.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions_cmdletbindingattribute.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_For.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Foreach.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_locations.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_neutral_d218c42ac8635704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownNormal.gif C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky305.inf_amd64_ja-jp_4d77cc4802b17ec3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\view.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Stationery\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\undocked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cbsapi_31bf3856ad364e35_6.1.7600.16385_none_aa56c4bd0a17fd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cbb096d1a8d6d240\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ac4c2430fab9a99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx008.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9e27b1ff9581e77d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_sdbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_135b0911c2c37406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7d6887ab7b136bcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d95f343677c556b67e99818cc02f4214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_a1412f0fc401018b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wpd-status_31bf3856ad364e35_6.1.7601.17514_none_0e6a9cf837b64185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-langreg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2c40e6785093a2ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbec3ce8a9af0e4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_585df4a7092d7807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-webdavredir-helper_31bf3856ad364e35_6.1.7600.16385_none_347509385fc225bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c765b843b5f5fca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f0f793e87a75079\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.17514_none_78875ce737927d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ae89bd92f904d10b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6959b1ef4a72a285\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b0da3081ae06889f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\settings.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_da5e254bfa37ae1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\inf\TAPISRV\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8bb2e5af1503f717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\activity16v.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ytools-ex.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61a93666a0ac0769\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_50f84099988201bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Roses.htm C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..p-cleanup.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00d364258c12a004\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hidserv.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0ed8bff32965e92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62b47e898b8361ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b882362c5b4d001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a255c10c68f0574d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e3b8de06a878e9a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..stant-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5da72caa8751718b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx35linq-microso..ild.conversion.v3.5_31bf3856ad364e35_6.1.7600.16385_none_959ae100dcdb03d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee45d5239172d495\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_6.1.7601.17514_none_4cd64fce99b89311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_16b6c895a094210d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_83f81bfd004e80b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_337a628028a370ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c401cf8aff11c950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f4961da797e6988b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\settings_left_rest.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..35wpfcomp.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c05a92d8f56fdb00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bf4923898eae9dae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..layer-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6d8002b0f43fb889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4605833b8a8b7ad8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16702848f9dea1d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_5a242821606218c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c3b4751804fd072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_dcd34fffc0f31ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..update-authenticamd_31bf3856ad364e35_6.1.7600.16385_none_599889656b4ace55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e393513a419397ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_931b5f1fdcdd6496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9c9ba97831d15b85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.linq.resources_b77a5c561934e089_6.1.7600.16385_de-de_4b5d7fbf7a2edfb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\system_dot.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-activexproxy_31bf3856ad364e35_6.1.7601.17514_none_14159d5b488c6fa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi\ = "IOQPRVJIYYXVXAQ" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe,0" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"

Network

N/A

Files

memory/2328-3-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 af5a2a58a49793554f291a2939ede100
SHA1 637eb13f507da0c87433cff0990ae0b3238d070d
SHA256 b952cf8cb5c00487de38ed2f9f657f135200f61bb01173d2010cc61f15c43d02
SHA512 1168043a186b73c1ea43cd1228c530033728d68e34824b91018cc88bf8d56102367f2b1535ab3b23c90177d7b9bf03f3ff11135301f4bb5f05401ab0661668ca

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 9e9f7efbf93167744a255fbe155cd518
SHA1 ebfd7a5069904df07821203c5ba3a27842672c5c
SHA256 24a46d586c5c9170d46fc63527c02ef81361b92889378f1b7c24fdb898c1b8e1
SHA512 7f05bf2eade7eecadf8096ffb98df9e1d3d8f4bda8dc39d66a68545621a77e53e4fda4ac34e3fe63981110acfdc98f781e079844e38c195f0f30f205b439f407

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 8ca61072dda7a52331b52528d4e842f0
SHA1 21bb577abd5f035bd163ff5f5c35bb4fa24019a5
SHA256 96c5b00cec94fff21abca658df17a006e9af81c15fe8be9680b36a3620370d07
SHA512 d1120bd22547c288d40a572d3e08dc038c72ecec153e7129af23b7a9417de1d995fbd2a8f1b599bf1811812d4ed74a0ca457d76c287234b93d97ffaedf2c0344

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 9510200cfdcfcde2d416bf762653d922
SHA1 2717d994205d2242e0030a06dc03cde09e492dcc
SHA256 10d79cf91de1aa38da71970f7a8844548f80fb4e2670cc9d8173aa525e3f1314
SHA512 72c0503776fe4e7341bf6e1d891fa91cd7e75f29c9b9494fe0c52065800abf58a9617b48395e1a9254d6d748347997111fa7adf6e67deb09220a0e532d6c8cc2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 effb415bdb37f30239e3b0a641164bda
SHA1 f2548edb8cdac1afc5db98e61810fc7ec0328a22
SHA256 c7b7cb52234111c7581f013dff8aae9d38b2d932a74238281cc08426bc9367dd
SHA512 dfc8df05e404f558e766b2b23466fcfa6032dcc40413176a25b945d53d243e1e339156eff495fa65cb884a60cfb1c410d7d69c903ed52ef837838b7aa9f9f51b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 d5b9da9217cdeb19b67ec5fb20a44825
SHA1 847e763ce7fe75444f6638d90423fe076b1a78bd
SHA256 0de976e0b84389edaeead1ac07dd4c3b45e0bcb4c6b5879b7523fb68b3a144a7
SHA512 9ad89291d55d7cf72cb774dfa23ef0807c3d5217e2b423711b9a43b6740010def1966bae7c304dc636440e1698f24efda5906cbdb5c1200013bc64371e27017e

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 cdcf678f9bb4efc814d6f56e70b8c0e9
SHA1 110bc013b7766dc9aef6bf6284416e308e067efc
SHA256 81db1a31d1453c7ec9cd89dfc67d8379ab283ddab604028d6e486ca0a124ec18
SHA512 c446a3a612a174364ca7ab0099f6d9489b22a75839a42f6195047e9725b9d7e59719e5be9b47e5c27dd81c333c663a0404a68153275dfabd64c505aa62fd703c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 eb4d38fe5ef6fdbce00fef8dd551faf6
SHA1 e5ba98ea68040db0b539419aacca40bcedd556a1
SHA256 1b0040d53cbb313e62b52bb52251fe8ab9055e80e1b0f94ea2f0083a05123d60
SHA512 57509c64b7a38a9ad1dc463f176d0a9434913d313959c83f8b4f517116dd5f80cc67564f28db4e7f81dd184d13727d3e05160bff24ddfed4b942365a06caae96

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 9cae961d89a2a023779548ad510cf1d0
SHA1 6a9c021dde4fef75572e202968a0ca83aa5d78cb
SHA256 a358254fde337d513295979892acb4fb73608f219b7864e7dcf408261ef39277
SHA512 8280aff1b2b50e0311f00886074181a6f790090a34abd869237367369c98a88a51b16195abc8c4e59ef183e86ff178161418e34e0ba4f74c3cc3073a55a781eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 e45bfc01a79ad9df36badc717d866f0b
SHA1 fe6be3a2cfbe87b22f77a555af3e1ca05df1ec17
SHA256 b2e10d3490367d9ce309f0c8831d225d997ddfeb708712a3b95c6ddc5e3bd367
SHA512 e053774f37ced4406c66c61a8ca9c370986e885401f64066e32a69f9326dd6b71e682ce21d86741a89690a61faa6f9322e70a1bd81f2c2c440e3c8dadf0732ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 26a8be0aaae7c1659fe441e212f17412
SHA1 256adfd26874e76d9d18f76d4b5e488ee1f2ec13
SHA256 34573ba1eaaff272d74e57f0f3ab005ebb85a869cb3d830d9265b608c05a608e
SHA512 9f884ea589c3f1aba68b933be6734f8b05005c4fb8db7c0855db375877ef011595b7ebd28237aaf7f2cc632ca986bc040304af77fb9b03a66a46373189f12336

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0feb8979ed975d929c332601a195c229
SHA1 8f44295f4226fb8eb93a9a4d34d522232915ee82
SHA256 dd957ac0afa2629a24e0f9c9f69e8aac08f34c4dd229c5419e77086dd88f4626
SHA512 bec3299dc9f01c3d70ef69dfe9ea4f752ebc114d8529785f6400c430cff19e4462715c28b6e144cd6c7eb9d7dd1c1d24db26f1bcc7f5c13abdf0927cec0c27bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 8201806f3500aaab2b266f1b9a25c818
SHA1 8ff57e9ead1bd65ba82df34c00998a08835ccd93
SHA256 b336262f7165101180040f67b1bac41f2d79d60f248711390d6d214846c2990e
SHA512 e28b9e92db778f473b5c1883d8f2fedb5c9c0bf3a4d8ed985aff6e0a210c70d212bdc432a103b7738484f82c821cf732b2e1c1575b628845a2c4572e1fd7df65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 e5e2ed18aae9e168cb353cbc1017f2ed
SHA1 9a32a158fa28625910ec6e484a92f61606c810d6
SHA256 b94e94a018bbbf7a5de97303a0f106f91cf564699a3f9ffa6aafae395b766da7
SHA512 0abcfcac53099e25caf2835e50cbcf09daa5cc6ed5d77cd6e60825e504454d24b5cd2f7cc992cfb5b8975ce2c1e16f56600eb43f30f7dd14c857bb55627599f9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 a1becb1c5f0f13829ba332fbaa8609c6
SHA1 b5a75e7c6a2f7729893832d47e8a63f1c646b79d
SHA256 58050062be4e0b15a41630a1208b5917e0b500e5220e8f9cf646a3e22ad33be7
SHA512 b00fe13ca54602cd66cafaa04dddd65f36bb0ac9955747937ac0aa52a3af42f91689d1ffa4a2100062050d7dea9d0e7aa97ccbd56313d5f00895b08438cfbec7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 11d1b34b17c27e52cb05e719f6e89dd8
SHA1 abd9fdc2677c381eb9de47eb54b03413a101e48b
SHA256 e222f4d69d5c706ece18fa4a5742b61403f0b3e7724b68a7c444f5f208a3bdd8
SHA512 a3b705ab4533e22961f439e49136dfee89b973675d955a8b4831e32484c9f16de8e3e449cd02f165c787293b77933f30324518fddb119595fe96d578dd283c96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 bfac141cb64beb51a5ec851dea306b0b
SHA1 5edc5002a02a1d8574a58d7aef08ea76829d5af5
SHA256 f0a21a733e893f049059c2cd17378080ce08baa142cd15d61ff0031d6829fd1b
SHA512 83d79d2aad38baa0f16ba69c8c9e60d497fb2e7e1a656041c84d6da884715cc76784fcf7a26fd09fe09a6f00fdb4b0c15f5d2ee565d10bf64cd9912d37e795b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 453c83becfdbd382b4120ea2f2285433
SHA1 1d904f67a5ffee631657fb656ae195e069dca440
SHA256 6c8b7c42b2894f605f174b6e6afc98a3b0abac44e5db90b9e8dd332340f43761
SHA512 f0e63a8cb3c4360f60fed8bae202f135ab259fe342cb95c45655cb2d8a7c5d66b5701305f3a6e8411abcfe89e8343efd76c5902fa1a2bb6b6b6a9b83d5a4320a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 470e8bef643973365ae125263b70f6be
SHA1 009166e9a24f036d74fdfaa234c0f1b6819b6486
SHA256 6a90df120523569b4f47fb0ecdc48061aff15910c989b1bd312ea99cd64c4fc3
SHA512 14cf8f4f6ca58906e479bed0441abc4ca5676580ffa9a5e48c646c1ee975621dfda4a4b0efbdb7e84521b703f8db22850f3e4ea740f4ce1bce7f1d7da88edc19

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 3192035376766cd9574d3aecb8db0e48
SHA1 bff6a4d5328f7a658ba76cbf32c3e16e65cad0d0
SHA256 b950e8500b341fb5118c0b13f6109ab21ddc226d1205638de08520fa25bf9543
SHA512 5175610463260a37bcc2906e11e53555bdb32fc15fc47b336ab28919c145596e540ade226037687b8e825d34bf6cf096715741ccf56819e2fc8745995075e270

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b96e54996ef32807f57cf37db549963c
SHA1 e2b3bcecf7bca9b3f692af9b4e704b570d4a9962
SHA256 2ea2f052efff860e1971f72a4f9dc2dac08ea8c10a706f28f9345b61f12ad723
SHA512 1cac9999285a8dcc00349ca07f4f98997197fccc4cc1dae0a66ede629bcd79940d08acfaef0bba222b294521cb29c1a0632425828609d089e61754839bebb1e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 9a3579bdc02031cf1fc104ab59a87839
SHA1 a2af58fe8386fe6e2fd3eb575eca55276a54372b
SHA256 1e07b1958a1eb01a2cf2d35ad82a169a18ece7ea8dd78d28436634cb1e852461
SHA512 a5f088ad1456c3478789dc157a08c79373a6116c14685cd26f3a03feec6565bd546829d05f89646ccf7fadc2a47b637af4ff5490380c3df3cd3989316220f505

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 0704e68687099eb65518b236c0bf5169
SHA1 069b149d0bc071b7cf4c0d1970d8228eef55ff85
SHA256 79ae45bc419bffaabf1c2d52536d36fcd25e02cbfccd72bd0eb826f93a78f470
SHA512 6593deacf77a36773045a1d6c86950274dc35cfb75e08aa38dcea3a5a2c4b1881a69f158b080445df943856813b13c90465a03cdcc3ee75f71e653d901464a7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 05c9c7a73bd8860b84207d9f91917416
SHA1 78a939296376d4945a9251463c9390a359986ca8
SHA256 fae031d093fda3f07c2eebc72505f3b6fee8431bbdc734a2844dcea6e8befa64
SHA512 c01184477f7a9a17881661a0eacadfc36eb16acf5c75f1dcdc38cbacbca856dde5ca5f61e4029850aed6aff6dd14024c27bf526e005ed34ab977a511b695d29c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 2a843980352543d545e74c3daa9e9566
SHA1 5f8beecd6592cd7166b6645c35a9e1198e26a6b7
SHA256 08bf51d72fcd00cc96280a85815ef5a81642847407cdc10a02454231eed4def8
SHA512 2a16a0ef962499a2ccbc9d382195156fbbe7ab9b9eefe2a5c6238b36b59254b1fd579dcc34d7da4404e62d4b36340f81dd9974628d0f4421ddd47d6ac9f49137

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 54217decedd0582fb54ba7c6ff536951
SHA1 ebd007bd28c34f13559fa9c8fef5d6018474d5dd
SHA256 d266ecc646b2c8850520670411d8f8fe8396c5c938130ed22aa4981094802f19
SHA512 15426ab2d61c34e1f494cf4cac709456cf2fd610c70d0e4e6ea5af9aa957c25a3924275e72bb2157cb9e6bcc50b944eb7022e62db15e82070e61448e352e3830

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 9edbe0bbebfbb457a8cb0bcc18aa183d
SHA1 31666b43b4a73453dadbbe14dd864d041b4fe018
SHA256 7b0737a9928ce4223128d6cb711fdf01e273a5fd59c019fa4532cd4b5a78e0cd
SHA512 57084fcefe2794aa569588e73972a71ac3389c3eb527cfb7a1d8531c8f21bdc38b31e7cca68d62a455c725656d9b86dd816821b250f5f97243cb9bfd5f4dd023

