Malware Analysis Report

2025-01-18 20:41

Sample ID 241212-fd86nsvrcm
Target e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118
SHA256 34288a08437f61d9d10c89afcebcb4796894b9a0342792bb7e757f0df4205d02
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

34288a08437f61d9d10c89afcebcb4796894b9a0342792bb7e757f0df4205d02

Threat Level: Known bad

The file e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2204) files with added filename extension

Renames multiple (2199) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 04:46

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 04:46

Reported

2024-12-12 14:25

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2199) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_shutdown.inf_amd64_bce6891915e70bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_facbddcbb097c790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_NinjaCat.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-to-phone-small.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsBadge.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\dashboard_slomo_ON.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Wide.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\9.jpg C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7734_36x36x32.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplay_white.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCBlack.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\32.jpg C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started-2x.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-40.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-shcore_31bf3856ad364e35_10.0.19041.264_none_aeaa2838b477ba57\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\Assets\SquareTile44x44.scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rs-optionalfeatures_31bf3856ad364e35_10.0.19041.153_none_a19d106a8e48ae06\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e6a1faf2976af98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsCloudIcon.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_usbprint.inf_31bf3856ad364e35_10.0.19041.1151_none_ff64659feaafc409\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-tools-mmc-adsiedit_31bf3856ad364e35_10.0.19041.746_none_911fb46a38a61421\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.964_none_bcc003ba46884d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e3d1aaa670ada64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.1266_none_6ed2b5e6b73e4927\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-media-format-sqm_31bf3856ad364e35_10.0.19041.1_none_1a41462b72cf54d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-adamsync.resources_31bf3856ad364e35_10.0.19041.1_de-de_ab563631cf304720\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.546_none_55dda30e714dd974\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-skype-ortc_31bf3856ad364e35_10.0.19041.153_none_c7e282bdad806bdc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_9bc605b9fe353201\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.io.compressi..ilesystem.resources_b77a5c561934e089_4.0.15805.0_de-de_34e0fdc7077a7f69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-a..nmodel-datatransfer_31bf3856ad364e35_10.0.19041.746_none_07e30babb0017e5d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-security-spp-pidgenx_31bf3856ad364e35_10.0.19041.1_none_5b4546d6aaa55b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_10.0.19041.1_none_5306d8ad3dea0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-d..onmanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_802b4a68a8dc26ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..owershell.resources_31bf3856ad364e35_10.0.19041.1_es-es_fb56463572a4ac78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_10.0.19041.1_none_7bb04eb43a16f528\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmpnss-api_31bf3856ad364e35_10.0.19041.746_none_ca3779867d8caaa7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_412476f11254432f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevpsmof_31bf3856ad364e35_10.0.19041.1288_none_206549b517cacd0b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_10.0.19041.1023_none_636449faa48a1497\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1081_none_955497efbb030cb9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-white_scale-150.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..streamingdatasource_31bf3856ad364e35_10.0.19041.746_none_31c29ae741516d9f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.84_none_57e9b6943681ada7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_3831e999dddb73d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_78a5ee8e15045af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-penimc_v0400_b03f5f7f11d50a3a_4.0.15805.0_none_2a4590454d072a30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ockscreen.resources_31bf3856ad364e35_10.0.19041.1_en-us_27e8840fc4738b61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_10.0.19041.1_none_e37e715d37185736\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1266_none_3b5dd00fd5ca451f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5fdd841c6398619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ScheduledJob.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_9ed71b6af364d7b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..cfgclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_d7b2474fd9dd5594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_10.0.19041.1_none_bd428e5f29fe1319\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-printing-powershell_31bf3856ad364e35_10.0.19041.746_none_349bfa9e0638e409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-themeui.resources_31bf3856ad364e35_10.0.19041.1_it-it_eae4a5eb0b983cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-15.htm C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.906_none_ccafd0975c2d8262\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..nextensions-desktop_31bf3856ad364e35_10.0.19041.1052_none_d591ed56c6ab6093\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-microsoft_servicemodel_targets_b03f5f7f11d50a3a_4.0.15805.0_none_b591daa9865300c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.1_none_04930b2bd1f9871f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_149ea16cb012cd88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol-core_31bf3856ad364e35_10.0.19041.1_none_ea6189f30a16ea82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_el-gr_15e130096184ec48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ionbroker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_da3d1f3a23c9a094\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.windows.d..telemetry.resources_31bf3856ad364e35_10.0.19041.1_en-us_a50eac73b51423f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..rs-serverdefinition_31bf3856ad364e35_10.0.19041.1_none_c8f405ac645f3d8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-composerframework_31bf3856ad364e35_10.0.19041.84_none_04cc8ea92b09a58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_th-th_ae43a00fbeb31d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-execmodel-client_31bf3856ad364e35_10.0.19041.264_none_f5517829845fe1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1237_none_bd2b0ef5b58e1540\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.746_none_1da55dc225237a0d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c5f07be36498d5d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe,0" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VXVQSRVGJBHBRKD" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 120.250.22.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/1068-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 19415e075cb169dbe4015aeb57fda3f9
SHA1 0b873a946c361e71792e4e99b620c0c9604c9717
SHA256 d2baabb983ae09a211066b0da58a35b0d2581b10a2e41c0d8e8c789f62606c46
SHA512 d1890e42b08dd65cb4ebebfa781344d09a23c053125bf5d10d9d23ca157453cb2696469e1f28f588ca4d1112d1e888dfc4b0e7ed1d9b872d5b63212cf9a1bf8a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 97adb6ef40c898467dd89226c911f22c
SHA1 548515dd9907d7bdc802cb05b6164e4dcab3a2ba
SHA256 a0abe936c26e8923e3bacd679bcd4481011267ac433303b6b4b19f84102e24da
SHA512 8dda7425e50c85b21947b0fb040489cf5489831d745b1132f53165f4e0e69942bac24b201e8be1ac6db18c80ffaf747af1438db4627699404b8953c904ec73c6

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 48a78682945b23899f7e4807725baf1c
SHA1 7deafd58474cdfc84619bf341acb58d8e28685c3
SHA256 ebf20a2f01c02b295daa0f53f921fe39e84dc42b0e017791e4dc12687f1ff890
SHA512 8abec149e7418561dd1e92a9388ec0fc583f9569f991299023a70eb1036f9075d8f641c62ac8f349981a39dc3abf3dc32ed2a1c5806fae4b196d46ea24c028ba

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 59f0dde2942e986179f1e150bf3af868
SHA1 11f184d41f73f7610167c5b33fef53bc19025910
SHA256 dd6d407b75ea384a4de90ee68c9596d4ef8369c5b6ad435ae2ec8ebde2ef5a60
SHA512 c94e990f2e8566fb0ccc8d9f4c517904739586fdcbbdb3835f0a2c2777150b6c55fabcb9fbd4ce8f82d7be440da2c3f584927ebe205d2e00e3b995d81fdccd07

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 32eed65015be3f7a78b4d2e8873f3d54
SHA1 22498eaf5d050029414de312fd2a706353b1acb6
SHA256 1e4cb2ab29b1cdd178a4116f6abb918a276a33ab712fc8265c7735ea53f3bdbc
SHA512 3ecbbbb9ace878cabfd161bdbd0042b90bb6bd4fc3632357e348493980593ecf9f20597b8bb6d6527ba9c67e8f91324e7781b09d786c307ed2701c22e50d373c

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 c1c58de73f65c772ee028859af7bdaf1
SHA1 b0f6e695f1f918a1b9b5a7ff06d8ed532bd39ac1
SHA256 60633c7f0d3e4b1aa027a16e79c4c2e279cefa39036b10fd51639ce86b27a8d1
SHA512 2208fc9523b5f3af8dbcfd9ea45b406b9d8066741a258946f3299374a6fa74ce2d1f78f7b196a9fe39878de21b20e48ee7066d90ab630cca32154095d69b24b2

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.EnCiPhErEd

MD5 015b80541c2dd57f18f74212516ec1a5
SHA1 40f51398aa6ed2f882f9291289000634b77244dc
SHA256 1601e9b987065690f611002124d49414659f3c567208e91ed8dd8af5c8b4bb7b
SHA512 f536a98af8a9e81aa613fa1f79195cca293233aeaa3a74625cd940597c21550fde648ae84052beb5b00ddc16371929d5ea820a6670de6d3b405e9fdd6f962b8f

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 dad6e6996ad99aa6fc9c1e98a5f7d7cd
SHA1 36a142967c659c5e5ba428c0878f215f19ea0950
SHA256 1fa3546b01e8e70ec5e14e97557009875f0f71e3b5fab17b02486cf0addf5734
SHA512 710d212311976cf06ef7defacf9e925b44bf412eddf6fa08066f41b642dea53d463cdfe5018adc882e012db4a042e1390bd214df5be8abadfd351a94fcb2b26e

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 9b9f830b479b6c64193e44e8874c0914
SHA1 a2cdff43d54d648f6262dedb16448bda4b8f15f7
SHA256 151861186a2ed3dc86f065d9a454bcc5f17d0a33654b457854dc4a5b3785de2d
SHA512 5a6ea2e7466eae430f43654d5a7f2b0d371844953881c1a22fd7d2aa4a8924287de0e43ba9c493522bf11a7c6242fb954050fc70fa0f9384db68007a6c9286c6

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6a27996ce2a723730960bb72d2679df9
SHA1 9232f2877fcc898705700e609dc13f92dc06fa78
SHA256 c622e5d4c59203b5c10f7c0a8d369185e9084e754a83f9939b1752b629dda169
SHA512 1df8d4af2895a7e4981aace4e24e196ce3c72fadf9db3b9ad29e905a69b763953a9335f3d36328ecc35c2a769ebde07523d75c797fb42f56512fa6aafff6c1d8

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 977414c37fe7edec8be39bd3e87306ad
SHA1 53cf3a2332e036dd2f751a85c247326fba7edef0
SHA256 f11854d5ad922ced4356cea3b87da1aae4974384d5e8a8bd9e26cdd13850f3e7
SHA512 e4d00844f4c923844915b991872ac1ee64285f159d523dcbc0b36130bd3785e699483d221d076225ff7fcf6bfca357dee5ec759626bab4ccc00b8bc443843447

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 4ace804684a9f9c5521d7a6703151b50
SHA1 360a7afc205e767d57917ccf1f5a7c11c2dc62ba
SHA256 89c704f59dd69431994c9d28d5e940779ebb766d53dfcf6a9929a77a1a7d22e5
SHA512 7df0daf824eeff58de690f6fcc4ff72d5d6672ad97a0856837993363dd02a7fa95b32b1e38ad581f516ee7c8cc8a332a0b278be2634d02be9649bbf7fb1484ee

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 971ef51f2436a05893eca85dc0eb4ccc
SHA1 b2d02a3d22f0551eee0676bc9adc68ae572252d5
SHA256 59993a3df4f3e27dad9144786f571face154ce9f7fd96326fbd3d64cb0f4c74f
SHA512 b75531d1f91aa2eb82c4947f179d507b44d05bae444ab47a4e752b4940b74274c7dc4b9a39dd284af3930aa89b482f0211e589c653ff372ff778cbb9583c0b6a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 9189b7cecd3542e11a14518b485c24b2
SHA1 669890809a502d2031e10d9539281fdb0bb0bec2
SHA256 d9f509c0c1b2b2648c24699c3fd67aa5fab69c25a59ed79b47fac8a9ec518516
SHA512 a931558cef96b41c88ff5e0561ec2955fce87ce539d44b213fb874c0d3c0bc29038fd43150a4d4a6b642184aaf9560913332b3a824e48f294b1854997336662f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 1f736077fdcb95c7e0e08da6b312ba09
SHA1 297caf7a7beefac11053990434c9082ce12c1bfb
SHA256 606479c3ef7a07989c7d00ef5cd052e3901659f2c530edbda0b5577e1e387c20
SHA512 e8824dce75ed4cb50aef3d3822e338cd0b73c8164e7c0560baf67cb9c898c413111c8ed66b85e44fc95d833e77aa9973f3a99a9b6d950c3b640de6d2d3601044

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 4e3e4f169521f974726196a449438649
SHA1 ce8e2080919ff51da357015bf1d79569638f8920
SHA256 567f102e285544536b381c620ff3ea8e672f09b2ab6b0e3ee84806e89d0a6ecf
SHA512 4d9f112f7f19435703a9e81115834c453dd3314ed36343ccfbd5591a4e6cd0334e502d57013c8054210892e26a01ec9007b230634c8322336a91184a9e2b1a4d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 ffde9302b7ee02c1f535792acaf7f2aa
SHA1 df329ee69c8fadeefad5947100a55bfac54b825e
SHA256 f91423b3d482d8a22f1ab3244b775128ad4a40f2d5e965a9d50ec1f1c449cbd7
SHA512 68d627c526846652d3ca54b57e5d68067f18a38d3b8b23e404f571e5aa3a55eafe4f472e5b8b6ea9d484078dd2738b737b6cb19493099da4696e2ee27c1f30cf

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 39eb7807d50484cddc44067875206a2d
SHA1 c675d93acc84d947f7e63f1c1f2cf3e0cd4c2d23
SHA256 c0fa193e5329fd6166755095051ac7587d24fa5ef17c91a15ab669a55b56121a
SHA512 5c3fe0e9a129cbb4fda6d0149201e6203465b9e1efa1a413ae4f2f4385316dc2c6fae90245c56b1a1cf616f6e6bb019a8226699cea39b364405b31734a8a3360

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 19f23c73308e95679fa816f87f518980
SHA1 03a198e27ff1727725a9d21afa60177408347e99
SHA256 9b12d0193ca3f51256f646da0dd6a5ba7ebc0d93439422e6460afe178035035e
SHA512 a963c8eeba1f2411588a4cd5cdca19068211819e1cd3fe614d0caa0cb5a83fea764dd22653f715ea196e78c309a3c32a024db5d5036ccf78455d61eebf27a13b

