Malware Analysis Report

2025-01-18 20:40

Sample ID 241211-twj66azqet
Target e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118
SHA256 0ea08c2387900bb5a3c5ae32b601c2a565b4615a42b935e43b1f31cc5f5c549d
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0ea08c2387900bb5a3c5ae32b601c2a565b4615a42b935e43b1f31cc5f5c549d

Threat Level: Known bad

The file e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist Ransomware

Xorist family

Renames multiple (2213) files with added filename extension

Renames multiple (2185) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 16:24

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 16:24

Reported

2024-12-12 09:41

Platform

win7-20240903-en

Max time kernel

117s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2213) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nfrd960.inf_amd64_neutral_cfc8c0013e9ede68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\AIT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_neutral_5766736c47b90fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_ISE.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_GreenTea.gif C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f2d8dcb146b08b94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rdbss.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_236ecf107413133d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.1.7601.17514_none_b34bcf2bca512dc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f55e1530d42f5d9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-mci_31bf3856ad364e35_6.1.7600.16385_none_79024acd05e90673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_c405852b31194b0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_04f87c1305f0d058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_11.2.9600.16428_none_f151276ee40bc690\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_avc.inf_31bf3856ad364e35_6.1.7600.16385_none_084e3f0eabcf1e24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_6.1.7600.16385_it-it_018676e68e1fc109\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_de-de_6d6aee55bd035553\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ilter-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_01f3199aae0b8674\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_xnacc.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_77c05e551298994e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20838_31bf3856ad364e35_6.1.7600.16385_none_5277936547471708\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ecd317bf4cc234ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-networkprofile_31bf3856ad364e35_6.1.7600.16385_none_d49043018fd6ce7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_it-it_2bc0ea1577940f69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.io.log.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_a76941a47fa5cc21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bed0e53afdf90df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Garden\Windows Hardware Fail.wav C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-alg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_df6e5718e33fb3ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..questtool.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b3ea6debd40ccf72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mfc40.resources_31bf3856ad364e35_6.1.7600.16385_en-us_76fe0af11a705ffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..soundservice-client_31bf3856ad364e35_6.1.7600.16385_none_b19d574bd93a4175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dcom-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_113ce102e9a7f941\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_6.1.7600.16385_de-de_26020d0fe0d138e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_nete1e3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f9478fef83a24677\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ef3606e77a162ef9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ification.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2933ac3bc2e9c8cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8c5b6dc8f63dad6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7601.17514_none_ead17d7ddb78651c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a390f049acdea28e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-winmeetb.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4a4444b9f6d87dbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_218fdc47c352aaef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-us-component_31bf3856ad364e35_6.1.7601.17514_none_b52573ad8e4c2d89\US-wp3.jpg C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..g-fdprint.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6dc5297496bde7ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0cf89ac6c095e719\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile33.bmp C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_32ec604b60eee61f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2541e25eba7fb23b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-articon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6324a0fe3a215514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4f6fccfd152ce835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7601.17514_none_6a483d9908ebf60e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-devicepairingdll_31bf3856ad364e35_6.1.7600.16385_none_c9f831f51cc159db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-landscapes_31bf3856ad364e35_6.1.7600.16385_none_e57abb2f66db71a9\img9.jpg C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Navigation Start.wav C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05129292ac22f63b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_992787fdf80a08dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0429edff22a6f4c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_it-it_3a81cf2d637ac8be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_cfbe612478d15836\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_574d9547b649a60b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe,0" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VTGETHGCCSZORMX" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe"

Network

N/A

Files

memory/1908-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6f94726d7b1535e48d04e8a99b1e7c61
SHA1 22b1b0e3f1e37fa207b866714be0f7a68fb24088
SHA256 908c824ccf1067b9ad65502442b39f06bdb6e372eef63770ff7add1e54500757
SHA512 1eb78b47be1a3405b6af2152551f28985ff1d2bd073f9c9c9fc705bfee516b9a16505a873d3bbd81bf61d045e4815230ae86437c0d7d2c6151f1e547252f9c31

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2274cf6f46026a2c8dc403d1758327dd
SHA1 20329de78424958b9cd15fea0e50efde8bbcab0f
SHA256 b86a28dae3cc01d475137fa38568e73a753fa58037a80e9e552f1a1644893bf3
SHA512 21178dfc56204548f06b0f918f82472e284a97822064b189be7c2760c0966377b37b279d5a663b799d6969e0ed6ae16d4a7e6fcbedf1ab419305294f3487b390

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 adad8d0dbfb66b557a6d31fc17ccf0b7
SHA1 d7e592bae88c4aa74e050ee8ccb0675d370702bb
SHA256 2bbd1a56398f6964a9d4fcfdae5589644d7e474fca347adaa29341abda00e0ec
SHA512 78ab9ceb8d16b26c4c84995326ab6478910d396bd136707e62b315ce2ae8e78e7541a591d11f9912a3ce9822147b01e2f6432e148db814ccf80372d8ff0cda4e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 daa574a93c546e4b0351e25303d8968e
SHA1 ff0f070484e4ecc290cb8bd40ea61f51dfb5709c
SHA256 25aa70ac923907fba728c74a7000b3ffbff3eff608a7eb0dd9b872fca712eeac
SHA512 b2cbcee3f5e6c143df7a2ca2ef3a78db9d80c71ec6174f2dd10af65ce10ae04c75462372f2ad13a391030e4b5083578e0311b823a5c460fa52ea87daa9942a76

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 3ecf5603fb2a051702ac8ce560ee5746
SHA1 734c3ef500432daf3bd28900c8ea2b54421f2273
SHA256 3efce90675c04b52515a9205948632bad533620c98f3ec52f54f810f8c59705f
SHA512 fcf5867baa3fb7a1eae86c48b402cfdde01d2769fd32d768df0012a7a80b34df1fb546723f1e94d58b8689f4453e3273c105d8f86c03f47577bf90b71d66fb89

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a221c7e08987e23e4eb4f854775f9f12
SHA1 b70bf7a85f1a1636094353207e3d7bab35002dd9
SHA256 949157e79fa52cf2918c5f550f1c00467b5d8da86f927c42c5b36706e11682b3
SHA512 680a7c58665dc1de8d0d8eb343750e7014e6ace01db35599ecfb77a3c8f89b1fa7e84081ef3eb2330afca183337ba1828217be5d267582c15eb6657a1451a817

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 aed8a7f5359e92b1c1292e9f7f17d991
SHA1 8396ec6c3045ff3ae9580b07275105d07a7c5fb1
SHA256 49d47b4fe1264e27a83033996f1dc1e3b1a25f19d73ce6388caf7101ef2cfa14
SHA512 ef88bd0ed09718c15e3c1b110bfcd64708c68b8ab87ac4db6d94958bc58193d1231ad1ccae12d65627583e755dc2e1775b0336969479916920cc2436ec670865

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 c806f7ef506802c35ecd71f0ae3ade98
SHA1 73f202b1fe3b53cc1e76e229b35713806a432f66
SHA256 55e75f9e6487b4e2738754a8cb0eed1046035d8ffa27380630e66e3070ffa4f7
SHA512 97d3ac5866bfc47549684a9bc95f071a6f9cdba44319bf9fe9be7e2f43cd47fd8b07cc1a33754f498a9401b99777be32526a039ef84d38c0364ddc15cf13b79e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 57c5303a82c739aa2bf3696a78cf9e04
SHA1 5eef8522910390648691d70ca1888e1699c2d8ff
SHA256 fc157b8db62dc86a8bb93df9a33cb5f3e39d17c52286960eaf9c42a80669798e
SHA512 eff6890655321ecded2f397278ea8679a96c3f90bcf288d252b0cf77707eddd2e4806b3ddaf02b823103c6cbc1ca6086c0cec82e4f63b367304c8b699b39730b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 83bd89dc73a8332c7d5a71f022fd0f8b
SHA1 f5067b2edb41007755469edf99cf894a7e603196
SHA256 63811deac2e3b33c163961ca26180bb0064ef5ec2c19cb7ad2883d281daf263a
SHA512 efd86c59bbf84d13a3b7d849f056e52956e7d1a10349f629b75219b65d769d739ea8876699cea05ce0818b05d0ef18f74a9b1dd923e149fd77710e3df3e5948a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 20ac08b0a8594aef94e4afa92b3b2fc2
SHA1 149e463ce0ce1ae434dd5f5d669b6ce2ffc02d26
SHA256 d7d5c8dc9b400fa852a2c96f90404fc4202006dcb35adeaed8e3c807479c1f4e
SHA512 1cf8094c9772e79bf6fdb02547a183017a2440f946ad524f15d4a3801f75d0b9426240ebacd2e7629427dea96449c7f308aecde9a52b3091fac12c5be7c8db89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 d2aaf895fa9cc615254f1b33cd11b1b5
SHA1 364ffd052d22f39203a871428f662f6154e9bc41
SHA256 728c53de6d7d6574d2206c604886a440d9c1a5a2098b3cdb80c0737996a2c2e3
SHA512 621c207382579b2d5021f15d73fcd9781e32f22e4269cce834e4031d121c5828a5179791c4b7618d068579fc0e6311789c621c2c3bd19e49212f18ac6dac22b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 bccbda4ae7afd1775d18db719debcf2f
SHA1 40c4070dc6d9ff0f3bd0600a3e301e55b98fd1f1
SHA256 fefcf098c8d80836a5cbd384dac50504879d527020fc4dc93b2ba3c9a6ee26f4
SHA512 3a06b7021bb8237a6a3fcf71ea90c283915f8c5fbb7ad59bc49602d10f49b3502de1eedc28cef925db0d689e017404377d2c5a4e5f2aea1dba8473540d4feda8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 33b02fa8dc4cb0ffd6d425cc4cf33e2c
SHA1 cf5cf3c42499cb9ebc3ef8e2788faaf168ed593a
SHA256 d5abf0762449d5d3b511d4621022d8885fc123a385aa8eddd988887c42b7a18b
SHA512 68dfd1bdef255af35664ebaafd77dbf3fecb17f5557874d2cd6ea3930657e5dcb42da135b0888fe8680a934f39d077e67ef0fd8955f2cb18a51c95958f06145d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 7e2f01ac0d7d803a89415f72ea2aef86
SHA1 f09a767216384994ee3a5d8ee6ee91583c6b593b
SHA256 ab8cce825bf2a5ead8e4b7d087490f5f35cfc55270f1e5badc4e92d93a633343
SHA512 f2ebe566af5d3a94aff6b64694642f9960b7e3e58a4306ce85d0f7f49da318482750e345b95447fd0f6ba93bdddb765744c02d406befcf5350b26de6b3dbcc20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 e4786af5315aee930164d5e78e7db800
SHA1 d1c05aa1464b3edaa2a85ba4282073aab7853d21
SHA256 2b5aff949c473491b7697d1f58a0a65b45d34315e516a86508deb7e1e90ad852
SHA512 025b1a946d46d98daf3d485e1998be2ddf565a353f1ad80a60ce28ebfb848bdb5a270813ca0a520d8a6055a09464bc557a8f462eacb71731bd6cf4efb705586e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 2289ad6bf7958b748be752efab6e52e1
SHA1 c788ff83c0a1d55c04cbde5a21e6940487d17176
SHA256 74279dabee2adc36ea1591af8b1e2d630d7e7cd815d7cbd0169f24941cf2bc34
SHA512 fc03fbb00d00b2d770211e55fce8f0e96629abfa344433a66fb0a78439b254b14b119bac76580a490914c773cd2534623662bd0c0b80cda018f197e7b8209959

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 f06b1a0aa726276f62b21cc24064ab66
SHA1 e4e8ab8aa1f7f3f5001b1135210d55bc3b203bd7
SHA256 9a24d6d7f796fddd4cd02d7aa8dbe4c48be8a73e65b3a29708ce11878b18f765
SHA512 44c10980e035806c9ea25abfdca6042ac55e3eeda91134eaa8ada9dde13a0cf1a54099ccb5b9ac14d1f907180553aaf7e1188964541cab74b2398b275577054c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 9429ef7ec7666d71d9e67220d3fcf416
SHA1 66b11a6b456a69182039ed0e91850f802ec27154
SHA256 fdfeaef2adc6503798a859664c55383e8680d62f466df43a24f04c0488b36029
SHA512 f29e2f9b95db7b07d2612f9a541298758ebf6f636a551abe6bb88f470e36341ac83705ec7d834ff400d7c9c6bae06c9e85bd57e612ae65d609d0555478a75147

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 6df7948a283d7380eff47e5b94355f22
SHA1 917d53921571f9cf87d3327e9d214ca906ae2841
SHA256 0824e40344f993b4a7ad071a260f4ec2b4f06eb6b0becd9a97a2315e854e6770
SHA512 425e4a1e0cf868ddfdc35a7d30e183763498503afbdcde60af0900784061af0dfdd3847b00f7ad98b0860c4f03a90af4d46db8e5fbc6ed3aec44fe736d9cd5ba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 287095c7e9c84dfb6d9bfe920c4fc6ef
SHA1 ba1a5c8be07ccfa7370473dda67c1425c1c70a13
SHA256 70162ae554991db8900f3b3fa21a48eaf67c592f6726df8406f132af9954e7f1
SHA512 964a0e580a0bfdad20062d8fbbf415b9b40e818b18d67cc9e042dce9a657dd8733ed8c7db3ac35b388e2a18ced7070079b5c60bdf101c9b79d29f414d0e1ed07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 9679cf1f19b730a8b6151157f2178ebe
SHA1 544bebdc9f0259ed3116d6698bacf1a5d900d4d4
SHA256 9d0033e6ed06d9780bc36ffea0c9e3679ab91773c4ee2d4d7ef16d101594285e
SHA512 99638ae064b52f2d239666515810e6a9a55ae740a8e9f05a4b3867e59b26ef8f54a665fcf28fc5d8bbc6a71120ef7bc07933b160cd2f097b672ab6eca63aa1af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 44c4a440fc5b8218503a76640c08f388
SHA1 bb0bc9a2d4bb3ff92d5fa6eccdfe6e4511b28945
SHA256 3fd55e1b8e20b990297e2b0053ddb880a22d3b485bd8da5c910aeadb40e52d9f
SHA512 4a78d8a32c14f14f01e87f60b65e0e09bc854572b366ead13495080042c18c517805e45a2129b39041209fa0874d589499780f3e77d608501479c5cc11cb228f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 36383ca685ee47e73eefcf1e312a0bc4
SHA1 80a6f14aa3619eb66b96a71e673f3d71792edc59
SHA256 03f1b8df9664313e57eb8f958af56baf6065ffe717ef84ef549ebdd1063c44df
SHA512 a5f143284ab5f378564404af81d85b90d8886c2dd06cd93cda9825bb1199be202532a7187e68421b25420caaf46d8258fbcd938692c02292507a343426924c60

