Malware Analysis Report

2025-01-18 20:39

Sample ID 241212-va4t4ssmbl
Target e7565b32ce06e562faf460a9d8257a51_JaffaCakes118
SHA256 f733c2df510f59e66d3a7e1d5191863e47618c8f1910f86cb0776c568020516f
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f733c2df510f59e66d3a7e1d5191863e47618c8f1910f86cb0776c568020516f

Threat Level: Known bad

The file e7565b32ce06e562faf460a9d8257a51_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist family

Xorist Ransomware

Detected Xorist Ransomware

Renames multiple (2537) files with added filename extension

Renames multiple (2500) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 16:48

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 16:48

Reported

2024-12-12 16:50

Platform

win7-20240729-en

Max time kernel

38s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2537) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_neutral_23613e3dd9401f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_neutral_c3910bbf4fbccf97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_CommonParameters.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_eventlogs.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fixmapi.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msiexec.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\srdelayed.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\doskey.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Ref.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Special_Characters.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_objects.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\diskpart.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\lodctr.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\netbtugc.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_requires.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Windows Print complete.wav C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7f095beaeb7425b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1cb2_31bf3856ad364e35_6.1.7600.16385_none_c4682ec47e0a66dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71cd128052e26f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_0819f3b1f785b1ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ceipenable-adm_31bf3856ad364e35_6.1.7600.16385_none_206737a0e379f0ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2ae934ba06cca16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_33715fdb2f193889\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Line_Editing.help.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Afternoon\Windows Logoff Sound.wav C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b8c287ad020dcf15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..eyboard-korean_101c_31bf3856ad364e35_6.1.7600.16385_none_e1bb6033344e9a8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.pmc_lh.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_edd4ffaebe5f1876\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5ad8e52591f53bae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_he-il_a5134adfb1f79c3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_it-it_04a34f05facda310\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bc7b845ad586d402\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-t..riventextservice-yi_31bf3856ad364e35_6.1.7600.16385_none_4153c9e11ffae30c\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.ieakmmc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_60287f6ed0b41865\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.1.7600.16385_none_729fe3c3da2c920c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-artui2.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c268d7431b8e4c0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_7a9a2f07e4e23a48\ConfigureIEOptionalComponents.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2d314e0422ac8ae7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.printing.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1dd6c1206ada3cd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.1.7601.17514_none_ebb1ce7438031941\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eudcedit.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8c67425956b9a5e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_41d4d763d49da024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Web\Wallpaper\Scenes\img29.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\42.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-setx.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c11d4b87394e003f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnca00e.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_19c79726da2703f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky004.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9518cdf23b4a2f8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8fe031f601915a29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_127a1f266074c6e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mf.inf_31bf3856ad364e35_6.1.7600.16385_none_1b2d6b17a6e2025d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dims.log_31bf3856ad364e35_6.1.7600.16385_none_5c635232f0645938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bd67096be8590c1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_478f7909f4271856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnsh002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e05c70dbc6fdb01d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d5861713ce706470\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_a2ffc87595d912be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f941ac75dc9d59c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shmig.resources_31bf3856ad364e35_6.1.7600.16385_de-de_32e09e1732543cc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6fc7f6bc4cb64c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-tapi2xclient_31bf3856ad364e35_6.1.7600.16385_none_c84cc15ba0ea324a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe,0" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DCCLLRDBEFTGZNR" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe"

Network

N/A

Files

memory/2540-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 fbc86c51a58818ff9a54644adfaa8c11
SHA1 3099ebf5bb532245b2f029a7472d03ac26c213b7
SHA256 4429117b202b2572c30ffd614e410f67d6d4dada8b73bf7905c11ee6eb276b09
SHA512 8b142a3247627ea75f4048f43a22c97ac39dc25b5e56182eab0f7827c96cafbe65656ebbee9b02c41eb5fb8f4ad5ca8c49f989ac95140e5153d3e9378171d5b9

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6d33f1270b6321c58a87d7dcb68be732
SHA1 fe8776da16bf9a27a1546551e969306da52c2b56
SHA256 b45255218e0ee870c41e265d064d66abae70adff4e1d25447dfd702e88178ea7
SHA512 91ca80043ebec9755f1b9241b85e82c9684083da1122a05c8a39c56c00361f6c810c5380dfd3445b89a01181361081ec88d4ea0f6cb93c9fd63107b825bd0b48

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 8065c4d5ec680ecff78db620e565248d
SHA1 384985486f5116e9d43817d73854e4ec371537d3
SHA256 c7c20199086fd44484b5c7e63680472958353bda388cae6fffde664265d7a420
SHA512 d6cc64201e5e8f265071aaf9dfa28547d5e7cb5941b6761b6c6848ca41c2de1f6666e425b5cc288f329326463d79482c81e2f2725d0ff188b3ad5b1388d13f0a

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 0da978661a81afc8a380dbdb36450488
SHA1 c4ff8c4744e6c1fde0f405bcaa48a148d3ad8508
SHA256 2d570f7907ee6c9b5c90f7d9eb5721e3ac4a98a889d3b696866da6bdcc9b1d74
SHA512 bae58b5a3d492ebab34b44058d106aa8dfc33aeb058dd53e23416d6a1e40b394613d3bdcc4b1525ffa8d5ee2f66079a78e67c38849f7f011efe35cb1b3136594

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 40024f2a19eb41af5fb6c2dce7cf5b11
SHA1 0cfbb1702da381483a42bef24549584a5de3e393
SHA256 10d89ccf9feb3a6691b1cbf3104887325bde1f85c14cca993e29b25147eedc34
SHA512 4aa3cedf7465e930fa6c0e1abc5d99ef2535223ea3075c5c14a114e19c1343db06b1b6180d168ef8dfcabc7e89524bf8ea2b2f1d1f066b75aab32427b55c889b

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0075168547860fcb9518452d2d49413c
SHA1 8ec97327970a6fedfc1b30c792d662144a72a0d3
SHA256 fdd8942ac8fc687a9649174b622b71744e1ff4e6734fcb546d076804d3984aba
SHA512 50cf07fd3a1a41e7e59d6e8fd747c30467bd1523f04322bed84a1350217df6d38d06061ed3c9c1d3fd0a13ac88e84ed7b14f68f473b76debd16189130a67b4f4

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 98d5e153a81a574c2dd18a256758bfe9
SHA1 d155f5829346a70084e8c20a8515658a49932a2d
SHA256 76f2197cc6541d5f27b6747271ac5723faea55ca0d93c7581992c3bc7c13b303
SHA512 be962847371c23725b9287ee3c7eadd9faf87996ed6e0af6f53b30d301b5a5727515bc7c3c1b0a0c6cb55df771dd5953d5250c00f6aca1099a1612b82bf1bac8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 c027a572121a681842d0c4131c5e68f5
SHA1 2200938f5ce9b1106de7ca6a050d9241036784dd
SHA256 fde147c81f30d201dd0a1baeb2cbed0f547173f1b9c9ad8ca560c96fe711b1d1
SHA512 81451d797a89711ef086e08c3ce65f338a41193c2b2a50ec613ad3c0d69f781e0e35eefaaf27b9e340b6998e7afb1e1a70578f135f6f03d78e099ee72674d6b9

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 96504c33faf2ffa93d161a5d6a267939
SHA1 d628425be499c38476cab5b8c5bb4cc50e9ec22a
SHA256 f15cb347c08303893ed8089496c41400592d4385a109e4b83e19f5d2d29a0864
SHA512 de35aa11ee30112cdaf362f9dc7664f47251aa98a12b997428661854fd8c530cbaea2d8dde62974726ecd51925acb77aeea03deb83be5e7fb25864b450735454

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 d3a19cea560b52b89298dece858d93bd
SHA1 fc14dbf6232311383eb34e1fe47f64501c8c47f4
SHA256 06354bd368561f8005f0dcbb7d26f54c4569426a0cb17c46b7144c33bed89fcc
SHA512 26bd354db099ceb9c86ad18e9d4f4b04294a5924a8fb4ebcf57362c64427b51be140c9799ed29db5f14422fd7a1c0c181583006acebab1e2753334ac3cea9fb3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 cbdacc44a5f59b208260e709d93041ee
SHA1 f049406f6f75e7fbf8ed589bf155e3bc73da3bdc
SHA256 caa11f99fb80aa9371361f5c927abe1f7f04752abb2e1850cca459e115531826
SHA512 cf9e761e8a9650d53e09557623374c42cdf652386a6e375f66d9d1d2e30a53f8c33f850b59347bac87bfa60b47119f41923624f9b07c0feeffdaef422f79a001

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 59697a3bc51f547aa917ddb516e67453
SHA1 314792e6daebc2eb49540fe5181dbfacd48dcf32
SHA256 cb23c774876b7cbb53affb4eab6bd49a767fa6cd7b34955957960a8fe5dc22ef
SHA512 c10adf1bd454c9ff98d4943dc614a18ed64cc9f9d44c40531e185d90bb17bdb5a83e2ec5306a8cee9c0f5ce89628953548ca6f3d914cd21ff56fdfab2e6d508c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 dfe32f971b1bf3b775ceb1d222b7bcde
SHA1 b92ac3957d1b22a0fe2822472e960f4eb32f5ed3
SHA256 c87bfe2b8de8d57e8d4a768cf26eb614df66a32c32291ef0be315587110f8835
SHA512 e8afbf0a9121fd9f2527b38a02e85bb35fecadb84a236b3d3647dc3603e4cec2586928233df49154c132a6867b2516bf618a1e86113ce6b4187bbe6fab7ff2b1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2852aec250dece3fa391288128464ae1
SHA1 a172f738fcdf7a28890f43bc5771331207052592
SHA256 82a7211183a510f38612d406e94ed6c1a093b19ad10e23a93e2be9e5de0e480f
SHA512 e2370deca89d6af37209965c41e19ceed817724b707cf366f6df1df78dfeb035165cb60bec46b543c5a0368b02b9670187275b37292b5113ddd8a76533035123