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 8e096ee51b8450e2fc7ba8517054cca0
SHA1 3d14902515d8c062b811ba1011c6409c52d0aba1
SHA256 914d747cd6a21529f08856c92acfc0d198b812934bc54f981610680402c4f061
SHA512 87720e6773a2705a43ffd115f252369f3f0182d753a3f8d8d1d035344f1582517e6ff77ee9fcabf0897e0b57bba2e1242371b0962975294987acce1b61ce4cde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 424b59e79af0359e297cbf72bc67422b
SHA1 fd9936cbe0760f16fa3f96c7cfe7aea28dc4827b
SHA256 737ab2ac59852683d9f612a80265391c31f626c250f2b29c76c53f6320e377b7
SHA512 ae6d2c08522927aeaa5f302063d4c500c963c9e573e44dfa82e72f0ff7f3ff20be0a80ed3978dd5c0936cecfb532a445f10a5d892418ae9819d20f0b036db80d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 44c863af1ed8b1fe19729f392877529b
SHA1 c1abbb90212f13bc1629023a9dc2b96450280f40
SHA256 7f21fddb6f93d049d7e0168835e1ac20477902e21bf79106dbf9a1878e06bde1
SHA512 1bd09b438edda47028756e97acc0b50b57de3b3dd73db22e743e33d5accd3b6a41270bd33a1c6089a955cab97ffac0cddd707fa8abb822ee9c0e7aad6190d342

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 7b221d656468bf09d9f4ade923a8af93
SHA1 0bda463c3838e093ca679625fb9c12ff5f7028c0
SHA256 d7d85412f86909549cc5275e4c5984a2543d9265c5c002aad7bd800b0ca57b1a
SHA512 d8ab32ed4703a0f41bd4fd82e876b77e601d81bc62d7a944184eb166a492d23edba87a90ef6cf716176bdf67c0765cbbac253b51a85cd60b6dac9b20375efbd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 b3cdc2b0dddc49fcd877c059566310e8
SHA1 992022828d9c6b6536ea354562728e891a17b821
SHA256 4226e9439ae70e53546c3acfdb9817a4b43f507b43c6386adee14b3b00b68764
SHA512 b7881cde68987ac660434ccf2d0c5056e8875ad60991b88411850993d0a1c2b58dc284d509f991412a5fb45338ccaa39e50a38950391509534c5e8ae283414a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 55c919935f8464aade96fc778d2059a3
SHA1 c7cbabc5e951f62e9de3428bdbea3f5e3b6a7d13
SHA256 a78c9cf124c8b62ce9e57905dc687729c49386e16aed50c877b2addbfe4fa1b3
SHA512 6fbef174cd51a37edbbbeab2777c7892710966427194dfd0713397615bf27f505a827a388b85ad1627b7ac83ee2bdd7ae2c7457aaddba169e1434d03aa870925

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 d1d620c494f8649b36cfdcab6c9e1551
SHA1 2fd3cc5b5be55757b47ad31d5342924f2f47792f
SHA256 2aea5ba21cd276cc2edf2b9a81db7c809e8e46f8c4f351d9ba370227b329d3a3
SHA512 74c14a4aebe4c7131b5d8fd0ce92ab365e4f3707545e9f3371a044f204c39508decedb76e4d45a33e20349c04b0c8742ddb2df25c1238d1a759e901fe34109c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 985320ebd138f76d3b7f23b30e012238
SHA1 a71532b07829bb39aebe59a09fa7c1eb3effbd3a
SHA256 57896fb1085c903a02d46a3699adea7a5d80b747d7d9dc1153ac2ad98fba0e43
SHA512 8b215faa028640996c13dff8499fbad1f2cfc6c032179ebcd77b2d037680b24366c7010892f4e76a9f7d2820cd9f389510c41efb67012272d8faf190d27815de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 6a9d9d3b18abbff5245f034e2932c62f
SHA1 e4f8159286b07b3e4bd669513eb8b81b4342f241
SHA256 dc4778a5f7b5883401a1cab9f2e0f4daa65ac33e683628ecebaa782c475837ec
SHA512 97acab905d73891955de1bd3c0b0549d53f9547a87e0c40f4ffbcabcc3f0a32b3cdcaa9d7b805bcd29dd0f5245e2f0eb2181988aee85ed2822c9bea64a8c4a08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 8c1a9f2c309ed5dbb32f8f8e1a387417
SHA1 472a886ce1e5d988aadf7cfdd105726b7101b73a
SHA256 c94d7fc4a12fd47fd76777550dafbdf75b7a59646dfbaf86395ab062b1f24295
SHA512 6709843a1c0057c6ad82016f5741d7261d9cdf7bd27e701dff0ba2c070079f924cdcda07319451f5ac15e70749a732fab1f3f5f7b02534ff1c7cf9444dc609c5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 ac9e0929733f712558cc895bf36535b7
SHA1 2fcdb590fe186f8ba369c146c5578f82035b844d
SHA256 d8d1c4d1dc56adb81272e4cafdf9dc1112bc007431f034a36ef166dc1bacc7af
SHA512 e19564c8a76e38e317f1407a0d646f17382410d06e4814f7c847f855a20323966d1b0d2c9ab120db7888a53167c067048c46e4b7189c5bff682cf666b6335033

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 24e5585f5d35a2cd0020c25d3aa50365
SHA1 a43c1dc2c087a656980a95473828cfbd8522a250
SHA256 5cb0089f2b4d4b430ffe19594451801a1a3fb59f3bf98346898e81545447d8b0
SHA512 65dedd853946ce8fc2501785632aa5995b2f75eb0b21ee2278773b36f94a9a976e16345f9a9fcf23907aa5953d7deaf2868c0108ec415a8abf51e140d1680e7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 392f807f29c86e0a1522b09c7b344c9c
SHA1 5c61f4ccdaf4ed02dd36c07a023842e84b6d31b2
SHA256 a211aa186fc9fea37868892d9f5a3bdb7097339edfd1e8cee8541cbf5c43fc36
SHA512 549f7fa8295736f6e60ac6f60849b3796a77bfa4470d653f78c8968f94d8b7689a76b5aea5693686d723288a74c0d04532e9c075bb7817edcbb04981b2a6b3c1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 8fe43b0bfa934e15bb990f3b13dacea0
SHA1 e93d7f29c8a9a7cb8c406c5db5adcb90b6b93b2e
SHA256 dc0a392a2c8abc080d3500332f97d71819243208fae1aa667e13e1b675b8b145
SHA512 2f6a90b2ab1754bd2d7b315545de13fc0282231f582c2b6a4aadf628cdaab630e549ac799eaba633602abba6623b9395cdd4ddb50d242d40acac70f6acf8e338

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 569cbce1cc5d61ed68f1e605e1a9c6d4
SHA1 df97ea21b3185e4cdd3acb2030af56f35fda1816
SHA256 653212b7f8a5b0b4fe725d96513b048cb6fc233e1695fe123ce60979d79a94ae
SHA512 bc45e0c4bed7cf5e1a14931185d591aa00bee776537682a12d5bbd2f887ddf567d5beeeb64b6dc3eb2dc9c3b1fc11738a84997b6d8914e9354186070ac57e073

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 3715f2956d67e8e823996daf6fcdc075
SHA1 fcd7ec0170128b8de452ccd2da51fc0bb2d6acbd
SHA256 f6088afb019e6c0087cc589f87910a5217a2390470aff6b6505cc447d7f03385
SHA512 aa0e3555bb96ae0d52bba897304ee92628a364a86031b5b32eddf573c4ecc19f788c4decf4fb34602eeeef0d94552e8fb48e50323e2a9330d1e49f735b241364

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 69c39ed1c5ae9472bc27015b200d0f98
SHA1 ff4626d8a9849856fd85a48b651e7ed8de185ce0
SHA256 3ba02c595dee094868271db310da6e1059db6b23682a03da0026dc3118f8876f
SHA512 5c32db05cfe7e914d61cee17b068282a6a467a2f510f60f4a75d2fe323df433ebac0465c677ad8c088d9ea7fc2f625190a0a08b582163b0612db3f6bd67be91d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 c4dbb7de07b95eea25c2f7dc582699c8
SHA1 1f164ec662ea78084951a4a5f2c7da9f1c6b300f
SHA256 692303f8388b72d44970a525003244c86df239e2c501bcddcdfe3be48eeaa84d
SHA512 b899523ba10291cbc5a8b744c3f2e074b8ee05718420ff0b863a45c24f626ac63e3f35c4650dfbadf3eeaa1e7865eae11a09549ac15ab2a654bea9fdace2405a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 a0fe948d58dc7991e53c927d5f88cce8
SHA1 0c0c82dc2472c5c128e51013bf8e8765a4e2ea21
SHA256 c1927a87ae72cd9cbe9c8d0e52a662fa9e5868fb2558d75ad3913c86c5ba600d
SHA512 d4d66408dd52f2f810d3b43fdf44086def73d2f64ee872ffa5db1c09bfa32f8684c8090065bb7f668547c91a04485f12fd6f0d725763aa2d37db5f40d260c341

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 185d1a85b7964227813e0f6c4852a2ee
SHA1 ccf0a1c718fa4b6f40a4e86211bc4ba5baef8e0e
SHA256 115f0103c618ecca3b3257377b75a83680ab9406ed8a78d2832b94001e15a722
SHA512 edc0fa0b3228e2b3821584e6021631eb444f13b9bad768e48f87057f0bc11a70e083b9f454e1e9d19276bb70fcdc3362b7e33505ca2db7ee7c0737b9aa91ef99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 5d1a6a15c00136e94acf9bab084af6a8
SHA1 27bae22a590884a3c2560661619e67c52250ef0b
SHA256 59364e4132809191a7bc8c7213d57c73f06c501e2107753806d58ab723175f7f
SHA512 823d4604290b2dec888480f93e1eac7588c4a2cbb8efaaa6a5ff5c53a7cf6ab266b779a3237281e58a77dea5811adb023755c915febcf0087db5f1d2d967082e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 c39f8fb515cdd8713d47f0ecb73c80ec
SHA1 9e4da9e73af39a5d24490a3b9574250378a1c631
SHA256 2555256de6ebacb1d69f2db109b5b249a1ca50afb4188c3b60ebf5f5ec90bd6e
SHA512 f5e3b3ce9e7262e4564bc7f233aaf22f372de3197f42c3dc3bbfc90521036e8a511b8f8b30f4d8f8a284b929b7fbced23bb9f94718ccf3915f6d47501d879d00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 6c2b70fc830044e5421f852d9e8b5d5a
SHA1 343accc79d604c1f6ae8f9f1c4750561d67f7e6d
SHA256 1efcb89eaafd08a68e7ed46d6cac27ea2a5c9453a85daa14a07b86ac0d1ec884
SHA512 0116aa5a5c2e9b249d0cf6ae08d6a15fadcd80a5b8fc91e7b3a116c928a85f4c2a320de9f6ec5b4c6986cd94c213d06444afa3fc17c6bb74eb5ba5d0ce7605d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 599d5e4499b770b51d860c4239251bf1
SHA1 d2e107d00f21ed55f94815fcd9e93946922169b1
SHA256 e4d2dcc4f5bf609546ef84cae4d9d25479f87096326d36c60416382c59e594f5
SHA512 d62b57c8749b0c98df2387017c9037abf2a03e06ff8a18c321f0ca81b8174546239bf2b8bbc81500087ecc2a21762972f1dbe535f8b40b4d8b1624fcddd80421

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 bb577134c7b9c4d6bc3486ddae0637aa
SHA1 7d29423796765ac87697b33587b152b1c853ffd0
SHA256 3e642ab72c83534b24cbf2bc5a6a0331a7847801c90c02bda43c96b7f4145e8d
SHA512 8349001543290bf4da6b01362f915ce1748d9a4c92bd2ecbb412ea67ddf751b73af692dc0ea2b472e8a8cfbd1eea244ac606aa193124eab174c016ec41837d02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 06e07678f32de924b9c48f9c847787e4
SHA1 40d677cb61d79b83ded782e73feb1e43880a0ab4
SHA256 6d9dd622ea25672dacdf01891f9e7183a4997b579f110f905823d1f23eaa2b75
SHA512 bad8b9244d6520a97234d3ee05df1178a6f8cd861f938e70f616918a55e57c0017a8b13061227f9cdc519b644d9beee73585df07e0d3419d5ff6b33e1179dfe2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 dfba4fbbe6ae65845cd2b4129277724c
SHA1 3c3ac9e889c9bd7ad801d0c424b828883135e295
SHA256 3bb769b3d786c8c035e9a44187c7263c33c7452de27e0f5e6e395d9e2c02c51f
SHA512 658e42034f48fa419fdf1b1c9272c58bd9979bb7a8dec781e22f5e8ee228bda12887208b259e98c407acb465bb7a486e6879aed7e61fe18803c22f98dbbd7c81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 72c3759de3c90dba8679bf80505255a1
SHA1 64da68169d9b1fd7d382342a861a521ae8b28d3f
SHA256 c22b21f296bd45c7afdbdff625af43d9808200a69ddb2ef29fd17bc94f97ac25
SHA512 20fdaa5e9e0a09713d0082268c342037d2ceef919422cd08f68a4063a249954dfad2faf23bd47a8a78fec52dc92ca16c42ca03c070355bc65acee41ca34e4be5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 99cb793ff324d66ea0ca7eeb3f25a525
SHA1 dac16924903554d4799281a7b5c9bea1e01b463b
SHA256 e291221a9c616ac41df59bb968c20e9a2352676a906f370ddb8555111b2fa91d
SHA512 b371d81bdc81ec18515c38ac9159075797c02a9d372507077c393f406990c8b1ee06d3f5567d2b38219affc34405ee9956db7bc6bf31c7847a1508021e414269

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 f3f038694a49da64b82ecec4b9c179f0
SHA1 238ba01dead02b8ed5292e48a0f853e345ef15af
SHA256 f429d31c64949b1d9dfb7af0d7f2e8933248a46bfaa6c5fb2f393256f3c00204
SHA512 8489e6957aff41647758ad64edfdf36aab9560d21cd8438312744885d6e280566314e68164275e4c8fedbd9cebe85b15ffee597238b45308fb97e6cb32547b0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 94685e2fe6424aef8cd220d63fa60238
SHA1 139f6ac6de78932e013ab2fd1468cfecfed21e05
SHA256 12ea48b074a7127f843b4d59ca2a7282bd5ec2b3aec631bb673212cebc9df700
SHA512 f26f972e235fe8f0c523a29d17f849c307514757073da6b9dfb7aa90aad05926d00137c99772f8cc57223f78d9cadb3cd14304e686b81db592fd2f5f3e9d362d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 bdf2285785d8a10e8e30430805c6ba53
SHA1 5c0df09aa8b7fc5939e2b2e7bb89189070f10e6b
SHA256 25809a6a843a769e7cf27659cd5418d1c6ef60099cd2f20a4c9ffef765fd5658
SHA512 dd532dcf60c0c2c8f8d606ade416cae75083ca39993f88625b2fd3895116059367cc8491b9e48f0bbed5f9ce4571241743b7edaab235b6a9632400510b07613b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 39efa2d22450d6f5a06d818a0e219e00
SHA1 bb0b30e0bbd35f4a13de7af4fac7f3d58c92b6b9
SHA256 fc65ef3661a4ed5f50fcbd881865e39cc7fb9cd325e32a3f408f488e7701e637
SHA512 cbcfd190325937cc944ae429812559397a93499354a99e8671a7584cd59716ea2a6df64e5f6de5f6953cdf2f18f841d8fbc29b506750f764a9e902a7fb10cb49