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 9c31f411434241d69505649280b93162
SHA1 83c185069ba45a636a3afa8e4a930c018e902bf5
SHA256 5babcfa73bdd1586fd3e0db0bed17b7cc9890b8391468060d220a9f123264718
SHA512 a25daca3ab3665fb402cbe7a55d4bdf56ff716d4608c3486978482ce9b86529a3bd5981e6ff84ff21be6f3e78deae08e768d9aad7a7c9ecdc1bbb9800016ccd3

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 2963cbbea9b104053054ffb7ca004cd8
SHA1 5c375b43446ec11447a380d5a652350c65d8916c
SHA256 a7a5565cb43774e573c58752722d0f9d269dc9e4b1279fafec3e5c1fdb1595b6
SHA512 e32e111438dea7110af5eae7014311a21b0f9198fe2644583dbbb26c46c3ea6177d6df5dffdb478ba5699bf4573e5c96245e839d59e2830907f2071d0fe08ee6

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 cdbc1ca81066a14667d0dd8b8dac779a
SHA1 69b74182db93171a1b51068b7caf26b29fe53388
SHA256 92730f876949869601c764fa1a4f38a25dd706b879b876664365251a62466a7a
SHA512 f7b310d5b59b620ac219dcb944303778996d868e734dd3b993515074c6af354c3afaba9014f4700bf27e71faba162d3e0661361f94715f6ad0501950f13d54d9

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 02584dad1a2b24170ba40e34458187a0
SHA1 dc05d8fe75a71cb40d33e762ac3b6e2a90d5b65e
SHA256 f2f587de7476f0a99d89c7ddc7c7886ad5f172f43a976a136aa8be3b624de80e
SHA512 ece0485398a24923b70ae95218daeceedcad3abd144fa2ae33258648a50c244942fb5a1b52ccf040d27a655d06dea8e40e3ddd2f69e9b9d538febfedf25a310b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 00221e870c70bd7a593f7ac636da876d
SHA1 efe194b9051ed2cafbc8ac781695b255966bce66
SHA256 4bd0ea4b73300dd5c9afea5468f4cbff114efe03ea3be74f9f9840865ce543d4
SHA512 8b63606abff7aeca2801a58eb5dacfb9e37a8ccf309b3fef77ea9eccf257db17d156a993bd0ffecf3a25ba7fae561147888d3c9a6d53c1fa4963a12442358cdf

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 36dfbee9a412e64c812f68e9c7f3c41a
SHA1 54b9cd626ef101ed4cea343aa713665390ad65e8
SHA256 b17b6a1cfccf6eec96b038aa9ecba9c977b1d386d9998daeb3482c82b35bea43
SHA512 b4f33e873c03febb611a8056739f47a1940892b6e248b863bdd41cfcca63ddc523c2980425fe59ef80b974272079d314342204cb6eb3f1fa9e70e642ab71d1e0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 be8d9f6365342f80c67199f9e6767941
SHA1 0ef209fa2bb73513db86d9eec379004bacfee2f5
SHA256 7d0226587adf49d7d69f1b6f0e7f415040be011fde47f4ccad43a3534be36021
SHA512 c7f3d7b43a3633b590111ca12e230d9047887282431e3065033ff673d903204fd84a5ecb9f08cd237a6452d767a993cbd58dfb589de11d5fcaf5b2cbe25300ab

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 aa8cf772701ce0e2552431af6bc00d22
SHA1 967d32d0ccd32b1e7cff1c1b354d03826fa41a32
SHA256 62ebd2077d28ad9be4652d42d1f231ee5f4593d313d9e45ce7054a8248348c20
SHA512 9c62c0aa088a25a874ce74f570e31cead9854d385f6ffd5015109843d03b9f294fbfed574bac0b4d2c55c6372da80d4ca6e64ceb71013eca6af2e5722bfcc78a

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 5907b0ad20b46fc53d46f58f214e0eab
SHA1 1573b597d1d5510e54663b3ea1e39f228e4c25c2
SHA256 cb3ceabd773132cce085d41682498f4985fa9363dc3be15300661ee90528abbf
SHA512 37320917935cc0dd7cb5776c22411db844c4e52dae3c080bdea38b1c3949bae46bc93a0ad9e2375c1ccb32d99ab2a04464090b83fdd7ad80a0a9d2ecbe68712b

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 eae751e7711d7574e227927f75690ccb
SHA1 5968af56b1018b78084a8ce4420b10156e9f38c0
SHA256 41e2bfa225a8b8f4a1ab83e312d0038306c83678774caae8b17c29b3bec8131d
SHA512 e35c9f4a3e6302e115a425d47273bf86849cd47ee8a37515a6dcf9cdf15e1b9031bec828ec1f5287b2df50e99fab010979c5b0b9bf534a7acaa06d203850a5ca

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e95fe54cdb41eaa5bcdff31443306484
SHA1 d218aa1170e59a85cd42c2114eda6c2c9ed5d62a
SHA256 c1bbf7430c1b828a6b21fbc802993f2864ce1752d59b580a7a6bdfe5844a4757
SHA512 88c21c01b0fac4bff06e03e8e89d1fa3ab5364439b780ff406c6669701ec5eb4da72d4bc3c809a95863ad9aa776f83c87a8c448fcb66044a768d3c1514fd6e3f

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 8b9146aa24ca40141c035526081e3cba
SHA1 932c1f2857087f98ac576ffc76d1332529a42ec6
SHA256 b29882ad428f36c527be92442d33bb55e3d872ddf6c0777cf1595bd65e85b9d8
SHA512 b20c3d81fee0f54cc5e5c809045ead5e1d389919843d1128b413e29dd9d41c7f45b07510d27b5e8a64e248d489c1d87c63a5c05c13fcca4f0d150914e3cdc9cf

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 96e33ceb9fc6e2c81289acf9d565be3d
SHA1 c770db21f3fcfcec05065c22e2802f6be3ad9d28
SHA256 2d10a25eae1adf347afbc6421ee053b5947b53eaaafee71333800e82e347dfe9
SHA512 a9dd136dbf9dac83d47acb5a99820175eecaaabebbc0af745e965104bf79a75de07c38d09291417ee99d2d5aa8ee88827d6799e59b3441bf5012f6965fc383fd

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 975b994a4248f386599fefd10bad1786
SHA1 6bebba85f1a9122e27f8f3dc4f09e34b62bb4aa2
SHA256 614b6188e48ae1a1731e90eb87cf834d7080e1f0cd64789a842c2dd3390b6ced
SHA512 cbff5c927742f7482e484cb79a0322549155f05c9a9bfec5b3e537852678e37395535e57918dc40831913b6967338110a606742541536b7de87318fee4c2f53c

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 e7d116dbde96e78d4558f104addda973
SHA1 f9f0c1db52e4346f6e6e1ddd44dfaf9f50e0b106
SHA256 46a078c4c244119700b02eaf6b09b2b8c067548b3f86c7c4f88aafe254cb6327
SHA512 99084637d8ac9c396e8c89baf90533adb1e07bb7b3c9c8233e19148fd01adb9d3c0581e8fab5a56d5f0d47e8d3871c81ff5468b455ebbbe56830b7fbf6d6b47c

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 82dac571cec91608e12b315a56951115
SHA1 b5aa6255f7d028e6b1ef15506abc9770267d2b54
SHA256 5d7f53bd1c915fb0bfb5668ed4db9072fa9dfb48bd19c357c5e47c277897b851
SHA512 ede9fad007e2a25756341f38b6c0e35783fc76a289149c9cdeddd721f1b4af57c717a2a845857caf9fef5952777e8cac4778c9aa09cc593702ee912682455d09

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 759e8c651ba39e429492a7692aaba197
SHA1 2b1ed32a9df1ef7e49bce248d34aeb9ac8a42806
SHA256 bb3732e819d7d7a2b6fb79c86c38d60d05be3df9b1e50f801ba3e3f0ae0085c6
SHA512 310c7779c402ec098b0dd05e00000fc0e20e2ca65a31c2bf3fa220dab47c7d73e069c7230a00d3a471f08cd22d8b067b211a9428f1af8c995ba6901dc0c88d96

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 a871ddc5227be21652b6abd5db1fcbd3
SHA1 92e149c7a1c620a431aa3e8cee8cd514929c50c4
SHA256 48b1d6a75ee7952980e432f7b5809d3814274209fc55d5f26bcd9d45f64e84c8
SHA512 0dba061e123304f6e25050a02f073d26ec07ec730db7aa4d0a930507ca2cc0ea392887d715ee31c6b39ddb8631bb006c924f8dfcf35367e6adc916c624801142

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 9cc0f6e768dfa05b8e77754527b3b66f
SHA1 e1cb5131daae705a5222f46696d7e3cfd4e177e6
SHA256 65064339b5be305a67372db9041f7ddbbf8111761f8a09598ecba8a5d304cb81
SHA512 2eb41bdb67795d34bf761a54b67fc2a22de641638effcf26155f7887900436f558d6a9d653a32dc985512a6f1c089cf0c8f6b53dbaf49952527aec87a4f02509

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 a1a5698159af8e8b257b4dffa8308d1d
SHA1 ab9fe8774a90ced8d6bbf2eb4406d6fef3fcf1ff
SHA256 9b2ad228060ef206b147370d488400d7dcb0e68bfb60e741efc2cbae3a5462d4
SHA512 f39dbf45b3a5306ab74605754764e5c738562e46947056852f05e87709bc8ed650218dcd6bc9797ba6b415141a108fbcd8f6b7c754c6b23f717e4a1e7b51eec8

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 312b21c05cca56ed6ca382b52153816d
SHA1 4f59b0657bde28da08dfbc81254a173aa1dd2fb7
SHA256 521ca44fcc5c214a5921c97981ccab2d854787a897c5df25c812c10464bea488
SHA512 c244b15e4af0164c5fac56dd90593a0a8ad914479e6ab6068a886ef0318687a07e13f949c9ccfe92d95c8d13c42710bad4da163772b8f8bef431e247a81178f2

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.EnCiPhErEd

MD5 d2b4f001ffc980ee83568ba58756682a
SHA1 ce805253e419f679c10f0c30d0eb01e81a09c3d2
SHA256 663e92cccd0f9bc89cf3cb3ccfdd9b3d60dc3893b220cc66744d7f08e4154dd5
SHA512 9b831fd26d51c0079c4ded3d5acb7ee4a1a269095e6edd5ec13bb77b4ce60acee8ede68857562129924320a3a5a9a5b040337efbcfaf0ae6f414c56ce840ee47

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c302ad8c4e99dc9be143dd177e3823c2
SHA1 694140d975b6ca7c8eaf479c59cc7ba7b14bf1d3
SHA256 b64b81ff15d3f9f74acbbb583a25120890da2d2a76ad2c08d193b1c454d55fa4
SHA512 d262b2a12514ddd4d257430b975dac854bbcc946bc916a3d912d584f754d6852b470c7c84a2b014907fa659e68f3bff3d5cc9468f88912ca20b2f5e992c0489e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 e7b3385f2dc4f2aab3ed6f153b2c0e24
SHA1 f7dbb5232a79eadbd550d46dc76c7f9acd23cb1c
SHA256 a28db1698f72c4c6eaa1a153d3524a39b924af4d7595ddbca6a35613500a64be
SHA512 50abad7189d32c0f3dbedbb8a20131f4a96131a5747c870b7d122cc279d92b0d48059ff9355cddc90ca4daec894c54fb7bfe36b85d5848340983309b3fbcf04b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 668b3839aafb46ebb36bffa56c4aeeb8
SHA1 31a589a9dfb8bc995b433bbb418ee1d8f2b4cd5e
SHA256 ce08336ab57154ff6783a6e85e7d1a090da1a60b61677f892f4311d23b3ee3d9
SHA512 1d9e4026e157cc0f8b28edede6f86d3fc009df5e42ae2a898b397f99e5864ce56a4edbe03da163aa437a4e48ebcd40aa9014843faa7b055203a460208217e1a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 fe7f9262621263a3395260c3654968ba
SHA1 afa979b55a154bffd1c0d24743859ef99d73f17c
SHA256 bff538709566185c2397bc1f42195121597edaf2edfb83dbae091900461705b2
SHA512 38640b76fb595e98c95112adad00fa4880068965a0624c07095b0f923ad9f96bf5384d4503fe505bb0f89c4bbfa5f8f804dff2d6462abb15ed923da943b4fdcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a0cd421d66e845f939d3f696c10bc3b3
SHA1 c9541b19cdbc6d5164793df673f219c3bebe1f5f
SHA256 a5a817f54eb104e76c391651230a7a5f652ceae06cd45bdf493d800faa1edb60
SHA512 43ecf4a852269004434bd054927df1d38e1eb80357632fb31c24639adf76cd8783b4a28e490fde8414be85adc0cf3ca92a4462fb619db4904032f4e4072e40d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 007b6ae4110384de6c3ac01e5bb1edb3
SHA1 0613d4130a9f2c2c3426414382f33eba6896813d
SHA256 e5a813b8f5b910540c0988f59dcf96af94b9aac0ada66c83d77811c240c3d91f
SHA512 ff428c72cb0068aff2844597f264bccdb8e18ebab1dfe44a1168a8a63c4930398d81a2c24715d42003df089e4fba912217f996394673eeb232cd7e9350af0374

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 0954d9532efcfecbbbaed52cb716641b
SHA1 0c070d0a435d845224755a2b448128903482ceda
SHA256 0ff300d56c7f1c20fb2506aff0929157d6a0adfce257cef24fc8faf4e58e3c51
SHA512 cf36766cce96d1d3dc2ac0d9bcf0d1d3e11a1064ad3bb6c0feebfa354717b21726b02c6c0859d6a3b693da74f76203b9a5977b54081be06255edef91d13d8dd8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 70970c07c1e90a71d81e708a58a09c01
SHA1 81f8d3e1fbc4cc0c8f1a24228b1eb87ae0780830
SHA256 e6993c179ddf078d534eeb269749bf3adb3e59ce2aa79e9824899a6d0ef33c55
SHA512 31cf78764b2f85f7964248cd7607c25be9f4124ada446787447268097dd8f6c695d26550cd155203d4a23374a74432a30674e31b3a36f86fefbbaa26594c0290