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 64d0eee1bd45c1e0218523783f566a43
SHA1 d11a9b110ea6c58eb06fe41f38e9007826b7b600
SHA256 7410f47e74d4cd9953399480c58cf174303cdde86398599a2c37563a4cfaa24e
SHA512 987723d57c2f8357c977814641836062ed708f4d95b6e899298fb809115145eb74468a338205817ade506ad05f568a5ef5ed4abe42bed23233f017ecd9e84592

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 6414a9065cca7823de5d74706d4d986c
SHA1 7267a0269e0d207c790187091132960a76b04972
SHA256 d9028022f3c38700e2aa3fc58cdfbb3ab2146a27b0bcc3a31fc2b5a746e85f06
SHA512 1a6b81b3e5454bd0ebeee374618053bfcfe6e77e7828cabb59ec4d1aa722f1dd970314885aba6374726d79bf39efbbe4c60ac3255203f0762ced6f8c183e3850

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 adee9998b5b47a7049d4c96110468bf5
SHA1 696132a073a6a4a36ede9299ca3fba12fe45310d
SHA256 eceeba1be6f91a875bf15f7f37203d740914243b23db16bb934d2fe7fbdb148d
SHA512 001cbd722e79300a959cace25eacd39c3e3e97bb45502bb7347631d80ba72ed113121bfbb9d9898c7948849a10820df78ce6fe93d663b0464bc1273db8f07054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8c49786472dca663d3af3f07bccb55f6
SHA1 b50e72cd21ad54cdd524d296adbf831f2d5da740
SHA256 97157dff1f1bdf9c5b097da75fab4ef92ca5a0f27fbb742cb4b68035b79e5356
SHA512 d2bd6409141aecf73e4f3b322e8631bb3df6f01aba29a68b08f24fe8dae6ffff08e89fd0d7a97b120f3895a35d6caac1be959f1ed419a5cb6acbe07532b75907

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 bd7710b829a6f673a78cc2f4be5a6dfd
SHA1 d50a7fd94f981edc45eb7fb75adf17d720aaf40a
SHA256 7f3d08dc24bfe85aa8590ce818b3e18ee657d07fc8b207280601d1ba35db9076
SHA512 b28d05c099d880b41a3cdb47fc97807b4fc1ad264da5bb6e06c7b1d79bbe298adede1d0544f929a850ca39a6062657eea63abb3325135168244135e1124fde86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 2d42bf137a6adc4d5b1256a0db386184
SHA1 29ee966fa5bf76f207af0dba230c7a3fab272a0c
SHA256 f8f3ac40e6f9a8f3b7dd9266a6f41a9e809a590397afcddc7b2c1b752876608a
SHA512 1a55c7e1358d1e8fa9dda8967d79dc97f8dc89cc9d8e93c1617e3f6da3d93c0a1671debb403e88d925699cd07ed82ed2d8f1424de99915872deb1c6d17e4a700

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 f111694d7d2ba85577388c843cf0194f
SHA1 82f6440b6b12613ee404d1517702cbce602b775c
SHA256 116f94b66c905968cb6b93284bb5336d321aa5070e3fe7bd90e65ac8a2734b92
SHA512 342d97e1ade7c37e227db357a7b81a8f27876f63819111859104fa8c47b22a31efce7889a3184f14cedf70f6dbbd8bb1de00bcde49ac330a98cd7d69a2bfb6cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 34ce36e712f710ed3b6988918a370456
SHA1 51bbc8248148453f8b3774d81ccb7740872a8d61
SHA256 fb642e4b724276281e7835fd8ffeb81c103d07eb693bd3983dc460c9c893fc94
SHA512 ff7ed8b37e2a6624c66e4f8144ea9f5c4b7071315abc59ea8b0e98fdbb1165f5b6351d7e1710fa555a39c2943d6216eb59c1b0951581f02061df65be2df4977e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 6eb3f85e0f1a45956ff2c08611eb5821
SHA1 f6aac83c0d1d1949a40459eebe639725f256f2ff
SHA256 3f39b10f6009ed022565d90fd16f871c98e81905b6b694ce8136b05a2146ca4a
SHA512 2fdcd128a6e74cac165eacf09c78ce0736f8616161b40fbcbb0544447c812f10a70ca29b1aafbef7809a84c9b14603fe428dcabd0adb09e00b319d2af3e39c98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 35e9f91a7582377f6a09cc17752cfd41
SHA1 b6d14c11f36d0dfc9005e14cfc0106bdc8c8dbac
SHA256 0fd102b160e905292acbdfb225e485ca9c697deb38636e30d264965b2e76bce0
SHA512 dad3fd9681422b896245a1073fa0c45f530b5847b16f7dd99890e1bb1a70d764f1a904b14cd6a17808a939a739477e78536e279c80c1425c52d964d17b58c662

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 29c33a3d35e3bd58d665cf4bb700652c
SHA1 a020f862fd05348122fc949ea14469218181c3ab
SHA256 eb73532f5c8133149e4039315b74919894ea1a42f6385eb6825e4224c8ab7809
SHA512 100c410d2d216fc49d38f1ded3ef7b32c44f54d01c1c4735508e3e928f09430f1a28725f4e55b833d2ef7912bad4e31170ff500a5b2475acce9a81c8fe72e9dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 e64c6ff5c02512328aacc8dc98a68140
SHA1 cfa89d83cf0377950616ba2de194baffe1e5c7c4
SHA256 75c0052c95aed106a3bd360ac0564896c4b24276aa0c22f2890136f448484265
SHA512 de75a023ec7f5f2e250b027d1944643151e8aba3e51af5be717f710b70a2c9d28886189e9b87ba795334bc67759077013c34044a3ad15d074f5f929acfdfa7ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 cfd704604ebfddd787054a9bbd9751b0
SHA1 c6b75615790f0a780dc41a01b47f12ebc88e299e
SHA256 49a7c1a7428f8ea4d3b2bf615b50845959d4f7bb7b8352d72bf2e82aac2c468b
SHA512 349ba8e1bce125f9aa147db3666b3f9e27c085fe34ed3109b8706d80c2bb7e078239e9dfdc6af0a5fe60ac992581af9d2e133ad5e73528a680eea59874d7bcbf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 c4b902785a332597d78defc5b3e61622
SHA1 4e22fa3a056ec6946e966e987efeaa4ced8f6946
SHA256 3d021a370849aac36f8a1f5577e5f9bc29a1ec483ba5b9b602742d2787baf351
SHA512 8c26c96c7895654b3e835f8ebe421b06aa29348736df1b42e4d420531d5772ef4b1c6b0648df2ae529233e50b7b1d0b2b6508d72d46961148cf33b74ae5a351f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 49f2c9937e8c4e0d762861c8cbc693ef
SHA1 12939374c37cb4acf849d0688d5e6e06079448b1
SHA256 74f20663dbc14fbc63c9e1b96cbd121e2342905b24e42a55006807c400611ba2
SHA512 3cde10778429772af1b9d1b9d77e6c684aa891b9ca9a70c6d0447e8f49d34878e36a077dee0a3cdd65c38b410aeff43600d5a49933d883c3125fc46923c766d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 afd38a09546dcb768409fa6455f4958b
SHA1 0eaf7eb05e02ece4fcd161bb0f387b3ce86269e9
SHA256 dc29d5f1074a9a23608e6a5568eeb6c6c0363131aa36dd9f17501d50081a5ecc
SHA512 b0228438efdefbdd5f8d03561b48b20b3bc6a533c8760e9ff500a12108864967cbe2d69512896750bba43fb4b00529f00d507769ddb37423976a85e059409cc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 a10f2b2b38af5fa3cd456f74fc260a09
SHA1 fbca88e583b464778d44bef98f479f1a7de19684
SHA256 436b7fb254fea1a6266d8a85db19733fc9391de6e7c25f050232ab3c9e1e6fc8
SHA512 1fd4f5f4905c7b2d649846e7ca4e3cbb28c8e91ca7cacae9e65a8957aff21535ed2c151e89f0636274de2b275e022de7e387280e5e2b7a9ec53eabbfa525755d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 2d3a9d7706c972dafadd2def7f3aef35
SHA1 c7a310335e04a055d060f8b829acba35555a98d8
SHA256 dcfc2054fc8a1b38986d9c06ca59701301cbffdcc2c50e976b294882316d4ce0
SHA512 52af3f38d24778d1974d0ae0cdce2fb19d352d43e04f0fc3bb9ab139ba4c6fa10602e01cc5e22c5c624e145b8534b6c15b7990843f45e92397ce29cc994579c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 61709ba818dc090e176c7d25ba212a50
SHA1 e9ef2c1e267e9403544a51323a1aadd78e861b56
SHA256 7623814287244158dd3872da7734f24654da21f7f8c8bd30bb06b3dd684f4053
SHA512 67f8d4b10305475f9d841138f8b9fac587500eb8a11574d96a85b0b4d244b6aef24e460f27a3b3d782df2d2edfbd6efbea16b87822624a99b62d488f18332c75