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 5f89f6f61e9f216ba078cc0b113a0cf7
SHA1 6fd18b9371e350d2ee45343c1ae2667aa2c8ac72
SHA256 0d9ad3b38129817f7efad8ed26ab6e837299b3d2eb5ee1daa83564e811a93671
SHA512 ac839466306201e246d8089b3252a039360a503453d1533c72cabb8ab61987cadee3b5bd55ccba9c3ee88613c5e1c4a4f5425fee9598ee927809145e5ccee59d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 f15e93a7d99288f81deedac65bda5ed0
SHA1 c61f674a4319429feb3952432d5dfc1576077101
SHA256 870e7cbbd1ff2d9c4129da5ac70887e0632907ab6b4fc92635595d4b1a5689e3
SHA512 db8665d3e33cc5b115b94a3fc01fc4e228b1404904e7b2a46e51f971057bf22d3579ea942023eecc9121e3b908718ff4b990b19d3416606597f80bb3a87aba9e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 b70f0df51241a9c4b793c182b9fbc632
SHA1 3087609472a34e190bd0d6daa2931daf9e882ea5
SHA256 d837321e5596090d1560a449a8499c7321e2f947df35ed9eeeab986df6e07f0b
SHA512 ac33a51deb8d9a1c52fe36b8578ed0d612d2b3bd634968d2f346034bd8bff5e241999d45219b0d162845ec1d7d632e8b5e1b4395054de85ba2989d2eabdfd376

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 63f578f3ad5991071535d37cd9c482b3
SHA1 c8ecc42e81887a4535e414d9d425441aeaf95b2f
SHA256 14cc9f3c7bedfad7ec5ad558152289c5d7c26f50561dfcd1909c42c20325130f
SHA512 c29ed055c59122ebe444ab64be78d960c484d14507968faf385defec2f63219cbc9f6c6c588e6c6d9fb09ec75c319c8de5e0e27d5bd0acb420b326ce232e32b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 5b9a0bd0700d57e5dec5754e21bd76c7
SHA1 71b0d6ddf4a268dfd7319de66368e4f39b4f70b8
SHA256 1cc14cbb216e79f8a5fe12069ef9763c4ef84afa1ae5c5dfed61e67add7c830a
SHA512 71d120ef03daac73f4b08d34d970110219787cc030b4ae86da16a1d83cc71b1fb898ff8f23110a45ebf1571dab48ff1148a55a8576fa06112cf653d220275bbe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 5d580ece99c03efde0c3f0cfc5b837b8
SHA1 0339db7dbea888751820b8a0bf8e03a3485cec2f
SHA256 96a4dc0d10d16a8c636679a4a18f33a9ee74f117333e6b12cbe2816db2ad711e
SHA512 2f6f05c0bd30f63eb4a6cc2940f7373efb343bdbe3b5ac21191329e0f12cea0017781255be151c7c479c859fffb2a20d8fe840ccdb4f2b5338c150f42798470e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 4a5eca7b6a76006adacf82490b40fffd
SHA1 eade844c508c54cae1f9ce836ca713fc542f139d
SHA256 46dd0a0a69e480d151e377faad846489192ed2df2b272282e79d4c3e047559d9
SHA512 4afb72e557f8af68f70cc52f1b8b97fd60d692060fe8c654aef1fdc79d865c38e320cff1c4fa1774234ce0477a2dbe15089caa42c03aa0f75cae2309a6cf2b08

C:\Users\Admin\Documents\SetReceive.xlsx

MD5 b3d905c9b347049d6b268b0bd2d33bd5
SHA1 0b589e7b75b6beaa1787a9c81b0074786ba4f6ab
SHA256 f6187e425be246ef5da49a6a9f1443744dd764b7a86341baddb6e7b5710f7c7c
SHA512 6435487b7e821c454fe8bf32d78391b0496ae188dd96b1cdfb3c88c10c76c5c94bc197af619af7a85f759610b74b6925f2e14aa2573950c655b3b1a1d33d8353

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 e2a3d1b738363e36593be7b3f75f907d
SHA1 635020d481fc2833a9a62c48b68d22cde7d49396
SHA256 6b77be9b8aee6d5d6172cf2c0891c6b75f15f12d82129c89caaf98114b62f8ff
SHA512 bd6e814b7d4287c5175fc5bf0c0c2d90df7ee1c5852b08ab398312f66ec324cf8c935314d22807f9b9ce467f4c92313614ae3867c12694e909d7e6c178b853e7

C:\vcredist2010_x86.log.html

MD5 45d204bc8dd5512299e568c7a944e336
SHA1 0b0608645609b2569d2e16194ab71fee3e997a75
SHA256 58412ac6ddf115e7b61567b69879830bb70734c6d697b83a1438518b8ec19172
SHA512 1a5126fd530ecfc93acfa00795923d1555fbf35b4876d98df907ebf9406e7dea2a1614ba1533691fe0f3975e40271869034384c507d9417658a61ac2da64c7a9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 5e322b53a8b9c575501abb4b6967f006
SHA1 9bc8adb015397cf4dc2127c129feebea0eace0b1
SHA256 156dfaae4f44beb6aea474ecd02d9897e97c10c6ad55cc58286f50347bd2bc02
SHA512 e4797029a965caa162b0312a2346ee8be172fbc97efa296c6eb4e0e22d475ab1a522b9ec7378cf2f5836790d5cd9b2cc3c4887686607ad1890df3866e47f8b98

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 5e14b149c6cdce31f959c5cf7adcb2c5
SHA1 2c89df3022317829009cc82da53b3d7212c2885f
SHA256 d2f53a0baeb2035ff50efcb5e23bdc86828b7053132425336f896e6f7bdaa6f6
SHA512 547b294e9477201df7779b05079afff398c1c29a66d56e27873deacd93ecf563de4925a9ead1672d44d4d39b818f14ef4e6f508ecf654ef800a49d191fb0b08a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 7839fbdead8663d56461e3c706f6cfb5
SHA1 be08d84badf119b0bc0af045023d1a71b299305e
SHA256 07f6cf97fff4b2611bad3673ea623de39801c115839c951259fb967b2e1e9662
SHA512 087316e60eb73f2105d0ed90948726ce4f2c6de4c582f1496013199d63b4c2d294d5c3fb4f9fec4e5fecc80d5c237e5ea8c18b6d8b83fcd43f28f2c324e510d0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fbc941160d74136a823ec92ffda1ed95
SHA1 987bafa3dbd788a09fc9479610b67022316a5e67
SHA256 0b2b1471385637ef2f877a6165eabfdd4472998acb5972ce086983943c99ea6e
SHA512 6c034933d0302cb68204817514ec00a79bcb24efcc5e08b562df23baaf0499572538f031149639f6752aea77587a47a42f98a9b9061b1ead814a7b4b70684398

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e7de7f7e6ef687c7d381d5ca1ffb32b9
SHA1 f5bb25b19991378aab6f4b6970c3d8ddee9d4f9c
SHA256 7a2310b5a3f55c443585ba15ec7dba0288ba1ab39df4ffa504c7205818f12af9
SHA512 d3dacb8b30fceb8a149d547f06ab7ae13ddf3df5b2a5c0ccc7073c4abb7c58bf2767d6f29c8b245ff5ff2c1aa588aecde763a30b1f34f1967650806f5d56f47f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d25df18a7af3f0ead48c9f3f1834894f
SHA1 dfcf02030105532681234936a75108d3bcd1f8ef
SHA256 a7f5090e64d89ee9de8e11c81b8364c6be43f6a8f51284cf8446ad7916139c53
SHA512 59a29fa7638fdd03d6a1f1ec35da338505ba28d9361d6dc6631fe7c781b1a5e1213e52b37320fae4c6e8b2f334691bd3bcb0a1da1c8ab7a09d7db2a52309e171

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 acad3e5fa9a1ce0039efd8acedd278cd
SHA1 3902f7d7439325eceee818cfb5ceeb2efdcf78d8
SHA256 2d2a7b60a31c665dfbaf6333a01f16c5926c9be91b9fbd95ca7c0ce7df760b6d
SHA512 e65daca78f8108c6a57fbdf7fed14d833ee219b4f013ba2d220d41a1ea07f000dbb5b9a88e7f869e3fd33b00932aad7ff127122e5fea185d4fedc9da2eae86d3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ba88bf7a9d6785fa71889a57dcb64016
SHA1 93a85ec4d353de6eae9f96ba30817107a520f750
SHA256 3e5c69d5e0afc31e53cce60833ca80319216c9c264b76ecaf45e9c7b0563222b
SHA512 3d53b4148d1e1b63e5a096f5ebe8fd3d7e9271284124628c3d6a82a5d06e57c0678b792d9f51214a453a240070e680eb36fdf745ae814380f1ae41e6512c407f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 92b3bf8c42f09e3235b34356381df8d5
SHA1 2ff324d59349a2f58e463e6e0e0b5381052f2070
SHA256 63ab651e5c4b4a0fcb4e8babb79c1343d72396a8835c133a9f82fc789d7be372
SHA512 dcda29be995430689532e67343f9844b05b170e2d427c2894730a90115ce6bd91435bf79484abffbe74638c7f1cf22f401312015e10af23e562a0f19cb72dcfb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a769f7054ba5615b2ab0d37df49950b3
SHA1 97a18d06cc64183e7c22888ef1a5808610a2b14f
SHA256 a06c06b71aa4f3b7aed2fb81f89767c1bfed36dffa274f6d7735d680d866307c
SHA512 8a88c3122b4b492e245ff88d3245f3cd4a44ac8af4ac414205c7a08d2ac18ceafaad08761711150ac058f158956c343a744c08f4c27201edb3f8531a2c471eec

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1cd5b8df2030f763dcafe61798d43a8f
SHA1 7362eb15b3963109fef3330cbae2a0d22ae3e99c
SHA256 26300cbaa06b01d74a73490487c4bd23937cc569329a14d40a99041e17a6b013
SHA512 69e88154f7751def41750921b6bbdfe59c84aee97aed46bd89a7c590a63145235b3e55e3bbfc1e35a4b286678e3619c193e2b39f2e031a15ad9c6c58d6cd1993

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 36c38aa4429e3447d4dd48f167075184
SHA1 3096d9f8ce4c67cdcd05921d1c255b71b1a038ca
SHA256 dcf3e23bab171e8f4ecd1ca7704516df5d404a3046fc8c8705fdf1e5120969f2
SHA512 9f53d3800ef7e55a57276ed05611715decfe3e9d4f4e4d58bf2d1eb46eecc10bd87b962249c1d90d03e1de20c2450dc20e4027652bb44ee01baf6cc7b8d67f38

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 97c64eb75e1fd0581917afaec633ae53
SHA1 1214b041868ddd81c34284b02688040ba6bf6fbf
SHA256 25b5162ed3b8dc60fc115c9e3f714f9253f27b42cdb08bccb590b02d076a0ded
SHA512 07d22100080536694974e986c7e55054713e6f964af2d8a15348975fef819f8d3c85f3542231081a4948ffdb92bb044f9f691e5e2d7b7ec21009adabbd38f60f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 92011617f1712b1e62335c6962794d33
SHA1 92a5d2b396d56c57718ef0239fe92583dddcc64e
SHA256 a62b32572a55050a4f51606f0ac13ea6315ca32959a9acc5048b3789e595aee9
SHA512 d2436cb08ce93f8556de785d9a106aa3e36439727b881d964597c4cb8e0bec4975b41921fa2bc4fdde1f2b43e8aab65e8dbddab065c675566ad68ec6ceaa9a6e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f0c7df353876c597f9a17d68444d998b
SHA1 7669d74fd49e2a1ab87fcc27b6a4507aebd5cab8
SHA256 d2f3d573fe2e144e627dcc395daa3878a97d8e11e392e078cfb6338eae3b8c24
SHA512 172d0822d96f1e1f7f13aa8723bac3cca55a5d1794c9bcdcf37249ce979abff7fb631e14a153a2d8133366842b017347f5d0cb0a010f140f13a98eaae2b4e7ce

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bd9447c60f16271319bd1e250a5dda8c
SHA1 7ea42467b0028f561779ea3fea110d91bb46448e
SHA256 4c017c3ead55f17bb605438576f11380257db9aa8f7958594ca66e3cf8d10fa5
SHA512 44e95fa70de79d1a0f2f32522c4ac7b98ea189ecae5b9e5727bfdc673c685963c782bba75fef69cabbe4f3179072c9c24b7111c36a07c95ad20ae96a2be316d4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ccf370973143e9c0fecc45410af659c1
SHA1 df33c9b3f50e7856488156c2ad165560ba4216fc
SHA256 cc693e7009d11c24943e7a3d2e932088e698055142f608daca5ade73160be7cb
SHA512 893bc919cc33694ae9bc2fadaa513e4c00fc6d697b8e52d2d0ed619678b15eb896d13680f018cd11274e6d1255d6c212bbf44642cc55a8e1027b8dad67b2cc0e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 80763720a68ae876a8426f14717651ee
SHA1 af6cd7f97cc265fa9842974098f59f25cdf4da56
SHA256 bdcd72e9e0f2c1930ae94e77145b2825022686edb42dd2a4d828a7fef0ae6a48
SHA512 2d1ba00d7b0c0437565f4760c97491bbadac37966b2591857a71ef3361d35537cd958d7bb255b0aa14add5b702ce5104a97f945ae4588032f93457f7cd9579c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9fd7a7e94ea3916c418b69c2b7842733
SHA1 88e021ebfbcd9f7e72b878569990e7fb508ab250
SHA256 7e5ade2dcc8fe688efa468b5efe8294dfe9a89287b7cd90cd09003dd306673ba
SHA512 e9c44f74895b31761a9f537082814de3b811b98ee5a23aa4510187dc580a155af14bd2cc9aab9a949f8e7caf4f071ddb2a405b4c89e8e80f9c20ee41cd3725a5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 539c34597f57bbc1749dcdb6b916f8eb
SHA1 768c27cb5f000f7af25a1d9ee20ee84cbead2017
SHA256 21c6b2b85b06059ae8d8e802a1e5d09f792eac0254375b8bc283ca2b966df2bf
SHA512 95073c340e6a0ec208f70deb5638355383ffa1bca5239a7657c1419b8ca4a22811edf93365cba2dd9fc2fd079bc830d26f2c4110fb9100e9a4843a852494cef4

memory/2328-8811-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2328-8810-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2328-9099-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2328-9100-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2328-9101-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-07 00:13