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 481485c9dfb7ac0ea5c72e4599150bf1
SHA1 cc09f654f3e5c27e290f4dffebdc40c26dd3f8c8
SHA256 5fc7254144818a7a7f200e5096fa514de7accd4849c1d01a6ab6496287414676
SHA512 9108dedb188b8b75737a01810341180990205914301b6c7eec0d228e9359f91cddc11855d1ecbca7a4abd483f06635a43cc5ddb9a31d298af29666325d632526

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e3666220bbb88e805e60fdb57a26c445
SHA1 480fa47a102b4b4dee870202f1a25f2820053475
SHA256 741561b4e85e4d6f3544d7cffc1b8b0dccc2bb65aa07d24cf15a017422f70ad9
SHA512 1ddbcf8ed21c4c84a5965ffc4504eed53ca0a1f8487f6ef9d88d178bb623bf65e5f35bb2a1cc1d505640fe75035e0c2f1c1daa97dfd6510efaa00cdecb25a67e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 cc5b643476610a68c4d9e82065ee08d4
SHA1 b8e63b6bf524b5fa20df0fe35d6cd26665b9227f
SHA256 9886fb4702ae30ebc8943a5d4461f875c9150d23af4dee3eddf02089ae8db21a
SHA512 1bb371157cf07bf8b7199c45c04332eae61e377b0343c26d757c2469826c191a27b40fa0e2b891d32db5ab3f9a6da5d8e0e1622b2ae8e3ab7591a89da221d6b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 44b3e334b7f3c246ea6f6a3bbbb83b52
SHA1 29981b0c61f2a13171fcf6efb156c93dd8f12933
SHA256 e00f023f4637587259125a763b94859d93bbfef9e84eb3486173bf64528c3cc4
SHA512 d1efad890585d5510dba373a91b05d67fac809d17d824ba5b2df2360b3b4f4a9c198910447f70ef42192c9805de362c59b711a287e8c1b2e8f7709e15d1fda0e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 bc10050e423e78e0c26eefc1bf30f124
SHA1 95f25aa85ea2eae346ba38d41ef9ffe2bd6f9c4a
SHA256 bfa34e513fcc1923b9f31bb7120e0cfaf6934a9a595c42748bac46dca9c13fb7
SHA512 a3690c0b6761599b2f8f65348b4ec0552da2622e112d9404ab4a07b162a7adf8a4bf0b184aed04aa06f70ea3277787e4522ceefc5aca96ae22dfaa0d53ac09c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 d34b1beab65bb0631589f75de957f05f
SHA1 953cea24b9b022c3d8ac956f67930178fc4f58c9
SHA256 260bf86eacc7ed5d3bc7ca449727a99b427426d010e0ecad4efef1a0444254d7
SHA512 c4bdd07b2d2b53b28eededacb98f341ff72b58abc09203f7831e62641cbda34bb16893adf7099f860b6b921b7748c36ab45cdedc4fc1af16f3671fdf3e5d30fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 30965024de02eb7289b4cf3fe562b297
SHA1 9186e9c772033fac61f57c9e03c0e8c15e2d272c
SHA256 318326576a0aa863ef5ff744f73e5d9fc76cae97f060e925eea792dd10743ebd
SHA512 87b8a404f9654584f20660fdd4b62757fd99f34a828679a09e5c365147bf7ba37d2f86998c589ffdb779a8eab6c7940f08b0e2f5309359fa4a0f33be011a32e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 0256a96656389fc15a002c7d84fae5ad
SHA1 4d4d663d54e3b8d5c0ba0b67db291049a03d9e62
SHA256 567c1ce53c566440a8232dc6887ba9f4339566115d5bb2d05acf700cf7ac038c
SHA512 8649e08803c0fac538b2a7eaf931dbb8f5ef1c90af941bbfd8a9762f685d4a15201231dc0dbc6b464a1ca74e84d55194d1028da078cc4ee3b89ac5e140ca51d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 ae69ff6301cd8443f2a2f2d7030e4cd3
SHA1 f5134664b36a220fc696b17c884e4b799d152ac8
SHA256 61aafa5bed77164f8a4a858aaed656e8974a8f5fd8e36962d2242105778d326f
SHA512 e9dfa1ff156f8f184cd87336b5a6dcdaaaf57c8581f27301c913c904a040f7f6ffe133dd36c2ed91de01e4cc26f59ddb0c6224d93fd979bee2439d274df5b008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 7dd3def9ccb72bb4a32358405b1bce2e
SHA1 594a72dcfd1111fe586f2a0f311592d6d551ffa9
SHA256 f74dde6aa6e490cab4aae6382f0d6fe994db8226bf8419e459f3fba5360d1d45
SHA512 c74e49cf495f609f8603002f271ddaf657f3b95ea452d2349cfea56dc3c44725908dca9a2d2320ef3a372ea548e7b744f2c0dbe53d59edb6aedf2e718e45d3a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 578ba49e3d410cf60c5edd4507bc5313
SHA1 42be0c851edbf69de17d196e71e891882fe954e8
SHA256 b991891d007986b09657986ea78ab41c961beccbe6f53299c2383583aa6e226a
SHA512 7ee062be8947f5308e882cb6bbb16e609c200b8a429e45715b35d1483f6817c4b170ef8211bf4d392c6daa7ee2db2272c46ab14f50b6018c232310d0deb96cf1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 f563f9d583e50e1d7ac9c4c93b1d4cf6
SHA1 4a964f4a6ffa070668851cf49f71b8453ca7e6a2
SHA256 7b731bdb27441292210d07427983064a56e99e438ec69c5e1950de200367ab2d
SHA512 94b4c3a995ec9b5f5c3ac14e0e057353ebe8392e12be86771828eecb42908d1456a93cf43ccc8d22f7ab8d86357525f03aa01f92da9f113d43ecf6938ba2ea08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 f2df47850d1dac8608bc9404f2b7b46e
SHA1 f3cc0ecee975defde7224f34456195fc80f2b043
SHA256 40ab7c4cab207beb3ec0f87ee0b15443478ccade1195de9786b15cb9687d0c37
SHA512 6d0e1cb4ac4fe19798f195ac99bbdbac4b983404403839591d2951d2449eafe00ff6fdf133a0f5afd0df8703b03783c39473b16ebdd4a885934015f0b66aae03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 1855dd007ca74b604b8d2df4a5b88956
SHA1 33137bc56be35305e607a96de7f9865cf1b28cb1
SHA256 095b3e8432821caa9bcedd57386e74fef567987898cd96732704d8a174b79c6b
SHA512 aef4fb88cbed743d4ff590b0497f07e7470b932ec6819c7164b650e748a6b6b58535466d5a748347428966edcb7664532c1965817be4e0b2c051e62b388a5bd4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 a34d47933d4d7ea3b64a5ca5819ec950
SHA1 fa2fcd5acd1544ba6f784438191f317720023358
SHA256 601da43f9deba1df3835736f69eec89af2f0dd40ed043936e9b5813727a59120
SHA512 9cb0fc0c2f0c75984ca0610d454ccc37c6b7448b9207a7af51fcafd71569ba09b2a0d2060f6c80335d8c5c24183efefa78de2ea2809e8de00c403c84d2af0eab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 7cfceee059d3e1eede837aaff96fa5da
SHA1 b9a545f378766d97bb3b5aded3c17f610c7cf93c
SHA256 3ff19367a3b0c170d8d39c9208f3b39a84e272a956bc2a01cfb79a359233cd4a
SHA512 2a0e0700479e966b8d646dca781b3a4b66072bf6965036a7355f0156cb4f081282db1b8d925efe12d7566b0210d90e47f9db13aadf8ea5559136dd97ef8c42e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 712d7330686eea61384b33805dccfdfc
SHA1 377064ee7fa89e8d57620e072acd767cc8fdba3c
SHA256 ef7db1ab6787ac33288d0d869ac54dad0cf91d54ef29ae94f0951340d910d65a
SHA512 b424931181cb72bee1044c23f993eaf3c7b650cc424c0993c7eafa98e4351ef9ee83c8ab4e5158202212a1776c1e51e42207ff73b7942254b5930a246b8d09fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 fdec3abd27db1338c29c54936f964caf
SHA1 f30b59126c9a712b281b1ad25d4d523b52ff3f07
SHA256 1236ca78294e1e8a7ae5779295a459afc0fb5001b1d261a5b39824a311293a8c
SHA512 8418b4fbaabd4235a0bce946354e7338c1d393b59cf6c833060ca6af1dcfb7ed7454b3f7bdb7ca58ca01ddb70f2de213566e4ca4d2a3258748045c677603397e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 c13a1ba61fbcd92537f6b17c6a31d891
SHA1 8534ae5231cbec9aa1aec9bc883428af54241b59
SHA256 6f5ddfd0543fb9bbc00230a9f17bc2c0be2a8bde3650d017efa3208dd677d5ce
SHA512 61c7bed9f8de480e8efebca15ca005586e58f00f97edfade827b9b8bfb0ad14596f9a32321ef87f73e1ad062fd81043f0138aac7fa41549403bf56ccea84b8f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 d393bcb0c6731fe05e53424de591d0da
SHA1 acae9af5d67ea61446590d243bfead04b294edaa
SHA256 a2b189a9336a438b077b1985a289dc2503c0e57a5ec6f857242b0f991ee9d9e2
SHA512 cf701e6637803c1d2a18bd82ccfb29ff3540b757feb2001c2192e1592663043dd1d9a9654242907d6c38456c8adba7d55c77aa89117afe78d47992be05251caf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 0936b46efdbf49027253a3f5eb51d5aa
SHA1 91e42960364d45bcbad86dce7da54eb1bc275cb8
SHA256 4b487d6e44ac641615e2a06cd10952cfd6ec2b5096c31c920377285ebafe46c0
SHA512 b476ab9f37333130a37a87ab0e84838d57a7ffd2b5795b84cd37ff55fce02b680c684321bd225363e46b0b276f985362991d21ae3989ea3a5c027ef2888ed04d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 785626c306a74d2bfbf8cfa8847edb10
SHA1 57e1c48a1cb0979bca7571f46d4b4dc9dd785d50
SHA256 64838263f1d981821da166ce14301c1b7374757bdd00e2bb4e7726e4cf2f3a16
SHA512 934d23186ccb60e41114a3138394d3be0757d15bbacddd4aef3835ea1def9152038209e49ec332fdb74bde83882fca12ac48c8d73da99cd44c220022daa7a76a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c86c83de923ae197ee6b163977bfdfd8
SHA1 155738f0c76f043308c92edc37b4f820b2fc0264
SHA256 8d5ffda4882a4171764f5a83d6b156c99845dc876c8dfd25904bca0a36b12d00
SHA512 7d14c7432af04964cb68293c406f16573f3004b39a4c0fb49ffc87163fe7f338298deed8d1abb5b75ec1bad06ad2562a10db6c8ca059aa31c8d1a681d533521b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e6751df1bd9678ca80726e2b2ed075fe
SHA1 794a5bd92b237a2bc5830a6cbe5d0aac4f812ef1
SHA256 4b71efa2d0142c081218a628c03c2b33d7bf8265c8f74362721e333d3e18b7dc
SHA512 db26ce94e2b6a1aba06caeeb8ff8e9b3f881e1c8af528c747e588df532e736e9f9766cadabe556b4c1dd04717a8791617452abb2b39333e06231ae0e97f896a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 9a79f5912503839a51cb807ddda67f72
SHA1 87cab1f5b7ed02ecccf26387d49fece17b988b65
SHA256 082071268ebcb965dc1c612e26f7a552b648705cd05b32bf71ec809bfe187a58
SHA512 2a48a32e93fbe4d888890eb4354435eb18c898ea0ca178872821bb99fa394e166340891b0dc891f05bd6ad6a579180bd8d08de7ad9f0931af2bbc899e724d0a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a34807b458057d3bcfdf9d497fccdc92
SHA1 83ade91c50cb765050a28d60d910b65785f7ccea
SHA256 eba89b573a96437794ec5c953de8ce87dec07c427282763e56ca42eadaebabc5
SHA512 00685a8d9d0d8dee58a2a1e8e931ede2260e7589daa2dd1ee13e137a460de23661ee95d67f5fc1c66ffa3c3eb2d609abea51cd176046cf60b0ffa9da5e03cf79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 dad631f80ea9ef5b3aa5cf1390bc571c
SHA1 e64a87eccadaccbece1b37c5b447607125ec23d5
SHA256 5bbc3714e3eb2300b2a38d85043d149448af28f26fcf802b3311434b6c271e6b
SHA512 2ea1d7cb231a80b944cda79d11dd75fbf5a7d04db562c55da4a00c4e73132a7118017e7bb52cc2132370877bbb33bc2f02208a53caa530d0fcc7d9d3a43c3e7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 7f849508ee0f043f6bb29299559f0beb
SHA1 5540e58ae1f623941f71eb4e2f52c893bbe5925b
SHA256 56af7ad2f3ee0de0d4fac57605cba219a245ad946da6c7169247cc0db306b280
SHA512 9f8b92d2659fd70267ee862fe7e0a377d584a97d5b2b4524b2d9915e39a659fa032f13af0c5441749fdb7c20ccbe52d662e0f292ad814f0ea120b5449d835370

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 4d4926a895b528790504c1f5af0734ae
SHA1 969b227c561b98a004e3b68769d8f305a48d1676
SHA256 509b21c3b90bf111149c320f79bb9ce114943beded2add8f36833dc1a5ac140e
SHA512 df198f3da42eef647c93a38ba7242fb78d68929d811053fe29058a03b94a1bd6d8098bb29cef7cbcd08af03067beeddcc5dfdf8914c95a5070bee89dd0b9b4ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 97b94d8965b97f584809d1fa6f406dbd
SHA1 0330e2da1407a1c51ffd842a59dbf5b4fe208b8a
SHA256 fd36430cbb804287a6e64db86971926d59799e64ffac8cd469fe0e6c0c4c9745
SHA512 44e5eee61290eb88ce22bec4306d19debb20a3764979efd4cb01af3786eff688d5c9f22a86e96f0264a7e55afa5c42ecbd794173bb27b0f10486bed8ed89fc10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 ef8a72660d4ad3e4477eb46e4e3937c5
SHA1 a97b838a62674598b9f09a837ed10f5d41b7df1b
SHA256 2a03405b88611cd264306b77a0253bb9b74f07ce18c6abb850adf2d2bc5cd109
SHA512 78184b0dcd0d7448adcd0481efc494c2937b9971c7fb82f80a35f90026421bcea9bd74458875ff4b8a41a20662ba159f54247dc1a21cd9e940ce98ec1ca88f5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 9bf0252c8764945bfe7a21519706fb18
SHA1 d4e9d5e97e59e9b5a20ef9f450003308152512a8
SHA256 95c0b4e0e87a7d2f856c86f1e93b9a4b531d5df4d5da2cd47a94136d1f7410c8
SHA512 8b3b5345ffa41111dec49d25d30740d8e4f4460e8e4109a8b5921feb8afd2b1fde305a9d729d552cac16ce2c176697c007b4ff9899282da04e841573d8d27cd8