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 092098e724b820b539dc7416b3e0a65e
SHA1 cf1ed4a28a0362da98305e7c38b2464af3f35df1
SHA256 3090f332584fa1e5bdcca9617732b3a9b4d2b4f6f5753eb589afb4ca40011b22
SHA512 f0b361b4f7607f44090a5b65be266924a90c01b5af8ea18addab447b5269985919fb8f0f67c556eb1aacb8b42cda06be4aaf7828e330371637e99ece46e18f07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 2aabbb9e12973431300bd53fe2fa975d
SHA1 6cd2dca709a357ed41935c831da6e87bdc670dd7
SHA256 a8cfcdb76d2f625e0724e84564f5c3a6d627863a0dc7f819f3732ad74174a67a
SHA512 e4bae6bd1e2bd5b3fc114aed12f065511faf4944f2f1fa09c92ead2a881d2b592231c4b98fd038f9f8d538cc41b3b3919bc4296bff8472a061a8177272db6f76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 26438cf43b66b3e0858999af550d3d14
SHA1 5b3972278c46909cce8f740715ee2465b6c119d0
SHA256 473ef31a763ee211f54a9970ad9f8ca0dcec66eee63dc46d61ff03996cb907ae
SHA512 b7871896067323ccc0ea0329649265662096cfca8c0780597eece4e5cea0d7f98c22ad5d2b618ada596a93d316c6438e349e1e3290bda0a362bd5b974a96d39a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 63b2aef0433a8cf893f75478be9d9b02
SHA1 5f37788675dcb6b46b44988e378f4dd41225965f
SHA256 edd1c30494b8f61b962a1c0d4d2b728f770d364cb2dcd1059df1575cf42d7707
SHA512 a3ed627286088ec9b3e45817554ed837c0618be589e150dbea77b143a457e958bc0f06f9a86db36c50bf53f239abff5174061d5b0defa39aa0d69019f8fc68eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 c78ec68738f3c3486b7850d036fbe2f0
SHA1 b815442e74817ef9b2ac5834dcc57af2dfd21340
SHA256 8a5de1dc488eb41776dc08a98b5a8a598e89ee7d58ae917db57c64a37321f036
SHA512 4882d15b02d19a8e0a9f8198dde704ee2667320ec1804c75cee322505307f92c86e74b941263ff22d4b52059bd16b0cc7b8895ee2a9cffa3e1b1b01bc6c26093

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 dba42ed7a3cff3c382535681a16bb003
SHA1 8ae1ef6a67764d0b7126d91735d5f94025b5df87
SHA256 1edd8ad0c470ccf76e45be2239793649d5f567df4c222e14a3101f4f02e71f78
SHA512 3971eb446cad8f5272030d2f5f908c3cc8d2e0f6464022ab391ab41c123b260634a9f174fc9eb7aaa1d778625908a8b24d284b732cf0af07957ea1a793d28c8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9127f504425c6a5321655b89e3212dfd
SHA1 4ea5149436137c7a9349210f31e80b00a148c861
SHA256 5818d76e46d74d1ff05f150e127a0d58e36cec1ab083a13be22de76da4879741
SHA512 991bfb8959eb82d44b8f7ec0783dcc74f10078db9818a37146eca51f3a21eeedc7afff590d213b0375e6491adca50689cae0a81aa4ddfbeeab904c23e5963fb7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 488679b9ddf4ee30a1e2e4a593146a3d
SHA1 8454a1b2ef920779f4297f4e3efb6301a0b61149
SHA256 665a0b77dd2d61784d838bda346b77a75e46284b82189e38e1e181975f6e4c3a
SHA512 220eeddf9670e99a288ba6f8c9b309cbf4151a7e005de7a53086bf90f023785c35a2fc856f081a4c05dfb9e6d276c399e497f1b9d5444c9a69a4fc9d5c51b174

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 ba265a74f4ac7f9d33c111bc078e70e6
SHA1 a4005a030a221c6dbaf986aa905c4eae7ef722b0
SHA256 0fd1be41cab430f0fd74a8154b990e1a8188e86b4a8c3f60a9f4c05c318adf15
SHA512 e18d072c6c15b8e695858e4aec0b35bd58b211ee39ef8e27900d05df3378ed3b53a2ac71567fccf8618b973e21f899ec06daf99d14cdbf35b3ebcc7279196b86

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 6138e614742641471641120d2e661773
SHA1 fdead241e3c19ac8c6c43b8a0b5de8e7fc938f7c
SHA256 13cdfe6390957511ae2b62081a9b5ccd83484cfd01589a884b945908700ac72c
SHA512 c336db06b42cc6cfcdb8036f7aab6a2a9e42808cffb83a6756e6aebb288be205415232ce730fd6c4ebf9197f597693b6e9c82866cbc5ca87ac67754a2ee02f90

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 0a0c6eaa303a7db9469a61d69fc3d667
SHA1 5b5f3e80eefb82006da1473453e8b14b3b103116
SHA256 e3b8338c18b647c5d609c3c1d42c4a77d8c9126c91b9ee82c894829f27a5ab95
SHA512 5fcbe6525b3768f9e5e2fa6200269f7ccbc9e61164f33bbb8428117d0f5b543139eb9296edb5eb0ede911552461a2d6f0c50e53d0081b1c05aef6becc2207684

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 ef7d9a56ebffe496ac31560b046831d5
SHA1 92e0df3421bb8779baf19eaa8e0bf1f6395cd89d
SHA256 c80b0dd099363ff9904711e3cfb4e14480cf257da8dee47e5daed1031d60b6e8
SHA512 c400732d85f27ce1a7a696bab85f050764a46fe0b3ad146ab0bb442ff1cc1451e5ec3c4bc9bef538cc136b89a4d60160267ae1710612bcc662dc71d693e1247c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 8adbd7558e0acbb1f1efbe78b4d6bda3
SHA1 bca529b4631034d4bf0dc0358e31c86ac6289152
SHA256 2cc1cc4b0e837bc45ecaa5ddc8e20ad390adf5a3b5b580600056982dbad7f6d1
SHA512 311aa0ae84d4acf89c29691ddc960da20a9d6c2c005997eafbad5753d5fea04199abf86f5b0f062f640b680c88379aa288e361d0f7aa63ee1174311c20a46782

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 9cd2f17dce53a2ff95975b9add7917b9
SHA1 669de2f0b30a2e8efe338d87b873c6a4fd9491b6
SHA256 0c56401dbe90ae86caadfd01237291c76eff4ea3cd98aaff7e9f4c15d0cd5a54
SHA512 0c549ee735f0c5c15c38ac93e5719f47befe513ce516588c3f624f4f42f3e39d024575836f5644f1599540426f86ad781f8704db83d539adfa9c8d67f3dc6f58

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 7cda78593e8e8fde84677b5b8294a896
SHA1 1910718e5536ea0167f34a182275695497ae7635
SHA256 42662ba6d8dd444f5566ec8a87962f5ee5eac1f553defe8ba8b5eff663ca4175
SHA512 9c3ab2e3e1d8d027b990649fae057816fba93e36d652121c9a5710b501cb7f7757f5c7a6095e8d1fe4f590eda969c2e4aba97a6c8eeb69f6560326e9b4e8a85d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 4893fecec9d4424b72f5a6be8f93673a
SHA1 e23fad96d0492df335227b3faee78a8ab7e36dc3
SHA256 ee084a03ae1695ed32e1561c646a7029043a960b82aa1d7bc8e211ea3cadc712
SHA512 4f41d369a6fdd35c9514d2cdeac58a6eb726ee9bda5ba4753552a95248b682587ccbb61d8e41e7dda720d0ca782bb4cadca9a2aee6b457aa56b51cc0563e5b3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 064c655457be57b39b8d70b61155d589
SHA1 71205bdfa98a345356c6099bc0fb4e52ac3ef2a9
SHA256 6aa1307a1f7fd6ca335119ce90d4d9cf6d2212115813bcf99704541809e596b6
SHA512 4e87c489556b87034c658ed1ecb7a267be933c06dd75d86849174b0f82990166dcc223996de29d076a4cd6d44293d6f80662796be3605c7944b4c0453d37948e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 6d8e46f9a5cd630a6d71b8cdcdd0f520
SHA1 9a030d9321b49d99a6e55c3bafbee23e4c30a2eb
SHA256 6f7efba39799a048d67ca5d803b81ab72d90401c1175eefb9f82c1676e860298
SHA512 c50e906cc97a8e72cb65de09c3b4a21c0b1bb53c3b2b194b2f3bc62d68a7ab8d288b509390d1f06022b16dde07203e14c1e263de7655c16779c76216c9c0e6da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 6f0b81fd6d0f2cbcbd0bd26da9cb58e7
SHA1 9bdb35f3d708799dcd282597f7328209a74064e8
SHA256 af71f8e272c9b3a58fbff5c63beb156e48c89736ded1e39dea684fe1a8464646
SHA512 f1b0a844a89ffc76bdb823a5da0b8afe285194eca4765c45709c1ae1d670e3c5bcf41edceee4277b586ed4171cfbdcb11cd120ce64b41af9d9192f133a53ed77

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 486e07cef0d8af203c1abe07f7e56311
SHA1 ab24903768cbd804c5863570af29ee01734cfbe9
SHA256 f5ebfb24d1a7c735a1b9be059021a6f0a73f63ee1013d1444e6749eb3e77c5d8
SHA512 21e2cb770d975f946989412a4cff1703622ed9066dc4c21a0c4a35fc7a2f979f9062f9a4cabb4b20df214debc8bda779205af6646e96a627eabf48a97faec43f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 2d62f1c23efaa5b6da0933692bd62799
SHA1 69ce427ef60bff2cf65e2a9e3d8d9fa46a2c315a
SHA256 101736dd017f026a1be54478153ccfde76a461d5c403d7f91e6bb6a466331229
SHA512 0551b8e46536855c94aa96622b075e5330628047fcd4aad684aa8739f2a72ac0ceb163019a574ac51707fde1143b18345480c03434cbd9460609ad2d45bf310e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 2a9f1e2c78f4e8c16fb12f24139834a2
SHA1 46b90cfc53aa30b7fabebcab78c22cf39358e71f
SHA256 416a6aeac948b2b85a59a4deb436bbaecbc35274ba57c5a1402ffbf764fcf354
SHA512 4b03eb87b50efc177a6f35dcf8b66bbccb1c23b4a88eb56e935506a969de71ffc62cb8553342c52d4ccaa38c48b40183c76ac31cd199f3c4c7416bc19936ce39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 de487c0c4af9ad7eaa0aea6cc9ce2ba2
SHA1 7084964a6966e8bdd51d8d29ce700b78f4859dd1
SHA256 b69ea8865054fe7218e5c772ad9f48a1cf40566a06b9019b3295cc8ac3241dec
SHA512 0c11ae2513bceac96c9deb44e3426498631304a4de6911cd079e872796327ff249f2db54d3539c75ce82b9a935cbf1896224cda5fc734c5051fca7f0dc899930