Reported

2024-12-07 00:16

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2182) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_9977beff54a96490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_096c9e42fe4749d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsynth3dvsc.inf_amd64_1a08a3b6cd493e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_e879d41db6fd1ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyAlbumList.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7db.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_BadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp4.scale-200.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-200_contrast-high.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\YahooPromoTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_rotate.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-20.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-150.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\hscroll-thumb.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\[email protected] C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_ykinx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_30b01fb186157f18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..nnectedaccountstate_31bf3856ad364e35_10.0.19041.746_none_d79dc91ea424c11c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_iastorv.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_2b8fd220eb863bc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_10.0.19041.1_none_a02e3303758007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.1288_none_9a33d9f006a95b20\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wfcvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_828ea72c41c9951d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.19041.1_en-us_b149728b76ad2c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfmpeg2srcsnk_31bf3856ad364e35_10.0.19041.1266_none_c06d6bff83884f57\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..cemanagement-dmcsps_31bf3856ad364e35_10.0.19041.423_none_57997e21a0e0b67b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll_31bf3856ad364e35_10.0.19041.546_none_683a88876ebd7c0a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net8192se64.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_e9aef86836947700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..worker-v2.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_77da0af32856c5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmtdkj3.inf_31bf3856ad364e35_10.0.19041.1_none_cfe3a5fe151abe4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-brokerinfrastructure_31bf3856ad364e35_10.0.19041.117_none_3c1920f753190d57\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobefeatureupdate-main.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rotmgr_31bf3856ad364e35_10.0.19041.746_none_0bd845a4159c1a60\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..kenbroker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_32a47bf029da10b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-waitfor.resources_31bf3856ad364e35_10.0.19041.1_es-es_e32bafd79f020607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo71x71.scale-100.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1_none_468ab6f0be9f26c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-expand.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6faeedda59ebc5ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-intl_31bf3856ad364e35_10.0.19041.746_none_8ae70fbf778841aa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..henabledapplication_31bf3856ad364e35_10.0.19041.746_none_47ba8771f946a14e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1151_none_6dc4fe08a0051e4d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz..t.wizards.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_39be396c9d8cc55c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-launcher.resources_31bf3856ad364e35_10.0.19041.1_de-de_24f575d3b3a669ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_fr-ca_c03f9b83b540a678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square71x71Logo.contrast-white_scale-400.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_a5a5fe7757df26e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..-printbrm.resources_31bf3856ad364e35_10.0.19041.1_es-es_ff01197594327eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ers-about.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a2f86942a81ce19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_979015a3cb75e148\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wwf-system.workflow.componentmodel_31bf3856ad364e35_10.0.19200.101_none_b79c204dd637ebbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorunknownerror.html C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_warning.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_10.0.19041.1_none_d835cfb6a72ad4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_10.0.19041.1_en-us_a1d139fe8827931c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-xamltilerender_31bf3856ad364e35_10.0.19041.746_none_3adb7004c4fdba03\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..aanalyzer.resources_31bf3856ad364e35_10.0.19041.1_it-it_663a7e304ddb86fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_10.0.19200.110_none_a3033a85284637a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_xboxgip.inf_31bf3856ad364e35_10.0.19041.844_none_49f2d32fe6da9b8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ionflyout.resources_31bf3856ad364e35_10.0.19041.1_it-it_e7319d27932b61bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.1288_none_a48884423b0a1d1b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-windowui_31bf3856ad364e35_10.0.19041.264_none_ef8072da76d7bd33\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b9b75da268bb072a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peertopeergraphing_31bf3856ad364e35_10.0.19041.1_none_18b3e858891c1084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\dismiss.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\Help\mui\0422\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_dc1-controller.inf_31bf3856ad364e35_10.0.19041.1_none_853d221fc52f54d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8cd13b8b6097ef66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.19041.1266_none_69f1a169b4d96a7c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.19041.1_none_01403d15a6b8a2fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\colorPicker\lightnessColorBar.png C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-mscorld_dll_b03f5f7f11d50a3a_10.0.19041.1_none_3c1a7a93c632b056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_da474530474d77ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-smsrouter_31bf3856ad364e35_10.0.19041.1_none_cc99327a4ba24f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..inter-mof.resources_31bf3856ad364e35_10.0.19041.1_es-es_1f4405f510e564ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.1_none_23025624c75c162f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_es-es_197e2d469b031a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi\ = "IOQPRVJIYYXVXAQ" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe,0" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.hfi C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0OBBDSsH5F8mq7J.exe" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IOQPRVJIYYXVXAQ\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\cfbc736d5a16198f13e7bf360e5004be_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/4308-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 af5a2a58a49793554f291a2939ede100
SHA1 637eb13f507da0c87433cff0990ae0b3238d070d
SHA256 b952cf8cb5c00487de38ed2f9f657f135200f61bb01173d2010cc61f15c43d02
SHA512 1168043a186b73c1ea43cd1228c530033728d68e34824b91018cc88bf8d56102367f2b1535ab3b23c90177d7b9bf03f3ff11135301f4bb5f05401ab0661668ca

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 9e9f7efbf93167744a255fbe155cd518
SHA1 ebfd7a5069904df07821203c5ba3a27842672c5c
SHA256 24a46d586c5c9170d46fc63527c02ef81361b92889378f1b7c24fdb898c1b8e1
SHA512 7f05bf2eade7eecadf8096ffb98df9e1d3d8f4bda8dc39d66a68545621a77e53e4fda4ac34e3fe63981110acfdc98f781e079844e38c195f0f30f205b439f407

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 376dee4c67971e7c6c50a0d0f2b2d96c
SHA1 7927fbe26903f66156a82d0acfa9e2ad96c61ec4
SHA256 99634d3649468241dde769f234cc9858e015f7d19bb4e3056ec3c491dd723e4a
SHA512 b842958ec68e1eb77fba862a48a3dc2261a8aa1c1116de0882807f9a52597a1f727c6db4001b297c7b78c417188feb303f5b543e2fdd10c6b05914d484783880

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9584261ddd5e856cd18f1f4b0bb62c00
SHA1 3d5c1ba01d4a01e79e9e31a17280132891b1acf5
SHA256 b0c5158fcbfd57235ba4b2f8b588425760950ffa043d1a5d1f101d4a4f7b96d9
SHA512 703d99c988bc7c9337235dab76f34fa9a92c5d133194a17f1bbcc95efdaf844cec8dc7c20cfa4bca533ce389049053001e7f95ea7bc02e09b399a90bd1cf6f63

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 73fa6ec328cc67a82a2d41b00c1dbb73
SHA1 0869d48e6bf66b8b2427b96eba11cd6703c84746
SHA256 16c91cbf1473d55d6ae02718f082dca09ca05ea5ff28dd8c9d2a6f1fa1a3b9b9
SHA512 b8e72c4041ef95b688d97553701c6b6902d04484cd5bed2834d3316ebf03fb1dd53555e27acfa4c3804c28f00631e05edb9c2e9f4eec2da3794e81f88b1bdde7

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 dee4c4097e29b70c4ca284dad7084a53
SHA1 4b4a85645bfb098d113b7cb4afdb137a192d5e3d
SHA256 f2f3f34084eddf4dfb131832937d1d0c78832d63564993a25941352f10fa506d
SHA512 ad63081c3881aea901219c623b4dd587004a4bbfd469a8852f94573fbeee1d80e72ced251ca31b59ae61823de06eca72948b117bebc70daa6696b4cf9d04b18a

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 44758d7f386b51f36b57720f3ce8c5bb
SHA1 6ad138062c4af8f70228d30e25e9b3c31b4dee9c
SHA256 22d0c0083ab9ed83b4c8dbe8148883a71147a03bc2109a84c2f0b700416768fb
SHA512 fb26658afc93ecbfbc29f7fbef4a824cded6b2aae9f91ae7d3bac7ef35bddc70995927a569ce988678387b7ccf092354a1d5ba9519f173bd4b3601470c62f7f6

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 03a9ca96ccc0182f3beecd31f5852eef
SHA1 8f2ad925ad4c877994cbc9b2169e7121039cd17c
SHA256 063607f035daa50b18b0c2ab79dd32205ce8a87ee9124d883053435b56e20085
SHA512 8e55cadbc898c2b9485a88e7df5c15649d288e51291cc4f22a9b5403c6810d4fedc4d8ef9a43c053c5c2d85bac395d77b8700380d817dfdeadfd352c48b9419b

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 333ee3e3e32cea0bb302e1068b9e5ca6
SHA1 f7063fd3a65c9dc7246f3f151e8bda726d810a9f
SHA256 11aa32736223c79de2fb3a52ce64022ff78460dae71c670257b6bcb3bcc6fbb4
SHA512 6a3d8a30199a804d61ab1bfd57cac328b75cdddefe0323e3547e598cda9f1b132fc850523d12fec004d53c6f2f2b5491f79aec0de7d1ed4501a5c5f1f8a3258e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 e4d76a69995eb65ec3295969202fa2cc
SHA1 3262359df352c31312793e0720ced207be52bbdb
SHA256 e81dd0f81d9da737ac44aa5e0ba623491d59a7c43d326b4c929dcd652ed70344
SHA512 5d44aad3de25c50e05885e4c396dd3227a333e4b5f9ee763687a479189bfceb5d5d371b4bd2b2edabf479d640c71ae02e403aff469ac2d7ca2a4fa9a89f2e8a0

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 5d87bfcd8ff58a3f39a74369fb317970
SHA1 80f68294eab9625d781ef8167b2ebb5bb3e99657
SHA256 0d6d128cf24011b4ed173ede2dd1228a67da169f1ef2ab0702f85463c5fc0478
SHA512 4fafd96191376c55c7fd9a5566596df2006cfdd3d42471b0e06dcb12d45194f74a23165efaac7961c539d314ef7a4bda011481c49b982169a3dbbf6be9d3c230

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b75e8c19933b1119333eb1866ae48223
SHA1 3451740185c8914fb14b03b69bc1b2c4a4afa692
SHA256 93116942f647bd85018ca0ee08b5e280c31ebeb14356c134f267acf872d4bf2e
SHA512 e43a710fac960c44847c8b7b873d49df6bdf07df56c989df59de907f0b21364f709ac14564c9b2cb75e4d5a769e943114962b11881c945f890d557d4d01d4f3b

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 7c5b20ec8ac32cb4570e355756d306d5
SHA1 b8d35d85225910e1e1d65ffb17d6d5a05c234ffb
SHA256 3efd96557f2e1e1bb251ae548491ae29c83e6f0e7c19db2ef13d87189621ceed
SHA512 58d49ede3bb447c3bbfd7462772666b894699dbdf0e097bb6483dd66de1d7c855ed75faa1b333f48a7db050c04f1fcf8a0ab1a4ac046fb502ff56039d2458ab2

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 9a37abb32fed9ac5459f5df015c8b289
SHA1 cea69b7fed1c544e606b526b37d3d9a0e270b2ab
SHA256 a4cefc484ae97d918524313afda431189eb1d95b95f7c12e9be47eda481cf1e5
SHA512 23f5fda0885658f0599bbdabf59d9defd222f1658647541c20c2edf89f69883fdd386a99eda4ab8a726254a5faf0f21a20885f613108d6499d7b54b50ac809a7

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 9dc420a0e852b7fa9f925ba2b43a3787
SHA1 3e78439d0c9b24cf800719b70a4a8572f12a6dea
SHA256 36b2db4991f102d29ef72f9a7659e3e16340c4b610e8dac0f1ad5852807d2312
SHA512 48cf136053d2fef0f3574e3f753f628403f7fb75e52645c2d1b7b840d42f71f3e9a5a98da66ae60c6fc62e737f8010ae39d2d4e5da8bdfb9afd743e6f8ab6234

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 46f3969fd01b146b0466764f482575c1
SHA1 3f2122f14239a386c524c0057ff33b3b8e2a64f7
SHA256 f57fa36f5e8883f49826533b333d46e66d2acf628d43193a4dcf6389cabb2a59
SHA512 246f63c5291c508e6fdf0ae5957ddb2c0ea4d5861c62c022f8d284e13c8058167b497a112da527169f249230fbd599b5ce9195adb2d4f07c9a417b3ec3af1191

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 7fba8b0bb61dfac81a0a33b6b3456ebb
SHA1 09585d98b59a58c5d484f471813b3a68a9f6542d
SHA256 793405a9ec818dc8377997a8d5ef87902f7e375a01cecc6f3495b2e81db218c6
SHA512 e76aff1e459b1dba3093180e81767a18de9a82fb7cad31d78b1593e9be645bb0ef9a6fd4da6654161f1ee99ac5090c5e82a0e421c3fc3d3821e8ca38d9dba392

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f7e28281de9e721875eba7a464b11436
SHA1 5af75d6e690e2d575c725445d5903e924aae5d1a
SHA256 b42dc4eaba566befc766859f00a8e929ba82e56e86116f3382093c78f3bbfb87
SHA512 931bbbdf71e07a8941dfe07c4023e13715bb871ac8d42162c52bfac3d69478a53634ebc02ba5b41002ab3d95673a0eaad9244df96a68f7e872f0a84a501a3581

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 9bb6c873c1096ad6a79f2cd691c389ef
SHA1 85b163769d3af2308d25d0d8b71ba27492cc43af
SHA256 592f3a089a89bdbcde70b5d649a1b496de5d20075152d5553bd1d087b5881ab0
SHA512 05a362d4369a60d14254b38d43b7689b43ad6e3c3921b3a899675b1dbdd7c2f797ac537b8ded256b23dae6d12e5a13a9a8e17bdca740d5e2db3f7e9e0a14dca2

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 48c5686c2063d14cb537e0e3cca6a5f6
SHA1 37a430018957dd7549f00f22e5bc966ca2f4886b
SHA256 4c01769bbb12be1b84ebfd2776377f4c16e0aac57efa8954c129bfec01da1007
SHA512 783c271a983884157e19d10ba3fb9a0586a86a4217331603b6bc0fd888c1d8b8431ab8fa65bfdfe66744e4d62b1059e5f5efdef06ff812ed0f80605f407f6b85

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 94f7d04886c8325c7221f83d4520690e
SHA1 ea86f37b28e8d06e7a2c1f5c15cc334c18c63968
SHA256 996822e907e9b2caff48461eb8cb90552b1ee7e33af5f0740d8ebc64e8f4fe28
SHA512 11ea234b91d99e5b2abaefc2acb68a5c3612b73cf4663a0460a6b78b7413ca9b53fabf9a35fcd4700279831f09d5d9bd29ac3d987e82ad640a0bfc785c1ebaf8

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 96efcf4c4b5f69d65c2e5274fff47b3e
SHA1 1091722a3a76f3fb3960fbf33efb8c1fac9f265c
SHA256 efb1d92d544ef4c1adb272da24890fec5ce126e144032f99fb368f6384b193bd
SHA512 8a6254d2a4b376efb37bcd7c7d5bfeaf0d114e4563d3bd61e8f7bcf665342e5bbef2506ad1315099d3ea4431b677586b73a25d1212c25c5413f7c4c1eb8c84f3