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 81b632ec3dd6b9a40a6b30dee14afaa8
SHA1 5a2f4a2be181ad9eae197c601009e9a13230138a
SHA256 f3c46226cc73eafb781962665756cd00e7cec84dd488b72220f6288a3f5874c5
SHA512 864c8fe1b09d19822d99e9423d98ca735c2177757062049b22fef5a66f3275f5a27cab9c002eb4560d667920f2d0481280f48d905d49f34c0a0b98d20e1035e6

memory/1068-5031-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1068-5032-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 a01541df14605a4869122106dbfb6bce
SHA1 36faf75f6707260bab6469de7cece06d98671741
SHA256 eb3b6b371c8b8c5e224e813232c97cd54c16683a652a8ec515eae3fd1da576aa
SHA512 4028b89ce19c3c1c7fc12f77c42297820e62689a990f55173ab6e65a02ca2802a6a6efe1c0cb9edc3acc9eba740a87c5be3b7b1c6f7fc4936fa875326f48fa71

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 224156ae69f7a82678d81d8d499865a5
SHA1 76470fe734cf80b5f5b5bf33fa7adc496f887197
SHA256 d0e193744ea2c8764de57aab0f29afb33470fce857207e55b34b077f2ba31349
SHA512 a7073267d0eb57e74b70368ebe9c74ae8b51dd0d63a73465bf447a13db7c59537f2d847798280ceedcf8ae9dda2058632159a6f355ee484aeed128cf33eb80ad

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 034c2534228b0508607aa3ecde53ba0e
SHA1 56ce4bef07f695b011a184cda800ec5c55d2e83e
SHA256 c08d1f829a9fdbfd2c0face017f854630a1777527e78a005874b68ad61984266
SHA512 1ca37cba94dbed144f06c5d8000b823c19c69a18b67da01400ec670c45408b59884d570bce0cce135f67074cccd2f0372d9e4d3f661ac09d0c5402766b659ef1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 df3faa6df39c5508b131aa3d8a9fd0ff
SHA1 e1da4eadc6706d847d300fe0f9e08ef9b1180608
SHA256 f24dba0ac9d450ab5bdf1745411d6c3845ea164d6b2646a6484393efbd8af96e
SHA512 21475a6349495674511120de2c33ae9a4fbfded0663df59cad461d35065d54b36d7835904d7644d94de86df96532e97ea0a4481ca02221cd3859ee886f692a0b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 fb73f3857f767d1ff406bd1c2cd7628e
SHA1 f066d19b07c6dc202a73e24a5a7dfde11fb76cc3
SHA256 3b102ece02791d8063e953c58f108d3db1dfce11fe2d0843cdc4100df23ffd6a
SHA512 91989256bc6126d661eb17dacf83c214f3aa3212c50aca79469b67d4f4e8c57bc240e0bcc759be001aca3be46d46e9517dcf3894a272602aea5d769d6b082a50

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5bd1add6c88d794b9fdb0423554cfbed
SHA1 58c2c6904c60ba4c1af951be1bbb39276a93414f
SHA256 7231df299cc0e0e51d35c9f16b56f7baab3f5dd1fdf33bf7e6b58da190ec2bc3
SHA512 2ae19178fa1dc24af651983a3cd51b42d90d908c6432e1584a75ac1e45fa2c849191b0f29e320ddce7f8b1fab6bd85d507f6ba50c1b945eb871937de3d6b0d7e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1aea3f642c016da2ee1876460a3e9ee2
SHA1 3883b1002656e119cfe1bde248a92f4807021ec5
SHA256 91549b3b19840b433ee186bff1d783d0dfed6247d9e7fd006bfb6d20fe687afd
SHA512 ef268d88c9a0d5052406c80fe9d742da11ed763c16b4cd034d95f08c3b708958e943fbf5daf55e551117391f3d5305a856cefc9099e8b512b938eb7eb3c7efde

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4c98d6067f0ea2afb5aa2d2554ebeae5
SHA1 4d30d6ce3d0388ad3fad5ce628d3fc5d0d348790
SHA256 5ba2991435a01c91c9356200eae3fc1576a4959469c3ef89f77424f5f1213668
SHA512 dd2210e9767de471c838fae34fcd4df6f9040c56ee9517d36dafd2f9d970d8c64c651c147f24da172538b64a70c539f9ec9fa36d084ec2010509f476d5a45b33

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5bf09f327fc24dab153db65a8d9660d0
SHA1 1c3a90046ee93ce37751539c8408780a6cbae4f8
SHA256 7e3aa5473521981ea3b789504f0f3f9e4d31f133d695d554abcfae7fd8a54e4e
SHA512 308006c0f2c98d2212b1a0f7fa1f54cabe99fcb1fee5788fe4eb264c05999707214af26c392a282fe6349d6742cfeb1012f33d748f26f1bc769c0ebca622a4e2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b7a4e86d4d3b5af014a9931062b1fda2
SHA1 dd09d37adf4ff318fa288f1d861eda46e58ef49d
SHA256 c9e315d60581a34f751843f4f40cdab959b55f858a823fc8e5ef6a23c45414d0
SHA512 ee73d537e91346b95cdd5e4d9deb0f43dcf6ccc9c3adc9d34cf118fbe7d892a38c309bff3159b52d645ba447b93e7df1c8f6eae1819dd361165e2f136fb2a04a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 97123fb20e5f5db7522e89280e2031fb
SHA1 4c2790c7560aeb5e3427c5b4e459d145a49dc532
SHA256 cac96b9debef2f2a4854a5cbdbe49cd86c735e811f9641cca1f69e9e8f163efb
SHA512 4eec867b66d04112c1de3387ffc1cc0c3a141a90bef62b9b213167caffe841ccd80f412168381b89f06598a3de53e731134ade4261fdb7889add4c4a91761f68

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1e58fe067139d8daedac863e447c8a1c
SHA1 43a5b454098e66624dd40594f12ded5e72f23a19
SHA256 567bc11d9b25eb42e749ac9e9e464d69dd32f46667d2b634a8d4d10a546134c0
SHA512 6cdd07cb480ef60bb6715cf761dd36dd7caa40302e16e1d0c7d84ed99dea639bf76abcf9467143cce8fa0004ac0c6e34e978efc5f0160406e788abd2d904f30a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 5f947aa1b00c0ac790ab8bffd396d774
SHA1 22cb7b86cd8debbda1af22d3cb32168b7aadcfea
SHA256 8038eb14e7ae6e1d1aa02dcbc82dc09211a75b8ade195fd5674032f2742ca22e
SHA512 563e0ad27491f3ad576f0d73bb4ef512eafb4ac68f9fc8a83052400f3861274fa1a5cf9eefb75811222dd88a5010a93c447160a869f7b98f37597b986a5e1abc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5f0c6810cb18abcea7fa2a15af609539
SHA1 5e20bfa4361abba197b373bd65137260945a82c4
SHA256 bba5943d2d43d4f86fd0d7ed76df98a22e8c59a8611b9746dfe82da1e57710f5
SHA512 51db0355ec128fdc26cb1ab60fa9716f9ad13fd6fce748f10e3e851b13b2cc3a3e43add4537f2da0b0507bc781a96cc2613e513fcb91c6adc3bafd5676c8e451

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 374493175a734a6002e039b7cdf0a47d
SHA1 d1e25557284d0927ebd319e66c4f1421e65e09c6
SHA256 673d0633074c270236d06d34f395ac7428e9247863771d8f806636be7829e0c6
SHA512 b161767f8e82a288849a0542310aea245744d0f6aca2b16b1d5637d8ca460bfcca9901d4309203c1b04014e354cab0e857a8dc3af3cb89eb57fd8705b72b20a4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b4f347ca3d917e4eb2deff0552871006
SHA1 94400d159cf4b5e3ab60946044bc716619c9473e
SHA256 e83345de35d38c565796d311f9964f4c8aa990d6df350ef073b13aabc9acb247
SHA512 629047832cff49a0df759b5a158b46b9f8cca01e3d829e479d3447e52d73ee3ce6780d0d3035a981349d2ad47a06ce3d685915d8c91e7ee2fa3033a1fce13c74

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 41d8891ef205059df23a1c1bca86cc04
SHA1 46c33fbc564326128b94a32660e27160c1017534
SHA256 1f54356bfa70c5e1a4dd9b5619344c177525c9b4181c0316b1cf399d40a24a40
SHA512 cab5aebbf793954d362102931c7b9449449d24cd83bb3fca5e661869c25ef3e3f4255ab3c4b17ee6923fc48bd60592aae0e1b62fd91898fed7cbeabea0da06e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2f08b2568a66298575ffd4431e6ebed9
SHA1 0ac98c6161a65bdae8d8e97acbe44001011fd26d
SHA256 f09dc0ee49fe05fccb0f2686be335f79789d97967cac744b0a98daa3af6b201c
SHA512 3b15920c176f469138757d55e8f2c6d30c67d777adcf03285e8151f3d3b4ef3bba47d68a9ea49bf793389a2251591e65f76062139fa83c1a5cd67785690a61da

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 6f7772b6ceff1b2755dad7fe2b935901
SHA1 14a5e5f50f604705815495e9f952cde126fbd112
SHA256 ab084f01511e8a874f0e773cdb39190586972a782cc017c5c1bfcff4498d785b
SHA512 42f6dbda86a9465b51a301122b31ae4e123a0242248679ff3defd291ef29735d1997739c59e7f8a9a797d01a3a6d58a8e0d819d034314c0fdaac71ed3bd83453

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d5411e8121de922a6b709db8fa20a4dd
SHA1 ef51cfab054e1ac536bd5c3b8def976785d6feb0
SHA256 66a64223e8d987adc7cfcc90f7b678949c9e8414e3cd47e9b5790526dc85c67c
SHA512 264368c60b59863c16ef991e506fee8d69839c0bc713d4976e4cc3c1ce372fae64a987e90c3f4e709e1e7116ef5f417fdbc6a5a4a21a8a7b28f795d8480b80f2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 bae97288314db63db12105cda252074f
SHA1 ec2552e376bc3187914efcfb35a83335ae8eece3
SHA256 db09f45fa9b73da04c3672947765345edce4d18143ef6a0a89b4f271d6a9b093
SHA512 6566eac582e95158e75820f4b946ec3b387ac364d37199a20e23877cec602100b06eee859ff3886f4cac78631fe3468fd1eedaff0c98ec2da7077ed8c692abed

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 03cf3bf6f192c589cb5faa7c8a06f6eb
SHA1 7862c86098faeb6bc4a016e66361590d0845ed07
SHA256 00d0f50528772568f1939b13d20fbd7cc55fd12b2a5f2fd727fb48c81251b10b
SHA512 85cf848bde9b4a7c98369816eb16637e412cf6f54969adb741ba2b571d924e624305cb6986bcac9dc8b1e31b9a37645e3a948278ee0bafeb59897c9534254f8b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 da566b17859e70a3727d55d1a16b9f4c
SHA1 dde498b03e0206cdb90f73bfa2541633f0faa725
SHA256 86e8f2a117ca3f4356c827de18dc4d21b2e002fcfce68f442dee5abc93c941cc
SHA512 043405eab40695979cb31bc513ecb9244a54314ddaa345a9070f1f4ff9387e769d6305acaf5fa27153a97ffc3e62f6c56d9cb79977523c630ee9df4f0ddb709a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 18fb1e0014056da328074397ac3fdb58
SHA1 3c5b8a8c0d97e31a636b98edf5e3e99f1c9918fd
SHA256 78307dc65c809fad3f02ac44608ebb77d635720caf606611d7acf8a49a19a2af
SHA512 7e5771e8373011629fcf6bb1f02437eac7f9f1b22b629c4f74b01ab3b8d20cc7639ac58ee2e2c5f891158f08afc65c7460e7e01c386f4420d71dda2f59e79eac

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 ccc5f92a08a7a0637c4b9a67019052a1
SHA1 0dc48c25367fb4494ed792c06509c86b17396565
SHA256 52f7161cf0928cbc778a00d080009d46dcdf420cf4953dc8159542dc9bc7807c
SHA512 6520d03b853d84bd36f66f0ec15460bd87be899a1c3f0378736c8631e85d3544936efac9391c6781746b1cb6ea116e030bea306f16db9b3e7a9defedbeac5e70

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 d0de61b3e56678b2b0bea72f53ce1e9e
SHA1 e8cf3c607539e08e4d12230856d1b2660c279df7
SHA256 b10b10de8138251da31382d92745f235e46e94aada1b21a9ac0314b90940fe6e
SHA512 ab57bb58091cbccb20bfae8e71a459b54b39108e608cb423c61be8f0c9c6333934328b9af3d05654123e9a3df0f0ecdb7ba066d2d106c7be0b5ba0d4e1840399

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 40d0297face2b35e146ff75bebbcaef5
SHA1 8115f5db36a3b46444c0a9a7dd660c3de4e21e77
SHA256 ba7ea32ef324c34a07787f1d9d0fc4d867c9993d6d197e84c7e1831cc2e50a2d
SHA512 88cea54e1925ef2aedd3d428f3534fe9b493330ceeedc1ae49afaf450c91dfa7cccce6053c37e8a7fc4f5e5da2a4a42768f5d0405648c865c4dbc7f0f49ead85