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 df15b4235fc7b2b6271064eb2d66cc15
SHA1 821143501da1480befb8a1cbfe8af564882c5a9f
SHA256 067943b17ac031e83fc642c46df0a0de25b8a759c302ba2962d1a8fe0a36266a
SHA512 61454022a409e4cef87e0f6342c8b52d54032617f59495920205f99194e48f01bcd1566cf2c3749c03c166907f5d11994563afce6da2d557b1d382588d0f08d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 aa7fa60a08c84cb1f37dbcb5a94ef9a0
SHA1 b02719791a35d828a977cbdb237961fde8c5cbc7
SHA256 1d942d6189cbf95d4698547c1e8692074cdc6e0891ce32d2051d7b8157ac6489
SHA512 2fb8723c905fad229b7a56a2362084d3b69c88f20a026191d16ca1c6f6e0ff2455d780be792c2dc2b1900f1ae39de0d9433aa4691732dc54d1a73cdc40a21987

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 c1e52e4ba2cf586835ee8293fa5df77e
SHA1 ff8eeed69e71193dd1af10277fb0f63427b74037
SHA256 274e63c262d24b1940421dcfced8f1eed085264edb304621b9bdea4609d979fe
SHA512 a909041dbb4924456a41721b77a2d0ba6f4ec1be5e521adf8351ba91e89066198c758cc13defc020837a98e9ccbe8241e18658c10ab3344a658162f4bd31af69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 0926798aeddcbf4e67ca726adf1c2d2f
SHA1 f55091dedf3b82ad2f1bc6f376722197f9347093
SHA256 51ff74a9b57bd859b9c0c73d5dd5c292da81e1240532c39ec782bb53e8d7bfb0
SHA512 d53e863574e50bf93712072e293b95e272d4f14f0523624dde3d965ea3d0de80ed39e5c93573ff6be3d30f03f3391858c3c93a79a4a3ac53e7b778199caef894

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 3b2053cc6c2255627ee8ecbf24b7fb70
SHA1 9ce1083978dc10c76ae8d39c04365129b803ddc9
SHA256 b1b2113e5cd4dc852c55d760118521bf85d241b75b37f11603b9b761838fcbd7
SHA512 f0e75fefb8e1f9da4372171da23356ee066fff9731d41bd77c5fb167d492feb640e294582bede1962fce71f80c535efba3838b033ba306694f1575fc14f932cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 52205bf63bc8afa1fc35e265072eb964
SHA1 de9592ae8ed9e15869ccb9ae35b2cffcc2d13e32
SHA256 5b65dbae07988a9eac264c6028e0d7a9666dc4ee9da45ba872ed2af68417b971
SHA512 fbbf3651d4adbf04f74818f486d195496ca08584976c454b3ae6409557b78b6dec489ae507a6c5f20c759b12e2b8a86825ef1652b9f0c803bf4ead9a40bb3ac2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 562197011ef953aea062f935ec1a3d6b
SHA1 94494311c0a2d2178c0789954984a0f2ed06a465
SHA256 63fa50a7bd9f841e864c6eeffd74bc0d3c5c509504a548df703d8233213bab9e
SHA512 5de257a051e9f378c3fecdb638c8ebfa18a28ee5c1fc57ab80c9f4dda17fd54bab00ef73f2f4ac68d49a6a78458034ccd27ccd4bfbf9cee8e6057976a7615772

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 9d8bc2fa928d6857b8bcce126c04c6c7
SHA1 611c618842178d46e0379b9051f6bf5f6fbc1856
SHA256 3750f15238561ab6fd2614074c7e7fbef42d7f205ce57593d76681090e45b21f
SHA512 ad63fb005dc9ae54ba2853142bec9e43b2439f15066624e4840b60abdd9f8bc273d9d652408e6245a46b1a89193a6f9d712538af232b76d08934ee59aa21eb6e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 869e901655a6b424c6e91f1790db49af
SHA1 eb7905a91f236aeaaf45f74b12c2f19cfcb88341
SHA256 4de02a61ed6fab869463c1902a32ce0577b2278ce28aebe8021a7c20efd97778
SHA512 228f8bf77eace3161dc84de839472db2a1284869192ef33cbafa1950d0d145a7257af05ef7d6427534a0d4a1cfe935bc719f76d8940f71b44b422fefbdb4a038

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 b3db7458c8fa53d6301ff0ee60fd613f
SHA1 d280b8732159c4d020a7bec581961aff0b751007
SHA256 463edea8d14dafe10e44c25dd74bf4679838c82815b8a7d26ba3990087b5d63e
SHA512 136daf930ebba101a4ddf04a70237d023716fea6979204d4364291b8aca4eaf70d49a8812c29e244876acbb48e1d052ed27e93deaa55fd0503a3c4404e60c249

memory/2540-8179-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2540-8178-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 ba10301081b1b463db2f0b0e4bf34d48
SHA1 85ab04091b58ffb57eee1706db7dc97321bd3658
SHA256 0c6f9b7c2b0a8183f1f916bd3220b815410be280922a79c317573c3a6aece77e
SHA512 18b24bad7b4e417b90e37cb410011dc264c358779b4819f060c3e1ca7de5e4cbad20998c708757c57b6f0fcb2499190a106fab8f0cb2a92fa24fb022fc19f235

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 16438ad57f5cdb9fda39783c35398cb1
SHA1 b5fa856be63753a0d4e00c42a60d1137ee144911
SHA256 144b528325e73a38cfd84c09ee84af548a3765ac3065584ca59f43a0adecee24
SHA512 d6d671564373cf0e2f7f333e53501d911f32dd88dfe2cd493f0c3b52ef151916492ba10bfd94475808df2a06c0d96bb51ba5add6f4cbf86ab21b0080e32086a6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9364ff1f8347369c8dfd2c0c1a665cf9
SHA1 5f9764f2c8976406bb79c3df398cc260a1373909
SHA256 bc36602fe2baa4129d38e366ec8b15e77d4db17331b96f6f8de9ba138e9a6ec2
SHA512 4b986b20730f2cc1536289cc1f28fe6e89b48a360ec1bd7ce41b7224de60bc9c824d357dde006c1fd93247979d0be56d981f70993b6eecf11aafb816adb7dd6b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 66150bb21e80d75b28ae8879e98d4bbb
SHA1 ed96c42a366ace44254895dc34616af0efa0c4ee
SHA256 c0d4cdd2437b92c88f1768f2fe0a2deb3719ba08b76fedb7bb33fdf6e102c122
SHA512 a31d7da703340ccbee21a4b7761f25457300d867703e80551f9d9d41b0e34df433a72a8efe78189171bdfe1ecaa97792ca40f6f52c8d87548518f4638ebe5857

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 9adddfe021e9f711ef5fd442622770fd
SHA1 9bb62055de517f9324af33043f043d85c137892a
SHA256 64002f6c9c55ba587632221e1ccd5f9ace1a1522e776cd218e5a7e0bd5904c8a
SHA512 6b52b4dbbd48f44c614da24624434d2f0c3a774ca576b92acb6bed162bb25a23590df59a3b98904426a86b5c92a22f8687645c744070743858c941199db5f4d8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e6f5edb1e561e91fe8a7a61820a095b5
SHA1 65e8d9078ca8664ce8dda1577558a8cc00d0741b
SHA256 3645ff3c2110111fbbf19b6dad00e162560bbc142320448a5f11c04b4fe3a32f
SHA512 a6d8c15adbca2dc3e901d324edffe3c0e7539936f093e836f36a0f33e43411173199fd8fb57880bd8873051838eeded0896ff1f3eee7cb2d7a60460b89f97617

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f464247642bef47580f0b0f7725e59a2
SHA1 2b65e9b825c6cb05283481ac5a951ff6d06d5a97
SHA256 c6783d65f2b6011e4fc69598cc87f2af740ac810296cfdab2ad8af719d714dfe
SHA512 b6e93f0c4eaf684ec12cd5bc47de1e7c0fa8153fffbeb3f0267bd595a94a389a7d2fc97304c81af3f384cb553d7f1e3de72806c6fbd222f3df386c7d54f37d07

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9b5017537815ddcd0b3be6103324cd89
SHA1 b8921e06529f401677c44ff641aa159b11dc44be
SHA256 38371a0c11817d75a49b733b1e9e5b466a4ffce47b7680f68ba4f024050cd376
SHA512 d106e0fe3837a4c5307e84d02771a955c3e255fcb7901419c69631962a3c9872c9052dcd8dd23881d300ce08d787edda226dd9257415549110ba74104edb78d6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 f3f349b1eb19bb240b10cb6276414844
SHA1 285a848b121fae460970d0caa43c95f32e64eff6
SHA256 ddd3c5b0087c8360f574dfd9d62967339f34784034f7e28274fd9b40d92954c8
SHA512 d7a5b1a506394ba8ca0adf861ee570c98e4578d40a1ca36b2eec85559ed3274370730f7d364a964ff8dd47be88c0f65f13edc69d017bbe43f28f877acf95e480

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 9c856d054c04d4bd9d79bb9171798c25
SHA1 a6ab636736fe520427e94b4e6a90ce3094ca17eb
SHA256 d8038d0085772201af31c7de0f78035dfce661334703a6809d77e63da828ea43
SHA512 834832fae846be910a191540d735d7fb8dd1476033ce69fe9cd43ed386ee560792a0612af55afb1fb3fb33838f0fd834b5b9edcaf7dd217e91c6ce9b35d0a1c9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 2c971ee7ecfac08b948d20019911ca24
SHA1 bea64c982e78c37cd4df17dbe2222943a0958f3a
SHA256 41e273fe465e0708ae15d65fdadb55c39988a43ecda34a5f1c759f24db32a882
SHA512 f66ca248175eee97aaead7852d6ca70e76e5d2d3a5b9cec14da9f2869d5eb0b737bab192a4988baba7b62a13e1b0cab25f97f38fbb7b7969900b9f2938432113