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 711e4dbb698791bd74c69f1cdc93915e
SHA1 5bffd7b15cfb3f1891e9cf17a8767fd068427953
SHA256 28c89ab9a6db8b96832e9141635ad7743029056bcd17f838d477a3e1ad730b05
SHA512 ff5bf8a3f649060eeb7b95753085fbe4469965ab628a8ea3a736d383f8afaf5664d0a0b19142c4e5e6e12db95b459f4917b16faa7dcf92058cea8e6407313ac1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 72c6889299bd0d2efee9248e461a3732
SHA1 52d33b9c36f71c1a4ecf5daa92a50d30c25d2dd9
SHA256 fed8f253ef16b9403f52959da67fb8b4f928301b854d225aaf668a372cb6fe4b
SHA512 aa2369be7b5212f2d32824a60143c53b1b44fbae8c6964cf0c32d0055030799b9328036cf87bd63d102f739d3c67b419d20b001f282bddc3a423eecbf3cdd5b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 178233d842d1bce1bbf5870588011aa4
SHA1 dce6dbd1f64c96aaf022faca0ff1e67ba25cf84a
SHA256 4a27d96c7c1763e6be70c6fab6ad3c85c6a915bed3a34d9877f87b7e9af14554
SHA512 ff988fdc15c0de9c447d1c3a9024ef456504eaf638389c5815fbbe22b47467663f0d54468346a9993dfcc67432f33ff92c4190ce894ab1aab90c46c0675924bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 12cf7b8db9a11eeff37fc3b193e8448e
SHA1 f814fcb6fc6bfad5cfc1eb3a3e96ef073518f8cb
SHA256 db557ddd33d53bac0d922c038cfe93fc4c61f4b3f3652328f9dd485924e40f8f
SHA512 ca5f0393bcc32565396358d5ddea91088cc2a9bae3f7de8aecba2c2d04cd8ceeb53a59bd91ca8626ed7b5d6eebcab3c34fa9ce57a0b49bb8003388ff1f22a553

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 c7af15703823614ef6206c3259cf2545
SHA1 ae615538b36be81dc43f3f0379d6530587fc123a
SHA256 1a633f0b0b669040169e3d8373107c312ea223ec71d34766eb01faec99a85b66
SHA512 e820e84f508c76b18c9351e88f29cbcbfad5edd9cc3eb58280176ee74f628f77ea66b6f041a43d6dec58b7c9da16fbe90cf6e38570534c8bc47880049ebaadc0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 330928ec54292ab525e05f64cc061029
SHA1 95c9d4d0d7d379a1c27c2de1d702d6ee6f909b36
SHA256 cb4aa01b8c50871d06690972ceed652356db4c40966226e59e437c25e45ee1ca
SHA512 836c3eb119a536af15ece8c85d71b88d5b9474440300a86f5a7ef4ee8549c1762793c7215962959fe3a72cd9137b89be7eedcab976d4bf4b04b4d4231c766d29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 3b73a882af778af6f71d2a57186e4f48
SHA1 694eab3f19721c945a66ac3f67c86fbe91bef867
SHA256 0b9c81aba7e46ebeb4b41bc07897f7e87e59919ca55cbd32a8e35adf3c605735
SHA512 1693211c8fde28449b72bb4a5657e8ebf734967e516b7385386e0721d031631e63e086ff9588594a28bfc4fe1fdcc1e2b02e8cea691df8d16b65fd0df1fd8dfd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 8458f613577b1a294382b2ff749948c8
SHA1 5bc6d92fc421b4eb27ea501f3bac2df4801fe7e5
SHA256 6badefc8dc99143bdad4a6820889e7610f16c49979c69757d9d2114d5d88086b
SHA512 7dd8388391a135188a6b10f11b1a7023575d33f6a5b21cb9e968b1a04619fd3e43bcf4def6755952b8bbc18696ed35d0c5aa55a306e4ea00d51279d2c6545f1f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 05c9b25322dd1fd16529bcc3f7fd9366
SHA1 6078bde29e3102781eb14009e22235413d66dd20
SHA256 59add615cada3468e599f2bba37715c385dbb49d0bb49e3fd2599ea41f20f57d
SHA512 bf9b96b62fb247f2b2f306b0ee8d62d816a6a4272cfead925ecdb574b65137688cbdc8a39b926fd2253f15c26ccbe946e2e6d2afcd7373ff814ee31d5e66044b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 35617dcdacd1236374512ba80980cdb7
SHA1 94b45cb746c43f60108503c9979247b0394449c2
SHA256 3b1ffdc8edf194720126b3cf78175a1fd7bb1ce471dbebeaf2781740d450b33c
SHA512 77d25b72dc82cd3bfe14b44c311c6ad5a1d12e484ae76448b83116060851199ff944f25b332c5e8fd6cdb2a427ee8419bd9eedc7b19db38091361560483c6d1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 de8822b63d87aa846499b550aea30033
SHA1 acfe845144b43e5f5fe731e81835aa777f2c8c1a
SHA256 790dc7deebd2fbaca27ac5566c0911cd5a8b65c29470cbc08f4b225aa8c096b7
SHA512 b72e25e13c4e52f0e9a712b40a19c540457c674403a6eac749ac7ba4cf338469470fd21963b173f32a7b5e9ac9334971dfea11f36b83dfe018746c80ba403f9f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 4ddb6585d472e784e7bb35de74354f3d
SHA1 ed8edd6c705133699586b30be9f89a83d2bfa769
SHA256 3e09d89a5c2d7bca4a2369d5f95db8ae19b24363c21df8abd2d7bb9c3918f4d0
SHA512 7f1aef4d106c2d3769d90fd8501e216587d79213a1f8215857a5c4ce8fca0778dab555ba9b0e5129e264cdcdf6f768b03cfd71f7a535ef4d60588b7739fa06d6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 585d4ca5f5cedeb0fc5e69b40c66098a
SHA1 a67035cc5c1aafb53e402ca94a066b368ee0be0f
SHA256 1264588062fd8698e1fd110fef8bf8fe4871bdaee55da61165ce0fff5d8db53c
SHA512 0f701445aad80b49a82e9fbaa4e1e5e376871e4064f6e72835a1faad59b23f3f2f6fbadb0f0312d86b441432990e8123463a38a0f02f5c0a430f110bcb1ff1ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 b36261ad7cd5176bca8e79f94b9fa51c
SHA1 44c46fcf32abd71ac3246bb669f2daa24de85227
SHA256 f16a68d9a84ee0a303b76f3b5388f4c0e732ef15752c1a959d7db55b2c9e1cc2
SHA512 2db459a40d1f24fdb4c83847d34458d29b189cc9e08a6dd3d53c3bd8d276b01c62b569e88797521ea28b210604844064fb167fbedae1597018b2203e63d93b03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 de73bd65d3caf0e47e92392ddc345041
SHA1 8c15f8bfa979201513355bae13f5e63f3525d469
SHA256 9bd6cde50a297ef64aa4725161aa90229773bcdb632079182501f15e88c1b435
SHA512 86f720c298a7991b0436cf9a792325df36ed39512d64a96fffa3737fcd844357dcfbacd934bef61465e4e37c52aaabadb266e9c19fc905414534d44a5a4dcd4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f5e9fe1ee2957c4caec41dddc78993c9
SHA1 8bdefa2fd5dc5fcb887127a042e24d7c2ab0fb82
SHA256 af1ea8ea34dbb7631a0654d1b534d9662da0595d18a5e665e3186f1417ce1828
SHA512 ab1ebcd539dd3ef8ba8f06339d91f4b06ddceb11990159cc8b399a643747a3e3dfbcffe3f9216bf3cd797f1670967836d20c41e381284f44dc24312333d2e76c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 2d434aa877e5c8f47204ffd12a8d0ef7
SHA1 903087f948382d199efb496ec05a2f13c8f5ea38
SHA256 060265ce1dcd4fe50c2fec838a29632cebe06cd31f91403fe718263018180547
SHA512 c278541a6307f9695ec2f98901cfa81a9526aa684e4e6d77df7f9844741516f735f3619f714bbad166d0c3b0342112423f7df4fb47d019a9eb5ac5f3b4b86b1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 5b40d424c52b3128f9e7b7307d264153
SHA1 3685bfb4ba96464417ca1dd0867b0a9e3a2e6f83
SHA256 f70fcc13bb5706073b7f90b2f6c1e0fc826508c1df5bb90a2bf0c4a166f3df77
SHA512 66c2c779a9a99728ae5e294a3130bb139d55c3d4f09b52b553cd2d49a1fddfbc36bd0063505266fe78a3960667e68f497c88ff58c29c1229e9bb8ad69b1aa7dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 11e764a31f7b49dad65a3cb4fe654397
SHA1 6cf0b155c23ed7de01aba59e3a9cef87a42b8dfc
SHA256 b1e5e76099ce585b6db334497412e63548788f5be8ad6a1cf810b1abc2ca6cfc
SHA512 283d094cbafd80c02c265d69a14c55574350fa35e526c930614c4bc4f1eefd0c1c4f5bbabf4e672c77eba33fafd7813836c28ef6a5f1ab1f12dcf2bb868c8a3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 e5dad015382b745eec7dde07b90125d3
SHA1 41fd8bb71aafb79bfeca609648cebdc43274170f
SHA256 e98aa5d9d97df4a68ba6c8da48e72e9839ba6332534ab6dcb87cbbb7cfd3e532
SHA512 c9a5c719561af37a114220ed3fadf0a701683b28844b47cf82a9f50fb281f840987d4501b89371af830a1acf30bc9dca494985ed2363085ca1c216269fedad79

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 b390a361f1c32cd00e847e07f4e49791
SHA1 7de9fee38f1b1e466e9db72b3a4a5acc34a6e00e
SHA256 fedc4d6ce49837ee48d34a54965615920dab8c82ce65fe3cf56fe0d697a0bfa1
SHA512 d6467df805bcb2881e52f6549a2242d71561d7a42b984a5cb90344f30f0edcf0df8c3946199046ed3296b11491c8f9717e4d6346952420634a4a7c9f84ea2b11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ac4857b878dc47e702f994ee7b47d30c
SHA1 ed34f322bc19f5d3b2a807efd1e4644acca122e5
SHA256 630f13099ea64181404e0a73060975908dc8e19cb4ac2d08e8db94422cccc63b
SHA512 ba96992788d70217c7de71463e298374bfc05d13edb48259da30b57d69e6ff8f4297b49ffa7a59ee0e717afb86058c4f1a7b1f4c6d34920453dcb954e44ab690

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 eb58684b65681c8c5b73a441c50364f7
SHA1 6a7ad4454974766e3cc16149144664701df4cca3
SHA256 8e520fa5b2983e22be67cbc46faab97119bbf0c3dbc6d4c8a367ff6eab9fa160
SHA512 9bf78121319dbf5118674d92ba0ea3c6e1c1e863a35845be526513f9b319a7d2773ce376429bd05022ab8664ce039b8f6aa206da1049a97405801134956e1651

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 b86aec7be58bf9449a3d66dca396e8f6
SHA1 0ef0b90c50c709499528139d904386d638ae5d1d
SHA256 bd187ed61c43f904f05c0803ce3887735f3b613db95130ce97248f819045a3a7
SHA512 0e5cbb2619c8a2f2d30abcc59924cc53bbc3b678261e251c6bb684d495442038086fc2f27f41ddc361b73b891cc74b773a97aa96e446fc52a2815ae249b36031

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 954d06e7506def7c0bdba884a32c9db7
SHA1 8624d4ecda3fa3ba3a7b76041419d0d3bfc46441
SHA256 3d4f7e3ab65a6cff524810eb21a0e6dc7a8870ff15a4639c807e2ba847fda8d7
SHA512 79857df16ff6f29feed249a71f370196695de31435983e7e4e8e001386dcd757ca11556acdbdf5c73fc104b79f9275591d67547366fe7fa3072945e1abf95eac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 a47de85be26caa5ecbcc754a2e0550f7
SHA1 11102f0b704743cef06c4219e3877dca29c0ffa3
SHA256 cea78b4d33999135d675d1d972a91a902b53526c1a0538dddfe11b781db5dd28
SHA512 18ad88b62149cac410e8fe3b94b136e4156d600a700cdc3401d0344a4a156b0b86236132409969a3ffb877052ffccee931cce7e75f1a0709a5b682eca560d709

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 78188745fa211b83afb00ddd65bca002
SHA1 e47b3e4e611e916bd36b99c0745d5fe9be79beff
SHA256 f2ae286f9801a9ab45c6a8480d17eddfd41a6febe33ca0281c7b6669d63518e5
SHA512 940d03959b96f7e17ffdfd4c233bc9d211326f65a09cb5260fbf53bc6434378ea033e6f28c669d98d68bd2e4cd0df0d8a0637fc337fa14d82a0c0e02b7c5eaf4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF.EnCiPhErEd

MD5 30a84b71b3c3422911afc8a88c4d017c
SHA1 91c965a97ffe28853f181c884f0302e85e0466cd
SHA256 8384fd523ef86765feeca43d55dfb16816a928e84441b345473157bb7f588017
SHA512 37b8a825006f56caf890bbc6f3d6401305d9118b45aeb14a406738798084019b3500ac9e0c0d5367ee23225168d945ed06f22528b5547451f58b83f433bb0758