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 c19e6c737b475d671fb90eb670ac389f
SHA1 07b78a28b90ed9a8ff26b8386b53398a8b50b562
SHA256 3ccec4c68972467f9fd724a4f4bc6192cd93c04c590a134d6156e40079e8c3b6
SHA512 fc59f5f111581eb6318a695e53d296fb5f7f361d59de921abb91032758fd9595c4195e0fd0ab3191451c5ccaec3e1c2b97c15092f88c0fb0eddf335328ca76f1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 0697491b59e26bcc4fdde8f39831ecd1
SHA1 fe87ede798c5ec7a69dc6305fc424c894d0a0a03
SHA256 41e12b3948b38ea3b9ca84119299b99f9557eee65179f206cfb2c1161cca0d6b
SHA512 cf2976bfd93d4e9df96de4c5cd622d5ee71780f78d71e375a857f38e91e888038d5403bc7ce5c0fbd5bf9ce3050bde04d77930dd89eaff18e67159747cd706ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 4b276ec780e0f0ec04ebe5d0a173f334
SHA1 6759975365589464620294af463f962ce589afd5
SHA256 7b9935fec0955a09c5a3d5f3ebc65ac0eb165a77f59238e47ec0cca384f12052
SHA512 7a5cbf5b27f4ff7e4dd885e695f019041d6dc49ec852ba8ab9e426c8d3d4a7733b72e06a018d290bc1c3e56eaf2b99faf1d60b2caac3687c15b7bda4529846ce

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 0e762bf9880c494b970849743e37ea00
SHA1 62a751cf8ce5221550856dc53618d9bb21eba1bf
SHA256 45de3b21a0a25d2c5862424cc7566c14d3fe06c2c93e4aba764ff49eddbbb0c9
SHA512 4e5c8850051544164322a382e94a25aa0062e8f5504b0b9afaf027a9dcabc4e90ebcbe3c28aca20fa61cd7bfdfee55e767f9425617c3ed02c7cf8e857ae35386

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 797db71365577494438ba816fa2d20b3
SHA1 75221562c2f8bfe2aacfd86ed6fe8dd8f711378b
SHA256 6e6acc52cd3717ab33623d02c635ed997b9fbcc45343ee4a58c73f9f83398d6c
SHA512 78827a701616068c88505b5450743a429f93074a9cd65fc5cfd97e1ca5e6fcc7d5244a28b217f26f5ab79e047d4c8e5be0390c221d53f51d37ddeebd1a8373d3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 f8300323dbd739385a46ea3668f9871b
SHA1 bca7103363db7c515d658f69d6a98874f6435870
SHA256 164ca9852101ec74c35b09aeafdd6248bcff3a95c7f0d04c654eaf709983c848
SHA512 370c0fc92e35946b1701549888cbf7658c0214267153f0b990a66e3cb689234620e380d7c17471c41fec529b2d2af1ea6aec70e17cfd1860308a22c403190e02

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 8c29c5514e5df745ae8a9037bd752c92
SHA1 3cdec88526d78f1a611e0463f6463ccfca811287
SHA256 5c4b004f4304ce4a833bfbfdf1bf449056407b2b5fb725357fb29147c47fca37
SHA512 6cca5256e298d6fdc1928cccbf740737187ab5f8447952555ebc628e3325cc32ed0766b4d20614fda32812774eb519c466041a271941bf811e04fe7ca310b25d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 2ff5dc0b477bd07b10d3e7d1f755f6d7
SHA1 bbc057a9e2893eb9ccf005730b8d0296eafef67b
SHA256 0859708d2832781b2d981afcf79f6ad4b3db2f0fe7c3399d332bb7bcc79b19b1
SHA512 a413fb8d81cb898d0a4b9ef71fbc1ee9b4062ee0c013627c5e165924a252d3592bac1756bf5ba98f53164cbd0c507177c313acfa7898d0c8186f6a5ee3bda1c1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 15607b3ea7355903124afc904e0f4f42
SHA1 7803c858c669a95c1da55a786c50de532c50d52b
SHA256 1c877c0d462a5c82ea107a173fe1161cb982a9637e7260c163f5509f553588b8
SHA512 3e73698ddefa31cdc84da6363d4b886de76eb79c4d7bfd9e0085ab294e16f44e6dbe6726e36ccdbed61b38a9f3ff303667cc0fd7545b03a083e563a8b4b2391d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 066e4539dc8cbb1211960d7bc9e2cec6
SHA1 7e3273c5d42289220d941e242ecd2d053498cdc4
SHA256 ccce5d025329535b5b098ca096a31e93e4fbc444a8147006fc9de58015fd70b2
SHA512 e3247d3f9a336124a9a75ff5d852d10f99882f118589779b1c2dfbea77e337bb34cc9ccc6f11cfaa6fa7737cbba925664ceb938aabae637531714f5aad957732

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 405b81e328da3932618c698fbbe0d99b
SHA1 3975a43fa7722270a3761c099bb39c070d7fabf4
SHA256 2416685ca1583239b541ba9e1ef160215eeff3899eac0c68e4169cdaceb085d8
SHA512 cf4c6085c38edf19c4b883aa3da9c85fa1a7365a0218d59eeef49ddf172146f543a4dcdb10682d302f3aacce22e4bd17e953a7517fdcc6529ee8df5bbaf411aa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 fa60da44e8bc4c2b0ef663b9fc086da0
SHA1 86b42347fb1e3e60f4f4b11eaa85145fffeda278
SHA256 32e162ddbbae3be170792e9ce6b596db37971cf9e6d15a07368e8fd561f2950f
SHA512 885ad84073ed92d8223b7c63a5244cc6fa3aba4f0cd767203b4426489221dacf792be510295cf69f681a41519e9c11ae1f9e65d1fae923cb4892bd368fad9006

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 556a4db468ef52403b05b751d59c701e
SHA1 54f4a869932c5352ffafd6fa2eb3553370495c3a
SHA256 6e278068a06c6ddd50388a587f446d4232f88bf2e6f229213d75152b8ea0a17e
SHA512 68470ad017f01d895d82537ec085eb726fb9ac2691e01587ea1b997fb3b3abdd038014f9bb1b95b319cccb88f08063f3ed88fa5fa6c46cc110be4efcfcb249c8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 103213602f7322f09234ebad6f1873bf
SHA1 614bee596de84c210ee80afd320950b49dba0139
SHA256 bae5e6304167ba297c8e4424eb4b6b2d2ab263ad7652c1df38176181f15b3f19
SHA512 fe9e59c25aeb7d2fa25d978aa9c288be7f8522eeb2bffae1c282ce03b23da0cde1453b447fd7ffcab5880dc5f68def9d8c270cbecc734fc56e6f66c2dcee3a43

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 7df2505ae7064c6dca06901dcd30511a
SHA1 70a662b226b978176f498e39ca72e109b048bb8a
SHA256 63fa53ff9a6fa7380cbf100f205caeb2d869a9d1b666ca06502e77608d1cb39c
SHA512 baa78c1e6dc57becf9cdb9a70640a403d57fe254a2021cd8f192e72bb1878f0b567e4bddc5d183be39d546a5ecc72ce687dd035d45623c25e90c043bff626484

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 2aca75336f69ecfcbefde4d250096673
SHA1 e9ed20cc019ce04c4f7ab6e0f40869051041baee
SHA256 938091db1c47029288b9bc010ba26b23b0a59217fda51155d7537c7f1e6a6361
SHA512 6027ed41f79d1979fb52fb80467766e263bb386725156c4e840c13a24f08e07c910971cb30fe48be2ba360e869d8781f9af465baf635cbec81beff07182fbc31

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 b074ccf27aab7663c51da0674a3095d8
SHA1 8d56691a46feddc2740a70227be64d4150869407
SHA256 62e7c7180e4eb7f83d755fbed06e3832f2a4c49b1aa4827cf4756c5a029f319e
SHA512 f3e9bd5ac6932263caf52e9920febb029d92678a205a2ec33fd47d033d666ce33c241bc60d679bea79c2f382d74df7fd3473060630e8d6e10a814b7a6cdd941b

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 3a569b7ba561d121bb86be807346bb4d
SHA1 a3a52fa110844decf9a6dab15b0b8d0db4497365
SHA256 40866548211918fc6af13d9c4cd10886f318f091eeb942a9277beabb64539aba
SHA512 d0af0fe314a3a23650859d8a805b6d14a93c3ca9d3fafd8fe3bf608df414b27736c5da104661b75396acaea59397fc5bf1128d1db075d954b33d406a1217f5d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 c7d8573f4fef9aa188dd824f5367f44c
SHA1 063a2240b082fa7864527cf266fd235b02ff7d1e
SHA256 58324fcd481a73c688399ba1cb77a94f25440e76855538ef526ae468da75bb29
SHA512 13d53d754dbc06e8c3ea87fedd82e19d86899df905fcbec5f09bf6eabf59a603b3dea7757bf7802174938a983a9db17b8372642f810079a598246d2c9128c4a8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 47d74b82ae9935d6b79031c8a6fd14b1
SHA1 613fec2ac830bb51ace9cc9e28e8ffb02c37727a
SHA256 a7a0274646ffcc8b3189725e6e62de120ba0bfb5476bb24f7dbc25b20fb6dbd0
SHA512 619cc9939d2bf6f57dad1e9d41ffd0b0873e31c5b9d404929f3a4b97a31c475e62b595dd6ea00048f099d18f56f043716c7c431fee0625d3df343b3b6c5018d4

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 527c7f5e5713b95ea1a6f6741740bfee
SHA1 c112443b859014099efc405d5861b3989a1f6981
SHA256 c7a7e31cd80432f4d18db5a42d8883af5c823fb6e85cab935f4efce0e3cac34e
SHA512 4ba7c03d2402c5d2f068d974e9605b314259a186c50bffaf392b4e49a994fc789582c3056c9eda0476a6db9e7ca19570bd59359def03177d2481628efdc6eaf8

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b620b73cfd5b719f5458cd2497e0e35c
SHA1 f0acde17fa2ecbce45800a5fcf6da91aedc0305d
SHA256 6211df375523c59ab05e66f93b1c0915ecdcd2984ad3e98c4b93618fc012cb1e
SHA512 aa1247c64cbe4184da79ed7de09b2cc958328c1b7d98132f16e6e96344ffb945ae1e602d652327d5fc79dfcff4211b4fb225a8fd2c8d9aacd113a669bf7ec0f5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 b25d2872dfa22b2123c3511aeede61ed
SHA1 99739c62753521d4179abfc24607690a55f114b6
SHA256 2d97735f400f0b6030d30de36b3ee8a546a3e5d7894f306784b3223eba35a827
SHA512 bb62b1a873b77b81d00c4b6477edda62cc06badc2d78969bcf90785bb523997d773d5c4899734b057f2b957af0ec8dd0f766d3f1007cfcd6d056511c1e342a59

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 9d2eff85688010a32f564e959a760595
SHA1 ba5d4c934cd5e2471019e01a6bd3cbfb7cec9813
SHA256 59e22911368c3e968f2195d0c740a6a4bab187dc0587f43a8b68badaf33fb9e9
SHA512 8e4abe4e34a6444599fed66fe4cb09832f79cd5ba085d880e8720d0e4338a80d9c70dd3fc2c7abded66389fa67f3f2dbb6c73cb6c38bc64c40368a96c2a9d996

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 2052ad3aa98151f2b24874d926d73075
SHA1 4ad307daa1af1faab531cef746e86d39345bfebb
SHA256 5293880658121d0289e02c96c609aa63fec039fc8b84a76dcd25c4aba2e493ea
SHA512 46f06cd6abc9d6ba99e12ad968d9dd2a29bc379c68c1d3eda2dd6ef8153193b8cefc3f0e535c150f33446e7176ae75003739bac6cb35b24d27e4ef44cf3b5b69

memory/1068-9832-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1068-10902-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1068-11029-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 246079b5ee5f88e85d27ea97e8af88db
SHA1 66fdaf553e47696dd3fb4ad927be6217a6c34b0d
SHA256 d198de5ccb84ce4dc67ecd6ea3bb9874c588c1d75f1409b0cca37cc186b11675
SHA512 737e59fe6ea9380f2dfb1d2c8a430e55f49798074a37ba97f9965485f97c9cf7ba23edb2bbae802f3716e4eb7fe431e2b47d6601c028059e33ea7f53fd135774

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 39379b87c6b561024019167925434778
SHA1 cc165294b9a1d506a5a6062f94bf0b55dcc0fda7
SHA256 b2d31a9a152b83a0c6eba41770d6e942626b468c2f330ec554c5b498d66f141a
SHA512 c1d638b563f8ae9031fcd698d03f4ceee65e1fe4192e4efb4ae31354c4cbc5d3021a8c42b41fe6b56cb639c0544563b89fc9195d779eec1e31994e08fbe1236d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 8d251047b0e1947c8f71e1517a413095
SHA1 7eb6a791d4f16b3637db42467fcf483a2aae84d0
SHA256 1c707be229676381f99d9b452ab18f04b7102bdc1bea3c095286928344c0053b
SHA512 169ca37fc7723f21a42ceb8c92b67cce6a87e20ad35a2fc55176b899735eb635ae833450f781e7402a2bf215152778b0980bc2cd864bb26e38c118e7d2fce419

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 fdb6bfa4886a2adffd85373672bf8d01
SHA1 003ec9d0ed6831a157ab159eb8110f6b0520432c
SHA256 b8436a166224d0522d168647eac8d966e02ac7654b85e69f9c3f22fd53476393
SHA512 fd8cb15fc1466955f0abe47f1c66bda7b560256a24d08f4c67756394b7a77cc5817d60308ab1b34f339a32882ba4ada060b03bffa60aa97505e5d64bb323d689

memory/1068-11306-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 fe534ac6d170a84b258d7daec8c30c40
SHA1 9fd97d9537ebd94a6147dbf0d1f4bb224bcc61a6
SHA256 6e75e1061c193e5e7dcafa47890dbdcce981f445f27a471a5055f13070f25c2b
SHA512 eb5c7f7616c6723c3472945eb55a5d645959602f13fe5507c7fa33c71d0fa6a8904b8a9ca07fcd0ca2467ba6e2688c64409e1b83a0e42aa61c4e9d3dc92609a2

memory/1068-11311-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1068-11312-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 04:46