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 14417c11dafd345bb8c65a72867acac5
SHA1 eeef7ccafcbea52fd03dd58f5ea6c1b55ac320ba
SHA256 2c07ef59a87679205a13bb9501ebad13d1d4b228159e509ddafaf8f10dd4bfbd
SHA512 1579ffa76abf1abd52d386c722915845f1f1aceeac467ed76303bf5d17d4bd585d18b5e04afc50a1e85da63af2b8cb7827d8c99648a9b1564c12d6c512f8003e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 47d0a92f6c740269e49b4edaffa35394
SHA1 4fd75499b81b2baa79b37b508608f1ee4f84ed10
SHA256 2a844cbc6cae0c0f02fbd3b94717284eab90fa19048733678450fae1f050cc6e
SHA512 12dcc79fdb777ffe10170943d69b15acc4fc161f5f00ffdc1eae4194b3660608061b2bb0f4818762b5b23f40f45cd1c46fb598476cdc2c24becad2a64a19bb0b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51499f9c7b689688c352f21fda608429
SHA1 c8177ef89682f7743663bd1fac83093256af7f81
SHA256 dad026e2bb150790d4b97d25a71492d7ed671a6e1cceda8317cf84e22169fde7
SHA512 27acb945dda817d3acf449468780369a3544af02e8567400c96a6e4caec974277ac29dd54448ed8b2a5b7a5c5b06b63bc1b3fe7bf8155ce91ef4f15a523f2573

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4d127f281e07ca25521c7a5b0cab8208
SHA1 f0f39de118bd7dc0b732e5946cb354cdf88d1d86
SHA256 41546e0a9fe87c504fe4b03ba62171e33a28a44ace4626f722fd1f05ce214140
SHA512 5764ab798b38352ae7f4d411f9a40cf20caafb9d04739f3e3f0d21f6b0589f617ef51402b6994776c87449947037673e91f4bed6111f1e0e579034412bfe7fc5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5f6c9bf16e5621d9638e483a9e4739d7
SHA1 013b812c0f351b6b3177134e7664b41a38e4993b
SHA256 3b7fa5acc8cb984b85af671e84db362a1adb0cfec80c96cb06ea08c96b75f90d
SHA512 9661f7011967b5bf2d5f3c362d7e4a3562c70cf90f8db947334d5168fc69de7dc06937ebf0785216e9b4b7cc9fec27976ad9b4074075657ed5dad8e7e9da66fe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 c25801cbb9d9573438ec8617ddf79a62
SHA1 f43a1bf0113f9386b31d5d6a194d4215c9646d68
SHA256 84b5e8fc5cfe84e1fcb29dd5fc3d7e66cc58f1a10f921c33f47af557f7919824
SHA512 dfafb94dca0ddb4692f7edb8da9beb03bf1cf706ad9829125f7419b87acadbf3c67d8992ed67c23e1d472a113717644ad45d0369f9296ad713e27c55d4c1e2cc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 5326f8ba9749b2acc3f7072d0abac5ce
SHA1 598ebebafae1ad2b65b88ed26efedf1891bcbd5e
SHA256 b1a410b37ff94b0d3111345f605963d2a72eedb99e287cb7726d7cdb7d919f02
SHA512 ee38c44f696ce3b022c82e93512f2d45e9b512089e5b97fdb259e94975ab828a2881dc689b481fe1c431dea3bf08bca098ac92fe393b7f80988f0a498eb4d8e9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 37e40dd0b3b65b6adb5ba591fd4e715f
SHA1 8fcf4feec00ef78747814d4ebc20e3bdccc9af2c
SHA256 a9ba23734d4a6563cdf9c99f353453db672bb8b826cc58668caedb4b92942ab3
SHA512 6d8d382d9bb77c21c28b6f812d3e33db4950f0bbc0cc4a4047b39bd87e9fabcc5a742ed3b4b3f086035297d493e5e4f7956e98b3ce0be2b979ef819b1371ce7e

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 3f67d9836bb19a988836399a787d2baf
SHA1 253263b375827644e2e6c0ffe1dce7811f391c54
SHA256 47aab47c410a78d162e491381aa314c254945becd28b8402e60d2d60c6c310c3
SHA512 0a7d318cdc3ca9b2af5a4c393ce5a9aa67ec8d5379d72eaad98985c00179c27f4634ca2c997d511d10a1e9ad0a14a0c20bd785611d9e37a2effca5befbc8b172

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 5fbdd7b04c58986dfde532a57e2320ac
SHA1 5c76be3034687afdd325812832d4a68723b02b04
SHA256 92b25dcb00f179a5e913cbf489c2a909b3380a22062d343cc60260e798cc8263
SHA512 89a001c6755a089d042ced7f8a65d731d94abebb01de25e8b363cdfecad688d6d9f33b1816d00a376b7e874dc1114ae492eeb4a5a71abbcfdc5b73ba742a27f2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2ababd422e08a1136266513e534dbc45
SHA1 116357e5cd56585962d60a6b497361503b48b344
SHA256 d55d058a92b7226b004752f39462eabd0a779010da9356e464917d4754e653fd
SHA512 e68c446c4ba9edc91c98efa170a4c316a0995c8d7f471a070c787a5d0a5e2a0aa6351209795df178abbb2833ad3539810c9d2cf64bb6ce5814f6a7938c8910e6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

MD5 abf19be9fed2c2afbf92ad4f323790dc
SHA1 ef08b900e35a1619d15e1f4fb7e917475815ae88
SHA256 954c5a1f985b6df964ae860b22021809abb1b49fc0cb5c8ff7ab4ac3bd480f38
SHA512 cba0a55e1bac6a5d37164c19d990800513df9d4e394bef32dc4d0ed99610f4d91423b8f6ee29c3278d5caaa518dfe4a153599ddceefc3ee5c9399d83b5cee571

memory/2540-9823-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2540-9846-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2540-9847-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 16:48

Reported

2024-12-12 16:50

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2500) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\RdpSa.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\verifiergui.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mfpmp.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\PackagedCWALauncher.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\systeminfo.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\dvdplay.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\find.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vstxraid.inf_amd64_300cb04282659e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\msiexec.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\net1.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesComputerName.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\rasdial.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Multimedia Platform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-400.HCWhite.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\OneNoteFirstRunCarousel_Animation2.mp4 C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FilePdf32x32.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\taster_post_call_illustration.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\DirectionalDot.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jvisualvm.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_NinjaCat.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Microsoft.WebMediaExtensions.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1_none_638e20742b3c9c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ns-platform-library_31bf3856ad364e35_10.0.19041.207_none_64ba1278e164b577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-system-diag..formtelemetryclient_31bf3856ad364e35_10.0.19041.1_none_d406e9070ffb64e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_106f353b7d505f70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-photobase_31bf3856ad364e35_10.0.19041.1_none_00c62ae86ebca055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ntmanifests-termsrv_31bf3856ad364e35_10.0.19041.746_none_031c667dd05cd716\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msports_31bf3856ad364e35_10.0.19041.1_none_430e27fc8ea24011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tionuxexe.resources_31bf3856ad364e35_10.0.19041.1266_en-us_b944c74b65f5f06b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..mpatibilitybinaries_31bf3856ad364e35_10.0.19041.1_none_c4dbe9facc14fbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.19041.1_none_e7854180ca0cff60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\memoryAnalyzer\images\i_snapshot.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..tenanceui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ad93bc9653ddea58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wsdscdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_25a2187ee3653dc7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-uiamanager_31bf3856ad364e35_10.0.19041.746_none_ae350dbce9d95b75\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.19041.117_en-us_722d861e05188bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-v2.resources_31bf3856ad364e35_10.0.19041.1_es-es_e6b7a41ed00227ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_10.0.19041.1_de-de_faf8d930652f7bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..files-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0761e8c92bfa6607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_wpf-reachframework_31bf3856ad364e35_10.0.19200.101_none_cfc39681387e521f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windowssearchengine.resources_31bf3856ad364e35_7.0.19041.1_ja-jp_20766c18f2f988d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_6f1fcb1866fcb4b8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll001d_31bf3856ad364e35_10.0.19041.1_none_a2740a0150e44dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1202_none_cc0c3d35675da3a1\f\appidpolicyconverter.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wsynth3dvsp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c3f43c4f751788a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ImmersiveControlPanel\images\logo.scale-400_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsdashboard.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9a6ac7c16c78ca56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..lestorageengine-vss_31bf3856ad364e35_10.0.19041.1_none_78d038ea2ba50dcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ja-jp_d7c2226e3af6bdfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ealitysvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_bbebf73d440a88f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.19041.746_none_c2332356a565df1c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_edda8130b19d4286\baseTemplate.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..g-cmdline.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd1f2ab62caa00fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-desktopdispbroker_31bf3856ad364e35_10.0.19041.1266_none_718957bf95170700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041b_31bf3856ad364e35_10.0.19041.1_none_560c3edde82e54b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..facturers.resources_31bf3856ad364e35_10.0.19041.1_es-es_8aee7284edb5f749\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winocr-tifffilter_31bf3856ad364e35_10.0.19041.1_none_e91405b08b000221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1202_none_a27aa61d221bdc5c\wordpad.exe C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..itomi-dll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4ad8e1130bb9913c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ufxsynopsys.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_39de2f81256e5f36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-shield-provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_8356418f67afc691\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_41baab3d38e2ed45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_it-it_c61696446f34e90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\pdferrorofflineaccessdenied.html C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-power-adm_31bf3856ad364e35_10.0.19041.1_none_c8cc07340c3e5859\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_53451d629515cf2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shwebsvc_31bf3856ad364e35_10.0.19041.746_none_e40dbc2e68e03bc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-biofeedback-library_31bf3856ad364e35_10.0.19041.746_none_e001faf79e7a1547\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\OfflineTabs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_6c43bcbbb905891d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_11.0.19041.1_de-de_e002ddb66d137502\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1266_en-us_68eabd5c6b1d4e11\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\helpErrorBox.png C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_de-de_6b17c8d06620d760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..em-events-container_31bf3856ad364e35_10.0.19041.662_none_863726606cb95185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d08a39cd122d3e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Transactions.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\v4.0_2.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_urschipidea.inf_31bf3856ad364e35_10.0.19041.1_none_c53ad7a8b38a890c\3803E232ACAB2476E81BC8A88D5B231A677DA3BC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-vmchipset_31bf3856ad364e35_10.0.19041.1266_none_4a03a5b741d9b00e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f25bbe2c98d09cbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DCCLLRDBEFTGZNR" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe,0" C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e7565b32ce06e562faf460a9d8257a51_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

memory/1680-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 fbc86c51a58818ff9a54644adfaa8c11
SHA1 3099ebf5bb532245b2f029a7472d03ac26c213b7
SHA256 4429117b202b2572c30ffd614e410f67d6d4dada8b73bf7905c11ee6eb276b09
SHA512 8b142a3247627ea75f4048f43a22c97ac39dc25b5e56182eab0f7827c96cafbe65656ebbee9b02c41eb5fb8f4ad5ca8c49f989ac95140e5153d3e9378171d5b9