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 7ca47f1170ffba50e1dc035b42fa3c40
SHA1 b0694a988d9bed37a9507bdfe545cda462d4f43b
SHA256 e1b8becece0535f6b236c7f7cde2199c8c3c45b3756fc02b56879df63145fa4f
SHA512 eedb7530cbb870209e0c3f1850eaf58279c04635f06a435dbbc80d8ad91becade72cf1993d7afef5c31d8493912c050946b85b86209db5553ca7bc7a3c5107bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 1b07e02d628e4d5db3cd9e1be10eac2b
SHA1 d6d2e1cddf47f7c835bb9179b0a986621e27b3b0
SHA256 284d6aa59320f1c420d8119931f8e967c3d7a502ea3806d0037cc97c5e37319c
SHA512 23abe86877f19d542778ae68c597dbb8f5eedd9d3c1fa06938b54fa9c67a57c9e6e0f8e6018dca961017fea00c0d18482e03975dedc200ebaf639baeec96dcaf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 1228d1f6dca627dc91208e3b3b201a7b
SHA1 9ef1b42fe35d4948dee51cdf24bd3b1ca8fb9f20
SHA256 05f9860b1d0ad3d61b116cba8444f5b95e9d088e79b9d5e2d2c128299b699839
SHA512 5a5007f6528593868c18df26d6b9a32cad60f78a513f740e00e653b7212c5795885812e9d55e4e01cbc39c1678983ffce94e2381d932d2ee9872960a8b333b06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 77b0dccbdff2ec3939c54c8258938189
SHA1 d496f6f4172efa2e9acc4880216a1d1eb5be8e04
SHA256 c37af343cdd62b070100799c6dfd62ee92882006a2d74923a309f02d6000e83f
SHA512 848b20ffa37681cfc315362603c7f3b87388039fdb88f58ce7b9031e9437978294d80f1e2a1c71c54ce4e6da76ae992fc0738539c7a820c20a3760a1b4b7dc29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 86edc71d161c1ffa100c3ade6c2a6b72
SHA1 bcc01da194cedda0256501673a508e7de859f92d
SHA256 fcfab63bf05e27e8b713373b116866f86d8b558e944d40b8b11dd42137f2eb6a
SHA512 07c1092d3937288caae171f6d89e5ebfc01f496dccaa6d711fccd760f4f9c2c03a0e77d06f0cea5c493c51dd520342ce27fb987f255f866f7b9637fd18bf12f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 e058dfebfcc6887e37ad4f563ceeffd1
SHA1 a56e88fad16e0b26406cdeaf334b8cb5839d3aab
SHA256 571cd20f571e31cc615986d87d6c0c6ec486791481d28fe63a4985c8171d1b18
SHA512 82cfb540a2e1ab0c6ed99bdf54982536738bfee18569cc6f880de8283037bb96d7e3e998c7fbfe62e6ec456bd1a137aa00aeacde67d93da0d2921691f551f2e0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 f53edfc9f70d40bcb3115e6be47d50c2
SHA1 95e2810b1861cfdc7338dde7e6361b5b25ece362
SHA256 31abf8807a58aeb92c6e346b6156b7a9ca5a1dfc1a9b1acfe7ee1c48b0189577
SHA512 8e83a92fa314188216aaecfb30af83a753965d0109df8f9d9cf828ca54cdf343a7fd94a5d745b7589f53ca183f49ab5d1b6081d7e115a52b241c2f71ba3be062

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 18469d1ca7b4f6f8d57683d251410d1b
SHA1 b6c0b10f3d6530037d37159f3a84b77ebb7757f5
SHA256 3b73b592cc52a1f5d3f7d954788897c396732603b37e667d9249a41ad9b801f0
SHA512 4153854749f210c89b45d971d3821de3e8a23d78e912154f750a1cf517ac6b68559d656e9ae77a27d11ffd0ef0ff0a10f616189aa5ce1c5966fbbbd16270bc41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 8228a9952a219c2b3fff1ddf27023e31
SHA1 80b5c26ad079d4d190788f18ed6bbf07d06fb357
SHA256 9036d0378c6271a64627fe6e30254f7d7d9e8a374a2a2772ae07df9574bd8327
SHA512 44dc103f7b4075301388eecb661e334097bb4e9f14a4e7f558cfe2b189bb7f8bc9939544d0dd547e54422fb0bbf1014af2ad93f421b93ff21aab7189617d888f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 4319751f3e118f3c26ae2e7ba8ed257e
SHA1 8bb67bc42243d77eff8a3cf527b916032e2ca7f5
SHA256 74b9dd366f509751f72fcd20304c28050646982c454170396a79d332952d4f0f
SHA512 c24a33ad7737d346b754b36f1fd428dc7a5c5fdbdc2b5988a1fedf13f90b0bf94dc4d0a03aa90f93d653f97f9a50f91caaab6778589b98648753bf36843f02f0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 b32495a2a2abc54517af02668bf1afb2
SHA1 6c2b965c343addb9db71367dc59bb651054af3fd
SHA256 36f3cc1155626fb1f7fa4b3777a39142cb14cba45f7bee27c72dce968f123b51
SHA512 2b84418794df8d6a39cb50e58475e0196f60039bb8c25ad69efcfb70b153b891107600fa370c20890b156c6424102cdcf5147d91b7b23ce49017231049d06ad9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 7c213a661084d6f99e4ced6e833b99e0
SHA1 afa4e448b7334e55f43fd4b79150a1d772b7d9c2
SHA256 254d8954e81b114c641cea43730ac0fca9847801166903fcac1eac7e96903e7d
SHA512 2254ad1fa85bbe62924272369c982a557cd535c9de61b326421e7b8b4e375c53f8fc7d59692e59c06a158164f4f89c69ba52b5e9a5d0b2726ab40811cc3930a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 ab35c870003457aa59864fc5af747ed9
SHA1 8d99287e80a9c026f0483d540ef2618bce907383
SHA256 690ab784ac05460cc7f617dc1cce0fb9cfd3fa188923922cfae050ab6211751e
SHA512 8ab140947f225e100d72f10534c6d50eef53576db7f509812b08216773ff808511a69cb766c3e4ff52845c2a4146df182330f4616358a739e35db7c22b7c235d

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 ba6f40b1ceedc2fa7ec6cf338a941c98
SHA1 f19b567e4ed6b498034ca95e2b66035a3123ccfc
SHA256 cab37d835d2e0a3ada029e41e23a487e3492e5ae1e056d3b1b373f28b9be4ec5
SHA512 19fd2d28d8df617d78eb293f4a8c56181a13b1573a708dc071bce3ac2610f39f31d586f2c22c8fcada7cc206e39dd1eda73130e9a29312c26f321bb21eb2a52d

memory/1908-7782-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 64442c0fcb3d46fdc15690811451ddf5
SHA1 600598d05f5d7e3aac64a48bc1e6397d7d8aeae3
SHA256 744f270b8142e9413b3f7dd387b62d4ec1641698d32d34572f4abaf115514839
SHA512 a6d5460512c31ba12b5bf0948b893f34f2e725c4766882d4f5c0894a397aeb549c6577d2db61b55d93fe2baa2429cf26a973e36d2fd980aeb7bf30dceafb2a10

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 dc05ff1ca60f4c319bbfaff354ca8e5b
SHA1 2f1ad092e1a4cbd0fbbd71fbdd4482e905da27a3
SHA256 b15211a887bf32e570b06a6e078029bfc66e375d289bf43563c7d0a75f57bee4
SHA512 7e7122d21f4ed09868164fef46c4036c9f635eead412c487d6c87ac561978043d5423caf5aa299e65d32ed5eab424b29e0a055e53540bdb97bdf77d1badc752f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9b66fa58717b9e191a60f39c49b846cd
SHA1 af8869b9879a6b65e245304de8f4619d290dedd8
SHA256 3309c484d2f69b90f0c903caff4d6bfc561d179d759f7805d1e7174403dba812
SHA512 eb439b39408cf82934310787aeb2c12ba8eb7484df079348a0a72c3c4afa2297976e4d9fcabd05424834626b967cc9090e65daa29d6f70e4a90874465038b193

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2ac1bd53ca8661910eb2ae84dfd77170
SHA1 a4118b455ab12a1448d5ebe75f2322d7b7d27e23
SHA256 b32e14964d122c398eee3139bd0dec33bb8aa3af92e14c0f7ac70d14caeea3a3
SHA512 6c95097e9f8f5722252cf766df76d8c718eedbacd854fd5a31be03e4093e74076bdc712b151e5eb75bd68a8fc5ba50ee102aaf1a804bd3bdaa39031d74a14499

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0a176e39ceb2167c8f6820fd09a70235
SHA1 9fdc2cce0c6b7b9c34bbf043d32abbd80888fa9e
SHA256 631b881b2be2b5f0bb8be4c93d2049b46e39dc1ffe5c970cba8e9343ec69cb93
SHA512 09ecde6daf0bca47439d3414e6780e54ec7a4521cf66f9c45f38d3c4eac5a2fa81893c6d1aa9c56d68a4707ac83ff4315056dd455dc2a4427d0f9ed3f8f642ba

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 5f96915e7e5da75ea84efc58df9a454b
SHA1 5be91368c1ad33badf24eb474915debf8ed552ab
SHA256 cccb6c6f7de37d1ebec7e1a3a74f1e4a5014e5e217326775ed26b5052dc81333
SHA512 7a08c3a0661266b8753caeb16c4625701cf107262f8ce2719322bb1453cfc589deccc148d6151cb04fd2f3f05053028d29440fc43d54467cf38707757dd67c3b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 c031ac76d2089c43c10c2e7ac9ffd02c
SHA1 133f873e4f1cac077286fb3a04325d1064b3136b
SHA256 858c73ec62760b639eab7d1a653787a8f6bb682a6a6ab548e282273c85f4a5de
SHA512 97686b00fa0f8680c5baf80db8dfcb500f192b691893a983457b2af61c9e943de15d09b6dd8aa14ec532ec1fc00af2e37fa37cc326578a621ab5383deb3bc19a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 8a2bf957192f208119ec2e00ecbedaca
SHA1 58dfd22806f4876a56a1415c28cd846e4bbf5854
SHA256 f0d3e3e3611504ed5fdeaa753f72cec5147001e658047f178e671e7c20bbdb2b
SHA512 b752ba4e067cff652e39819fc6f0ed6ef6fa0667e8f99032502a28cb8aa4d92034bb38c608bb214629f8eda05cdecf997e1cc6ee039422767b0347c4920a20b5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 75c44363fc9c6806aa36f47e80d506a9
SHA1 a1f770ed26f465fd891f7aad119dd9db70de98d4
SHA256 0b6e799639d0b5628830733d42bcb84bb69dbd5b19f18be892ea194a29e01ea4
SHA512 d9d3622007291f5a54ccdc40d1c23d5d143dc617ca027a302c255866a2fc26b06aab9b31203e9c114980c7e8fac7f827918d10a09902ea85a855d4cd79009acb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a7811e78bd54c997cabac1e82fa745f9
SHA1 c5277e9dbf47f06aa635dc1d87cd2cd43f2c8205
SHA256 7a4eed3596efa58d269a00b93fd8d1d65a0bbad38b1e24454089c64c3161f103
SHA512 ee70c23c7d8caebf9e6b6c135a9799771f38330561e32f8f1505a28d8e27fa5cbd8e5a52f36a6b176af42ce62ab480147abf3e0089485e9fef583c9d6847fa8c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b6e28261670dbd02a82fb5846c4d027c
SHA1 2c8ff7d26321f78871a04324e959827628a49331
SHA256 7cc155940cd43c328fb79d9ed0fe1fa82577fe0aeacc914eef0516dbcd1f5266
SHA512 f3cd8ac3b2f2cd86530218b74b0368a17d48413bd6b5a550ecb7df1b4c3f7014538c6fb470389087bb17a294f0db74af0ac8cd2c8262a4c12989aaaeebcadc00

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 17606d156bb2eda1fc95b4bf77fada76
SHA1 2b176da8f0c833417d6e85aad5fd7346a0b945b6
SHA256 f6a0814312bfba2404746b27258531167ef488ac78f8f3d9aa5d8b821323dfe9
SHA512 aac53d08508236e513d63e1c624664d035055df9a2d26b0ab01bb9e4dbb00658842cd053e6525a47153da04309f978327e8f0f6d9904eccba375002d9ce568de

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 360758951bfcda161f1f13890815a9ea
SHA1 71d8a6d63e599ee69c21753537cb6a828a11c309
SHA256 b1512a183504219ec7e63107a2f340e5e290edeeb1083ec40af34b048d434ebe
SHA512 26db6d66a249551b1ab19752368e091b8e17c7b0b755eaaa1dc15cfe3656be5ce6bfdec02326f75a4cd312a82cf49c2a18d76ff41ec99cc0787bfe8f6f069872

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d63c78054d67371ccae839804d659bd6
SHA1 84439cb69cea1c710536a5dceabdfcb3af4cde55
SHA256 ac0cfa0de54fd2f0f3dedd99d3bbfb52cb29f3977235646c199a3eb9c6b646e9
SHA512 2ff2e275ea31945b78c9eae3ac6490f0e63483a413b4bb81d849c41a0e8be56ab692ffdeda2d85438a60fb99ee11cb2620aecd55e4057cd50f8542d382149656

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 bdcb274534587c0ff3ae023b20b30498
SHA1 689252be76cf6792350c68db94ba3d711e4907fb
SHA256 8110861dfba176191433e1070344288c3451ae6f6e5ba3fc96c2a3f381b222c4
SHA512 6dd6d1ed51a189fc7a99ec5aff157d6da649837347a4dd0103250f232b4655d033f1e1d90fcb2b75317072d42dd62aa852bcebee04bd6094c79bc807e7748e86

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4ca2682bf28f7f68ba983e30f8133584
SHA1 9da8b61581690d5de9ab5fdcc137640824d272cc
SHA256 d48931c749786f7798a9049856cb2415fdbd57f0c322c06921b5edf2b082d271
SHA512 6aba2b13a3028110a9393876f10ad45e719314019317e9834d9dedda513203da677eb031d7999cdb8bafc5fb0a230d801e96e78269646569a06ab88171e4849f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 9bb1b5133bac3fe0689b3d4101d741bf
SHA1 c50a786bd1af346287ea109a8501bdcd5d39cd34
SHA256 cde720379a80fca2a166442ad7bc8338b0154936dc93bc342e8193e5ec87d1c1
SHA512 08f842d3cdff12270f7c5a7ea486882ed377708b38abbd9743cfa30e187e208c10514d5fcf33c72d1bb293136325982f64bf110d07fee8e20e36a7d03532a2c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 0de357892ae2216c4486d7bb7320c5df
SHA1 086b4daa1b8ba40eb9b4fbb8affc0a482e0684c9
SHA256 37af96250bcb92b01d736e9d1915ee11cb0e215993e6f36df2a3a6af8253171d
SHA512 74fe735a6bf94c46b09bc1b762e24e3a774da0f0e4e135608a1c083dd5f788311d6587d9364ebb2632d957251aab0854fca78814f4c8b6bf4e690c67c61f4768

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 10115085a08a04c1bc6414925c23490b
SHA1 768a8720c4ee22edfd8fc3a87d9bb0ff18791827
SHA256 46b647b95ffcb64b2ac355d0855252542fb0e2288f6285c1da50a18ec89ec65e
SHA512 cdf8a0df2b7298cf8db96e67075f1dc9b029806cdfb210bd1200d3994c599348ac0b053a985d546a443d8063a361d5397bded004e17a111e83e0006540f5a798