Reported

2024-12-12 14:24

Platform

win7-20240903-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2204) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_types.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\WindowsSearchEngine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_job_details.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_neutral_8f9a8242d3699a44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Automatic_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_internationalization.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_pssession_details.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_script_blocks.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_troubleshooting.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14984_.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Portable Devices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_040b0688a7f1db42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..cemanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fd4451ed40a2a7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-o..ct-picker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_092c2ad8e41ae243\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_fdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_698e5b1ed44452e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_78fab3f96ccfcc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..sframework-mscandui_31bf3856ad364e35_6.1.7600.16385_none_e6956cccf90c97d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-presset.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f1c4f1e8f8c79ea3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..tance-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cb744cc52d89bfbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\3ea902532ba499bf1260da656c900f6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.1.7600.16385_none_6193778dc77677cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_517c6c94498bf2ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-handwritingapplet_31bf3856ad364e35_6.1.7600.16385_none_6a9dcfe209eaa05a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5e29dc88483c356\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..drecorder.resources_31bf3856ad364e35_6.1.7600.16385_it-it_73c2e10c7a7f065a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5594ba6667bef397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_it-it_e0b898948cb68a39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.1.7600.16385_none_29cdb92232f3fab5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0e8fb2048e644c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\6e35ba22c9762646d5294dd919175c69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_en-us_541d3a4db051d913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_hu-hu_8f3b48a84cb8ca60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8b0dfeabf53219bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_acbab356ca75abf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_21a45a6e648d2155\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netr7364.inf_31bf3856ad364e35_6.1.7600.16385_none_ea139236d3140569\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.17514_de-de_1c8774b320c650f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000413_31bf3856ad364e35_6.1.7600.16385_none_441a0d867d56e2e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1d2141de1f9d6747\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1cb1b76e544bec67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\calendar_double_orange.png C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Workfffcbcd8#\8e020cc06c4052a50083fa7eb060e92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ac35925e714ae09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67ae197822a6ba5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_920c092685ce6f3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..haringapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e1a8f3b57c94843\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mchgr.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_89bc9b3cecca1a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4c87c53cabac759d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile13.bmp C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8b9a40df6175fb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6c8df7416ea4326e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_0e3c9ce5e73a7257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Error.wav C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_6.1.7601.17514_de-de_cf322446919401a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-class_ss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c43114bf49ad2c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c8200175fb5e14f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\System.gif C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Characters\Windows Battery Critical.wav C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_74e67e2b6547c670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b0fd827ed45fc1f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.1.7601.17514_none_e79f483dac30b3bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..ing-wsdrcwsproxydll_31bf3856ad364e35_6.1.7600.16385_none_2436796685a20fb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b4c2e55467dc2b79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4a940280a6fac951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..almanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_83d8f4351bc45f0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_bth.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b480a3379367dfd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Title_Page.wmv C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_6.1.7600.16385_none_b55447455ac6a57a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-grpconv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1c02b3576c067cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c4a3b307f7533c7e\playready_eula.txt C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe,0" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M7qeHP596hKs2Ae.exe" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VXVQSRVGJBHBRKD" C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VXVQSRVGJBHBRKD C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e4c0f5dc30c15cf772e2e47e814d7ee0_JaffaCakes118.exe"

Network

N/A

Files

memory/2780-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 19415e075cb169dbe4015aeb57fda3f9
SHA1 0b873a946c361e71792e4e99b620c0c9604c9717
SHA256 d2baabb983ae09a211066b0da58a35b0d2581b10a2e41c0d8e8c789f62606c46
SHA512 d1890e42b08dd65cb4ebebfa781344d09a23c053125bf5d10d9d23ca157453cb2696469e1f28f588ca4d1112d1e888dfc4b0e7ed1d9b872d5b63212cf9a1bf8a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e4df8bad2d07daa24c5bbd9383587d69
SHA1 891e3392ac1cb242311e4d5edbf6b5323971141a
SHA256 f0a4e6907d9d96a666a51a6de7ff6714f66211ee91f3a1cfb079967f42c3c321
SHA512 e71c2921a34a0e9fd4789167beefd33f12ea3c236c3f513bd3d12fb23ff6136e855ea0274dc9a8af19bdab0a54da46f966afb309c92a776d11b5b600c3699fd3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 b3949082c185c82d730fb04c2da1650e
SHA1 0403ef2b0e3f2823006013550e764343863effdd
SHA256 d02983921480dcdb10a8adf59bf47af920fd4dfcc8cfb12ce04e4c0b23656eb8
SHA512 8ac9092ac25328d2f0689b135cf4f2aaf37fa23bbd08db69f0db6f3c212fe133c94000123dfa15f2dc4e7880234312c13a1752db2081b1bf1b5643c7b24b891f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 02b1277dcefb4dce6d4ddc66e6703cc0
SHA1 c2dc580f93a6543d100cfed9905e0c6b0caa422f
SHA256 8a8517216fb205a46a578c21ce2753350298258904cca296299aa1c445239929
SHA512 4650e473dc9f7146925d26212dc2fdfa5d853323027e06516ecdbf5400ecc716bd2b85259acb30c55f607a62dcd6122a8154c8c76838a2ed5ffb8647dddd844e

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 14346c3a83f4347a2f78742050ae18cf
SHA1 fed27bd29f2fb7182b5ab3952ec2d02ffe897c8f
SHA256 1d5da9916638a5a8c3e8ebba1a04ea59f1d559bfef60696c2556a0338edbb191
SHA512 3ffc2e2f4aa9976937398a1690212e1d266d6dfccabb81cdb7027a7b69ffbbb3aa1d11ea68e682ef30e0322f3ecc944a20492d01376375db8a7ca41c0543af1c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 4bfd662af53203faaea011e1d7ed0eaf
SHA1 dfbfc365c78485f002465bb24980608ecbc7cb59
SHA256 dff52bc673339b1c46f14c3890fecc954a53c8919928605b8fbcc71b8b6dd3fb
SHA512 b02bf060482cd77ce54b73470c3f8d444d59ea7ac99994a9f943944353da09b2b982a912230272ab858a10983e9e23b6d8754fc18f4be7e27767505ccc863b38

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 58377c0815d6923a7e97e0e3d0b31a38
SHA1 7803bc21dce62d9dc20d166854e43b001b4fc0fb
SHA256 9821c90be6fa530e80d37b0945a9734c285250ab5008345a8713b523da92a35e
SHA512 71914ab434108c0ea7f107ba8105b2a5337ab14dd4a0dcfd1a4cf623b3cd2d7378a7cc37eee8f5ac8f0b8be0deb5a42073c2c1c8d1f6bf11573d621c20f231b2

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 c7ca8befdf58256cedf747a3963d2399
SHA1 45ddd1195767f367477c212a8e96a42ffd42555e
SHA256 0e24e42fc17b077c1dc118d91a8510767a9620174bdb636d700fcec8bfae85b4
SHA512 e1f8938217f11b324463a36bd92107c4215f41dc047e0a5f23c6bbef02242318b7225ca14f61511e8acbd060ab1455e07ca09156941b0ee950a7f6872ef16656

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 1a1f4021ad0f8f845103c6a90407d44c
SHA1 dc1444b9a1cbeaeaef1628d290e09a30bfdf20d5
SHA256 2e33358e2ba1b1615694f1daee5992f5c1b3ef530f3e8d32c32164d12c1cd074
SHA512 354d511391eac73c45721650f02d5043ef87cd475bb707977ec3291b61891f346ada7efa318447f172a0e16c483a1bce295ac9c17c1754d87a3e67366511635e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 3c68f52b8ec879eb141b77928fac2074
SHA1 6dd9abece6bfb6de5e6edc11934f71d2ac72e4f6
SHA256 9aa24278cda4e295d87b6e01582fbc26a7a543e0af099206d8683b259e7f81af
SHA512 32de92d4c47003b22736aefbe7ca2d85854a581985d45d6bd4e219c66eed92fbf84cf399d149ac332ed2db19fc0c47bae24f0e875da0e71c3e914d190ce7ffd2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 ad52688672a42532ff866d6a6201a131
SHA1 89c81821eb40abc5ac7ae29e30e37218b56c159c
SHA256 b5cd8fa421e97424ad2c06d7d8feffe6905e8d1586cebdad7ed782ef19882829
SHA512 7a8effda42a15bb62dff6b9be7210e89ab68a1c4d3089c3fd221e8de066728d93f479a55c2d95c0106af763cf1048436bfead0183b48d78170601f52684abce3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 1cda3e84c3fbd3a91a386c2ea74639a8
SHA1 d4c23407d37b9846f5040f1fb5836e96352a71c1
SHA256 436e6f85b083b450ffab713467399010f9fb5c5536b0af09214cf4b49137cae8
SHA512 dd083c80b831a38fca75e6151d154fc74e3aafefb2c404d36f8a727cd0282ed2a5fb7658e866369b834c38d870a97d28e40540383e18a68ce59f66a48ef2bb20

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 187090a93b4e70730526ac452ce132c5
SHA1 fd878b1d0242d32a0b77cac16222a1ddab281800
SHA256 c9a040b8f5a1f60b2a801807aee75f8be3f54e3b0d96f0cdf8e937e70d0172ad
SHA512 667457fefeb13e8bb0a5a81226476fd8be3a5011e47262de9fa8463f2ac98b5af91bfbbde8baa40bd84e0a28e01a222fb57253fa9871fc63657f9f9baa13e463

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 bf6097bcfb815db02b1c0d4a7fda1130
SHA1 ae002d9e78b983e2535b93ef35be3e81ad99a986
SHA256 ff59ff0953847b34656dbeca05d4abffe8a6ed88b929c3d4c1babc91199a7ec2
SHA512 bf9e189abef5c5f2c053638ee2a6c4d3977c4c808076b8d57188a621cee7c3cb50b98242937b56b56a13c70687c626f0983b3be36613f4b114c0c33e3495c3d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 9cd912fd9e1f3d889a593eba0fbb7abe
SHA1 4aa587987e74a49d84c0fb00c7a0d1d9b09266ad
SHA256 c8cd269f41007c5125fc18019ee693594098a57eeddab555037578f4679cbb01
SHA512 ffdf7fbb511b121c460e421a3010692c0377773db634cbd607279704da8ad6ca21deb9ca081d39088c87d1bf6864ea36a12fe97580e52d319a2bb15ad0cee4b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 c598e69eee4da231578dbbda6a2a9ffa
SHA1 fd8dbddf422bb21ec1ddaa40ef96a44162b0b551
SHA256 6f6360986cd62750a11728ac0d8ab17b2028bfbd38720f9ebf7c20910afa696f
SHA512 872f416a90a877b3f6fab98421ecda19ad3971e5b843c8233de9ff90b3bad5fd86a162c263e7c7f983548032d06144cc2b1326244ed4a7599af4d2102a5e4d93

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 5dc6a8381ed6445602bbb8d5dd2fd72f
SHA1 a6fc810ca334254111261040925725f6d861805d
SHA256 f7890deb2618f8280f2b8347866a0801c3e251094666dad1ac0d5ce38e06f00e
SHA512 b640bd54af0c0635fc0ba8ee19fd2c43cd3f3d4c765605771e5208782d2f9751563a0a1d257e9182ee1457767270a947f44642d40779a084a205676e74ed4dd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 528c689a7f6fffc2b46d1ff952a11a6b
SHA1 9768b13784087ec9a22feaaaa0d87346cc968581
SHA256 95d9d2cc64adf09d067212fe63b28bad63fd89b583dcb3aee4405326f21d043c
SHA512 4f3d0cb8264fc82ee053f892dc0bd8f98dfba6ed82cbab7d76ca8e192f20d3f0b1fc8bd27b6ba777befe8eb5e828a81c00dab20a66b1affdbe3d814cfbe3f396

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 22f086c7017a2d618dccba7bce2274cd
SHA1 b914e3bf56fac2d96e39a69120f63beb7613c729
SHA256 852dc67c98fd8fb02a5bd4c312d49b617d757e9d8dcd0bbf3141a4dc2bb165d0
SHA512 a3570d41923a59ae9165e1a6f73d4b5f622ea2db0119dc1bf0adb16f3f87b3187c9205f18daa4433910a34ffb18331f14536156878d9244dd326f99da1a451b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 7599326dcacda2e470666e88ffe3aea2
SHA1 70dcb81ca09c68282aad0405fc48cb9bfce7b4e8
SHA256 0b74491e4287820d430e9e77a622a0d28a11051e75aec8f631cd246642f11e5a
SHA512 75c18fdd64ba6ccfeb8834c266e6b98f291ad7b01919c21d9a3b7814acb7e1a80cbe7a8307808c733cd84ec1c5f8674abec54bf8e7ed89bcfb2add3214feb31d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 9667ecae2046ec8caea1317981b04162
SHA1 49fad8cfb4c2e7d05f5fa44c8b93b0316b62b6c3
SHA256 6f5159ff6e403b121fdd5ec629f14ae6b58cb9d86a62d3f6291c1c4d9c40a3a1
SHA512 43375b768c2894864e501b823b9c4030095aa5cd836c83b9529c5b532771572a7d8c0d0e9e22b75567a7970f77b7b3ad6e9933c3863097f1f75b32e074be6469

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 668749132b10549c692fd02368cedbcf
SHA1 41ab7e297a2d0cd10abcb3ad3232455292c02fab
SHA256 46dfa9ec8d817cccaa87c0a47e3ee3cb656bae5092457e4858608401ddbb5e09
SHA512 d3ba15c26cdbf88410af95c3547dbef0638cdcc09285a9d7a4bc7a671664d2b657f59bd66fcec5b383097c2368112eeaf29ecca960420b5d4149809914b2083f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 b1dabaf17816f39230461cbd8c16e018
SHA1 926f86a812ed21de82cdf4ca5d63e2d08804c6b5
SHA256 418c6e4a93f105d230325464c9f9c62efa86d70220846058618f430d284ef508
SHA512 d3abfc3d90ea0765756c284694c814b58de7aeb3b040dac2b11574f6465f533f906e4ff0de87aee59b5f5dff533ecc7c968ebeaec7ddbc6601e1911b43329e81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 31bd29bfd556e802b9c9490a113cfdb5
SHA1 f2e217282c6aef125b05b3b882051226bb962e1f
SHA256 d8b15c77a998c55c0afc41109ed0ebd88fd58a1e072a7ac619108a301c588070
SHA512 820068f5b5381d9709145c3dab1240922f21c2d36c266c0b4ee43386392f66ea9b4b1370c2730c0eca142c6c0a83bb226b8c35b31388a85cbc74a85533952476