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 6d33f1270b6321c58a87d7dcb68be732
SHA1 fe8776da16bf9a27a1546551e969306da52c2b56
SHA256 b45255218e0ee870c41e265d064d66abae70adff4e1d25447dfd702e88178ea7
SHA512 91ca80043ebec9755f1b9241b85e82c9684083da1122a05c8a39c56c00361f6c810c5380dfd3445b89a01181361081ec88d4ea0f6cb93c9fd63107b825bd0b48

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 706bff618503bb1063df726c10c622da
SHA1 4770af5095d6e437336a65cbb643886881931eda
SHA256 27893a263bf52bdd9c4bd54ca8eaa79d69e665448981415349b81b89cabeedb0
SHA512 5121ace57c3482be503e101e4b8e6b54be577dc3bf254487e742c3022dce7d2a28976afccb9f0e10803a5d2829b7f199e1ad6e3135b6bece1e6923d0d60f1645

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 cd837aa16603da33939cdc716f297e1d
SHA1 7a9850e96c6406ec4a95ebdd66f01ccdef305e58
SHA256 2839847aefde7369310b1154227beb5f29409adf9fd65c0fe8f353be0af62bee
SHA512 e81918373aabb2aaed3efaebcd3bacbe2e72de95295f3fe6a3ac6f5851c774744183a8dafdac0db5ac01c3902edf3506a18bd3284aede39420b9e9ac497cd38d

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 7f8b0dfa183036a11c68e7c0633babb4
SHA1 a2a6321954709db946880ab90d5deb2b0c934d1e
SHA256 a5a4c0d2d234952d3c8f4e3acd670182051ed6808bd2011f1dd481346d9decd9
SHA512 63028f9ac99eedd6521fce4198af367b58fbe21776db4c119e5aaca63b6fab85976773b49e989a28f6c3d8ca5a8842c315cddbf8b7cc03ef6ad773c1af97ff4c

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 d9f05ae69987ea914343e350b8c35f90
SHA1 d2963e678cb2bba3caf37cd1357274bd138f8580
SHA256 6798ba008ff3e6de0dc1e116f845e7883fcf45c2ecaa48d772aba288e8fc293f
SHA512 e8631c5069de0c57184288619aff4c387bb905f466dabe0a80196afe8547e33b1cb7dd7c1c52fcb0076fa53e51c87c784223683c708e830231afae923058fdbd

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 07a3085f7129411eb0f0a0929f937b9d
SHA1 c5536e4743663d2a344abc8f1cbff9a44b71c914
SHA256 5ed1eab1b719edbe9dc4a7bb885f804de472368ffc1d30745af6c649e60d2ecb
SHA512 33cd7fab6fb3a5d69864336df8cb7174df96a76176aace8a263d31e83dfda140038e3f574b600556327ca6edaa60dff91413988d59d9d1b0aeaea454520367f0

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 41e41daabb67f6cc4d9a9a57436234ed
SHA1 b167a97dc67c1038644e24c2a834b864e9e0404f
SHA256 45fe9cc6e3617cadd6d82a99c3b36fdcfdff4ec55bf314bb593f08796847e031
SHA512 511497ad332e1b42a29e8431b2e2ce35392f5cd9bb824b91328382954bc75fe77ca33817a31a3f82a6a4e44e06cc9e4e0f8bc1b177b079b75781643a672907a7

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 dbfa2998e51d4adbf4bbea439a6ed33d
SHA1 28c8c19514df41bfa8f549ee10fff5dca92a18b9
SHA256 fe326e2e26cdc915572f1beb245f6ab342e450344504b1e2c06538a839384afe
SHA512 ccc6ccac551ecc08b272f177787d0eb6e62045c4f6445853945d75e36040944dc065e9cc429b67652151b7d1eb609e3eb6a4a26bd75b6e9c476725ed6fd1acee

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 36baf7a3e381351f42adb5b202f9e158
SHA1 8ee5c53e451292dd349ccccbc693241d361e99b0
SHA256 2b378adda8664c72f3c359ef1a0edd3e099172dae204829dc0135efe7d6e246b
SHA512 152047bb0a97828689a805fda266111e582a51f939062db002171b1136e5d2616a9e6267de77e04f18f2e20808403105845ccb06e1488c616079483ab72a17aa

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f9a0e7616e0c132c43ecd758bcd4abc9
SHA1 78934cf79fc3879c3045709ccd7c1e6edd088d05
SHA256 d75f86d51b9fcff423d4329a3752950e8585953bafc2f04346426d63c6b95b12
SHA512 7781968dd66132bb00fc6f69afc435200378b4c6a1371ae78c4ff5a54a36a49f3160039461dc41a53f4643496d89e011810438a1926592faa6dd983ea52de602

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 0ec02ac319a4984bb392f99e73ba3f27
SHA1 dafa05a8957a8c2f73da4e0b313a26a7fb2d8ba4
SHA256 6364aef74b4e4898bdc45c88b74f9da7a48ed042b88eb7cf2995d3ea3b4beeef
SHA512 9919ffeb1187ece020919a7078c0f201cbfa8225bf2966b8d5632261f27bc9a7cf005b2d5268578f6a080bf13204a28f4d3744f6d6042b7d53ff3bf58347fd09

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 c090bb02fbd09c42f9c3a2795d678257
SHA1 f739cee081fec4688ac7d633d751ddc067649ee3
SHA256 109af74f32fa0ec18ab37ffaf864de0110dfe211f01925c11f228c3c4fef9ec8
SHA512 edeef75159a9db91709421631d7e511dd3792cfdb3bf70a97f565b07c4298fd31f5c9a6316dc7ab6ed3a89f4f542b402b3894cc3c4d97d2b558c1234a9ebbdbf

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 d55b9a8a1f01422f462fcda93b9cb4e4
SHA1 733f1b6c2c88b67679c06ff70be99fb16600995c
SHA256 549e58fd9982fd0db208ac070ca9d20f7d7c36fe33b0150c5a7dfa5ecdff9ac1
SHA512 6571522fedc8e3b9e879875a87b18524b4cbca84277d6b27c12ef2c7687b9c04770486ba86e040548f0cece3f89e24fb6b1c6e61b8b545836f81281c4b700628

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6dda43aee932f5bda96709461ef8554c
SHA1 d9719a68ab6cb88ca3f3a8e828da11ae901ff349
SHA256 0c184f969bef558d95bd2f3ee81b0b47254c15ac7f8deed9eb46b5340934aff4
SHA512 d0637bd02d4a78ca75f5f58a8c6adad9a05ff5f4396dbbdede0df420fe2cad64849fb562f85b939810b34de317d043f39218e878b1ac9f5e10465821338b77e8

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 87181bfbdd25766c20bf3ed47d4ccab8
SHA1 a13ded2e4a7df7c9c1e8947ec130a25487e51ca2
SHA256 3f323336fb3beda6c3d287d40c0c0a670d77cd398314a43650f7880e714d9f93
SHA512 ecb8cd118c275f97cb284bbb1805a06014f0c79925b4710ff12c56445f4729fd4a7e186c9bc2d456335db7a4577ac9104c7de9fff507cda74203ea942dd846c4

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 3a94eb1ac1aa119b05643e7e9b90b337
SHA1 cf233472bd346ede0c5e747677bdd0d7ceab7ea7
SHA256 e5948f223056d0abe001b2b9fbfaf3646500c822f14cc0999edf3398977ac9fe
SHA512 1906021343b44135a40b5087e0ac4c7b7db5e5d2b3396a0df373d72d9323ec8ab15fda4b98d26e5e18dfa39f92d09b570268ae9eb22058c308eff8948615f777

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 0cf2d07d49393f8ee4bd45bd5445b6db
SHA1 2a5cb9fca664d8997cff415989a96706d7f3061e
SHA256 8aedfd589694c24b901c9858bf6553fb79acd3871d90f6fd5e3e0fe6e47eeff7
SHA512 4665b88dfd3e727c4bb31877c8fb76cac19e8257a9afae9f9981257a5a769ad1b1291a4b1ad9f51a15a19db9f716359b005a91f0d795e7d9a598082649c6d2ac

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 459abdb96a043221ce7efed61899e2b1
SHA1 7acd7099e4c39ed84c1683f99198c48f6f425592
SHA256 a8d173132a97f39652f0e4e9f554ac4fe9c62b89561628092dfff21dec414005
SHA512 a2f77d44a39f8a2e1da5a8b233713a81b716feca0488f4dbcebeb462fcd14f0d0237ab2c219eb105317ca6a12cd6c53ace7c73eb88e31785b83b807db878a95b