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 899816a010dee8faa8ecb7000c0ec2a9
SHA1 336e0a658172fd3b61a3585f39a9fb71499891eb
SHA256 13dbd7d018714a07334c0a07e842056d2794410c6ddc5b7a3bb2ce57df150774
SHA512 cc01130c3ef94955da144c8848c0a61c654cbdc07fc426a84e3420af4d38bc0715f5c3c3293d7766c7192a569d3ca9bb59aeed0d8d74856735869415a1fd760c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 b945ae34fea9cdf03eaf25ba43cafd28
SHA1 ed1ed430799a95c8c5092cdfb69055f2ce6fa031
SHA256 a0afb9d3406296336040c6abff95cf723eaeef61d9094ba843f9014efa18f7c3
SHA512 13093ef483cbb54474d0330c08b5080ec2bc7d740a4f5a1138cc029c31951ac3d5de3205db9f35cb608933586fa839d9ce8a715526b71f3377c18fb3d4a3acc1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 1282222e90ef6557864ff5e8cb00a7dd
SHA1 a4478b7a5d5baeb56afc2d234abf3e8fbfcb298b
SHA256 329e8f137110b6dd893132c3c11e6308df7d827c741cc76682325ed171b5d1bd
SHA512 55b892537e5184ad9ffe1d61454d7f0dcf32464355b2dfb050e07752529c40a0e61d837898ffc62874b777fc51a309e858484e2e651e98eda22f1f0ae8b1ab45

memory/1908-9194-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 16:24

Reported

2024-12-12 09:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2185) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-100.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Moonlight.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCWhite.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Bark.jpg C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-150.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NoProfilePicture.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-150.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_10.0.19041.1_none_a2ce562e904f5f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..irtualbus.resources_31bf3856ad364e35_10.0.19041.1_de-de_031a66841b9d46d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_62136920e50c8595\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_10.0.19041.1_none_0e8ccbdbe140657b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..x-musupdatehandlers_31bf3856ad364e35_10.0.19041.153_none_c5deab4679e41c36\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_net1ic64.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_4337cc6f6a2d5abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-searchfolder-library_31bf3856ad364e35_10.0.19041.1_none_5019c54040f4e87e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_7777dd52093f9dd6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b37043350e846f1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e6a1faf2976af98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-webengine4_dll_b03f5f7f11d50a3a_4.0.15805.0_none_21a607a7dfb96fc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-networkprofile-cim_31bf3856ad364e35_10.0.19041.1_none_a02998821f8681c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrormfnotfound.html C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\INF\BITS\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-qedit_31bf3856ad364e35_10.0.19041.746_none_38952779a6369c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\DropAccept.scale-125.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-auth..component.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0d6578785c22657d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-aadtb_31bf3856ad364e35_10.0.19041.1202_none_501d0e950953d841\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-400.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\http_404.htm C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e4ed5318fe15445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_354185f777dd0e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.virtualiz...settings.resources_31bf3856ad364e35_10.0.19041.1_es-es_426c545c2ec12645\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmbusvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad5c577616200f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..predictionengine.en_31bf3856ad364e35_10.0.19041.1_none_ae8ad7796a27314e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.19041.1_none_f7adca24b5f66134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a1b5785f361c947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..brary-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_d7d59dc00bea6526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoftwindowssys..ore-tasks.resources_31bf3856ad364e35_10.0.19041.1_en-us_b877e8e037ac122a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ckactions.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ff31983021fa3408\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ointofservice-winrt_31bf3856ad364e35_10.0.19041.264_none_462202d4c044712d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-secinit.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_618c4aa5f240b7a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\OkDone_80.contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\CellularToast.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_57ed794ccb00befb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-atl_31bf3856ad364e35_10.0.19041.746_none_936e34e4ece273a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_stornvme.inf_31bf3856ad364e35_10.0.19041.1_none_4bbd7681e1ed685d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1b39210ec42869d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_he-il_22d62adc8b943f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\WpcBlockFrame.htm C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-homegroup-listsvc_31bf3856ad364e35_10.0.19041.610_none_4cbb0d74d942a05c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_10.0.19041.1_de-de_f9108d361f842953\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..2provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_1e454e80a5479517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Activities\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-logon-library_31bf3856ad364e35_10.0.19041.264_none_5b3068aca7bf044e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appxsip_31bf3856ad364e35_10.0.19041.746_none_a75e727bd4d52ae2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-4.htm C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_b65d87bef006c786\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b6f79fd29cd91e63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_04542fa7bfc386e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.Resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6be3dce140cd4d29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\DeviceCenter\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-runtimebroker_31bf3856ad364e35_10.0.19041.746_none_744cb37f06e446cc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\WideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ewall-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f92f8955f4897f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowstrustedrtproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_41094b77af4baa83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\BITS\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_7c197eeaa6d7861f\@AudioToastIcon.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1266_none_1833f07ce0c90b68\Splashscreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.sqlxml.resources_b77a5c561934e089_4.0.15805.0_es-es_8d7e95f2627d5d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devicemanagement-iri_31bf3856ad364e35_10.0.19041.546_none_be7a56c8204dda0e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe,0" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VTGETHGCCSZORMX" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/212-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 6f94726d7b1535e48d04e8a99b1e7c61
SHA1 22b1b0e3f1e37fa207b866714be0f7a68fb24088
SHA256 908c824ccf1067b9ad65502442b39f06bdb6e372eef63770ff7add1e54500757
SHA512 1eb78b47be1a3405b6af2152551f28985ff1d2bd073f9c9c9fc705bfee516b9a16505a873d3bbd81bf61d045e4815230ae86437c0d7d2c6151f1e547252f9c31

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2274cf6f46026a2c8dc403d1758327dd
SHA1 20329de78424958b9cd15fea0e50efde8bbcab0f
SHA256 b86a28dae3cc01d475137fa38568e73a753fa58037a80e9e552f1a1644893bf3
SHA512 21178dfc56204548f06b0f918f82472e284a97822064b189be7c2760c0966377b37b279d5a663b799d6969e0ed6ae16d4a7e6fcbedf1ab419305294f3487b390

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 eabbe2640963a6487836cab8f2977c05
SHA1 9ae78663ef52b3eb05fd766d070b365428ceb173
SHA256 b8fb62542b0b3b6941b7174610c176d2833da7b25318323d634de20e27a4f0a7
SHA512 fdf3fd6ce202c8bb7b3b68a8f973c0588b5a7781b29ce64f12b3b617ab7fcfea6073a9af6459bab4ace9e07983ca77ec63763ea91369c6974f18145826763d54

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 677ef9defad5f6072ede5aa16caaaac0
SHA1 16300ce9c7fc17deae155aab0bc259a61e97e41c
SHA256 f6ffc2f94b92ddfa3f24c46e72e4fcf8aa3000568763160158eb377bbdc7a711
SHA512 521c3bb27f1c1e2079d7b12f67b1ed7cddfb7c604bec4568b2205ebd9c67795b364b1bd754900508e4fe8806c26fd11b4ea129c7b970f7c1d2baf1abad815472

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 2a021c83fbcccd7aae76ed7948b24376
SHA1 026870e43804521b29387babd8a66577b496a4cf
SHA256 f68cca24a824a8c804c6277235a1b9a8c1c62c8e8c2b99d8e7e592d7324ce4b7
SHA512 c8d09b2a2cba9f6f34f41edc54e8428bdac9fc2254d428bbe52f8650e2c7a548f58ca6027ab5344ebf78bcf8c53959ac44fec442976a214edef1f1d1a7618658

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 04819539e9e6879be83133fe2dcc4784
SHA1 088e581243f20f32f08d2aebcfd7e5c7660ff026
SHA256 802970d65063881766be7ade5077c692da9bf46ad86deb186dab7df1a95887a6
SHA512 d97d8fab0ea2fffa76cdd0aa941c9bbd986b59a351dc9f3482fccbb74a79c6e68d7653233d6c06cac8c5041cc88a7d027aa4a65b3aed7d34d4daef02c53440c2

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 6da1933a1851fa5cf469b7571df7a5e7
SHA1 ab540489ffe42fbd8503d55c520d1c998552c5ed
SHA256 6d2050fa08492e6bd35235447db5360c2c3f8cf55fcb3be54a2736439f5775cf
SHA512 231e1bd86dc7a8c7e03c6a0f45e3c48189353e6f5cd6db5583103d7a9e68a47bdf81fef7abeed845a91b1b8478048a9916730d8fc78d98e16bedc9ab6b6595d8

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 18c25bf308cc4902bd2a57bf7ea9bd5b
SHA1 fb8ccb4cefa3aa446b41ae679eaea1f1155f732d
SHA256 84bf1b31c709ece9569dea82af20e3580d6ef6aec9746df4560608007cccd578
SHA512 ff2a509d8caf5b60222038c1bf771a86ab9be93f2eb98fc1eb0a57527fe00a58a338bcdea3aea8db799e6df048d2fbb31ef294e12481f4d87d86250a3971e3b1

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a700723bfd4a3243c22f5477c2339d95
SHA1 f56d9b3a470771ffc69126a7129880b31e288a95
SHA256 957d2f1de97e446b91ccdde0f56ab3aa0c0593d81925353a5133d7716afb45a9
SHA512 cf8bf4d9c8463750d03a93ac74d3f5ee7478f54ff0035c6bf45f6d80e1c1ccdab1d71827985401e6671c316a0b68a600a216a6b257eff2e56316f11557026336

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 c1ee8c1eac598ef87e87f41a1e0f9f02
SHA1 dcba9ba91937dd874c9fa47988a71282bc2762c9
SHA256 c3770b5ca8e049ceee06002d085a93989b04a27a04dc4e3b0f490f0a6689c541
SHA512 39a6c1c3817ffcb25c8f85a075921bf5eff5e895f9855c8ab7e10a6a9b4733c8b2fba6f4c0bff49882aa7dd1220aa9333d65f9761820f80b89882cb368ca397d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 0098b835637e1b6743fd546532c4db9c
SHA1 0c6124edb9ca3c832fcf3cfdd941040bf2f6837d
SHA256 8fa82bbac1e3799e33d61e517d258b76b4433b417a0bdda6304629a322ae5604
SHA512 5cd3e67d5d9872d2dc7792ecf1295921c8285be0a4c2baaa485867b556cf9159d68aa4e8c6f440ee13e804bc188c71e92537fca400cca8a0f42722b7f5bf34ed

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 5c9e32556b28acb3d17f2dd7a148acb5
SHA1 258651c4a557bccec5be0c2f2d53706abb63a9b0
SHA256 3aa226740f2ae95d8a99ac0f29b96b2e4b1e5b4b24a579a0df2d4320cb52ce3b
SHA512 65b6faec6fd1868eef798369dd7d02307d5ba4fda92580679169e4b2c133c42dd2eea4d08ce6813eefd27b78bc29d942880a146f208871d6596aef0e3fe8d794

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 d98aaee528b73260b3105aafb9fe705f
SHA1 b30aba81f4c31c89ffce3fadff1ee41e1e289f64
SHA256 229b7f24b89f1a59cb4624a4230d2682a3c01cd4580c60a91e37ac1a85d7754e
SHA512 4ab58240906dba1aa30c1c59ff39e8ed9542552787f4c8e0cded11faaa0722a6ce4f50d5ead95a90d6f17be2b199059c1c97594b747f34f04aa53ed71be4ad3b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 0246e7d0c6d87fe6cc5bb384a222c13f
SHA1 0c5480d1b6706fecc63c08bb25e0d046ec349ab9
SHA256 a29c4997e6e01211614f9fd0e890cca566f94ab2b48b04facf8a4c52fc266d7d
SHA512 2159f36eaea1780e82c7c10bb1e07b90300e63315c78a3c656b030462df71c2852cb4bf40cb98f45a74de133bfdf867e61a080ae42e375919685bdacea020668

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 0d64baab9777b3c10796efaa6c4b81c2
SHA1 14b5614137dc4b12c2310e5f2e2c08953ef7828c
SHA256 6098d5a30ea7e5b040c8dfe891498c4f095ce29c59ea749ca8fe13760f4c88e3
SHA512 010ac6de4ccc005561faaa322a0fa691af8a0b22e9242f662a51c833dae33f193c7443e3127870166f7290b2c36b84582bdb6cb250c304f01d8126f1642294b4

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 8c18b5b426b047cb939067a4ac402253
SHA1 73aa9f2fc83e22eef96dbecbb859c22ed7199f02
SHA256 74b8a0dff8e7f7fd92b7b05c08fdc9e35840c2894b8fe85a000d3634ceb8072b
SHA512 20c8cd6fc57ddd9e8f675b3c33be1e1cf41039149fc8121227b70729e5073f3bb7f652a6639a113cc654c40920bceb2355cce43274af5a9a07bd899ffe688e21

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 29fa076851b219098c81d7f49c090df4
SHA1 357a3c961f66c1cf72238e3f2c8719149df9bd0c
SHA256 69a2f387ca28f3b22c22fd16380f3a373977da977ef1c81b25f0ff36e387764d
SHA512 293e2f8c2b91d535f0d59660957774885372494f8494cd13f010d96ad9567d301359d7e3197ec8f7a536e228fde633ff7b48fe5b4ac8c616db0256358fee70f1

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 d432ed9f5e84218cddaad965df28e81f
SHA1 b214cf6a8b66d32e6cbd71793517bbdd3b4ae18c
SHA256 dfd9a86fe8d7df957e6abe049566338b5d067061f9660bf51e9fedd6df8fe2ad
SHA512 a11270a40cc2f5c853921c3740ff89a028328d3cabd0bf41db892e37312b1730b2e961421ef85c2c6bff99ced75259fe0e4c2115a566bc2c14bc3fde75f60b44

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 df80c39ba231adc82104be21b85cea26
SHA1 bc7f110fd2476a10174a0b1a65f62aceea759a2c
SHA256 8ebe8667407ac4f9d3841318c6e79696bcdec4872c25dd41338e92596d5e56a5
SHA512 458bd60dc0f5d7b1597ac5510d3a12419ae18f0f043ca0161b45e6d8696465765b9ac9746c4cfe9cfdb3f7a0a11af69ad2693dea941f17cd7cb223b65aafcc0c

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 6829ed5032ad98791c29e3cbf777c529
SHA1 abae3c220d30d11bc3fedd8919a2d23295dcb2c5
SHA256 84532bf357f96ec739dfb62bcfe80a3e858eb610d6c9eac145d232baf5513d25
SHA512 224392271eb8a97a3d56622bff1325b483288e435ceb9e1ea280ea0e6a238489f01bcc8ef287ac27520dd89f84353c8fc77b2eebd6be88bd8ba4930176194200

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 6a1542150228240ed33084705547746d
SHA1 799f1e326b533673e6b355afff19aebf9af91c19
SHA256 46fcd9446cc4d009cf416bf3d8c6157687cfcca8ddf1b9769d42729a470d8dad
SHA512 6f470208e84fd7176712859991dec66598ee091b3b2d94aa968b98bdfcd0364f0a0a0c21f7c8e19ba02e2fdb16069431e28c18a7e38d9063b750ef27a2bd5185

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 0a51f2cb5ad193d6daa3bc6d513f1f48
SHA1 13f087e4595a3523592661428cff43d96e1fafb5
SHA256 f4c72daa0c13a4bb131c3e8b7b0b082f2cf1494d4c308123dd1a518c0d100d19
SHA512 5e3233d10f4b7ace9637af588be7b54dbccf2d9b053ea0bf5bdde64500ac612c1aa3c334d5cefc84874cd5e1735c1262d846b97f9b70648945712e086960f8ed