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 8dc4ed0a11c3d4b08e3485519101fe01
SHA1 91f2c927ede3badac9910e484880e9c0eca0846e
SHA256 861f557bd888dd7cca4fdca153b9dffbb1cdf209461984e307923832b71b0f14
SHA512 798c29d6293fdc874b651c29da2e37982b41b21e383cab40613359b5a25ac0ae423d810a9b925b254d4e6a91c44cbd79aa2fed2c077619562d791aaa19680df0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 36ff4cb3d0e8e066c316abdeb6580af1
SHA1 c91be98f7751aad16e3e84c92654fbd8ce8d8906
SHA256 e64093a7fdd42b84326b3251c054d63b47caed041974ee38ba4d9c1b2256b4bb
SHA512 2388134609f3c032765f37542f2ab9f011e56fade46a6a3d8a5f93a3e7c06c851596055a37a96d38e34c68ab71e688e7d0af4cffdca0ff3a2a73398756631a56

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 07b942d71b081091320adbf5f3e1ca22
SHA1 b50f27205bc80dfb793240c1a4c9f7dd54ea8059
SHA256 2fc6eff1dae5769295d2b06360433aa2773b3ec66948449a8e2e6fe8425f25d6
SHA512 98cfd154ced5bd61462c530605d1d30d55615e358d402846c202669745ebb9ba6dba3e0305f39be4252477de577056389d9fa13b7fb86fad0c333058c59329a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 22a1df0a0e92e02bc3277dafa1a06d2b
SHA1 612797d05f7a05f09c978979c64c4b951e1f9772
SHA256 63d0dccd4077081562ae4ef579d87621939d4eb803396f6db306db7ae28ff33a
SHA512 e82def21e53c6fb4810eff23e65db125fdc06abe9c66353f732e1849f484f4e2f6106dc15a60c6ead907f9edff8493db2c41ce8eafd0dc9b4089981ce6a45dba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 7694954bb37980c8ed49b327d34e10d0
SHA1 839c15144f0c527d3da1e63756ce643c12bac98f
SHA256 84a3b1f80341b1c7ca07cee48a8b1fd950754bdc7df5548c5aca22df9d6a8338
SHA512 f23924120e5782692540cf00295bc2c3f52d376dbc0e2e78cc425db0faf08b3a16f439e2cfc93ab840edfcb0b43c8375702782ffc530b2b4342d468b01475280

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 5d3d451294e41390e1f9963725e370d7
SHA1 de6db7a38288cdbbd2eebcd938996a65c96804de
SHA256 6c69729f82be21fc3dbc66933f9a4319057fc4e1091e5e59154db2cce62089c6
SHA512 308d862217af9aa0d802b907419d46f3412692e3022ad71d3e93de873e97e69cb727fa06470b088c6d57c23bb63930a7483b4404322583be659456ac11fe554f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 43cf1346e143ae030c6608e8d241b300
SHA1 985796c1f91b7c34ff031f3de0a926eeea4322ec
SHA256 0fc23b3c5a33dcfb674ae9669c276075946d6c945928da43a999cbc248bc1ab0
SHA512 c8bb36b725da428f873c2bd48d250661d6884c21138fe7cb762c600d314721bec9c9c3cd0afc0300200cff85b02ce9085685647b2594ee390a686c029b229a11

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 7ba2a4443c8ae74221af7854d396b8ac
SHA1 52b9e4f4af08da3800e98c87935f8f3f207ba7d1
SHA256 4771911e030b79bf9c96a2928181b21f41ae39f30301e680edb2bd4da46a6521
SHA512 64db96371b14e70a9054e722eb7b22d2c07cc132e7aee61ba004bfd69ec93c07bfd2295a6adcba6781463235cd1440ec599ae4f2146e2b7ecab1b3c1eaadc110

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 dc411f13aff93f21f6c793f0354022ed
SHA1 90f424943f3c2a1e932c139b8bdc7d3aa2fe809c
SHA256 4217fab6c61bc1a05ce111b5782502688cfe5182af427f8cc10b2d4a9e870940
SHA512 5f916e8e717d08ff8005ed7081ae0df07fe27bb1cb5d6ace743ccf8545667e026306bf5ff495ef2c2b015a2c83408790dedfd1dc95404cccb52eafe89b3f6f92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 72ddb86fdaa79531ca8fb76719dc6d71
SHA1 232c98021667d73dadfc0695a1b4bf757289188d
SHA256 7166318f61481393c6744f80672f58f13f3673df5539a94d960bea93951e4c8f
SHA512 d92478c9c2f6f97d05cf392388ef00e130efb3934003b4093758ca866f3484d126dad677d5459a5ecef158071ff04ee47fd84a2debe02cb653e9bced3f6b8535

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 b7c467599c33734ad20c241f4c197dba
SHA1 308878c2664111965abe8dd77ba3dcc67dd043c8
SHA256 22c5707e937bddaee445f4e215a44bc44282eddae841198a67ee3a5b5d7693d0
SHA512 35f79f08b1ec9732d5c6c291aafc9d2ea3bf21674c9fc5ca2d94e59a3083a419fd34a01dc7971ad0f6b94603e2cb4bdbceacad1719fb1ebb2b6c0f3d25f232d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 28bccbafb0b4d3831cdfc9b035ff8fdf
SHA1 b1e54113f49c5313b8ac811f4dfa30a1e6538a04
SHA256 0b7730f62894cb3f88d690e55915ca9225358d022950e8b042457bfe5fbc191c
SHA512 af6383385b21e2d201f4ce4c2a43c3dd4389d8f91620779552d0fdc1e0757fc69a4453b6f99c52203f3aaccf7126eb10dfc4cb42b4b7bb909e9f291de4b1ce44

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 877b4432ddfd063c5ffc808ddcc3fd32
SHA1 889e9c402e4c6d5fca10d8ccf0b6fb1b53cf2e42
SHA256 a8e51acf5248d971444db38d3b771f735c2a88c909e66920ddbe816973bb4a11
SHA512 972a0d9d5b6261da0340a985a61626899ac126c7f2da2b06602202a362dcbcf61064e10842f66c3394ae045a6fef162f8263e9959546577d54dfa1aa46703203

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 06512eddd42065be1ae560876d285fe8
SHA1 5ce5b7f266947b69fcb5988616b723133bd0b68b
SHA256 35e04a780cf400f5638a91f58fc6035bf19f48cfded36c7a09bd89c12e1f18f4
SHA512 8bbb134ece88c71e1b21f07306b1b6d9e60e9dc9a0d74dedbc1d7776f5a736eb4672a9186fd36cfb0655edea7c6c6a960e70ba6fe61d51d562a58b56f1ecb123

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 7d493cffa314ff3258245f0387f39dc6
SHA1 84b16489ca81a972536a67404725dfc928fa71e3
SHA256 5da2a925ef3c67ab0d2e4334ec9f1fa4fe4c39e6e8049265b9c203b244738649
SHA512 576bbf27a8b2d151e8d86a5c855e380ca6c9d2b9c83dc1d354e1e01d5d9accefe685e759e3c7ae76a81d90e4916298088579e2a64b360197595dc04ac51d6c45

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 8ef886509447cb2c70e76a012917222d
SHA1 0ca31ee7d7e5502259d764231b01805bf7ec27c0
SHA256 903523b81624e1f46275c3f495d1e019e7225a8cf4e96b348beddb6e7f477610
SHA512 721153682f76351fe35578f7a0091cfe65cc16f2ff579072f53b2c932b7e178993c129bf5cea64a6ab24de36c90b28abdc6861ca88d20c5051511c2a4e578259

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 0e0ba9130aadcf9776150a1ad908ea0b
SHA1 26dd214675dc0c10fce352df715d82f3ca800e0d
SHA256 eda84c1c46f26039b6f6b598337f8ceb980d53d17bb57bd03328eec19b049aed
SHA512 2bf6fd9351b3d1b4b7869f7cebfc717f95e4827c591d86a39edfa001c2fbf5fd8e4fecd4adedb795b6d43b032ec3682d93f96b4db3ca47acbcf102254d2b6dd7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 09c3abb760aeda0db715eb79e96dbcd4
SHA1 8b8110b09f8eaee4abbda4a04d192f92b4914089
SHA256 747152a83934f17a4ca58dadc6bbd5158c9ddb97c1c77fb76b6e17587e0cb74a
SHA512 ba3e68dcfb5c8b7e10496abdf7de52556d9f8c4afb5b421ff3d2729cc1d58c7ad3d001adc76f6521b5d120e1e5b539045e481e7560fe0ae7864d6bc4f3ec4445

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 a59db690b52174ee11be701ddae6c8ca
SHA1 0e0e72fa32ae1554f1a22f5b4bbc8de5ff6e23ff
SHA256 05de09ede167bcf9ff16ea217a498b50236c28a0ee4a737369366a51ed654da6
SHA512 719d9994036aeb423dc41d5bf03d121e3c1108b5c9bcc440f61d316463429641b7e81a43e270a3fe8c1700aa55d1497fe22de13f18b6d096f4a4dbc59358b0ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 839f1831501a59f32694597302c3d5b7
SHA1 6e193866852b5c0783ad9c1d5c666e9bd338e4a9
SHA256 42fb951cb1ee967f4f6b41c2fb536c75436efc541bd63221ece007c70942c2cc
SHA512 30072fad4e08800a2f7a2a52aa60f4bfd7894123cf6f3286134e476b2147e6fe9d7fc7848498f7783a72c74226d47c319b126afa5a5d7fb574dc4cf40cd9aff1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 5d717cfac63b6aefe5728caf62b0ff66
SHA1 d897ca5bfd86bdea3f984342350c8436644b336f
SHA256 38f65cd4b5cd12aa69891ac876d8f74c574ea2cdbd0e8e50835812fcc3e37d6f
SHA512 834329b4177655289f681a56df507d72d87bc1d472a27a84727fb736c989acafce32f46294bfcd298c2dfe980c81c10d241049169f92fadc285a7bf2922a6887

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 4723e07c7e0d52b243e8db03673bdf5e
SHA1 88f4a9c56499db4a7c5427e2e33f855ad77b0773
SHA256 6bfcff4d63c87db695a57de476cc39147c0d3ed79f377099df5ab7a77cf14183
SHA512 455a6f1b5addf1731cf77382f0abfeb9928dccacde1eedf9e4d4958332cbf50a65dfe61d96bf3981f03773de876b3aaff78975a1a1a41aaaaab9d02b66dec465

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 edd3ade5ce2f0cc062e9f71e6b57a3d9
SHA1 b284f3d902ecb6276e731e67596305d22ecd3df8
SHA256 134e0c1ba03eaaca1c67076231b98b32a7b1bdfb75e04e7472089b58d40f18fc
SHA512 84baf7f40d2365f3d4a36158e32cb9518b8f39c5279ac8be995727618a30e49804bc4db062a2c4c21a0c543f75c8b546e9edd822a1b56476bfecca89419d8fbf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 18ab1effa4a57cc9568dda079a50f50b
SHA1 6c36e8a8a44297d0eba53f9c8fb70261a6f96efb
SHA256 d82f2084dc14aac2ccc7fdd192271a7f61f4ece40fc7ffcf2b1b4719c52b9dc0
SHA512 69096d218559925ab9b464f4679ef2322ac39d727611b963e1e17fa99e531ed5f318082bf8c947542b21b8e9844b44b031a874ae4c00b6e6944279b373487921

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 8757e230c1a8871227f0e928ed949df4
SHA1 ac69339d0ae87980f4a8ab64b7cacbbe08c9d8fe
SHA256 f3693790af987279eebc7309b4dc1433a1ecf9a5b093e33f2ff6c9fd0fbbd243
SHA512 1503d8149fb7c0bac35098ddde3b00f9b2a0e6ac63a81effcae67fbcc783d89b52933c9a5f46ef6207a0faa9b7c24736e1cdbd56e09e7b67de3b9ad8fcac5274

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 4092f18e05d71e00fec0cea244e0b5fc
SHA1 c67a500bb09ada261d03cf67817a840f8a31a212
SHA256 b61aa68db80ddac13dc0d12a56dc2faf47aa5abbfa6b5e31e06507d41b7fba80
SHA512 94aa41c4a54de97518c76b43b62c5f0997361bd7cd47717321bfa21604dfd37e741bfc10ce54bc63375909c64dc7c17b7cb78434f739d37a3d608da56ee1fc66