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 ed27020bfaf289b6379a89a74a3964b1
SHA1 72028f61bf808cc28e4f7734cf3513051dfab66b
SHA256 7a1aed2c53fcf9584b3608a0e9deebde1d33f77638980772978c09ab2613e4b7
SHA512 362a1db4dd6f4ef021aabdf1e823fd0b8e523ba36e167aa6f445a7f25d78f1db0a629e3cc093d7188286ea1d641bfd1bd702f2e428c25622a86d5ec0e9e6b0ad

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 58d8e92c3c8335cded6ed33f360e55d7
SHA1 0ce8e3005fef9fa896330ae973aaf43549a71bd1
SHA256 8160ef481428bdf7e0a7818c06de3e6736a7793b3a69ca43a5fca4c9c8d6169b
SHA512 b4097c04eee1ab20491f7434285ad7ed3538c420f656a5baebcb81d01472bd00be00d94e326ef5862cdfeaa85efff4cf773260a10ab73cd36caa0f7d75ba7670

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 4321d8c35ee58f7d8c2562628bfcf713
SHA1 b606e4115cd464c12cb3644da7728797c99ff4e8
SHA256 74adb7634b7065af07542f5436733e599c2277c5bb23840e26a82ad291fc818a
SHA512 bf86cd0010922658d448a7a43834923e2cbdc0d5c31b6bd05e30c7709c020f2453166e6a7eda0132c009e2fd3b575ae28245fe56d5fa19b66f48c9eedf7be192

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 d10cad55b87fd7840bb1c55c15ca8e36
SHA1 e6644cdf8e220532fc10af52c46326cb43746579
SHA256 4b7be2e35cba2c9cda8abd22f9152fdb7a73434f886c791d94777632bfde0f4c
SHA512 de207684932511a453d38d313ab39ed7cd32f9a7734a1368fd94db8cd38bff9d818cebd81c968424c289ecd41fff29e6561cc36b6843c879a0b30ce1e4c695ba

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 044bfca842c972e62b2f971bf4908e01
SHA1 d95fc2f7536cf11f09edc87fcf4eb7e072879231
SHA256 cd50c14b97389d0ff8222fb38ccba6d6d1159544cbc18f04582c2814411d0c97
SHA512 336d758f55eeee4a461f0de8714d1ae5f16ce4876d19f9714c92985c0f0d898321739b9f88be96989a4fab1d76face870a89f6c3ff90266e3793b7c676924e3e

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 62ed04489da8171ce3cedddea8f47fee
SHA1 40887247aa5aa53abd9858ffa3a8639e8d164d1d
SHA256 ddac6b5ac53b754e9b857fa31d755c943ba530f05d5153972f0aed75970813aa
SHA512 2ed82869f553b7c0a6cdc1b502795c74350825bfedf69fcac46f639f918f8fe88878e04a0ff3d58b391fae04ede1e6447f48ee512db71ea72475dc65b04a05a3

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 51dfdf2f0f3f4221a57315c622d24f35
SHA1 f6727dc4b8d49dbb050701aa5c916f509a37fe1b
SHA256 165bc30ac92ee0f374264824f05e9d87c279280a2328b0943de11368dacc473f
SHA512 16ee698abf681f1e25650979f6024143703d17b1529c9dc6d28ddb0b8621c945addc9e7d76f623e7c7e56de9ed06af595b3c43f83766645c5645c048d737909e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e1fd8f03d1138a4713098d5cf526c4db
SHA1 b9e06959ea3486156ae081091d8c901380dac110
SHA256 f6fc5871ea5c7a55faec6a0d757102983c5f5de192eeea6450891582e5d87e14
SHA512 dc41fcc2b0737e7fa246af8b22ba151a4880fc79b02b66563ad6f159bf8acde21c7439a1c414a5e2de338f663f5496632b95c055c0c2b9cf85a82b8a6888fae6

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 d6e3d4f6b95c762a0cd38c8ccfe0c820
SHA1 070d808ceda8fc9238a1554f8b1d66bd7081162b
SHA256 325f155fbdf67155ecc002acdff9d47807fc7c5fcbaafb058a491e20567ee7ac
SHA512 ac24a4882aaaab00fd3064b67c33108e9e18a60327dadd597ac9a0def96ea0ca23a1e6ac68461c9d99235da0bc17dd13cc6b7e534f9368228da2eabec4e55f01

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 eed2088082b968848a229e9e0f3f8623
SHA1 be53faf2b57e351152fddc12a3b2bfe49a4d27bd
SHA256 2bdaaf8bbdfd003b90907b8a1eefb27acedfa912a753f425de914f3874e0109d
SHA512 99661fe8266cbb57945290772788508db32f46efbed8f3e865ff18ed3a9af03a1eb694fb87d48585bf5a55af9eec081ca9f88b9cc45922612c0bf6ca4d422b37

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 b87999e91c4ac3ab0fa7895c1be766a5
SHA1 5b4bdce3bd33d5a4290844741ae6cbad121e659b
SHA256 b2797c80d5eebf16c308eb18ae2fb74d107044ba5102e56974c6296cccaae4ce
SHA512 ebec91a21433f1fd49cd1d78f7c0b1e66aecc58b7b832516c129d17c1c3360682789546d3eab6739d683a30e2a9219114217474684e89b5e6d7b42f65d174d66

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 0bb043a5434ca3aeafa41c4c1e2a7d50
SHA1 fe20debc378c9f10da372b6dc2bb447bb94af6c4
SHA256 8b4c2f24bcee1a68d2748e693ab8d4fdb1fe7e82fee1e67d70c9805215034a00
SHA512 f5fa5ebf3834c458c78f331f140f54c70aa18165e3ed3b748a641e697571ec996ddc3e80e728667c54b67bf119e823af59325eafb921e6178d51c54374622587

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 1050f1ca8178402a207abf5789bf013a
SHA1 55376705066863424c9d7f25dfd2f06a0ea492cf
SHA256 e4f8d8425eed206003ea1777d516954aaa38f444514f7e44f8addbe286813864
SHA512 bffe9f2f175af588e85a2e141023df2dd240675f6e73636fee3cd9329d646a2074eb37ae293331d5119416b89e667f5c4b525afffda7f94a8e7a23ede063559c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 2cae0de998607f5565d907127f26652f
SHA1 db3f3d070df5bba287c130336d79e83b121a4372
SHA256 fb2bcf75b78d6a3e5d2567132db167850aa01595b158822242bd7fe3f17e8bd9
SHA512 b83cc196cb1c43ea80b512ced2de96f4c834c570eeef0ba9442320673fb55a906d73d2489258bed4cda7997c78161c860a1b7620da05b8cdff4f7382d02d0989

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 bbcaaf933987d78a2c06fba2a416aa42
SHA1 1c1bbf3354199dbe92012b8b640ee156fdc50679
SHA256 843d131beb4a2020fa1f57e6b46b00fba29d7f2ad825d6b551df180beadb4a33
SHA512 7f2b4f57da52b13cd65bc4188c1441e0ae6d181281688b232a2ac6945ade46d0ab5784c323caf1d125cf31b8679b0b323753000a47d2413297c180c59208a152

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 46a2ea5f5ef523be19f527a1ab166b44
SHA1 d533091b428d3247bc3875643bb8a6a0c903d913
SHA256 69c9b139c0d176cb201163cbe8ddb9ab7a466d29e10cf39adcb838fadf221ae5
SHA512 4cda4ccf01757ef9c981b252f0d39f68af6d06a227de0c51e4ac9de3944e24bf62933da2c03bbad478771ebdc9d6f5e8dff62fb39e0db740e3508e0d8bafab76

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 1b9c36a13d4005b15c04c0a012459411
SHA1 21ddd02d9e0844314e84fe7554b8c6952a2a453a
SHA256 d5baa28e3375b150a0f2b68a6762a536f5fa275109ea41dd7219066037f5b940
SHA512 a813973a1b90a98f7f1731476cd18b5295f12142b8ac83c9b205f22b645f2e153b533386a4c48b4c6eaa93c2b8b4b2bb2461ab6d573385980e8c3ba75599dcec

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 c2404deb68bf6536debaae31d5750c9d
SHA1 61a4639bbc997de30c5d7e2d286b18f544c03cbc
SHA256 40498d5a6aa16c2b877e0ed77953994071608da9925e13ff2393abf8a634072b
SHA512 f58e35668a144d0a0b264bfa68df169d10f30f0ea53f7cee2e49edc706040dbf9d8febb8a2df56f10678f07f2bebcee6dd1de6bc09d2b5f60cc4b1fe1da452a3

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 096945c88d358030a90ef05274d01d62
SHA1 91fb5e324138d3543d0dc567ddbf6170bcd25409
SHA256 4384ce9fe4da90219c8577932282ab5cb708418fcb9bb6589fb618e4f459525e
SHA512 62a3c475e69a86481c101402acbd4c52e641a90b935ded3361f445a55c028dc0743ba2cf7ead1cc0715d21e1a51957a9a9c9e5ae066f0637f94f45af7f158059

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 85b8122996042bb54ef3127796f9b457
SHA1 eec7f113c9d785887d07c3563c8389fb6681c582
SHA256 078c19bdb3ad76c52bd0410e88d49e4897a35a4ac07bccd1956713fcb7e26cee
SHA512 7c6ae5269a8d66df6e44b18e32c9121e1b14cf12ae8be80eef8ea25c876579afcf3778ec32e3f21b3560289631ba1ebe16bc2685185fbe37f8862825a5a40492

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 49e9f1e91b8f6f49e7ef16507b4147bc
SHA1 e7c2953d6d9f8a07c97ab25d3c9f90d7fe1b0833
SHA256 35e398f69d403c11d516414c5549531acdf60ef988cc53e428857b5674a21ea7
SHA512 583371bf467124b7c514666f9c8682d51f8c6ec8eb735bc3aab5d54bc7ac02660d61f1663a73993cb42ca1ad71ab900e6002995e0b5f3d8fc64e4058536e980f