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 75482a429e9a297e39c708630d77b687
SHA1 3ac774daad32327f9d61058b9e1b919922a4557d
SHA256 287ce521540b0ec28cd38c5ff18d08898eb96aee93e61f2027b3721b84df6767
SHA512 50e0d1c32c86cd425ac3e9ecc7e8e5d859d809cec4f78d28f9df8a7ea79eeec4cdf34ea9b5f8df8ea42a2ca2345e6062fb984df3d359c524de493bbb06c5d0f4

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.EnCiPhErEd

MD5 50a2c592acc6b8b2aa2d9ca018f54536
SHA1 c281f7c34d720edf46bcc4d5b10f8ffa4e5759f9
SHA256 dbd24afa57720264ab3d3485b602d12f989ab87c9602e2d5a61b2fb1b0735eeb
SHA512 6a714837c2bc2dc22f70e12a56dcca6d997779d36709fb21c0e34c7ac81391c6c204703831a394158dea060ce6566a6adde949e4357ba8c2636a58b129d4e699

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 54f2259622005379e66becbe435ab2a5
SHA1 185c1ca5ad5f93463139343cb8374cbede2055d9
SHA256 4e0075f61ddf49e30ab5291c0eeb7b2d873d5d7a67ac23ec321600119df5032b
SHA512 360aa8b9a3a93b43727ec4f21eb7f697cdcf75272b657c494f036f34d7f6af0398ea75ff0cc784908e907b0fbc593a809ee651775194a18b4babff09510f8cd2

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 86c4d54f45fec7bf4be40ed0fbdca76c
SHA1 7430018156bfa486edd284736a907c3498b15c8a
SHA256 cd687a4b750483b279455ca565c4636a158ae86dadb772180fcea6d5c848b49d
SHA512 2c008a4812af492b61fd9ef63de7ce30bd9acd34c309e059573a8bb5b155a3b2603a4a2167acc6473cb2f17f9d248881bb0f310ca2bf4fef55f4d61f8eb9e9da

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 54285fcd45b913fe5ba3a716781c7530
SHA1 eaf1ec57ec81d9433987e66c8f3350d594787402
SHA256 ef531e749bd590483d04c7fbfed2194741184123b016c37cf757336e132ab631
SHA512 48b0c33f322761aebb3c889548cd8610e82a3ba1f7e7a3eed86fd05b0b644f034a766176ad7b2e09e6b3fc506d46ab522ffc8b1843ef5d8e2c12a239eebba9db

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 2e41cb034938d5359ecc978189ccfd58
SHA1 b6693df8a11f507414c2a27a286074f79a33bafe
SHA256 bc06fbc60008a68433ebd0b3bfd291204078387de2f9346e943a4b27a889ab0e
SHA512 3c51b9ae979621694af5ae2f5efe3ed77614aefd1a103536b9df4b98937005ea0fc369f9aafc9dfbee00828439333b94f0f51a1f21ac654e63c1d5d4bc544486

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 1a417548d79056c0cacfa3a84a6d7ce4
SHA1 1b6c4b7b1c85e0518adedc019b468d2c92067a62
SHA256 b925fbea849e8b80664b4b26be6c9949ec52ccffe221fc6ae959cc357629111f
SHA512 97f2f1c3cdd422e4ec25b1fc30b931f28afbdf13813a715a0694d5a7b90c926cd80c31c630722df669ac67afe47434141878d41d81fb8e066cc71a7847da3cd8

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 08c3fa3a8616d0b19a1335c0256dfee8
SHA1 9458be6316b0d51a7e9d96a0b39f3b895d72c0c6
SHA256 d6bc8156d31e1d219b0fcc0f236ab2b075634f4de2b8402bb687c9a84c83fc9f
SHA512 0c6a62c4747fdf3266878cac7f02e35c585fb79c8550a527817caf00664788c3d2fff49534e891ee7e2663c10e7eba82c123fbc6a05227049cb2bbd090a214b2

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 350b5caf7bade4b3bd69d31aa4f03127
SHA1 af3491d56d7a9a1cdfe247d8b367b10e88e71429
SHA256 aa268eee2358ec7c4fa35d463813f6f91383719d46bade390cfab8b118a674ae
SHA512 7796aae8c3f73533a981828aa148f744e8d560a2fd379da7eebb0217772429e8fb6f58972fb09dc171688f538915cb995e34fd77f370d17b7acae65ab931a687

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 0ce29bf87bd9528a4b01dd68003c2f98
SHA1 d97052ee910937b47a13cd998181d9579a2422b5
SHA256 ea73e452dcab282519fe1dffd7ec78e80060d8558fca70300438f5c86622cd03
SHA512 82c5ba1bb840b1ab1c76330fde3733bfc54e13964e5e5feac66b1416df8970716800981452960bb6478967153b752241c6319c3cd9571662941ad5f78756ec7d

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3fe02cc65cf92de15575cf464bf3d196
SHA1 9adb7079a99335bfc8cdb39e91fa48a8ef523a98
SHA256 422043ed60783b2800b184c86fa3f4e562d2746ffe19c9ffb6d2f2227e10e125
SHA512 d38a6152dbb222bd6f8ff73ba76b82092f3e5199d1957ec7b0812ff293687eb6c2afc9bba6e74d18d90691fba866477d73a1659aa6189f49d0f2243e4da7aec4

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 e13065ccd9ec793682aef9ee53391b0d
SHA1 9871974918e5e5cdd309033993fb02d527a26095
SHA256 44096b69e910f28b8989d6641c80cb63553ae4ee0f473e8db2313cf22f80b652
SHA512 5d8293e465a5b69b704f3891f479f21eb13ee93a0bd5cfea9c4a8c5a0adcd3b7f552911ec792bfa6eea53f3548130dc08332b6d7e340724d1354d8ad16dcc7ff

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 bc7862f2fe7fc387fa9634cb3dce4bc3
SHA1 8befff8ebe2dc2142f4a48739b61855981010981
SHA256 a2274bbe15d6a300cda76d56b3ea91712bd0a8c1f36d7d94a17cc8e80b421609
SHA512 98e70955e2a254c733bcde5f2026cd28839a54db1690f0a2aa9779d5dc133be87ceb64c9c687bc0038a4f5aaf844c3dd2885ed8db8facd9a3467bdb0248d3ab2

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 30e00d1b39a8ff180aaadfc79cf983f8
SHA1 bf0c58c0894f3edc46b2275a64ad7ba68ba972fe
SHA256 0d1e37544d591ea8f183059df00ce991c0c7c653d0f4a68936a07c0dfa33e795
SHA512 758ce1299208032c83d367cd485e1307c01c2047d7f7f6bc6a5cc10048239ff0e674bf32758ba13e02be8a56b6b672feff5ca129fd0f0fee2938054d5b22efe1

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 052b978e3935b70668cbd4264abbbfa2
SHA1 633e0da9f2d324ff920ab23c1b22db22d483a163
SHA256 858f21a87bbecec1264ea09991de21da0d2265b6416f64ddf283f2c54c1cace3
SHA512 5a2c5b6845620912457fad6eb9f5059e3f67e1b592593a1143b5938a243ff13d0bc88f5600ce75b5fb6ed80d90cc253f7b7bd19334ece498b08ab487f98c4978

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 0f251405e76f2782e2bb0a9fb9ee2957
SHA1 be139be3b84de7fb832afbeeed0320f8db3e44e1
SHA256 87a83657d2573bb3feb183e64f27de0e031940c8e23b8f861fd538b058de3430
SHA512 21d69a39a017b5a5f3252f3d3f656d7ad97b10087630317beaccec8876c0139a00ea28e11541be04a5f5d357970315b1748f91a1c373cf2772def0d1c654dc44

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 90115a97425a035cbdf58719a1e720e5
SHA1 e95cffe88dea5fda7ae087656d673fbef66d80cd
SHA256 f275dae4683083df7028f99de1e8ae8f27fdd30b416ffe4729034b011e8ef6bf
SHA512 1efdbb61f088a618339d84602452da9d9d5d4dc82a4e14a9facf57c9532379218adfa7434dab8b0aebe68d12e938041c1fb3469410d0a327a61e0064944baae1

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.EnCiPhErEd

MD5 53b1c68d78b6d1e8c383a391f068b9e7
SHA1 d33100dcfec904133c4de98443df564d3d30fee8
SHA256 438c2a030bcd9e169266f9b35e3e7661d92a361fca70a72172864eb1a678b6b2
SHA512 d576390aea6aabe695c3852e1b0bab9225070953efcf7cdf4f8ea52c6de4f696913af814003bd890c444869b9f77b8b3976945eb004a8c0eed4d836ba749ef72

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 a1653200438ad22564ef8213e26982aa
SHA1 ca53a9bfdb2df881121c177ede3962cd683e4627
SHA256 ceb33b318f85a5e64ba0c4879d2a1f661c63bac4bb7c8282f1a5918947b76ef7
SHA512 e2c5cf139104ef1b0c471fb836563b88d2245b57505e284f99a029f6b43e1a40d7b00a168a730b59fd1e2226659d2a4aaa5712ab8408ec8574644f9f5b48c5e5

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 1a6807de58e468622e2900a00e351c70
SHA1 e774cf3bfa4a0946e04eb17876afe91f6f462365
SHA256 c75fc918c3e81e0feb0457c249083d069996072312469b117aaef7fec25ce7bc
SHA512 5308c6215fcd23f19176618783bf8275c9c08d4ca4c631fbdab8c91eb3379f0d008df2f297b06f61575097cffe0a46893064d6c80b425a7c3cf82c519ad3b387

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 a9c00243c770f50e46ac3e369d8acb67
SHA1 d6a43195aa24caef242cb52b9cfce3cf97609a45
SHA256 830bafc0feeab4901f2c360e76fdb14cda7fa0dbd2f438eba5b67eb8055cfa8c
SHA512 4aabb0ee432174ec2c830c1b85018ab0880de3e244c72ce3da1f745ede641fdb3ee01c4d464428be63d6fdf24523953dfb4569c3625c10bddf12695886ac7ce3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 165e92612e4437af2c30d731bb409cdd
SHA1 9674f5ec88f5bd3267104d46ec0ff3daddb79acc
SHA256 14b9bbf5155ddb3542b1f656450ef507492381ed3a7e135c49cc1693ddfa4e32
SHA512 98aeb6a6f75ae5a8cb1dfdd93cc81ec74d311998cd8466be5629676578d7419befe2e5c9e974ca9c66c1426e9fa2f96b56d55e45a2df7ac94889fa5981dc04d3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 945dcd38fdf679df20eb4409a33708a5
SHA1 fc09f967315bb027a9be4da8f853bd74759da1ff
SHA256 69fd745adc636efba796ea0c83490738bdc3f38c018d7599c2c4bc474a8b94a6
SHA512 b3b59cb26ccbfa74e0d80dc7112e5f2e654e0a7a0b04a8839f6080dc458992bef771cd7fa8f851cbdac47c89feaaf33fd7abe6aa64d42f462ccf52764a037a7e

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 79bfbf97fc7450baa48121b772d862a7
SHA1 abfb32e7f2c689fe625250bd9f148b9e19a5cc4f
SHA256 c61907e679d0951bceb7790bd79f0fd4eec147032ff6e4fb5b5323bdccbeac07
SHA512 ee96a5ca0653c396d289733f1e1ae8a47be0983c8b905b27abe7415cadab6eb641bc9628355a2cba2131cbe7e7832e854aac11f02eec3599250e5a69f6e86de0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 5e8e9d34cabd33b7e36be61bcd98eaa6
SHA1 21740c3b542f480fb954f0586a8b83b7a8a0f23f
SHA256 6f363899fd9a618f7b15a052747633f797ff0cb323920b1f68f6fddcb3cdf604
SHA512 dcb275b8011e7a6e5b042a090fe856390fd8bd2500da95314963a080b15b1f29abfee568653f9e17a98d0921cb66bf112e5c0d7c3d8b45519cab5d2c983f49a4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 b3de02cd829f99b7fd54ed90d3e6afe1
SHA1 73675ff60a83e973a79e9ad26a2a9d20c956c115
SHA256 3cf13baad85f8bc776d9255e6b44c49c3d100c0f9fb8b6f7cead7effe521b470
SHA512 7d7bc9f5f55ac3482d83a75f4efc46a8ac070d47f1b09446e0ac5728b6c212350f43f8b947246a78d3713d876b2c1e13363850aa51f4f8fe031237a6d6a1e471

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 9ffd23c378d61647122fb67cd9ce8c35
SHA1 262d90b26560ad528c0e1ea903d3e6c8b53bde96
SHA256 e49784ba20db8bb86a9bd4b94f475f962fbaf561a329f13cd562ddc36d7f2d47
SHA512 3db294feee89af7d133f33999ad45e963b0dfd4b59482a57736e7e47feb6d1776cc6ab8ebcebf6376a81b37d4b86ca93583fff309560598c4f111e915f8f98de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 80839b3103428390ab8a0cb0ebe854f4
SHA1 7ccaee327b0a42694751ccc752225e3acf9fd5d8
SHA256 5c3b97790729f189048be17636dc870686c40120107083361d8d51079e61e1e0
SHA512 2fb841b31aec70352897597e68da35a918ca92c44bc670c0519c398a85292c617046860c668dbc528f372aa34d2ad8a742fb354ec92299b498a7a8318c7e4263

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 a85a2c01e3e5cea9171925e84e35ae40
SHA1 865211aeb31a9939dfa463e51554134d4922bd54
SHA256 4add386c1e6901f81817f1b8cad69892fcf6dfbc5abfc7e3a51c86b3b83e57ff
SHA512 dee4d10fa5f4960623e5bd2e763f72ebbedf0c1c99ca24da585cea5e425cf354e045ea20b0c419316d40e01df8408dc39acf082e815dd9dccb348d7989a10bbd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 39a58f758292fddcd0a35445c2f41d09
SHA1 e8fec5f0f1477b7e086ddb00d1bd0b9fe9fd64a0
SHA256 de183da316ea89f8f016724d5bbbcd1455cb381bfc9aa5c4c04e2974a708e18b
SHA512 6abb63a06741dcce60e86390d229f0d4858a0626b0f0794e776a3f6e8b37e6625533a5aa1580c3f8b86bf2227f439a7f4941fc43afe6647ec7dde4bd29949822