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 be2ce9fcfe5c4f9364aa3f95d9b0b0a5
SHA1 70b0a0fbe9418e731a6520e9d5cec7b499563678
SHA256 896907c43dc36a36b7a26979f738ab30e962baa3e4b9503b343b783e33869774
SHA512 d977de9a13162d6753692072961771b3f8ee135819eacdc82eddf9122b99f96890b50c4c987012fc9250823db77e1cc04f0de9cfa9e6eee6f53932fdf8e0a67e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 cd21fa53cf471f4f2804ab351eb1f627
SHA1 19564405fe9e074d7f884f539ae68de10f41ba6a
SHA256 a9ef6f9ca5204290ea0898a24115108d64ebd8fe678a53ee7ef645c5cca2ff3e
SHA512 19993c6f8c3cfeeafcdb27a67850dad6f9fa752d284261f9b16ef985104e7eb25624a8d134be3fa0e49ba5ab62cb02754dcf8e78af995699f282f181be82365e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c5c5a1a3585f2d60619ebdc058edb7ad
SHA1 ca63f4811143e1763343b5fbce1114c8c41637d2
SHA256 51a8092f48b7a814f1cdb79f84428097f746a35e16590636ed83ed2fc7ddcd42
SHA512 cd88b64b8e8d760b9a431617df6f8b574bac88f8ef8c1e76673503f5eae59cd3ec1cc84ff24b847ae141e28f327f9f40a3c76a56a10f13b9920db6323ea4a3e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 5bb64cbb112fd7a24917b253d64c8e28
SHA1 2163d4e4f2ccaa2fbceba16f9dc91bc556cd33b1
SHA256 109a1bafced60221910a28c5d6afcb495596bf172f8f62355f7e3a18613af5c4
SHA512 86175b7d2addd71c209cb6a910c9905fbf9cf655fabf4ba006432ed050d2ba6e2302ce15985fcf9d2d6962c54bfbc3e9aadb2f9d5d07543bed5314359bf00bcf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 e3db0cad8f20df9acc52754c3f1092f9
SHA1 34fef581dae200d058e4259c7de3eb0f3632d59e
SHA256 d45a8eb7da1b3139cc4f2b4d54db74a4bb1094282d2a8969af24ff2521125583
SHA512 fd44dfd566bab3d4fc182e9fc204a7acc42fa22a06e0c8e0e26495bf9c30081d9c8472ebcc0c7380f6f4283a006984a9cf84705b39b4184adae81d3489acf7d4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 a3336fe6b530e389919eee0dc1c3985c
SHA1 d16fe9200de3caf026c148e19719d855b3c3d585
SHA256 50ac7f820108cb09fc5a0362687988f8d4bd93d26900103cc5fa16de080a5d6d
SHA512 9d4da62446950d4a553d516aa485f83f652a63bcf81dc6cf0e425aa6de3c5cdcb3ea9112c301560ac75ae74ba509fec9eb8b832f93ec7a38d016e82b1de01746

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 c1d5744c40779473f69b71834e2f8388
SHA1 c49671bd42d53a753e04371e6e0ce24fc3e86db1
SHA256 5a527fb350f0e450b8a743d1ca5045d2f54c3edc4f55806ad0f8a2f32336ea1c
SHA512 a941bebd67dfd0763807d58b4c1809874de6cd2755dd5a3293041249b0df372c041f97221897a6e9e1f736f48dd749bc6efc9e210f6d0876ea87bef1ad6965b7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 b955c64b4e9cb0231d8a36e929fe80c8
SHA1 8182f87d208cee5e310f8f9685d50d1d87a00de0
SHA256 86ae8174e7b890cb9f31fd7a040da30b2d5cc47402209f4dfe37c3081f024f07
SHA512 8405de0d0f094a2f41f3f07ce83733408594fdc7f4232f3f501d8414729b6532a3ffc1ef1ec789ee805a32ce2d0911e69b822fdb9f4c485ba0b6b1b05abc9d80

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 295327a0f3cde69bb5c91b3e4f687038
SHA1 95f080664fcfd52081212b8ce51cf2a9916ba556
SHA256 2aeec1cf0389baa9aabfefb038aaa097405d8d97c852e92a19cc6060129dc7a8
SHA512 bec2e6445d7f7982ded824a283d36604c83526ef3a8fb3590f3b882102ee2e8917c2cec308609d8e0a3fcaae6d376905c0b4f535cf133eb813523df6995b3666

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 204d2d56cc7053897ecdead6e98b2a4c
SHA1 b04e3e5f48e13b89e3e1d209d0fc3e6f307b5749
SHA256 0a9879f485a3fb8263a5a611fbe73396ec246c092223bebdf73b7a622f4a5938
SHA512 fc8495a81fca490fb1d18283a967724a13aebd5d5b052495dafb2623a122423117d69e3bcc49ed588b65b7c106c21e6caa86d05d8e49ba370f2b6fbb21161647

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 1b341cf7914018a0bf7d8ca063bf2501
SHA1 a99271e2ad8d65ea41a04671e3de48c7de278df2
SHA256 0c1dd4e4127033410cc55f8686625c3aabcd900cba85366bee412c938fe80bab
SHA512 cd30721c39835d26c52e28601167a8fd9fdca621745b43c5f9acd1eb98a9ffe6e47b9f2961f9fb09b94a925a2591259190d1c4f32709e94dafae291dbfc2f12a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 efde4bf300c9ebaba6ce13fe420862e7
SHA1 46cfa0f0f14492440d289e31efd0d27a2c2f4784
SHA256 d8f647002f73a46e528d8b9d0e0ed5cde8a37d716f4a2df183da678859f729e6
SHA512 d250983f253ebe8c1c409ecea57de7e756f7c7e7adf3dfde535138b0d6b3faec47b14b70442b10bfe279d7481e602b1f5d355654f6ca7e1f9886f7768ab5f7bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 7d743ec0c29787040a03460b80457d06
SHA1 86ca19ce5d2202926140ccaf6356fccbc35e67c5
SHA256 1f96ba7571b55aa0ac8c938686f9d5fafd569b52352a20d7e89b7e51a6ba2780
SHA512 11b6c8f73a2f5d524d79039642c84428dc1eb9a3a6c35450fa43ca61277e4e1695a33e3a5d1e5b19c0f2adddd4d0d5b7da9cd7671e192f325378d31654cdbdbe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 4a2d2bd2e579c327d5895241ff3397cb
SHA1 e39bbf720a013f582b60d54751c25adc9d4b2ac6
SHA256 9585cb7cfacc5d9c329ac9b7651209d791b5c897a40ecdb669d6b42e4695436e
SHA512 fd6a6f1eb46b1aedd55e2177b305ea4bdb5bb0846ddef9536e62dbffd60933e22853e2de151d56a8e10659076866c59c8bfd1b454f3ce70310687009834b4aa8

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 b2b8eb83199d4a2caa261f39556e6372
SHA1 26480d6c91b8bbd2ac7ce79cbb55c5bd56790519
SHA256 d0f3d4be06a44c1a473481093f731ff26486f9a8a19ca88c2d6265ed4c2f9ff9
SHA512 671f9bc1e084f67ecc02c50d5a41e180101fd8110760b5f20d6358ef908b099eeffb798fe838dfb9992c7d1c8f7910b2fca4297a4a443fca64723a7a18b89d71

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 cd43f10f293437ed98b69feed71d30ef
SHA1 16c84001f49586daab1eb7042bf2c74755c77183
SHA256 9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512 fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 0bb6bc70fefb5d6ef27e28664b39b1dd
SHA1 511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256 d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA512 25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 5bd1add6c88d794b9fdb0423554cfbed
SHA1 58c2c6904c60ba4c1af951be1bbb39276a93414f
SHA256 7231df299cc0e0e51d35c9f16b56f7baab3f5dd1fdf33bf7e6b58da190ec2bc3
SHA512 2ae19178fa1dc24af651983a3cd51b42d90d908c6432e1584a75ac1e45fa2c849191b0f29e320ddce7f8b1fab6bd85d507f6ba50c1b945eb871937de3d6b0d7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 1aea3f642c016da2ee1876460a3e9ee2
SHA1 3883b1002656e119cfe1bde248a92f4807021ec5
SHA256 91549b3b19840b433ee186bff1d783d0dfed6247d9e7fd006bfb6d20fe687afd
SHA512 ef268d88c9a0d5052406c80fe9d742da11ed763c16b4cd034d95f08c3b708958e943fbf5daf55e551117391f3d5305a856cefc9099e8b512b938eb7eb3c7efde

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 4c98d6067f0ea2afb5aa2d2554ebeae5
SHA1 4d30d6ce3d0388ad3fad5ce628d3fc5d0d348790
SHA256 5ba2991435a01c91c9356200eae3fc1576a4959469c3ef89f77424f5f1213668
SHA512 dd2210e9767de471c838fae34fcd4df6f9040c56ee9517d36dafd2f9d970d8c64c651c147f24da172538b64a70c539f9ec9fa36d084ec2010509f476d5a45b33

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 5bf09f327fc24dab153db65a8d9660d0
SHA1 1c3a90046ee93ce37751539c8408780a6cbae4f8
SHA256 7e3aa5473521981ea3b789504f0f3f9e4d31f133d695d554abcfae7fd8a54e4e
SHA512 308006c0f2c98d2212b1a0f7fa1f54cabe99fcb1fee5788fe4eb264c05999707214af26c392a282fe6349d6742cfeb1012f33d748f26f1bc769c0ebca622a4e2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 b7a4e86d4d3b5af014a9931062b1fda2
SHA1 dd09d37adf4ff318fa288f1d861eda46e58ef49d
SHA256 c9e315d60581a34f751843f4f40cdab959b55f858a823fc8e5ef6a23c45414d0
SHA512 ee73d537e91346b95cdd5e4d9deb0f43dcf6ccc9c3adc9d34cf118fbe7d892a38c309bff3159b52d645ba447b93e7df1c8f6eae1819dd361165e2f136fb2a04a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 72046d9ce2b319185af8e439624582f6
SHA1 46fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256 fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA512 17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 97123fb20e5f5db7522e89280e2031fb
SHA1 4c2790c7560aeb5e3427c5b4e459d145a49dc532
SHA256 cac96b9debef2f2a4854a5cbdbe49cd86c735e811f9641cca1f69e9e8f163efb
SHA512 4eec867b66d04112c1de3387ffc1cc0c3a141a90bef62b9b213167caffe841ccd80f412168381b89f06598a3de53e731134ade4261fdb7889add4c4a91761f68

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 1e58fe067139d8daedac863e447c8a1c
SHA1 43a5b454098e66624dd40594f12ded5e72f23a19
SHA256 567bc11d9b25eb42e749ac9e9e464d69dd32f46667d2b634a8d4d10a546134c0
SHA512 6cdd07cb480ef60bb6715cf761dd36dd7caa40302e16e1d0c7d84ed99dea639bf76abcf9467143cce8fa0004ac0c6e34e978efc5f0160406e788abd2d904f30a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 5f947aa1b00c0ac790ab8bffd396d774
SHA1 22cb7b86cd8debbda1af22d3cb32168b7aadcfea
SHA256 8038eb14e7ae6e1d1aa02dcbc82dc09211a75b8ade195fd5674032f2742ca22e
SHA512 563e0ad27491f3ad576f0d73bb4ef512eafb4ac68f9fc8a83052400f3861274fa1a5cf9eefb75811222dd88a5010a93c447160a869f7b98f37597b986a5e1abc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 5f0c6810cb18abcea7fa2a15af609539
SHA1 5e20bfa4361abba197b373bd65137260945a82c4
SHA256 bba5943d2d43d4f86fd0d7ed76df98a22e8c59a8611b9746dfe82da1e57710f5
SHA512 51db0355ec128fdc26cb1ab60fa9716f9ad13fd6fce748f10e3e851b13b2cc3a3e43add4537f2da0b0507bc781a96cc2613e513fcb91c6adc3bafd5676c8e451

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 374493175a734a6002e039b7cdf0a47d
SHA1 d1e25557284d0927ebd319e66c4f1421e65e09c6
SHA256 673d0633074c270236d06d34f395ac7428e9247863771d8f806636be7829e0c6
SHA512 b161767f8e82a288849a0542310aea245744d0f6aca2b16b1d5637d8ca460bfcca9901d4309203c1b04014e354cab0e857a8dc3af3cb89eb57fd8705b72b20a4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 b4f347ca3d917e4eb2deff0552871006
SHA1 94400d159cf4b5e3ab60946044bc716619c9473e
SHA256 e83345de35d38c565796d311f9964f4c8aa990d6df350ef073b13aabc9acb247
SHA512 629047832cff49a0df759b5a158b46b9f8cca01e3d829e479d3447e52d73ee3ce6780d0d3035a981349d2ad47a06ce3d685915d8c91e7ee2fa3033a1fce13c74

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 41d8891ef205059df23a1c1bca86cc04
SHA1 46c33fbc564326128b94a32660e27160c1017534
SHA256 1f54356bfa70c5e1a4dd9b5619344c177525c9b4181c0316b1cf399d40a24a40
SHA512 cab5aebbf793954d362102931c7b9449449d24cd83bb3fca5e661869c25ef3e3f4255ab3c4b17ee6923fc48bd60592aae0e1b62fd91898fed7cbeabea0da06e7

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 2f08b2568a66298575ffd4431e6ebed9
SHA1 0ac98c6161a65bdae8d8e97acbe44001011fd26d
SHA256 f09dc0ee49fe05fccb0f2686be335f79789d97967cac744b0a98daa3af6b201c
SHA512 3b15920c176f469138757d55e8f2c6d30c67d777adcf03285e8151f3d3b4ef3bba47d68a9ea49bf793389a2251591e65f76062139fa83c1a5cd67785690a61da

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 6f7772b6ceff1b2755dad7fe2b935901
SHA1 14a5e5f50f604705815495e9f952cde126fbd112
SHA256 ab084f01511e8a874f0e773cdb39190586972a782cc017c5c1bfcff4498d785b
SHA512 42f6dbda86a9465b51a301122b31ae4e123a0242248679ff3defd291ef29735d1997739c59e7f8a9a797d01a3a6d58a8e0d819d034314c0fdaac71ed3bd83453

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 bae97288314db63db12105cda252074f
SHA1 ec2552e376bc3187914efcfb35a83335ae8eece3
SHA256 db09f45fa9b73da04c3672947765345edce4d18143ef6a0a89b4f271d6a9b093
SHA512 6566eac582e95158e75820f4b946ec3b387ac364d37199a20e23877cec602100b06eee859ff3886f4cac78631fe3468fd1eedaff0c98ec2da7077ed8c692abed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d5411e8121de922a6b709db8fa20a4dd
SHA1 ef51cfab054e1ac536bd5c3b8def976785d6feb0
SHA256 66a64223e8d987adc7cfcc90f7b678949c9e8414e3cd47e9b5790526dc85c67c
SHA512 264368c60b59863c16ef991e506fee8d69839c0bc713d4976e4cc3c1ce372fae64a987e90c3f4e709e1e7116ef5f417fdbc6a5a4a21a8a7b28f795d8480b80f2

memory/2780-8909-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2780-8910-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2780-9142-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2780-9143-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2780-9144-0x0000000000400000-0x000000000040C000-memory.dmp