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 fd8492f5e590081fffdf7c63c49f0d2e
SHA1 df9af5a2aa334c66d1ba7999fe2b0d38f7ac074d
SHA256 6aafa3c7ad4f1ecf9a8b22eb207813e20d046250076713cfc7f773e7327872cb
SHA512 c105f075ab1f04f0dd5065bda7a6618323765062efa7446de9f76f1e80845723ef9c7bda7ae580b019cd99a01382ec80aa1c1a1c46399a40c29ad894a0848472

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 13f428ccad78db364cade1463c7f16a8
SHA1 4546281b178e0d065f822e7987f8570f555f8f00
SHA256 dc27ccef13331be51d58c071b20bd56a23a52d63e436de16089ad09a69753394
SHA512 ee30f22b1654c3d8fa7d74f1314492911916a09730244fa20df6906d83e107146ffe0bc40d19b529010fd1ecc150d275fd940e95c6058cf0e3fb89ce7163983a

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 9c72d4b377d24166da38f0c01c3adc66
SHA1 6a2896227f399e1d055be5ed12cacf78b328466f
SHA256 ee681d0f71c7d6acbb1efa3481983e36c76d1a89ec1879ac27b40732125b841f
SHA512 3c2be3d6e817e90eb4d38b1992231e97962c2db3a5d3ffe3b21fd2e907859d8d6152c88573aeb12721912c38fecff792c9426765793aeffe095acfc181b3e930

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 43279fbf8a135b20eca59f0fc74c5914
SHA1 aef0e0bb8c38c417d6dafd25e94486b49eee5981
SHA256 ca34eb1937e568e59f6ea8f8001f8e98651d15ed65ab59425274e5d03ec180fd
SHA512 cd117918c48d6f8550a3aebe8b61a4038fe9aa6e74b34d880f3702f745db9f56a212014644381515751c60fe9b7d3f20350d3878cbccdc292023a6465eeba052

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 57759e1ed0de91f6dad764b8de617305
SHA1 7b014b5a0c90e0f294c42e06e9014a4e583669a9
SHA256 7d391f8014d324ee61d42998d816b2bdc3ea144f79aae2852117a260d054f3d4
SHA512 96d8bde7b55424e7b5cf570f2646d7ec651e2143fe6ad2b63e955a7085f84f3cbd5a9c6b553c8790dc2e059fa02b0bb363e31bcdf6d4897e2001b27720ef5cde

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 40b6300178d6c0ea8b53792ad287b77a
SHA1 d5f047dc3bc765e94d1481957a301286d9120c6f
SHA256 5405175a1e0a641064691434a28eb178cb1b0926c9029cf3b7b3e7349b15cf78
SHA512 bbf3fb3d3439c49fe46a03266c0a337760f25b0390dc5331841bdb1fed40930f944d688d1737402ee529274c7ffd7f27f64df5a60937f3bb9ab12e5b05f71f7c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 601ff416882b37f596a01f6ebdd4c365
SHA1 0a0a3735f4be17651e6e18db17e63b9d84356bbd
SHA256 150fa48458cc17b5e3c8669e5bd70a4ed41fddcd1d8925d9e150f4a652ab4bcb
SHA512 5dc238b00589b4aff62a8f64eee50c307b404e7a3c4730bf6a51e2935bd0aa25e528a3077886d9282384d62548d0d6dc38c9773673fa3d4f46b539b58097b94e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 0530271fa765fa6ddaabfcfaf2eb09ec
SHA1 5adbb0a85b9a9945d6f094b63c898b85f59835a3
SHA256 7b66b5eebe45f8ffbdc1af288b9215d9d4b7fe13999591f5dd82d910f82319a9
SHA512 16eca04b1ff8c917a196022524a9d3375247596f345d7b8d90d448aa7d07df0dac66ecafc3c189e6d691932b2b7433d648adee5cfb19c942ba984427b45b148b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 35bb962b58642cc9f304c0f300590b1e
SHA1 39db33f0d392fe35cd6b5b74da8ab940bf069a6c
SHA256 b21e7a4ecdfaf41cc4a00d833db3e0c4856f9b1ea5fc94a898e1c44774a62c5f
SHA512 d617845d686e3db2ce6e9ea85e1062543ad8fa3e30fa710e75c4c09b626cdde14bd1a81383e526ad332a452a98e21be91bf1bee8b1516216ef34118adeafcdea

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 76fe5c47316f2c4a2b5324ba9497790c
SHA1 c9e4fa771af634e111dcdee615ae56ac5f31f822
SHA256 050c7ebcda1d4a61a6ed2a4fad277afb632a4bfa5929968080644ee2afae6a87
SHA512 3ce7e34b87f0be7554ab58f398805ccf37e273fa5aca4f076bc3e710eca15db182cbb264dd31841132cdd01f247d42fa86f743b7b949662331fff99ea5923ee7

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 a08298043746cb6c2d7cd1dc37614a18
SHA1 e6512748bed27ecc6901259478636809cadf6cf6
SHA256 6efa8c5515164d492b4207dbc1354f70e2444dcc7ecba016e422ec8126dec3b8
SHA512 ca1af795229d70b1dad3b9d397cef9122108ce5153ab798126fa1223f9cf7b978612fed92433ac4a6bb17625053fbb114245bb3a406529dbf2cbf574a33d7648

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 f827f49a9d7ee8a47a7e6ec35d953bb5
SHA1 add0ae004d59cf97fbcda4ec8e11fabaa069b06e
SHA256 91a7b75c26576b7e815a05adb4c5a8b9ae6a5a885e4a04365053ab94fda9e07c
SHA512 b6bc264fa9269dcf4cf0cc033841487b87fbf67d2b093cf46b5de8ab63c2842540b45ff0c0496837b080495560c28de9db828322f1f9c7d3cd4e8b1c7a2c18a3

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 34ffb42b74d065b64353c152b754229a
SHA1 49f4ed5dc0436bb6ce65d61f30edb5d000342526
SHA256 b1fa92367f2c003e3ed05b52079dbd1f84dbe1f232ff63fe3586223fd7333698
SHA512 8f2b3c45303603721e8bab7d8d3257582fbb4bf9ba0f6aa20e98331d9254929785aa4b71cd7d9244e0b6df10d6ee591f8d9e008f8958ff756f740d762ec377d8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 4d6a45b196cb3f2a6faa2e4fcf11cef8
SHA1 c1f02b34d6b45058fae7d9ba9ab1dcbbdda928da
SHA256 5a831a40a4463873acb81baa25fc3a61dd21436967bb5beb5a699f4f44a3e18f
SHA512 f4d7a7ecb21ad0021f3f48aa7b88dcb3eb9d00db4490a65bab87562bf9f61ea0a43a44b6c3ed94d018742e543585954b9e07dfded26ea65c577bbfb1c147a18f

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 bb5cff5fdf43dd7747fc30795a883a66
SHA1 1884ed07a343350778f1a2c448c4b2b2c8d39b4c
SHA256 af5ec7a9758edf6ac4f38b8dcde3b48d44deb1ccf5147f7824c621ea7fae7da0
SHA512 c88c6223b34c5da8fd60204550e9bbda37860f439baf07896de89ee6b6c656d45960c51f91ac392521ea3857f0a88dbfe5242d4b7c69fc1eb3c25978c18bba46

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 b7ee7174166d89682ca9952e0092e491
SHA1 a8b861c3e53b18fecbf8e3aa638e24fb85d389b1
SHA256 c7ee6a4eb362f6e045e5fd89a992eb49279d685a212c87ffb4929b88548d449b
SHA512 72e6c48b43dd5534214b7cfc6cd8aaef9b9bbc36f5aec56311b30097dcc8ef28e60f35779361b2c5fd28b585ff7c810853a8e167c3217241b315c3df7f6f6c01

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 195fce3e8d878fbf1a026ed0250c5088
SHA1 6545e06205f1fdb6c4c3ba33e730ecd5e3b93c55
SHA256 2fbe65289ea27321b52445232ad40923fcbdfe0c7657e2e9f046e06d38bb6631
SHA512 3f5ac6b6825d2e65531726a99711071b9e9d63e1748b4224303f9ce0d8a150531ba6f7c577ae7db5fb0c95d579fa38bbe80431e5b3f6c2cc7086a8ab0111bf97

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 8e8adbe7b4c89e9fe397db7b72b9510f
SHA1 b52744fc810ce3effffd52ff2976869e04f1af8b
SHA256 bb7f00d9a4419e804e2a6c576293c2f1b663772fbd186753659184e7f6618ce4
SHA512 ca404f1084c67ab8ac4dbc813c5c5e744f2ab551b5584986d46a929f406a0a52496fe69fea566a67953bbfe02e15a035c703fe3a6529f81986598e7b3a776b48

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 a5a9b125e8d0c91717593bd3b3780011
SHA1 4a580c3af03b37df8e1b3e845874f4076fe5d055
SHA256 d3af7bd5c7debcf2c7468393a15b8ef7e26d8d7bff1a2bcd23ccbd071a49eb26
SHA512 9190533cb630176a07ce0f35c9c77b3dab17d3df848d458c0bd67e19c8a7bd007d6a2da3ac3fafffa9e3142719575c264ac831c22843592d5081756c0bb1977c

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 4fb62be2e18f88c9c80c00b10e162d79
SHA1 d0ddebfa0f9815f3e83bcf639f1943a296c70baa
SHA256 69c4a73eca4faf0cae5407b0bf94f83991e873c92358c7fa802304ce69a5dbc7
SHA512 4d95ea0f8d91120ad85ecdedcf3e67db1aa3d4cae053c608c826be39633d1ad21a6cffbeff890f72b5855796e07c94e18a70d4f588495fb98f744d324e6c837c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 ba09582338674cb2d780f0f571fc667f
SHA1 9114cc06b7be30dfc7a624822cd108990ea70dc7
SHA256 a92720e9b31b419e8fa85de951447e3e5f263e8d3f0ea22e8b0ee2c1a01f8e21
SHA512 0a525993b7f02739969d194cffb31d66fb07cb2f7ce1f08278480979c9dd15969337d292a7cc13d8f1f88a3949e5e5787adc4352e0aeb991f8e646bac0a12fe2

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 7cebc9d2eb8b42fa04beccfb3c4052e4
SHA1 bd69dc7a608d3807f7ce6d2a70d1c369cb0c1e14
SHA256 140a011486ba7f23077502d796a3f8b06e6d3f665cd2c57549719984ae4a1dec
SHA512 f028f077e8499c3ace6808361da0a912057b835738a216e341bca24c7731271bf3c2f85d6aeedc98c3d023d3be5314338dc05a715b58e96fa022889651bd8096

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 f38d286102c15e008133dba948b96917
SHA1 a4c40d7e78106c1b8c2b733279e07933d37e9767
SHA256 6d478ce97c5422a665a8972735af491ec1da1db8f9bb7173c0fa486382d6909b
SHA512 49f35eb9cd5d0ee02c1abfd1b1f02b93c4c694ceccbc2d8fe0035804db9abb04babc597669eb47932948717b8a37edfccf263a313f2dd8f1e0d9138f5741d6fd

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 29e556bd8ca1280c8f18cd11b1441d03
SHA1 03e002191e157e51de3aa40f8c89807d6b05ac9b
SHA256 41202d02d4701effef8e26274e3fa10215ceb563547853d7079c46049a64fa7d
SHA512 054a1715479f242f2da4c9a079fe2ab2ca7827ad60683747ec7faf796d18212dae804215f64560e494a8ea022cca704a5f16f5d6e9f7123cb324b155c9427741

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 3285a2ee1cf7bb22ac89daf3ffaada87
SHA1 073e4d9f5d1a5387f67e01d4f92e09e87c7b27ee
SHA256 219604ba02adb50e068d064a6d7d2958750e0dbef5023c488a2063bc4cb81969
SHA512 ffeb7dfeed08e298b38c20ecc58b340db4087f022c238d808ef98c3a829d56d3fc546791dda4a12d4a9ced605d22d121d00c7198d4ca20b702e176ca9ed5435b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 4c154f9eecf0d3770e22a2264b8fe805
SHA1 9db3d97dc4b966e548e04f0a26cfbe940bb299e5
SHA256 11b055d904bd1a419a486968bd87a491971b8f4eeff68f0170872a5bdfdf6437
SHA512 0b9e208b399d85aac032479ff47e55a75446284cbb318d687f4ac67b7e2f909fafdda53f29ee31d4092dfd993343552fafe5897269a458c20e4a116235927ab0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 234ec4e105f70d8bcfe339189e554689
SHA1 b7c735ae80c2926c4d959ba21e472ed25e1140ef
SHA256 3fbaae136ea53462638bbf78ab725bab0cd1907d533b2aef487546b985da4c1f
SHA512 cc4697ffbe75b7feac80b8abf1a814f4586559e624a53b95e574a821cf0c68924f4d0c9f40338767d44680d42a05c8d5492dc61e855c176583b9668b4d2d0f72

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ce74b4eba035c6ca7bf08a76b6ad06c9
SHA1 0f1aba65c7bd5f9ab2cac4bf67ee6f921ae77766
SHA256 4cd6da1d3d9b20cabdcb9ca50f7780a7ffd61346aefcb4203ee28372b50b6c4f
SHA512 fdd14911f1e236b7ae776d70231d0fcc7475959425f36d0e2fd88579954beaa14b166def6905213eb0c3451e4643a6c5aef7077c3b35fade93324e52adfb4bba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 ccb082e55c5a3eed89cd829a317e5792
SHA1 deba396e4d34c568f1ecfa4409465a2fa2df7c1a
SHA256 94a129edd81c0eaf9a38620e3185d2e1b8f8d54a8a1b89c026a10efd6f2da19f
SHA512 ba27f65078dd20248d3d6b2cf5628534b8b555f06adc6bd713c457f147b2c8e95af6cc6efdb2b1ce034459abc3fe58bf8112b44e7cfbd89a37b1b0facfce55d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 57b5a4bc85d978bd10bd56380966505a
SHA1 81a04efb00eedbd5a51968344f8655eb2b210555
SHA256 63e1ca0fa836a092a725912c72d66868d01a199039020df15f2c8ab11444c0b9
SHA512 f3329a53f857d5f098adae36bff135a455a27e1a5049f935e931c41fd4b67b8d220344268ea57a08fef5a150aef5bb4a8e71b94030b1e2f38bb083643f328e48