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 541460e193c543292f6fa5b710ad0427
SHA1 cb81ff3ec8adba07fb4a989ead54d882e089808e
SHA256 782a28743906f9aaaa98a0901f103b57a5ba26fad1e0e9f20825b02fe8351ee1
SHA512 6a5cffd803eea954fa1bafdd3e1f2805a260a1c61d632171c146415bf8c3d6812756828a90937c911b992edcd3bfaae0b0ce390a985392d3214c6276e1d8c82f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1b923eaac26a65c9796dab957aab5ecd
SHA1 2db35d5ebfbd27be80c274568cd9989daf43a4dc
SHA256 6597415f9768d9f9b2230ec7eb58499eb9cece43aad1d9b4721ce570d3748073
SHA512 3e445083b15d55050f21bb2274737e364f87e6a9dd0033690d57e410fa34569125827ba43dc460f04d72d2a4f4f0dc0315921ac7ef8820c4e8a5f86ad1a4c67c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 b20819481beca99f32b1f7151ac58b8d
SHA1 4c8b21f8190229d0fafab8311c25c85c6b3f0c26
SHA256 8012901a7eb9287fe1dd51960b2ffbd8f082b2565672998cf13f71a7b5c60a81
SHA512 76c02d1af705cff0a9fa657ef0692abfd14d986e06ff6339044cb442bf028f955684b08ca7e580b1e03520be3dc2ec5aca50d553a394fa8774f4b07f729bcfe7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 d4312eebb49b647c0e0012fe7c65d66a
SHA1 10d2d0a8263c5125276a55a1c8f5cbe5ebcc7646
SHA256 675ce04363747a7d8ad8a499adcc4ad3c2f02a94953eb46c9e524dc2c08a22a1
SHA512 eb533968509a69e5d0d24c2d662bb84c34e5d8d02fd781979dd062f43d956cdb9b03754fb10655549bf60dc8e6d2e5c1501c85a58e638d785d57cdc06537727b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 6e53530555499d90243dee5f983c8ea1
SHA1 7a5dfc7f274fe16d38c461078492e1f83632d7ff
SHA256 98b111760b23a03126f85f5ab62512d67a86aa318a3fdd5cb965c086ee0cc3e0
SHA512 d02cbd9f6cbd4c337dfbf16a995b52af08925822bac79e52adcf1b8ea0143aa7d22a0098dffafb97da59f38d9e0ace98b416902fa1dcac7a127ced72729fa376

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b068661c030c39add7cf62fb926ab061
SHA1 43f23026c62b0db8bbe23b587054fe6eb7faa773
SHA256 b8c481045de92bd5f7f93cb09c13c790449aa694246eaeaca90a840e9cda32cf
SHA512 4ae6d6ba855492e49905071210321d4ac4dea952ed7480e885a65f6f65e67cdf884c78faf18cb5edd5a84a006ac8276e7eafba7758fd91c1afa8dccbac609adf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 6e156a3057455ef6faad6d12778c1231
SHA1 618b1519cedf10aa88ec312c20d45c613f59a41c
SHA256 97f5436288578f6ca43d58ae9237464b5346c7e1803f20cc1a9b195a8a60f024
SHA512 70bff7c2a22796b36fc913a7218f04f8b5edc182b875364433662026fb5d07eea15b135bd621011a504ca5eedf9be1f3fc390a32dc8a93f78d58e2b5cb4a2ab2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 055d1d47482d92badde661de51f3c76f
SHA1 f5f0f721b8a320b2951cebca4d6baa65c0e11c4a
SHA256 a5648b8ff36a487b5cd4fc6ed673f26f79a069b4bd2987e8bc676e2e482b4f99
SHA512 ec27dc2a496ad836c46b5771547532bd1b126ec02205f49d02af22773693810b22df6110058903e895c37c5e208b4ba0e69fbc6964df43027579dfb8a1e9dff9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 fba0900465af594f2d53f73371b05f87
SHA1 5e738a838b3da34306082b60fb2b931ad316f82b
SHA256 cbcf6087e3c05e6f210e8de95c5b3199496ad791dd3cfa872b06442cb6e546a4
SHA512 094061e710f5ed86336749cbf0676590cd860c5083ab13174495fd6d53c3b76c27ae77e1e71d8f2d588498ab7c9e60bdc393fb305393a56c9ea95a64ec4459bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 cfbe145dbc6462ee1684bc99dcac494a
SHA1 c599510579844ff8f810bdf76fecb62d85ea8cbe
SHA256 50083bbc2ad660856396cd92c9abaf079e409bade6d0cf613646ed55e20ae6c8
SHA512 383b6f11310af001e20dca65b4daafebf7f4a48cccdebc1ba7b77fbba432b3986798af36d9d8d77d55ac429b2fc5c6547a6409d28d188cc4d1cfcde53198a4d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 e9822c1f33f3e100f40cf3a9305ea54e
SHA1 06b96f4d3f3a958eb7ef4c04d9fc5b7649e760fa
SHA256 e041aa76161e06d9e665dbc6ec28bf812c994ffac2072983efd8dd95eab47243
SHA512 d4abeac3d893a7cbd4f46b69ae69b0a37b265e3233fa026abe7d7be7130b272a0dd99a8c270df0627fda73b782057a9db8bd29454657f3333dade1c06e900695

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 a2804659875eec4fa423f1221dac7b77
SHA1 5d1c90333858a8ea095caa10efd3fcbf9caf8a97
SHA256 b98a114e2f884003464fbb132357f1b7cb813f9d97ae2c934c62a0f049e171c1
SHA512 1703c7856f842eeb5237b3ce1f44531a5fcbef85b681fa0c824cd78c5836dfcda7be77a15142fa1cd7ee6632ca5e57e8cd8f758a85310e3bc30555bd0fb71dd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f73aeb470728630fb1f4a0364d3d1641
SHA1 aec86cdec0b71dccf4d09f882a69dd4b83d57589
SHA256 0f2caea3ad4d68be3fb392a185aa88b56e274967d36076e5857037f20cba26d2
SHA512 46652893cc031513a706f9f44cc0cda3f4f9a9e437b6bdab9cab12f5752f1c966d487cb8f6b9aa092681fcc4bdcbee778445c8e032816bfe41421d70e29aee5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 0ed4163930f405260d3c772035e5930e
SHA1 d0ac1a6058a0249a9cc7bbc2e0235dcaebbb5968
SHA256 f98e9dc97e5d7d3ef48a156ea7c95dbb8e6a2a99e29f4da0d35a945ff4238a20
SHA512 eba2194bb550a08487ca9358fc6e57817d08d95f22313f27b644cd317c94ac78d210ff4e487608f5241ef900ca65db60412e09d59a627781b18613132d589e73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 f37204ada52ea99fa83327195e63f5e5
SHA1 675c806aeb12302228290b1fa130bbc0d9160f78
SHA256 f4bfdca54ed85beda6885af13f955e15a58163d5ea7ea716aa9120db073dcc0c
SHA512 9c85ba5a2fde18d9c683c9d4150eb1ef4d54da147b9e1cb49ade4fe9b3d305bddf23540d903961336163723b43b6efcfa5714b9950f4f7ce5cdea3aa2a234209

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 802707144ac67f5257fc190af84e4108
SHA1 9e56bd8aa51c457dbd9f2d1e37a0ed4dd1ad8c95
SHA256 aebc581c4bf80aae2f723fb8af3f1935d62e37e03c88ddc8f940ef147254d27c
SHA512 b4729614404c22f0747dfda29a519cf03f1096a4a3f37e7a6c22122a0f532099965f5f6b7ca1b143e0eb3c46a5d4bc7461576863a77f3e3b510d03a3f708684b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 7e36d8b9c8ee6a5826059a353b2baffc
SHA1 7adf714e9e845a90320a38d8fd7610f2465ea30b
SHA256 a7f536e616193070b7788b7d4de01430ebd279a814fdab1cc97c0b617326d773
SHA512 ef102e7a33ac1a34c72974bbd1096aee0f83143be1e1fc1776695df4a037dc27ec4ae42ec1523b351ffe924dce252fea35c4aba8654dd7a130be98f282b9e6b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 37843b166557228dda76bf201bc5c1c1
SHA1 5920ba27ee3a1ff1b4d56b84fcc41f6f8edae69f
SHA256 f681da367db6b7bf8d3d2b20e73dfb595d2ab934b9ac96ef1298534dfbd9b3d4
SHA512 1ff05b30a3090670ebb8a5ddd864f5135f0931a228c08bc856dcc25a30a82127dbe67262dbb32f75ef3dae0dd786210b4da5816c8a0bb291787caa2598fe2094

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 04bfd660deb73b3f12a9f7240d33e9ed
SHA1 9a859a9f1955b841106a95a97160d77993d9a474
SHA256 d32016438b84294ec89ada0d46b19a60f978dba153b69f22b01dbf0dc1c5a26d
SHA512 ad6ca6de2f4d77689fc27d99341759f0bf9561bd5f244e6c7db5eebb4d5ed8e2b58ba749ea5f8a74c804fc8cfaab448a3a3f620b07edfb36e4aa04ba555cfa07

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 1f44e099f74e792c25fc7bd8db36abea
SHA1 e4c9b003b0b30315c670f50fdd066f469614102d
SHA256 40f8978701e76841b19279da8d56536aa0258149486bfc9cd8994f7edf9a6da4
SHA512 a37ff86286b9f9e423fd8dd4759ee25e2ac710d36dabca3b06d4fa4bd89aaf600e402dea08e9d352e575b94de705d21eeae8837dea478df39ea6e74d403a5350

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 d73d3d56192589a44b09b802e417f609
SHA1 69558895441977a076df2511c47c590a0f72857c
SHA256 118424bb488b77ebb71633f6ec7165d73cfd1652510782eba3be02d6a61de375
SHA512 b8ebf337dc82e7cc52113e41bdc00eee95dbd4521554781b3ef76364d5056fd3416cd129ccd32c385febd45f81d364e4561a1560a0073ae9ae51f8d6fe0aa759

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 7da22d754cd59dc7c11da8def096b230
SHA1 f2ed8a7e375a1b489a72aa7b7f921d9ba0786b9e
SHA256 f2a62db63e6f9ab75f80c45d8720c03acfaffa42465f2409bbd3771961a832b4
SHA512 a7814284dc146cd9e1e4798bbf6151cda80cbeb8a04c64c9c3e1071c42d08f35c75eb3e94b3ca10e46c0b8d97da621eddd40f1b5d57e8d8d21d0b612927558a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 fa42a8bcf5cc3efc3797c9a9934de96d
SHA1 fb61b85f1de3941d1c126623d11f4b810a8df3c4
SHA256 e250938cc903be129bea21a01fc68259f8f6805e2d6dd82658427dc2f9d355a9
SHA512 d3fb3eb86f55617ce936097cef75623db86ed14ebc0322092de8da3855a70efc7f6e63f288e727c8bacfb32e5a5d6aae1421aa96f6bb3291db39526fc27fe9cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1546b567a4aed543196bb065ba4674a9
SHA1 97d24e31dddfa0dba439fed50c01d5f9524c698a
SHA256 9b4ad595b062c5989c9143eb92aeeb7267b6a983c5f3ee0aa14063b885fae7e0
SHA512 77f6bd5a7abe13d287e69e476170738ca1a5ee11ce930230e604cba0c369a5217cc193958d4966347379e1f0a1dd0d5d224969b7a26f461bb783df4ab41d3c16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 36a52bbc27187196d6698617a7a4bd91
SHA1 a979c6ed5357b7b21bf435a6300213d4a4ab84c1
SHA256 fcafff2e0bfb1428438b779628311381ec4011d50899fcbf2c836d0139f082d3
SHA512 469fcf62cb469da45358ad11daeb55fdb6220db940aadf456b6b9f61a0f40bcb098499a321efb5b8feea5453a55db39c26c0b131a121acd30c19f1eff13a4eee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 098b640e2374fd89d67d9479859082e6
SHA1 68de7fd4b4c344c46edefbcc97cfbf078fb6b9d0
SHA256 a46a02f32e73387535c64a6cd46456c6dbdc883570954c0a5d721ced7e861092
SHA512 d342abea35d7752bfb724423c67076b56a27b6565f373c2c6315a76e82f4d8d71fc8af9e1255a493df6036e7d232d1a4fe562859be1fdef517ec32aa2e03c0da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 855bb78f26734a15ec535f182775116c
SHA1 767d43d48079a2080da8c2602ff353e123aa6133
SHA256 d8e6b744d926d6e91b811a4768e4eba705855a05c9a149c14ee8244af6a1ae35
SHA512 b23ae7d0c4b564b986a9e9c3e322243398a6ed3ff53b10293602f7b003eb5d32f255005988eca24e16827f2587bc5c0a48775efe798fd4b0b124a6a1cae8efff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 3d560760b658e389c733cda818abb926
SHA1 16758b975d689d377b2d101c9767c1c6bd3ba93f
SHA256 96c7016117984dca76faf1f9d92ba6b9218d3263a98507635f7db3ab73c005db
SHA512 70ac58dff5716eec4f8861b4dfa5fc48ae7900f4402a9a0a98899248c967ef8170641c349c8899832d47df58fd0fbb177ec8d1dab5b8276fd93d78d8fdd6a56a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 0f911030976c3e65044e5e240f2d2610
SHA1 c439f3464c6871c98ac7a16d82e221abc397bc91
SHA256 25e41bce7e5ccd1b2ea89fcef9e89160c686c11c9996de33aae87583696151ea
SHA512 24d894e5e9896bd07d3e9b314bb0871af01a50cf33f97a42fa4e93f95b0cfd084965fc264f30fd3b7b7dfa88691d00e4a53158371320d0f9f1db517e8185adc2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 f39b7da979f6f3a02406edd32e4627b8
SHA1 faa7a1bf5202178164e77ad1f1911680cb3f06c2
SHA256 0f730af4ea1ea653c83e6e3ffa1c9b8819759cc3405a6639966190708394dcbb
SHA512 00526f7b3bcc804d0202652024f37c3f5d0d3e7d84aade8fa1c2f8dd0e6f9e803ece8368f6d67657fb682088e20b934c385724c690f65de3b30191ae5c158982

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 455a949538a119086fff3b3e80adffdd
SHA1 fc996a9a0873bb3a9764c15cfe8159397ef8721d
SHA256 f573c986d452fe31b2a1f49ce1a527128c9e86d712ed23b8e5436aef92d9d5e7
SHA512 04ed097bcd32aeaf65c9f08043f10da7d8c1b1f565aecf0eb3f8db92fbf5448c93f607ff6cfff98e90288b47f9de8285d6755255992fd21ad26038cbd373b769

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 a4a84705be204be96f16fc13f7fab990
SHA1 fe38772402651c13f8e7fecf6d938cb62b343848
SHA256 4386d3c1fc2a2a559677ddcf33a8c7b6102c9ef2cfdff02837c92fafa9b97a3d
SHA512 9bdce6e1bdc3736bfa09f1a8878a93f8c85433de16b56e9d8c262d53cfeb1d7fbdcaf6c9041522587ed7f4d83db1670f39bb86fc74af743a510fdf582c5008d5

memory/212-5041-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

MD5 4579ddd5a0dd56a926b4c4c4ce59142d
SHA1 093ddc3ccea2b10d8109d955ab38727c0eebbcda
SHA256 1f892fa3ca4baba9b3223f0438e17ab2f916a03504504d6c2e4980cfe6ad65b9
SHA512 47e1eced7d2c3f005d8f0c11dc0a97448da5e6992e89c911a57aaf5ba6a27cfb60aeb59b46806da2ab63cee2e4e65039193279b8f9be02bf0e69e7bdbb728f14