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 4872ae09537e3236b028efb3c298cffb
SHA1 1800a94f8c4d60bc40855d78f6ac9b44472852fc
SHA256 e333a4de4870fbe88c56356eb083cb3fadc5ff498eb26982567d0309743f15b9
SHA512 4a98f507d6703b9c684cdf00b7a2025c91f6b2fcd6593a41496cec3ee83eaa6925650de128593c51e6e138e947baf5101ce05965604b13f2e4218115cd9dad54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 9c702e5e983e895737ae4204d93663e4
SHA1 bd1e9291c4052c8d09d2e7cb4900faae15272d37
SHA256 aebd595fc38b6d0da08477f76bf9dec8e476d043c2fd57276227bafc3f715665
SHA512 8a1871f65baa91ad4bad52277887f21e7ebbd15e11f76bbe46359a75ac8de6061b2a6b6aa31248855616d7552cb7e05f5608bfb5c6a4ad70a00a45307aa98fcb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 21b9b46d1a8c0f3865f9c6eb19ceadcc
SHA1 c3fc53bc510c6a460420521aef03949d355a5d8a
SHA256 b2e8af8f52651d29134592d71899103c07220cf677e2eef41ccd82addd5f3821
SHA512 584325139329b0ea8593b9e6576476586d13901d118b3925b509dd6c0243587304de61a47a669d28c6add6d4362bbe57024876fd5105aa3fa8924cdd7dac908d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 40f54f91a6fe0fea9d5a9783ca2013a9
SHA1 ecb6e06e9e13b1bc3beac196388614b92b097eac
SHA256 9aac94140d7d28cbe9eae132c439e64d1621b3594876e1f005ad144584d2f96e
SHA512 4401bba2e63987405b65d9cbdb8b5f0e957082dcc4f33fa0381508140a74d9cbe62d465f61b5d964ba627905aaacb5b9a204c034a4745ed4109c4a2bbd4a89b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 0948922df665dbd0dd28d6c08f5d5d61
SHA1 904632ea6c8dff7f67c77339e0ce3ab69adbcc4d
SHA256 096330daa6449485b4e9c7344c06de15c3e2d0af8378e73048926f9c06f7bb41
SHA512 4edd8292a2bb91f7eec859f57a19f642a9ff54447cb4014bb0e58c6845a8e2a541463ddfe51a30d1eba89df01b39456e833eea12329a4687672c0b7c045748f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 123fa9f6e0a19aa119b80beb8ee7e4c4
SHA1 a98ac6c38657ed907ca98f7cfd2d8bcba7d629a9
SHA256 b64ebd21f1bfc838f189deb4962d5c03013f7f5089c4d79a225cd054408f80ef
SHA512 f84cf04b643e712cb2107eaa3128a7dcba87fc0e27859b194c450da257961211af2b7ee7e751914bee7d615b35e88bb64765f66b8b78c25800395c422d3f3f6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 53bc3eb0a867c4f4e1b51521e7dbdd10
SHA1 6d5a384432a6e343ca227facc590fbceda8fd4a9
SHA256 2e8fbd07ac2f40cfbdd4357e654ca7e1ec6927b809b42892ea8314d7f81cc5fc
SHA512 dd3b76da36a573e122d73f5b103d4302508da460e60c197390481ca747a135d3db26aab380903c56af4976dd884d8442f7c4fd77f5b224120120a8cf0e4549d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 88b100a887e1837b38701339b0b62cda
SHA1 4b1108ee4dbc357feecc5a9bcaf1e249e70ca881
SHA256 5fa7383e6335439ad3d05aebec006b53c10e68fe7bf95983cd5c5a13e6b441bf
SHA512 d15c3494c9b37c24c7cebe008967c81d29721e63fe3932db1a24d7b1554c9cd3e5db3bbb38d32b3e1c8feede204fb0ee31cb1f200350e8ebbd1eaf505db3c93c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 73b20aa58fbcdc089ee2839a08f50fee
SHA1 81a0931f11e6a79051a6b16894880bbdddc1645c
SHA256 688e834334886bddd5cc95ae16766eb282695921dca19c35ebfe1e28ea884526
SHA512 e3acf9e1c114c36d68abb60390a5b0325c5cb1e8644141f17dcb63a210e3a1d21835ded2db579736cb4c43f9b894c7f1ae3129b079f060af5d13f72972e072b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 a0dbe6b26f13f3b5e248d1959b0409f7
SHA1 7b83d7dbc16cef1a5a83213f6b8d1b6b745e1675
SHA256 2393b79d6034e737f55085861461cd5747d4cd786898b05a827c2cb23b2cd0e1
SHA512 f9460854c4809ff3583d1af587676040c75a75e88d3831c89ff1c1a717222b6e245afb66d172bf797a0d6d2ead5e5b84f6bb43be9e02c2fbdbe57756abd0cd06

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 abe60f42158dd4577f06c97aa13a924a
SHA1 f4842e9fe9f7efd0b52eed0929fc334b84727ad1
SHA256 87ddb2a3afbe868e8f01b4b3ccb14b7431382903501116f4b5e99828571d99f4
SHA512 3dc2467d966a74c7833b8c80f8fc4ca898d23d4ea822423dfdab2de5dab7048331196af5adb07ace17bde0214a94f3451928cb74d65356355f298f3be8f03083

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 7d6f3564a95d9a0d9d70b13deb9475b8
SHA1 c4ab5e9f6297170b0fc7454cf7fe288fd7dfe81e
SHA256 e045e3ce6d16b2ef8b9a2d5cbd358e2f8e35237b0d82cab90b230b49553525c8
SHA512 80aa6d23fa67224ff5a2ecda06b6d46d0b949181d285ac1ab34e804d048125eba3e180fd51e9501131a62cf818ba917f2186f59d354a1cccbe3fd2ad3dd87243

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 40f0a4c5856cf1f90354d9a4b689a262
SHA1 3cd867b991bd486e591f53a32e7d126aece75026
SHA256 34d747a24fc7f488b246d7f40f8dbe999e09a52f0a609e4e7f03a8a290fb5818
SHA512 d26ec422bf97453edae1e8d2260fc67a34646eaa7b4de8d1d12f2355e45234b636c19b13acb4ab165edd90df038637fe5cc7765b32218a67a63382dda1e19303

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3da4c36ceedf330fe2f5d769cd959123
SHA1 a319bb35b256f1a3017babe71cc01262730d09b3
SHA256 800b2b93cf4b8700720ae8161950eb6ea220bd50f82375e4a232068c36fc04e3
SHA512 c38032afbd46f23f6c4d2757c3a150be4ca5405dee78ebb2442d226695fbf4772d2041c6803290e04e5fc2c3b55bbea006692e8d7d59d354d352eb4335865759

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 7422cff2c07a76289a1ce07b2a483ed9
SHA1 2809b2f2d9869ae91d34ebb5a42d85f97495077b
SHA256 a4f918670fef68c0a38d21d4428f5b32b408d832a5777e968d929de7dfbb2af7
SHA512 a7606d189e8c53defd3bcfdfbbdc148049ec2d7015b7e6df8c0f09f7c829884b15214d80926abe6980a3c24056946fb234a91deff4733a4ccae628e8e667c618

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png.hfi

MD5 b3c4f9764847a1c5225ee031ba24beb9
SHA1 b26832942a9d5453f145e5ad158bcf73200f0470
SHA256 176069db7bd4450b851cced1998ba67b70378d1ed4367e4c8a6d4c63b249898b
SHA512 0b77472d0e95863dd98c124496a3c4eb83997a42bd9548d6707216c0fc6115e9828272689c1302d3698a3b2c010003d43073bea689ddefe69239e59803b9806b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 008145c93e942855525421268f5647b1
SHA1 6dc47c8ce0c5438e98e43896b312dde154460e48
SHA256 5e36feb078bf4eff4d931ebca89a7594020a370162e8ca5f2db57211b6667cf8
SHA512 7ef6dd70f600674ce42e8901fbaeb0c3772246fdeedaae98b4df4206ecea2ba50c8da758c647b99bfd8b7a5cb108888df0b9aedf71bab68bd0197fc10b334d5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 6bd861032eb6bf34ab4fa54632f0f572
SHA1 e46137de5819174dad1a570cf8483053eed86573
SHA256 bdb9bb8620b9c5c1e93ae025bdd4ca7e353a014d30dc6682c6edc37d1e3b1359
SHA512 0d6ec8f63f5c46314b26da63cc034dc95f6b2df4ff976f844d791f52ac97fac52660cd3dec31959a43e52a25686974d023f3edba5e47d4d9300e16974e13d738

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 2a451bed8144c483df89b68282b2d055
SHA1 6ff961291edd0870da4f839ddeabae50e32aa012
SHA256 90ef490ffa7011250f99cb6f9a348b4329d972b44da35bfafcaa79d21ae8256a
SHA512 e3babed5395b056eda7b3555cb7d4c3d7c9ba214e63bfc733a68bd7a828450ebdefe802287430e5dd09ed0e17aec356205112c014c79fcfeb69313be1d74ee10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 df20f33e7019dfe3f543ca98c0e68d61
SHA1 81248f82c0e76d7683a20cfa3f968db201c665f0
SHA256 eb6f4eb910fd800480b169d130e7567afaea64ef80408dde6bd2ca3d8d135ff6
SHA512 19516f686f1619212b54b628b5108e6df03dfb286617d4379d3a7fdf816a9543ac13398c073d991216c0d87e923a234f1cdd1874e35904c197e10ab8496d1c87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1f86bec1b8439f07f6c445fa8dc91c96
SHA1 fdacf261b295afe3e37d6291171597b650281dcb
SHA256 1b047725027b93a085e545c50559fd2039cfd5d6c5a651102ff614de70a6aae5
SHA512 f6ed49df9ec7e3766b408bbaf324008a3b14ec14f8c9b7b05c10621b766e21473ae540ef58a1453ed21593445c04a91d366bd3f842a9fb3f67628ceea10bc9cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 d4d78c7333c0bfa13ae3a0ad3c7c8dc7
SHA1 c214603ff59b1963cace21df6d2e6c1dc8e8bca8
SHA256 baf286712216f18bca5cd47b1e766cdd5fd2632ddde85288158cb57b9ca03305
SHA512 c9803fe7bd21cb8a9ddd2d7f89da120e610372e5fb77446e69ca105299f72904629173a85dd336e4ca478273deb648329d3b2fd299a7b7fa0d7903ef25b5b4ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 a87cbf07fd28a614df0008b2f009905a
SHA1 40d0110d3559cb1739f2f6dd1db9564bb41bfd0f
SHA256 cc35b0dbd383214e3f5c725ec9366e19fb8102cbc84d3b1c6ef6c2bbaafcd872
SHA512 960a8b8c01a02947737b7b9e661abc37d3b6153283356ecf8d0193189f4d7637a8618f206670d4c55d0acc08e08558bae2255a9990935f11a9a86f6b2328fd93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 2d655b5a75bf5a812ce1b30b1b34fc96
SHA1 5826ca03b81df165e799401dc5fdd7a5a65ed520
SHA256 183cd803f078da2d728b45e90001719076024183ff38d44524c023ed21e584b0
SHA512 b5247397620d261a75eb5332aef7a538dad997526cd9bda92cc524a7536abf31dcfe8d760f0331f0d874a4a9e3a647cf530ec2e6f6f2ac5e09dcd5e06aab555e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 bbeae9cd9d1c28fb5f55a7dbeb14dbd1
SHA1 d42cc1d7f571a9e058645247dda4c07ebeca4cca
SHA256 6070488cdd4a117d1fd95abda167cbc4c5f4796e89e617f8c46b0a9ac7b500cf
SHA512 d337e667023aad2bbe935c30cda30eae08a82702336e76116f215d39efc102c484878ebacfa7ad2cfef14254351b247eba1b9550f082136601ed0b6cd486fc5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 6aac663c1988c36965214721c0045128
SHA1 4135b06064414d1ce6e1f78c4cc25917650c1486
SHA256 23cdae389ffc8525fa76df39ce1703d85234d77d8bac70f0a380ebe0a913be2d
SHA512 1dc0053ee3a4443968f7c4f8214caea1cd4806115de1fbe29dd28807d4c06145c3acefbbc49ee316744d06c83b43e71b39704e7204a703a72541954f2d0ee50c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 cf786925cedec6def803ce19730f8af5
SHA1 1785418e96eb21a066d4d3ef6596306663cb6270
SHA256 fff6019ea3fc9b14aed78860df6f743b6e2a312acfea3c04c3c2382aa0227c01
SHA512 1ab373f67f72a984c765937db249e221d85a2ac02c03b662b845864171b0832de6b5a7aacfc3ddb9a806e61bfd6b5ae46ed02cb36de55baaad9ca8c009e413f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 f899f68afce7c079a23983a4d6a847a2
SHA1 eae64f7ae49db326f33fd9540e28186f611411a6
SHA256 75440728726c96ff118edf22d0da13841c04cc7e7e81870cc441ffbc3a2e2d2a
SHA512 b75b69cc80e4054513a1837e99f2f3a2646780f051806bbba3c9443b4277c055175c14b63735f0aebda5f4ffca6bf4f1c527f6f052adfc25c04f7ac4904c66e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 d34b3a8e8e7f5c2f8ca8c30b5cf55d64
SHA1 260d8a2c1a6d88c7801706c13ef41fd99d782ec6
SHA256 29fa1de10808de8115b27ddea7725a266c175b79b98904098c4c70cb966265fa
SHA512 d254e1054aa4fd20e53f039023c727642908574441e2ef543ac64e26183258111e5205fc004d57ce63d7cb7b501087845d6c88c1b74743bd858a8fdeb7fb7f6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 ee68d7bb4d2d762e7ba34b2fdec6f095
SHA1 9a778e6e2e8c498c71133599aacfcd2e07b9c2f3
SHA256 2cfa9f82ef4b944ab1cbf2c8c019552f0d805fb5a55ed7c366daad63f489f9bc
SHA512 2e41a39cc54d39ef40b891caa0ae3c7ac0375a2c9f00d8b34d962c919e0ac602328cb2529b4df195a7321cd0f2060e97abce031754958db10da9d2ccf24bfc13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 aa5fcdcca73d87a244a070f1e96ea436
SHA1 dc173c46de068e840e1b58ffcfdab0a5fe9bcbf5
SHA256 f848c5f04f7fbd4a5002806412648de2d191b95930d293fd8259cc8415ba9dd4
SHA512 1921df26b22046b9877dffcd6011034c20a3e99140b46c80b60a6647741e98bf1145cc2f63cb7c64041b49599e2f2eb52acdf118cf903e98b77393db477e10d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 3092240789432f221b7a48b0e74326ae
SHA1 18b521aba59a5091af66449c5cec6b454d4e9230
SHA256 1544b07c57b94f894c0f9bd46f8896d67707463902953e74d03aa51b5cdd8448
SHA512 c35f6defe71787e907062af207499560e9757299a0a04236d268d7af53e72b50b4dc70dbb6884857f2c61ce02efd3789752a160d95a770fe4043bcd3ac4d7599

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 af4a6c4d2baf565beb88e6d26689de6e
SHA1 b056e41de51ce16229715d2e102931a1c90da983
SHA256 2de53c8566ffe98e9ba9bedeb77484eed5a77314460b9f6abce8fab54d5e7be5
SHA512 9945ff15264cecf4dc2647f20bfcf6610bd9dc92b5b479025a0e707aefd5a198018dc5ede442d0eed8e10ae0eac071bf93ac77d923038444e6749d47ad3a4541

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

MD5 669916980323a9e79c7c276bbb24b299
SHA1 8fa1eef444a31bb1084841e8dec080a90ab64f3d
SHA256 abd97e1f6b88ff7393ee67f2fb3fd7b63819ce41b578bde583c3b9c425ff6e01
SHA512 6635b324057c453c6233c4ac3f64ad3d4a48dcc0858747cb573d41a24919959c88805780892775acc732b787a420899b604810276a90e18fb3c9c3cf6a48aa29