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

MD5 279ead2be3a5c1a080c07f218763a024
SHA1 142137c2ffbf52d05083fe953cd28a56a6854b85
SHA256 894229957ecf1c359de37c8cb25e46735d542da6af566c97ffa0a81155d2e478
SHA512 0e89423ef234a8c4724718ea2db670a27dd3cb489804874ce92e9195f882634fe1cfc16d271d291cb5442158706e997e679c02bf1941bb154e7ad17e9afa1899

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

MD5 b65fcfaea11e21c79c9d9ff2525f5e67
SHA1 145cdb4b956d4bc294f1c1210bd138cc7e63a6ef
SHA256 24ac49e0493189878dace9a9dc55ce713819ea8a431f94eb70f3d231425f7fc1
SHA512 b9c63644fd1c7cdc5073677039c1a9b846961ae0b45a69eb55dfff6269dcc6817f11cd03ebdbdd8f7c432c355efae65ac115e374d8a770ae6e2d53ce008371ce

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

MD5 b2ab6bc4e50cf4d133f55742867cccbb
SHA1 ac35834d9e827fd8e85a5397df59767c918d4c09
SHA256 5f5f68bebec27689896513ca242cd2104df99c68df284f19937aac02be0b7f42
SHA512 f658512646a6c8d0364628fce19c354951e9ebf01faeaac9c15c0281df3e5296838bb63d4f892fa53fc1c2974442681b91c8fbf5a1347b9ae35fca1f688abe9e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 49530a63ccbc5698652bd1614b1212a0
SHA1 6d8664cf8112c38b0dcd28b3d98adad1996256c7
SHA256 3c2c813de55089397f411ae588972290496a73d0ee1ca870ff28f2ff8de8cd92
SHA512 b22f77231b7b5730bcd250fc3423a7992cdaf700a0b713a9d80fee2c1f535a987a61da551a936d96c268c5fe4d1bf84b935038839938bc32df4e6e0a5a0a0ae2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 64442c0fcb3d46fdc15690811451ddf5
SHA1 600598d05f5d7e3aac64a48bc1e6397d7d8aeae3
SHA256 744f270b8142e9413b3f7dd387b62d4ec1641698d32d34572f4abaf115514839
SHA512 a6d5460512c31ba12b5bf0948b893f34f2e725c4766882d4f5c0894a397aeb549c6577d2db61b55d93fe2baa2429cf26a973e36d2fd980aeb7bf30dceafb2a10

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 1282222e90ef6557864ff5e8cb00a7dd
SHA1 a4478b7a5d5baeb56afc2d234abf3e8fbfcb298b
SHA256 329e8f137110b6dd893132c3c11e6308df7d827c741cc76682325ed171b5d1bd
SHA512 55b892537e5184ad9ffe1d61454d7f0dcf32464355b2dfb050e07752529c40a0e61d837898ffc62874b777fc51a309e858484e2e651e98eda22f1f0ae8b1ab45

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 899816a010dee8faa8ecb7000c0ec2a9
SHA1 336e0a658172fd3b61a3585f39a9fb71499891eb
SHA256 13dbd7d018714a07334c0a07e842056d2794410c6ddc5b7a3bb2ce57df150774
SHA512 cc01130c3ef94955da144c8848c0a61c654cbdc07fc426a84e3420af4d38bc0715f5c3c3293d7766c7192a569d3ca9bb59aeed0d8d74856735869415a1fd760c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 9bb1b5133bac3fe0689b3d4101d741bf
SHA1 c50a786bd1af346287ea109a8501bdcd5d39cd34
SHA256 cde720379a80fca2a166442ad7bc8338b0154936dc93bc342e8193e5ec87d1c1
SHA512 08f842d3cdff12270f7c5a7ea486882ed377708b38abbd9743cfa30e187e208c10514d5fcf33c72d1bb293136325982f64bf110d07fee8e20e36a7d03532a2c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 0de357892ae2216c4486d7bb7320c5df
SHA1 086b4daa1b8ba40eb9b4fbb8affc0a482e0684c9
SHA256 37af96250bcb92b01d736e9d1915ee11cb0e215993e6f36df2a3a6af8253171d
SHA512 74fe735a6bf94c46b09bc1b762e24e3a774da0f0e4e135608a1c083dd5f788311d6587d9364ebb2632d957251aab0854fca78814f4c8b6bf4e690c67c61f4768

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 4ca2682bf28f7f68ba983e30f8133584
SHA1 9da8b61581690d5de9ab5fdcc137640824d272cc
SHA256 d48931c749786f7798a9049856cb2415fdbd57f0c322c06921b5edf2b082d271
SHA512 6aba2b13a3028110a9393876f10ad45e719314019317e9834d9dedda513203da677eb031d7999cdb8bafc5fb0a230d801e96e78269646569a06ab88171e4849f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 10115085a08a04c1bc6414925c23490b
SHA1 768a8720c4ee22edfd8fc3a87d9bb0ff18791827
SHA256 46b647b95ffcb64b2ac355d0855252542fb0e2288f6285c1da50a18ec89ec65e
SHA512 cdf8a0df2b7298cf8db96e67075f1dc9b029806cdfb210bd1200d3994c599348ac0b053a985d546a443d8063a361d5397bded004e17a111e83e0006540f5a798

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 b945ae34fea9cdf03eaf25ba43cafd28
SHA1 ed1ed430799a95c8c5092cdfb69055f2ce6fa031
SHA256 a0afb9d3406296336040c6abff95cf723eaeef61d9094ba843f9014efa18f7c3
SHA512 13093ef483cbb54474d0330c08b5080ec2bc7d740a4f5a1138cc029c31951ac3d5de3205db9f35cb608933586fa839d9ce8a715526b71f3377c18fb3d4a3acc1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 bdcb274534587c0ff3ae023b20b30498
SHA1 689252be76cf6792350c68db94ba3d711e4907fb
SHA256 8110861dfba176191433e1070344288c3451ae6f6e5ba3fc96c2a3f381b222c4
SHA512 6dd6d1ed51a189fc7a99ec5aff157d6da649837347a4dd0103250f232b4655d033f1e1d90fcb2b75317072d42dd62aa852bcebee04bd6094c79bc807e7748e86

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 360758951bfcda161f1f13890815a9ea
SHA1 71d8a6d63e599ee69c21753537cb6a828a11c309
SHA256 b1512a183504219ec7e63107a2f340e5e290edeeb1083ec40af34b048d434ebe
SHA512 26db6d66a249551b1ab19752368e091b8e17c7b0b755eaaa1dc15cfe3656be5ce6bfdec02326f75a4cd312a82cf49c2a18d76ff41ec99cc0787bfe8f6f069872

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 17606d156bb2eda1fc95b4bf77fada76
SHA1 2b176da8f0c833417d6e85aad5fd7346a0b945b6
SHA256 f6a0814312bfba2404746b27258531167ef488ac78f8f3d9aa5d8b821323dfe9
SHA512 aac53d08508236e513d63e1c624664d035055df9a2d26b0ab01bb9e4dbb00658842cd053e6525a47153da04309f978327e8f0f6d9904eccba375002d9ce568de

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 a7811e78bd54c997cabac1e82fa745f9
SHA1 c5277e9dbf47f06aa635dc1d87cd2cd43f2c8205
SHA256 7a4eed3596efa58d269a00b93fd8d1d65a0bbad38b1e24454089c64c3161f103
SHA512 ee70c23c7d8caebf9e6b6c135a9799771f38330561e32f8f1505a28d8e27fa5cbd8e5a52f36a6b176af42ce62ab480147abf3e0089485e9fef583c9d6847fa8c

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 b6e28261670dbd02a82fb5846c4d027c
SHA1 2c8ff7d26321f78871a04324e959827628a49331
SHA256 7cc155940cd43c328fb79d9ed0fe1fa82577fe0aeacc914eef0516dbcd1f5266
SHA512 f3cd8ac3b2f2cd86530218b74b0368a17d48413bd6b5a550ecb7df1b4c3f7014538c6fb470389087bb17a294f0db74af0ac8cd2c8262a4c12989aaaeebcadc00

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 dc05ff1ca60f4c319bbfaff354ca8e5b
SHA1 2f1ad092e1a4cbd0fbbd71fbdd4482e905da27a3
SHA256 b15211a887bf32e570b06a6e078029bfc66e375d289bf43563c7d0a75f57bee4
SHA512 7e7122d21f4ed09868164fef46c4036c9f635eead412c487d6c87ac561978043d5423caf5aa299e65d32ed5eab424b29e0a055e53540bdb97bdf77d1badc752f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 d63c78054d67371ccae839804d659bd6
SHA1 84439cb69cea1c710536a5dceabdfcb3af4cde55
SHA256 ac0cfa0de54fd2f0f3dedd99d3bbfb52cb29f3977235646c199a3eb9c6b646e9
SHA512 2ff2e275ea31945b78c9eae3ac6490f0e63483a413b4bb81d849c41a0e8be56ab692ffdeda2d85438a60fb99ee11cb2620aecd55e4057cd50f8542d382149656

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 9b66fa58717b9e191a60f39c49b846cd
SHA1 af8869b9879a6b65e245304de8f4619d290dedd8
SHA256 3309c484d2f69b90f0c903caff4d6bfc561d179d759f7805d1e7174403dba812
SHA512 eb439b39408cf82934310787aeb2c12ba8eb7484df079348a0a72c3c4afa2297976e4d9fcabd05424834626b967cc9090e65daa29d6f70e4a90874465038b193

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 75c44363fc9c6806aa36f47e80d506a9
SHA1 a1f770ed26f465fd891f7aad119dd9db70de98d4
SHA256 0b6e799639d0b5628830733d42bcb84bb69dbd5b19f18be892ea194a29e01ea4
SHA512 d9d3622007291f5a54ccdc40d1c23d5d143dc617ca027a302c255866a2fc26b06aab9b31203e9c114980c7e8fac7f827918d10a09902ea85a855d4cd79009acb

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 8a2bf957192f208119ec2e00ecbedaca
SHA1 58dfd22806f4876a56a1415c28cd846e4bbf5854
SHA256 f0d3e3e3611504ed5fdeaa753f72cec5147001e658047f178e671e7c20bbdb2b
SHA512 b752ba4e067cff652e39819fc6f0ed6ef6fa0667e8f99032502a28cb8aa4d92034bb38c608bb214629f8eda05cdecf997e1cc6ee039422767b0347c4920a20b5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 c031ac76d2089c43c10c2e7ac9ffd02c
SHA1 133f873e4f1cac077286fb3a04325d1064b3136b
SHA256 858c73ec62760b639eab7d1a653787a8f6bb682a6a6ab548e282273c85f4a5de
SHA512 97686b00fa0f8680c5baf80db8dfcb500f192b691893a983457b2af61c9e943de15d09b6dd8aa14ec532ec1fc00af2e37fa37cc326578a621ab5383deb3bc19a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 0a176e39ceb2167c8f6820fd09a70235
SHA1 9fdc2cce0c6b7b9c34bbf043d32abbd80888fa9e
SHA256 631b881b2be2b5f0bb8be4c93d2049b46e39dc1ffe5c970cba8e9343ec69cb93
SHA512 09ecde6daf0bca47439d3414e6780e54ec7a4521cf66f9c45f38d3c4eac5a2fa81893c6d1aa9c56d68a4707ac83ff4315056dd455dc2a4427d0f9ed3f8f642ba

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 5f96915e7e5da75ea84efc58df9a454b
SHA1 5be91368c1ad33badf24eb474915debf8ed552ab
SHA256 cccb6c6f7de37d1ebec7e1a3a74f1e4a5014e5e217326775ed26b5052dc81333
SHA512 7a08c3a0661266b8753caeb16c4625701cf107262f8ce2719322bb1453cfc589deccc148d6151cb04fd2f3f05053028d29440fc43d54467cf38707757dd67c3b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2ac1bd53ca8661910eb2ae84dfd77170
SHA1 a4118b455ab12a1448d5ebe75f2322d7b7d27e23
SHA256 b32e14964d122c398eee3139bd0dec33bb8aa3af92e14c0f7ac70d14caeea3a3
SHA512 6c95097e9f8f5722252cf766df76d8c718eedbacd854fd5a31be03e4093e74076bdc712b151e5eb75bd68a8fc5ba50ee102aaf1a804bd3bdaa39031d74a14499

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 86aedaa95bf8097e39debcabeb70cdb3
SHA1 7156e0b10243003a80dcf4df8a94f34a7595f2fb
SHA256 5e6bec4cb2f5def405d2b6cac37d6efd12feb49d84201286b4fb909154c81a1c
SHA512 31d1d3c0f2941cb402efb27fd7570c0a3274581067aa59f8f9895266d966dd2ea69e3e4a9ce48af15b0e0f8f2970a3b062d7b0c0167bab0daa1fe05283e278d8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 19e3cc2585b29c90d82fcf685e9233a1
SHA1 171cdc02d3a0d9395172f913cd0fd1cb60eba2d1
SHA256 fec0fbc8c1bfcf10cd206ee4a40af64218067df956f5a33a7e940a668441408d
SHA512 0b006a30b864a65f330cb624532e917971bfc2b2b75d86a954e511f13a5b8d486c4e0a696bb7a0e9bd8fba6dcc2ba4a4e697f2de8b7baa032b0fdac09f84acdb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 029d629d5d16f3d059e14a3cfc25e3b6
SHA1 6d5ae58300a835b1c145ee7df8c50af44c19f1b9
SHA256 3f2641cf782b4b4915f53684c0979591d03da7e3bae560b21ca969f18aeabe57
SHA512 a1ee4283a1749d0ee615536cc002001193d777c26ed8f70a0a3adcb0abbe2b3ef98bae950366371ff6dca9d8f697d5f3dba76f4dfa0ee9f037636e64c429b0dd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 162c81f73b70477e2b8ab40fae3c3ed6
SHA1 f571dca3705e2617ac3309299a44fcfc9fa647d9
SHA256 6b81bb8a8c466e8804d056e6f7758d693be28c8d9b435ec6b72a63ad833a7d99
SHA512 d88d631997de71ce4ab5c755c581c5145bdf09c62262383dba4a233a6ca853af3f103fe39d3b9534cda1d4463a14e5b6bd7e3c7d5d33be12f786647853ec85c2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 e92b716b88b8f5b6a5f80cf58c043adc
SHA1 88185e7ff52e77c7bd45f4d01f3784131d7cd6a2
SHA256 ac8fd7724054388a619c1ccd95048996a8af29407309d7d0fd89aab6bf7dbee0
SHA512 41cd640e366fbe9181f0a1c2c15377dc0e1c7f25fa005e61646e2f2fb2c289b48c7f5ea4f1cdebe1d517d511d10a95f0f4d54f954bf52864420e255922920135

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 9b592b5c3bb3224ce06906a7172fdb50
SHA1 ec1133545db45e0ccb31255165e9fcfa39a7ddda
SHA256 f9a614c6d121578b3c2ec34bcb427ad521041d7e9bdb4f4210a73324c14c4f6d
SHA512 a320670f437057caffef7d739abf6daaf9f36e4e949204536d0c10a416b7817cb5691e92fd71a28068993c9f3179281e1242d89dc260351498afdb771863343f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 b6454c082a370e265dc62e072f711ff7
SHA1 575ae9d34c88827a93a0c49396fc270ff4e4587f
SHA256 5a185d86746027073332c417955ff2367df3cd467c0dd4a63371e2f2796f902e
SHA512 18c7f5f897382dc8456e60d4b443c6ba84f5148556dc31f818b71db3d2ca6642eced515a67984dfd68bf9e9d1a20915b39c2caf0c1dbe9a066d870464938dc22

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 3dc46162d70a7895da5f5a3e528e178d
SHA1 ba189e1a75c404d66b80c43b8f1ff8a7204f179c
SHA256 806c7c3e02cf1c50ef4ab01881a29a5a8680214d15c00ec4cea61fdd52c6cc12
SHA512 0ce6929d86710ad1029443a0966005f55d749c61a9156a56bf57ded3b6da3a0129b38f36860208983451252dedea79660e4a0ce99d3b25378468c11e5873f747

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 0fc8b4585d0efe6782e2d9a972ad28a4
SHA1 0e6dc9cd322338b7b2c8c8922a2fe6f2542dfe2b
SHA256 e54c1f273bc83e4995e261d8110b89200c2d33855a023355dd65f85dc77b72ae
SHA512 23e3c5af92308ad98446afc5b9f2b72d36b5f947c51b36ac8ff68396b98e215ff84dc60f27cb24c3f8e4dd6634fbb17a324d0f862c1399aa075b8239789962ee

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 47eabc0aeee7281f06d83e5dd1d40604
SHA1 7fcf6ba87880acbd03a9590dddd04d620f38c0a0
SHA256 9998578fab43676301a8e863fe3c49b1bcba1d07698ffa41321d8a3eb11a1153
SHA512 29270a87866cfe79102c2b2251502b071287a456fa818536e5b47a32df6217b29f5ffce72384e71d7caf80ef341e676ee778642fb29f4bfec9200199d9401a56

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 c914708118f4cf3581fc326a495311c5
SHA1 3adfeb2c781cffa6b6c2bf6b1df874ee69c33679
SHA256 9558c1e1998e01b65aae7efa6204e85d82040d1705d0e3b945c39bf43c0e21ff
SHA512 9409c385de5d0373a430ceb28aa172a2b8477b18905d2fbb6e7751803c7ded757d364529b03fd598bb150f7542fbad30e3dc90abd238f8cfe87857d4d5b65e31

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 f79d7b83d49d02c01b3e038474e43b7e
SHA1 66df4ff4abfb90bdaaf3ab5ab12b326e95f953ae
SHA256 bb4eb09402df7031c4f4aa01b1e2fab0b375dd02b6daba2bab3e2b4ea6b2fd84
SHA512 39727708db26b1573fcbd34b8a325f0a0f2f4f55e3e16686d7b806c4e5ea4215340050f45ba2ca0f4f9b7fe2f266e72beb611cc985037d7130f3e0386f5ff424

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5a0b7d2c9d16f92f34de9f0d60d577be
SHA1 de6c485f9fd12eef67af94454b7612fa1f1b856e
SHA256 c5cc6628564d0268bb6b7f04b1aa7a1c1845a672a09caa8908981e374da41c16
SHA512 6e2e94dd3aee832f50a3ac14bec5d3f2b1172f726fdb3568e198e5e7751e13d109a425bbd01007ff0fc4f868ede450eca0c7dec3ed1c029a014dbe5aa11ffea5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 82e23bca5a00ca0407245c1a2fc66d4c
SHA1 3c1350b7751ca5dd3c3344c6403bf557b0b589e2
SHA256 2294eb8886135079705e15abe6521204eacfd1b30093e1f6bf13161ee96b2f9e
SHA512 672cff59d2202672c9f814078455e611a74ff998e96c1e3c16814cf9c65e11ff41862800db7b7b1811a153a6f76612c4cd6c887e2338b69cf9312c06bc284101

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 62b919e86a1682e1c0c4997cdae67787
SHA1 e06f2bb6b3366bfcc11f64fdcbf5219b262358b5
SHA256 e353ea4368568c20a31a86b2597bb9841d1c476333dcae675cb890269c915491
SHA512 8d207646a0c9990c050af650b0b4afe36b0a28e3eb8a519f1818114a9f7d0e9c8b5bc98f95bcab555742727070a6e330631da6ec0d21cf06d2fe232fcff981e2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 fe085828d5cb68d64be00240040b0223
SHA1 c98faebca391949d06cdf6caec7f9c32e9148df1
SHA256 b707a70fdff680f006592ce89a6be448d4b0633b96c87efe63d3ad2044e7845b
SHA512 922211fc38d3c2682669c5fefc6461a27dba3012f448ee5988461dd63e8e1e79e091103d0448030316de9f6ee2b64b20ca7da08e7aa8c843a105f8c4e870c5e5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 4bcdc1ec968893c8b8439da6cfbdb404
SHA1 6784a87e164975b28658463b6854fb99b69737b9
SHA256 d7cd0cc4747a6cbf9b38a24167cacea9d5483ed4478e95f59dd3be7ff2d520c4
SHA512 3cbcb00afbe52c525a353309e4b4b9d86a5736515a5e88e4f563ef7a019578fd44ee5abb28e96201313d6e513295f916faddb44eab6186d738be7f718483f310

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 1a3dbda7f6c4e17d632a8e3b2e118ed0
SHA1 829403b9d6c406fcf0cde659b63006d27f1f8253
SHA256 5def19fe4391f243eef3b58d4ecef897f03f0585c2a9affa856b6606dfe39eb3
SHA512 fed37d5c38d6431ae4aeed48c4ba83d63ec23e96f04f2b7fa28928b880ec552a0f5896e7772b8b78baa4ebb522cb68def2eadf4e3dfb4003f37b7f92c1592855

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 abbee0ef665faf1dd9599bbdc5f4abb1
SHA1 9477bb964e3bc647f8ef419b8ca3444991896117
SHA256 e368e1ebd4cdeb9c1173eaac78bf9e0c1d05aed1d3d4ea2ae368017ef27fb990
SHA512 1265f17c0b86182945da2ee1e3c8fa1f5038188332e7f0b259c8209b75ed0987448d0d9a0dcfe257a6968ddd2e4dd2196345b26ddae05889b771f73d6d365441

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 7b18261b56a5b9dcec8e8f6cf34f652b
SHA1 77fde52183421a57d7b7459613b8d4dd13b09c68
SHA256 93836abdc7ad0006a12bb7075ac7835beef3c0efa61a8db66a081544ce996f49
SHA512 04dcf5db6b65a234499a23435db58ebf8147ffcfa06f7b0c37a881e54f15a1714a5ba093fc198d4fb9256820f4cb5abfc8447efcaaabbc03856562f216be392c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 c0f8993af92275452e610a008f9e8c2a
SHA1 fe5c670f715db67e17b2c635c611475f8d805426
SHA256 788fd373274b79ad5f97b71dd710fda6b87fea84d77e7b913b792d18fc561303
SHA512 899a92961507dc3c730233d947ac21059c7df2b4c6e36f6843fa2d465ad58211e11220b98162fcf3ac30c2698dc9e826488cffc4a51752c0fb528f9206d46e8e

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 1129772094105dcb7d73eeab001da6d0
SHA1 c5ac04c8e1dfa706ab8569f13afe9600c33acdbe
SHA256 763c4cde7f842377e2f31fd4d50ee4d4d185514c19bbc6e182cb06d04590cf16
SHA512 7609438ab269bf0cd637e9fa652d3186d3b2007be7335858e519c4f7e089643e378e2e831d5c75eb2e1be06314207443004cf09e6205ec639dcb7c67cca602f2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 207c26e0ab13db5eb83a08267dbe1e38
SHA1 e000ebadbd8d2dbd24d083641414ac137dabc5f2
SHA256 f5535e47f82199b5870790c61ba4fdbcbf5ff44f615b600ebb874792f5f468c8
SHA512 85c5155471dfd95b8292f2399f550d773921fc99b96666b0fc939100e5354fe2f01265734fc6a87f7f896f8358f1e764bf85278104b8b914e42358b0a1ae47cf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 adc1969bdd8ccb9d19ea07091aaa2875
SHA1 2e335b8efeb537dc8e34ad845dcae00bba022218
SHA256 51b5ef752834437a4f566acf4f8354c257f4b147b42ebcda3a159b34a7df0fdc
SHA512 05651c7e8e5d8a0374c28b3e59241b481fe0a897439893e6e48cabfad1811fc1ab438d734228024fc31a7aea3380f6375196a4df2fc08ce867decc76707904c6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 3490796a0ba4fdd3707145d7cf5ec7a4
SHA1 248f20e70f4a659ab27758318ccbc24cc9a4dcee
SHA256 df41bf37568eaef0dc88fbe90d05aec50be3f62ee60a97edb981e52a6e1d54a2
SHA512 a2dc2f1e39551da51cd1352bad200ecc05633641776db01ca2e58b9619554506715cbb8c1125bba2ec809f5c2552140a1ffec46f2178a1372de17306932dee89

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 0319c5e8ab6fa7368d6c0389aa64beb3
SHA1 4b63e50e3d346d48d48a67d46797a86339db60df
SHA256 cec61ca5e677ce24eff1b1107e51303c856fc70961208459b4c76f49ab2ef4c6
SHA512 a99604ff0b88a94a5961de7b32b2c5c05a632dd1b835824053b0599c4cd7dddab28f4e506a1de3d9ce8880ebff0528f2c267b1439b7d686cfe8aa9e5da9e5a92

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b1a009ba4e8c60088eecb06849d676ab
SHA1 886da79316ea8c8c7c3672433a1dbcc1da76ff5f
SHA256 f3c86d953a2b51062ab35b1879834e7a65039cbdbe85ba01f31d7dbafb79881b
SHA512 ca2a9610d49b9e3a9aff9ebd6d757e6a56d92a31304b5c5065d9424ce9b4c76d6db6457ba3719f0a247b2f10356d57cbb3dfe92c3f958a78aec9e1d965dfb252

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 23289239bf062b34443339ad9a12164f
SHA1 fe5144f52776de58e25c8c2fa40507e9666959c0
SHA256 aa8aed2c3406a8e82add00627c43676a7548b02ddd71db993a60fc5f4fc0ee8d
SHA512 f0fc735ad7c6f9386384644f27f524247d33711650bf805775d8cffa90dda4db7764481cba60da4ca115f30ff30772160f85328828c2fd2ce6dc178a2a7d2249

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 4e5936e3802f5a73662c4c1bacaae955
SHA1 0252c9dd978a283270f4db95afbbd3c6bc2cf366
SHA256 7dce0b7fed4bb376688d4ff556d99f245dbb0c7d840df2fd41af3cbc44b85c1b
SHA512 c80e1fa24806e5a1b6a114f31418d36143832a2c88c5530314647fcc6ddc7d634fdd7cfda33ee606a461604ae52d853d448bf7cccb6dfa370a0c09bbe298cbf4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 4e72c4e75732595f4dff85833815988d
SHA1 144a08adca15b167ae9b19d2773da526a1401815
SHA256 729dc9323e07eb7d77a0fa98f507ef6c6aa022f4b0a3e037718e1a5e3912ecfc
SHA512 958c983c7caf9a6ea84b736f9c2707fc9689ed34a7f0eb0b4fe148caefc6c00aeaf9965dc2875e145d589bf6f4479fbc303255460f6c4d4ab98464eabc306315

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 7df84c00b428356ad0ff989185647ec3
SHA1 9934cfacbaebcefc493611b859e55fa802d489a5
SHA256 ad9f57102eeb353dd97da5e400c2808fdeb8b4f16d0d80fb2f0bf6c75f959890
SHA512 97ef979741d9ea9693506b45430059ad37024a75721cbda88b7766b40896cb81cd0407d626124155b2817bd4b87295624b73d6298500247fa6a124909361ee45

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 dc33b974c46694d8cde0d879f3c841b2
SHA1 2b05b66e9a2b0cf1c0fcd4b156430c825e852b9e
SHA256 e073c8cf863d3c049bedf21116aaeff65f8e9e907874e7eb1efae7c97507e2f2
SHA512 c020b0113335c4d20a7073b778c68c0d05afaad291dd00551d6facb3b2be98a41c519dea5276526b904e82419282384df287ae09c852859ef92acb2ea870e4cc

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 b159983455ba7e56dc0be82d5b835303
SHA1 fb09eef98129da0db0c4a751ea01b9fd47b32152
SHA256 65118c657f0ee7b80053b30c06173e3468504b2249efb6ac46cdd84abd571f04
SHA512 dd7e26886455dbd5ba3c90dd320bd31d95c46717eb073cd7ba8a26c61f4aeffdfff7a77f8a44a54ed5065153dc251b1a151de4f940dcb4f082e1927eb5b7184c

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 799bd41f59ebd945b98a9eea2b8aa3b9
SHA1 76fec35c9553dc30e06bdce2e78c5adfb4cdf2fe
SHA256 7a326307a35b6dd90c8d3f35ba006693ca41a3f6f9c6e1605b9036a52a40c08e
SHA512 f72e363581fa05c0a36bc4b9961cc816e25c3b7bcd6668d6710dfccb0e8618112966e0bdbe66e8ca5071ff1c24991ae8795dd9c898bc67d2be724c060f003f7a

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 667d306b3ca8e4c400c0aefbd54c9a64
SHA1 2fd90854140581ea0b4839d1c2b344ce0a6c5c64
SHA256 12522186de4b8d46ad5de14dd1c93f4b4600d8b9a71aee3879d9eda3b8d4cbec
SHA512 8da4c7e98043d53d5d445b6facc07ecac35a7b889100e7eff207125e43273b07a52081efb972ef6119464dc8cef6850b2d2b028687275631c288acff90a11592

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 03e4f56eb2cb90f807a5ca0d7c6ace6f
SHA1 b0265fb18afe7ede1d32c40679fe1068152599dd
SHA256 214ee6269911d0389e8205646622dc392bcba89e3d85f2a9a1befc93553b38be
SHA512 12421961a124a04677dbbf91ffd3efd060d03b222ca95406af79047fa3d376f3e2e036deb8493575da7cf322197a63ce08c120f81c2421e4b53d09b8f9ece6fb

memory/212-11329-0x0000000000400000-0x000000000040C000-memory.dmp