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

MD5 c710a56193649f16eaffcf35a1061efc
SHA1 a0343c043873a9eb20c3f7e7dba5f5d15dea8297
SHA256 42e2c5464225ec3234d7668158bc8ced0861ee8e4158d08db26fc9c1c155dec7
SHA512 a980d93d0ec24d9e8286537dd972b4a4094746875223e4f0835f9ce2f838468adb68efd74cc497aec945b12d3698de219929a808903b182f38e030172c2701dc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

MD5 3496754b8122b3a08284988b0d0126cc
SHA1 3703987d67f960e6e202e86d8bb5067214385b0b
SHA256 41b7d3fc835820a76c0ce055406e6d885899f99602667eac2137aa9054363f56
SHA512 3b34657cd1cfc78f4f970c0aabc09004c9d461697a597c98d8b76569da846307545dc54b93773d4c32aa988486b747207aba7b9820c11d515a6a8be1ad9d31b9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt.hfi

MD5 b183dc4b14168fa1584bb7e741b18d6c
SHA1 1d20d91d613ad70f7398257558e889d57d1b0ab8
SHA256 046ec29f49ac56fd22b313df7620ded59b820d1341bc1e4553654eb8b833fb7d
SHA512 dc690ff456a510c48e62305ffe27589e9993baea945f976b1e0b24a4d33edff15e1988d5aa992126b01bdac41c66e6ea539b955729e149730c04e21636d982d5

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 69f26f356bcc4074c124e43a22ac06c5
SHA1 9d64e6dc0f7c80118c36beb1f8e50cb7de2b0d8b
SHA256 9056640c0cdcdc0c08306c3f77123b29a7da8640c4e5bc9e682b9297d408d665
SHA512 9b4d45510d456d39f5726b505a597d2d41c4d60e83c9990edef073abbaa70949f484db801fc6c052a29469bdd838ccaf5b92e10d519a496c57092af5c22d9a21

C:\vcredist2010_x86.log.html

MD5 2e3bc5487b51ec023f38494fa069838f
SHA1 fb004e2b1cc49566d3b2f01c8c9816780c87a07f
SHA256 98ef8d12a52b3dfacc5ea83163ca97235c32300e7979d85428e43f16ff375a05
SHA512 ce5e96777647c36f8782d92464216fc9ac83137c761b79ea7134a6a80ad2f5cddf7eaa3903dcab83fa2f9237522d96b6c8ffc3589a0956552670b6abbc0e98a7

memory/4308-7221-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4308-7225-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 5e322b53a8b9c575501abb4b6967f006
SHA1 9bc8adb015397cf4dc2127c129feebea0eace0b1
SHA256 156dfaae4f44beb6aea474ecd02d9897e97c10c6ad55cc58286f50347bd2bc02
SHA512 e4797029a965caa162b0312a2346ee8be172fbc97efa296c6eb4e0e22d475ab1a522b9ec7378cf2f5836790d5cd9b2cc3c4887686607ad1890df3866e47f8b98

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 7839fbdead8663d56461e3c706f6cfb5
SHA1 be08d84badf119b0bc0af045023d1a71b299305e
SHA256 07f6cf97fff4b2611bad3673ea623de39801c115839c951259fb967b2e1e9662
SHA512 087316e60eb73f2105d0ed90948726ce4f2c6de4c582f1496013199d63b4c2d294d5c3fb4f9fec4e5fecc80d5c237e5ea8c18b6d8b83fcd43f28f2c324e510d0

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 5e14b149c6cdce31f959c5cf7adcb2c5
SHA1 2c89df3022317829009cc82da53b3d7212c2885f
SHA256 d2f53a0baeb2035ff50efcb5e23bdc86828b7053132425336f896e6f7bdaa6f6
SHA512 547b294e9477201df7779b05079afff398c1c29a66d56e27873deacd93ecf563de4925a9ead1672d44d4d39b818f14ef4e6f508ecf654ef800a49d191fb0b08a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 fbc941160d74136a823ec92ffda1ed95
SHA1 987bafa3dbd788a09fc9479610b67022316a5e67
SHA256 0b2b1471385637ef2f877a6165eabfdd4472998acb5972ce086983943c99ea6e
SHA512 6c034933d0302cb68204817514ec00a79bcb24efcc5e08b562df23baaf0499572538f031149639f6752aea77587a47a42f98a9b9061b1ead814a7b4b70684398

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ccf370973143e9c0fecc45410af659c1
SHA1 df33c9b3f50e7856488156c2ad165560ba4216fc
SHA256 cc693e7009d11c24943e7a3d2e932088e698055142f608daca5ade73160be7cb
SHA512 893bc919cc33694ae9bc2fadaa513e4c00fc6d697b8e52d2d0ed619678b15eb896d13680f018cd11274e6d1255d6c212bbf44642cc55a8e1027b8dad67b2cc0e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 80763720a68ae876a8426f14717651ee
SHA1 af6cd7f97cc265fa9842974098f59f25cdf4da56
SHA256 bdcd72e9e0f2c1930ae94e77145b2825022686edb42dd2a4d828a7fef0ae6a48
SHA512 2d1ba00d7b0c0437565f4760c97491bbadac37966b2591857a71ef3361d35537cd958d7bb255b0aa14add5b702ce5104a97f945ae4588032f93457f7cd9579c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 f0c7df353876c597f9a17d68444d998b
SHA1 7669d74fd49e2a1ab87fcc27b6a4507aebd5cab8
SHA256 d2f3d573fe2e144e627dcc395daa3878a97d8e11e392e078cfb6338eae3b8c24
SHA512 172d0822d96f1e1f7f13aa8723bac3cca55a5d1794c9bcdcf37249ce979abff7fb631e14a153a2d8133366842b017347f5d0cb0a010f140f13a98eaae2b4e7ce

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 92011617f1712b1e62335c6962794d33
SHA1 92a5d2b396d56c57718ef0239fe92583dddcc64e
SHA256 a62b32572a55050a4f51606f0ac13ea6315ca32959a9acc5048b3789e595aee9
SHA512 d2436cb08ce93f8556de785d9a106aa3e36439727b881d964597c4cb8e0bec4975b41921fa2bc4fdde1f2b43e8aab65e8dbddab065c675566ad68ec6ceaa9a6e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9fd7a7e94ea3916c418b69c2b7842733
SHA1 88e021ebfbcd9f7e72b878569990e7fb508ab250
SHA256 7e5ade2dcc8fe688efa468b5efe8294dfe9a89287b7cd90cd09003dd306673ba
SHA512 e9c44f74895b31761a9f537082814de3b811b98ee5a23aa4510187dc580a155af14bd2cc9aab9a949f8e7caf4f071ddb2a405b4c89e8e80f9c20ee41cd3725a5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 bd9447c60f16271319bd1e250a5dda8c
SHA1 7ea42467b0028f561779ea3fea110d91bb46448e
SHA256 4c017c3ead55f17bb605438576f11380257db9aa8f7958594ca66e3cf8d10fa5
SHA512 44e95fa70de79d1a0f2f32522c4ac7b98ea189ecae5b9e5727bfdc673c685963c782bba75fef69cabbe4f3179072c9c24b7111c36a07c95ad20ae96a2be316d4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 36c38aa4429e3447d4dd48f167075184
SHA1 3096d9f8ce4c67cdcd05921d1c255b71b1a038ca
SHA256 dcf3e23bab171e8f4ecd1ca7704516df5d404a3046fc8c8705fdf1e5120969f2
SHA512 9f53d3800ef7e55a57276ed05611715decfe3e9d4f4e4d58bf2d1eb46eecc10bd87b962249c1d90d03e1de20c2450dc20e4027652bb44ee01baf6cc7b8d67f38

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 97c64eb75e1fd0581917afaec633ae53
SHA1 1214b041868ddd81c34284b02688040ba6bf6fbf
SHA256 25b5162ed3b8dc60fc115c9e3f714f9253f27b42cdb08bccb590b02d076a0ded
SHA512 07d22100080536694974e986c7e55054713e6f964af2d8a15348975fef819f8d3c85f3542231081a4948ffdb92bb044f9f691e5e2d7b7ec21009adabbd38f60f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1cd5b8df2030f763dcafe61798d43a8f
SHA1 7362eb15b3963109fef3330cbae2a0d22ae3e99c
SHA256 26300cbaa06b01d74a73490487c4bd23937cc569329a14d40a99041e17a6b013
SHA512 69e88154f7751def41750921b6bbdfe59c84aee97aed46bd89a7c590a63145235b3e55e3bbfc1e35a4b286678e3619c193e2b39f2e031a15ad9c6c58d6cd1993

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 a769f7054ba5615b2ab0d37df49950b3
SHA1 97a18d06cc64183e7c22888ef1a5808610a2b14f
SHA256 a06c06b71aa4f3b7aed2fb81f89767c1bfed36dffa274f6d7735d680d866307c
SHA512 8a88c3122b4b492e245ff88d3245f3cd4a44ac8af4ac414205c7a08d2ac18ceafaad08761711150ac058f158956c343a744c08f4c27201edb3f8531a2c471eec

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 92b3bf8c42f09e3235b34356381df8d5
SHA1 2ff324d59349a2f58e463e6e0e0b5381052f2070
SHA256 63ab651e5c4b4a0fcb4e8babb79c1343d72396a8835c133a9f82fc789d7be372
SHA512 dcda29be995430689532e67343f9844b05b170e2d427c2894730a90115ce6bd91435bf79484abffbe74638c7f1cf22f401312015e10af23e562a0f19cb72dcfb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 ba88bf7a9d6785fa71889a57dcb64016
SHA1 93a85ec4d353de6eae9f96ba30817107a520f750
SHA256 3e5c69d5e0afc31e53cce60833ca80319216c9c264b76ecaf45e9c7b0563222b
SHA512 3d53b4148d1e1b63e5a096f5ebe8fd3d7e9271284124628c3d6a82a5d06e57c0678b792d9f51214a453a240070e680eb36fdf745ae814380f1ae41e6512c407f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 acad3e5fa9a1ce0039efd8acedd278cd
SHA1 3902f7d7439325eceee818cfb5ceeb2efdcf78d8
SHA256 2d2a7b60a31c665dfbaf6333a01f16c5926c9be91b9fbd95ca7c0ce7df760b6d
SHA512 e65daca78f8108c6a57fbdf7fed14d833ee219b4f013ba2d220d41a1ea07f000dbb5b9a88e7f869e3fd33b00932aad7ff127122e5fea185d4fedc9da2eae86d3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 e7de7f7e6ef687c7d381d5ca1ffb32b9
SHA1 f5bb25b19991378aab6f4b6970c3d8ddee9d4f9c
SHA256 7a2310b5a3f55c443585ba15ec7dba0288ba1ab39df4ffa504c7205818f12af9
SHA512 d3dacb8b30fceb8a149d547f06ab7ae13ddf3df5b2a5c0ccc7073c4abb7c58bf2767d6f29c8b245ff5ff2c1aa588aecde763a30b1f34f1967650806f5d56f47f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 d25df18a7af3f0ead48c9f3f1834894f
SHA1 dfcf02030105532681234936a75108d3bcd1f8ef
SHA256 a7f5090e64d89ee9de8e11c81b8364c6be43f6a8f51284cf8446ad7916139c53
SHA512 59a29fa7638fdd03d6a1f1ec35da338505ba28d9361d6dc6631fe7c781b1a5e1213e52b37320fae4c6e8b2f334691bd3bcb0a1da1c8ab7a09d7db2a52309e171

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 539c34597f57bbc1749dcdb6b916f8eb
SHA1 768c27cb5f000f7af25a1d9ee20ee84cbead2017
SHA256 21c6b2b85b06059ae8d8e802a1e5d09f792eac0254375b8bc283ca2b966df2bf
SHA512 95073c340e6a0ec208f70deb5638355383ffa1bca5239a7657c1419b8ca4a22811edf93365cba2dd9fc2fd079bc830d26f2c4110fb9100e9a4843a852494cef4

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 7bcb921c32cb0424c7d850bc2d89cc52
SHA1 f216b767017a7d19454e8ee6a588978b165e4abd
SHA256 64e3604399ad586ac50a671ea2de46b64acfd7f38aae273b6cb1ea50bd5efcc5
SHA512 5c1f279e8e5db43e5b8ca8662dee15fb2d5a81ca95074c0995a99b5898cc4c36700a2107ffb8f8391c84dac3fc729b1e0e16781d8f8aecace79f9d746d57a457

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 2fca5df17538c1d818bfa28832dfa684
SHA1 f01aa0e62466cb979105ba938c7b915ccfc97149
SHA256 273662e0a4a1da0e28e278aa150ff2223ec5e81937a348240cb8f3593f533a6a
SHA512 68786a624ac8b15f59b70661bfa0e452162441740af309c27a9b2adcabb5178b87880571a454b1b529b66c75315abcb14a17eb57fb879b9f8763f3a2824fcecd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 3b4055c244cda9380b6415d501f5fce5
SHA1 3791e4742329300d0f8477752bd53de32c3a9de9
SHA256 015247d0602ec42075bd10a9d632b51f0aad912b9bc61b45a262d6ec72a2ac63
SHA512 60f42c3f019ee27f66881981ccbcb61117740df84120c174d974c287b1b14a00559c0c926233641d4c842237a69041c304c3bb1eae3d117b8d7f0d5034363ba6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 2c2d94776f7ce356424af70d4442efd6
SHA1 248586610fe1fe527818c82be52078f345cf5a3c
SHA256 cb7ba2961e3228a21cccada92977737b3279f3cf56225264244f449e3c66a03e
SHA512 82aa18d9f92ffce011f04a7cea680ef049fde09aa4f40bf836fe147031419a4a07d453af18258b03870d1faa01c64bb399f0e60802bccc5cf4158d4c09719dd9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 47dbb9322a2d046f8c3daa615ed1a4db
SHA1 13b3feb1ce7383822b8635c764dd3aad23239412
SHA256 1f076a5a2d953da27425d55470e4a4d136b73dac1882e4997adb992100477d00
SHA512 9671bed25c8a60f0c7e552224bf57c821f1e14934755a8e2d793154195cb291f8292c526574bcc3b5777967d011241a8572cdc4454564e66295f5573cc2ce687

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 ca97185c51d859a24729a1107225dedf
SHA1 ced40a67cdc731f74ebb91e77df9cd539ca624a5
SHA256 0e7229b15f1cad440571a2babd5de89f6fd849244e7b74154c94dde17b95641d
SHA512 f06ed6d8ca969014013a43e48e5c24cd18ad519f54c80553d06d829a41d66166bc7ce812ffcdfa1495156f77be618c48205a0c3327737b25dd727cb61044eb73

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 855bc7e59b9be18ba7c4d524e558fc16
SHA1 27f02dc48e40e8b4ba46cd8972041eb303a5c632
SHA256 5597bf76a3ce763e92a2dece00ee5cf3e6307ee091e8a5a8bc0a935763844240
SHA512 9a06c7f9b309e4fad7ba60ab87648043c157262ec3effb02c80db14d3b4c643b6b6db4ebc983dc8322fdc50c5ec4c2b40548467a19e55958ab4cfaef36bf4702

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 352c3ccb46ef1a3654e9fa253ff5a4c3
SHA1 3ae1241794aa7a02dd6963e1c3b8619cdd75ed2f
SHA256 15c2b2581d4f53cc4e1c47aba424c087cda8feb87702cadfdb8de940d6af6bad
SHA512 41376893cd040ad345ad06800c5955fbc6612853acbf1e6d59320a7bd4b46e33a1f45f871f3b51afd7cf7af1dfd9339187b8933d63a11d27572054c451a6846e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 d7d48037a366a34a12850b5468ad80f2
SHA1 7d2965899787d44a12263d1a8c79a94cf4c2ab80
SHA256 d42b206bd7347915f23556c2b33b642d8f970c25989f6b83c11340f775b28593
SHA512 b90a51e02e93f643a70220ca01a0d9da28a24998a9414a7cf230c7286194f7d8914e3c7c4ddca044b07cba29179b5efbfd8aebcd43430308abc51d89530dea78

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 858a48fddc692638f6fe76bf9b617cf1
SHA1 998ee43e53a74e072e04969f617ebe4498228403
SHA256 71a1e386896e45a124a341e06b05b9dc9f7fc46b1a1c868ee3c472968ccc20d3
SHA512 c4f2b032b7d8af345ac968d8136b84a9866edf246a5e94df1784d2364d1d20d4e012b10e2b25007ba1f7c9205f4d3f0070338e58d098989754183d71b1bc07ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 a82c2e663dc7a4a6e1bead21788b0790
SHA1 0f25219ea4e950f4e1edc50190061b194229ea70
SHA256 ed7ac81947e1ab009f87d36a05e4bed676aab1620303b820b6da7ead567ce01d
SHA512 62338a8dcd78826a08d4dafb23bb4477448d89e0dadc1a8d70321fba54a3eadf63356728653b338d18a680d99356026037674ecf6cce6776d07a1401b3ece252

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 a83a2da5df4c964c4e6c1d7a79bfbd76
SHA1 217e454e5a72d65de734ba149c48e7535e09d407
SHA256 e703807dfbfe33fccbdfdad93a128effda69a5d9668faadc646ae0b488d9439f
SHA512 5d1945006464237ee1f818800e83af4af5c3884c3576cd8649a4ed213f964c687a41e3d12e8647e2d316dd137c96ce2af9d74f20b27a6051ef9bfa7221410005

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 5d014ff682484fa96faf9abffb0ef075
SHA1 c2d177431a1c4be49ec98fa08e9658c2ad422061
SHA256 8186ce0fb9cb8b3e988e36bd80b608a60eb1ea8a8fff11161d3a9de79a8e0e62
SHA512 3e8b93b2bf83e59d8f6c414fa41d04044679dc8968fc95a876a4fd37831ec9e919417f3b264a6a1e7ee3eb8b6a1f63e4796e89f94bd23e054012291331fc9f26

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 b774065675f4f100a541d558b69b13d8
SHA1 d917933ad354491e52aa9cf8b1cb1dc359fe36d6
SHA256 db173d8785a26186e513803ef3c84ad7cf2f12e60cfd41307693a7edf84e5e0a
SHA512 bc4bd300541e4bdcbea2022a18d40a22cbb72fce65680ab4c64f60d1858a2fafcceea3bf7a94ea93f871debd8f431991244f3645bd67f8f40f5c85d53f13324b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 95bffdee2a2582abcb14d46882769b0d
SHA1 2d4dbb773005d329015582ca63d9885b0bbd3d8a
SHA256 0f89cfb70692f6af567754aa326a57c2a6861767833c19d7c79c4361673d6755
SHA512 894efef55df28156f970408055953cadc88b1f5d1d9159b430717a10e3854552a00eca55e2acdde8d426f851ca35b1fb03efd782136ca02a1216f1c29229d7b8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 dd603775f2791a5d33bb06bddbbf9eb5
SHA1 2d32db3bd0962f73ab77bc455149966b0681861b
SHA256 6b800e94fd0adbfcf5e1015da2f0c89bf068d6bad35f0ee3e02cdde5668f0d7d
SHA512 fb150d99b406255ba25737759643cbe6832297760777f22b631f3133c508a43dec0fe153c06127bb7885f9e16fa58a41872ae74b45ff129eeeff1bd255dddb39

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 3b02de87b240fad92bd5fcd18792e70a
SHA1 2605a1cbbe4d798829b6cb775ba02c8021a952b8
SHA256 a9ba3c1b72aed146448f07c6062c171f914db72c865586b0cf3c447b5faa6e76
SHA512 860f47bc69202189f84a3ed0645ffe93d1689072d2b5294738ea3d469d09806350cf59ec6c02682f407a4f7e43c87191e037ae108c1080cd0f9aba0f94518ab0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 c8c394bbbcb2f351b88a825297871849
SHA1 0f7520ac41ddb5b779e2df4f675619aa2dc407f0
SHA256 e790679b7e7dc84536af223b9d2e435985d0ace4dcb7d3f77f0276427eb44c18
SHA512 49636abb408f5352b70d7bbcb429d6d7d5acccf22c44f5ecab0b4d39b2b0af51bc22d12f069776d37e013bd7596fb803bd7158ed09d24e5a8372e8437ff84251

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 1d4fb45b2bb3e9ef97bd43a36ffd9fc9
SHA1 b92a29028edeea153f68a45f4f63a14ad792770c
SHA256 de596b053b9f7e6dc832e94528da648af58067b9cadd29570ccdfd8a4ece9c8c
SHA512 0dadff11029991cf7725f82a1b51da038c7dd545560c568bb615d20debc2194bb23019e83ca56500cbea7a8afeab2874751cec74c209839139d481133cfdb9b3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 85f21ff92180f727a82ec275a1ae7400
SHA1 25ef2e735f03be7fdeca04a520f63f74b61a101c
SHA256 53ad9654ffd1cb0fde756bcf3a6fa2354fd06bf0caf0bbb86a46189f0533c904
SHA512 64f4d54c3dc66c4fbf8158da991fd3e9c4e297f42d11057d223346b5e5110c66da5b473a4944264c7c9cb46218d03deb4838c38154017525daf6d68d384ed850

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 37145ddd3fcd92ebd29ebb94fa94b5af
SHA1 c33e9e75d0fe2b06e0093d36fa47d0dc3bd20f9a
SHA256 7340684c60ff05b99549a883ae36f1134c29d3e5a0ab7f96329e0c20ad6272f9
SHA512 728ee57daec4d6328b1f1a10f366dcf731d79b764a41ea0b6dcb349489e3b307f82596ee57841ce8fdc1a1ba080c609869ea5a9590a397bb325ee06e33b85535

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 0bccff290d6941a8535208384678f9c7
SHA1 0745ebe8c780d0c35947063d2a2d664f0e792923
SHA256 2d133049c9219256a9e63ff28dd0b47ea8fa9265457bdd9b0ac1891e87e33b14
SHA512 2898880abfd2557e539bfe34cf6ab6c8193f6df8de8520e64445557de00683b7ffefa6956d20e2002215f60b540427cfc21257e5059c3231254682c82dcf6c26

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 ba46957d08836c113b5b22f7e2a812ff
SHA1 7309571195bf7bf6c3241b7708cd2bf628fa0029
SHA256 d1920adaa474192bc83435e2033cbe0460542931c9e23dc932ab8700e750617c
SHA512 65054d40bacdf1fb177f5650357eaf8a8b57077828fe8546b9ffe37f456e65e8f337e3c9e4280c45a802047e80a71b531d1772b8399e32d5782aa07466be03b1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 ed83ae0313c02e6d8330f8efcd516e2f
SHA1 6f1ec04062dd6ea73ffa5d514a2b81bd203fa721
SHA256 2536f94b0c0e4b57315dcde729e77f19fb9b5e3fad4d7af8697cc7238e2eea67
SHA512 844cd75bbc13e09b2a18ebd5fc6761777ac1e3da5c1a18765273829bcecfaefcac9a294f35d94f89cb99f07b335c9ce5d21e8a8d1d88c8a684d36ef7d8194695

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 242487d5bbf259445a7da1da7825992f
SHA1 95147d8c5bce5e28aace4946ae4bab64eda1fec9
SHA256 779bd22d43999e5eac00cd1ed65cf8c10a0c1d9ae0a2778c5a59327dbd8e4069
SHA512 37f6808a7ed6813eef37da7d77d19c5781d28e82857a1ca1a826e3a24d913c862023b44e0886857e92dc76451fd0644115b723d7dbe672c0ce4f56526addee82

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 d6d000fbec7d8a91492ea1f4ac2e43ab
SHA1 f54c5ca247d63601e4a54f83a24f3b922104dfc5
SHA256 2799eddada042436f7ef811c7eafeba9d8462025c8a7c350a59b3329f0285909
SHA512 66015d07b02ec2426967bb161764aeb666ba69714bff587e29fb4538aed0db3ce741789f3622ffd00579639b1b74a44ee5ea664b1c6cc4ecffc790487debdcb1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 18c44fec9f623af4989e5dea3be40d9d
SHA1 2afdca2fdb57f1fa027447bc2812a295388d4f60
SHA256 d1ab5621a5d3eda410d16431fade4fb82c3cc4baf63785aa0cda3b57e4f62351
SHA512 95e9415837639e8f510cf7a6c35041b03fee91c42e1c9c27f7bb0784d5af39a0ac67f45addc6af9fa27c0bf661576f697b201f03b0bfe3a0f2234bbfe98e80c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 5dc48103a3227a57a80fb1202455044d
SHA1 ae3f7a3b3868f7e5c77a4333cb53b8aeda57ac7d
SHA256 2fc8d468ff3df6b10d98a4b309c1ee9a4efef877f88351582dc2d0cb7d768cb6
SHA512 747cfa162528331e4c5197a8c97c3d595e1339d5033fa6b03f76205221c01baefab5882d5360b410a2d68b38c1bdbacdc0a16d085d7adf76f675ededfbc025a3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 fabc8355df532b6cbacadcdc18c7828d
SHA1 45248e9abeea45a35b3a010c548831ce5afd8750
SHA256 1b4b258a571383709d9f7cd1f588a7ddae5aab3e510ee600277747f62ef5547b
SHA512 eb5bda07fa5c20fc766ac52b696034aab762b7c92e5ec6ae0346f1a2d2a565cd87404fe4c41f19d9a09bc4c31b3db66c474df4b415894bbc980d21b5886367ec

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 28e19a72b41d874a008b230f0dbd2398
SHA1 97e043e39bb2cf6df9ec2b8e47266388cc9ad500
SHA256 525fe556d469d11a4db513939d1dc3187a8c3e6bf125e27d75ab3ee2ba53d5ce
SHA512 992c594e446120c1e9f8a99ea8ad680ed0763ddbc2f603e43d20926262f48e7c123647ec7e3b0d0be0f3e91d92c4faed559cd18c676033af2b2f7af2e22ef016

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 66aa0a80b3424f930d7a6008b81882ac
SHA1 6cecc2796445fad46f1204f54c4341ded41b1c71
SHA256 418889727d53e20d833dcdfde293f8cc6927409382fd426288b2534613433524
SHA512 08243b027e02f9c039831522ddd95bda16bc3cc0553211863e10de45b4bc26ad43ab8fa410b0869393d48301408fc6ec149a904f7f1f03ed380a41a4a585e1fd

memory/4308-10901-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\Task Manager.lnk

MD5 7d7fe4c52dfd9b9a5a821956fbbdfb60
SHA1 cdc6f65548ef206fbfca57d0c860e56357842409
SHA256 a7a55748954f8c9bb439c5b71a011e0b4b6716aa9a715fdeeffba1fca9cc2f07
SHA512 2353e9f16e458528ff6f6e2e52f42a0122d4919bedbe32b08ade3cd0da0d6fd55437f282f7488b721518be70f6de58906d4e2f18950094afa4f02e21c2ec795d

C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1_none_de83be952b0afb6a\RecoveryDrive.lnk

MD5 1da68fa1a05a89834fddd7cf5f67c0a1
SHA1 c30ad68b1c39c45edcb60f8786f708bd8921e09c
SHA256 0e0ff707118fda3a65432a1fd8418ded830976d93bc212cb4e74e1a15fa824ed
SHA512 7a423cd3294e9c0bc2ce0bcf4f1727780da25cf7161760c5cdf5e8e50cd435f89940524fdefce12f15b220155ee8523c89665334e63cb5ae9f4c3fdcfca25900

C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk

MD5 a46083ee7380f46bd6135049a6c83d61
SHA1 91ffecfb3802dd2c32e63b0390bd0112eab0ab85
SHA256 9eaa4db69c1ee43b3630e579e663bfa805262e9a467bb4364b959fc62775f913
SHA512 a58e40de993bbe9981ca5d555f008350e2c57ede897197819336c125aad2a7246892633738112f96e0354cc1da7a6bcb9fa2ba04c3f164599eadbd9f0cd2a3f3

memory/4308-11044-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 18c604f41c64056851b6c080b80b355a
SHA1 1ae635e7018c3d03e0a3d5c097c6b41480760c79
SHA256 d855027b04facc60d5c33661eab1be5a08ed5edc46b7b8ba4ec10694436b1be2
SHA512 767cd207c831f6528ab00bd0c0b81e2acc01f74dd17dddf965a179b2ea8249593cf6e8022e71a4f6601e7edb93afd49cb4544bd7667a3c3c7cde5d972217a50a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 2f78ff181c1a1acf13bd8ed546952287
SHA1 1ff361834ce283f935b7224f8ca00e85bbdf908f
SHA256 8354bf138eead3d23680caa24872a674ae71cd3ac1c8ad70d4e942840101cf57
SHA512 0aca78bccd5d4d55d017aaa2002c5d23112100b8a7e615407cf3c8ea76238c445aa51dd31fd002de08e07d3d45648a469c93823a7ca882034fd12d2309803561

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

MD5 56767a29a42ce71902aac15f777dd057
SHA1 9df75929e64b938e8520d2e3c334bfdf939a1978
SHA256 b2ef2567ca46a1813f0fd4364522d6fe041af12264d7b30094ceb6cdd813b819
SHA512 3ee216757852b38f8e6c8e4ade9451cc5ad2c866c6d29870f29d19fc54c5d480f31357f7c253b81ecb306f7b2579474711a21c2ca20de16727f41decc39a7578

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 55c082e5c753a3be7704ddf066d0e895
SHA1 ced13c44a19f82b143b033378d601f93b1de3388
SHA256 e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA512 8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1 eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256 403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA512 3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

MD5 cc732d0bd874a5559714f32366affe1a
SHA1 b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256 a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA512 3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

memory/4308-11323-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 9215a99d7703108ee4ea5f654285ce00
SHA1 8561e3ff496a895f3da49f72b921a1ba3a130cbb
SHA256 48cdd4014bf1f79244c40e66e6e2f5a63332328ba2e4bc3414c173d064aac009
SHA512 7eb0b00f6c27e5b970d6ceaa8cd84e78ae425444cf98ad1138d278f7742ffd0b1b74e4bb5a729bf6f844fb49b4fe4855e36b85cd4ec5838b13aea6c1f29b8f5e

memory/4308-11328-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4308-11329-0x0000000000400000-0x000000000040C000-memory.dmp