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 e410bce48d88f92e43ad401df7525185
SHA1 2a406249d0333d9a8af76a10fb6d1763011d5721
SHA256 e29ee0708d04221f025d93d577f1e84a297636b3c66dde33f4b578a795b9a921
SHA512 567c121cc9171b3236e9f6207a3da7fd2cc29c934005aaf4af8ad4e549d98dd7fe040ef10a1d4262684d47836eb1589bc4d6ce3562e40061caf11208a48ad1de

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 ebb18574e8940b11d1c8fc6dfedff24e
SHA1 dc22602e3681cbc2ceaad0e255979b9df50d68ef
SHA256 b95bba2c4a2f9990ee8c4b006acb3d8a58abc59e5f823868de2f3c7db9281de6
SHA512 dbd96f05ff52a126f6da551237072c0947345fc0e5c10bc98da8c168226b081230c2ded3473f3b1185ff97b65c656dc1dc238fef84ab227cfbcf1d7a7b057d57

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 08ac8849e934be8ef740549d14d978cc
SHA1 42626c21017d826c430e28d15018750ffc5f0a1f
SHA256 220bb7e62128660d0fca5fc7c7943dc7fbe9ce5a11b574e146fb42293537ebbd
SHA512 0122e9f47d2cd7b40ac1c4497cfca04a3e8016b6ac900fdaa2e553a7a88cfe6c2370b11de019c9499a19970e7fd7dec9ccdd4f7fc858e28d776ef6d578480f0d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 2ee0c5bce1efa67c4592c27c99439c54
SHA1 a260978334a09d00b3941f623933686318b0c8e4
SHA256 ea63e51359e5c5ba51bef55d8b21fbd3fab48f352ada51086acbadb114eca301
SHA512 40fdff218678e1bed3627aa427ee75aa1856e066e235d300f78a232507cb634c5bfd94a76d39b23ca55aef1b50bffac9f23be3f9530345ddc5da71d29cf9a034

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 c706d6e972a1d457e699253f5d4aa6c9
SHA1 31798943f36c63f167615c339ec6f48a32d704a6
SHA256 7022411201433bed0d000ce0a98e63ed8cde35b2a2d43ef068d3a173aa110408
SHA512 459f409a85d956dfad3262a5c4656e7513264846377f0097f736a14ac10fe4133fb510f3c1391a7e176045a4df0106cf7d7c4410996acf30de418125eb8e1888

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 453c18d03c4c9c4526852136327b4bf5
SHA1 42cf0397e0a1c1de7902e8640333374579475d17
SHA256 21cf48270f6b88353571e074b5fe11a92b2c95841ecda034d46fee1ce31d0f97
SHA512 28fca2f87d9961ee66e8f00d918b9c82c290535b58cd4e9714511b532e4c389ccdcd269db3784bc7baea78c137c69decb21b87cb9649cff46232ef70b5bfdb82

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

MD5 eb6f30e3bdaffa4407e0fc554ceb5e09
SHA1 4394bea5bf8fb36f798da6fdbff6250c8151019b
SHA256 cf3d7451234cd124e08ff3bc856148c3546662e412d87ca101da5b294503920c
SHA512 b79aeba6b64178c1fdcb814759359aa54c22f248f8b895ab40a9e5fa2f47596152372d6102d37c1ad7728c21f0289beab37d07c6d262791b5b526c24f4db967d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 c462b406e4a284cd0b197d682fe81653
SHA1 05ea2928fc873905b15b17670c67bc33d48bc29c
SHA256 d82afb318f2a02c1b0692b79151b0d48bf7bcc647bbcde4e2808a03652904199
SHA512 c080ca5f3129dd3cbe059b68c22da1213f6b32add0119fbf825d1cd2fb277181f831c52ab22c45f10fb435a2e42b028822f9401c191f39d374837379d50512ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 96980b36f23dd5028733aa3303064931
SHA1 6ea9695902449cdddaa0d48a396881f689684b2c
SHA256 1c111378ba74496996a4cc617649a7140f24249b1dd59a6a1222633c4b3a6191
SHA512 f7a1a4108f1ebfde76a8f4e632f41c4b09b21129482e051c2c26ad37d6a3672ba7da907259f74c656967399f736beff052f03dca30b23537f2876b120190d205

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 f85fcc461d6e55a4098480df2c4214ed
SHA1 29155fcccd968b877c7890e3da7020df6599f886
SHA256 ecadd2bb2947bb616f7b6fbd42dc076eebd4f364963fb37bb4f19c57b04e4c5d
SHA512 285afdb6078e56ab1fc695dad67ccaa0100cb4d3ee8d2f6128fd6a46b00bf8fe4303bb8288a07cfbae4c53d502afafa1ec517860123181435fa3f5f5efbab3b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 970867a260db0eb314066b35fc67035d
SHA1 2c6f7e0fd147ab535b3469788e1c6e8bbbdb7a07
SHA256 5230498441ea1ce2b7141f9f504d25f9268e3bdda8f509da2566659c1ee5204a
SHA512 27e18d12b00391cc5b03568edf31520233a428704d07167d73ffb0095a69c17609ce38be9216927ec13b258c06538fa6d41bc0498a113aeb6bdc2221b3045856

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 325d5a4fc42ab11b4387028fb3cd76c9
SHA1 a314b749b5782e2852087fcdc008279d53ee0b57
SHA256 653a34c8cfce101713fdc6f21293882ba604dacb5490713e1288da19357a43fe
SHA512 e37a1aff22fd560ad33bd317ee17d8db2af06077bfd1c0dd927cd9b7339494568778b322eef3921146dd1e3eb0620f1ddb3861e80f9c5d386c6b1d973c7c376d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 e29750b4185204e7680644345430b4bb
SHA1 dfdb5f702f693d00926ad12c047a2cf048c0ab43
SHA256 6e0833a57c52681112610f442ef97918e0c7677bb5de7b8d9de45d376e7545b1
SHA512 ec49b2bca4b2c658f05c7c1d41ca99ded7300f41163eb668352627fdb7aa4a7d1fa096acfcfb9937a19cb8822e42cbdbe295599ed02e272e0efd8901f0c9099d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 234a8fcff43e435ee395c0116bef209b
SHA1 446f6784346dd2673fd44461515a179bb79a49be
SHA256 7aadd454c54ba452ee9e4747b1880d4ba9844cd19642b6fbbd3b344a0dfab6fa
SHA512 934e17537b78f83205eb8ca89e15d745b42f8c65e087955441f2b1821ded094f74cbf750b610e332f7aed8754d489ec48c93b91b50ae3ab6d0f27b8a0cf8bb23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 1f46a419850c290885d7df04a24c4448
SHA1 7480843e34d0f0f9dd60fe6388e97769381d0b90
SHA256 e5fbe3d0ce8704c9a415395f0f348e0f49b3da22502fd06c2568524b51d355f1
SHA512 e0a16d55c15f84c446d761e1d0bfc62f723e93e13815068ae5d3104049cf4c1e9947c1dbd8c9e853b65263e8399d19b1b3fbf60772f5216e1f51f4c5c5841449

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 7437b878b6c13b5964cb5856546b3677
SHA1 a70c8a66d8c3bbdb8c6e1f2c08c97645e921f728
SHA256 19620ec16a5c96040684ac004ff2816b45416bb8f806731b4fc809a2951aab83
SHA512 82047e4efe849721ab1fbe2e57c4bd68d777d5820e5b04886083ec56ac64d1b0127c445a79885b33e824ea9dd8a25a653c178f8cc3e02373640f002004673fa5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 7e056a9fcfb2b2398bd59c00efd61ca8
SHA1 ff2751010da5aabeab35459ff52434a025d25e6b
SHA256 c8bb4205aee99ad3a4ce8a5182fe33963fa12739081d2c5ef6f27c62291c7808
SHA512 2fbbe7f59c7892ccbfc760f5c2d6941c06b569c00d1dfeaf1dd38d69b61771d0189650b3d24ea6cdf60d87caaa5572e4e8ccb10cefb2e61dbb1b230acb1110e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 3f0172727a1d16e0aae0cf232738c81c
SHA1 505dc5a7519c7717385acff864e0dbd657426580
SHA256 be4eceea27454ccef2a3b5e025d38002625301d1b1dc4b686c957b6c7d676d46
SHA512 9950fecb80abf7f0c78b449923787eca3ad1272f067b1b1c23474b21866a6a4760d9386cbec135786edb857f22219203cb5a46c501e20b907a187aa4a7c6be4d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 239e1bbe4f4387ea3e95703478f7cf56
SHA1 622c9d22df37c3c794a0fe47e03b1d5db3f645b5
SHA256 fbbdce6797236c3b87dd65c9d4a2924467f570a05ff8fbe523a8aa0d7b87adac
SHA512 4812b6ec56ca6ffbbef7db2ae4e7a1582bfdb7be1ef075329a9bd53efc3114e8012385cce8cbf243470b058640067f0149f76dd05ce01ec175b8e2912b25e6dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 281b28ae1a1af15672b97df7f0a614f7
SHA1 e9a61882915df5c56d2fa85650ea4c9f5a442955
SHA256 0195555f5ac255d763ae7dd13c5b08f7a59715860a42012309d435f18d66616c
SHA512 b34f95a3da6c5437f4ea37c5b3348ce02785fe47569dd397c45bdba09585136279b7b7c6eac7ee20139aafd511bedb822f1d7b357f2bfade342525191316dc9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 ea5a6e8dc6a8d5ff6420dfff7716c3cc
SHA1 6b91a1a3232cee86238821b743c15274b64752ef
SHA256 7869e850cb3f0151febe66b04efcd9b760599cbec7bfeec59886e2788e3ad4b9
SHA512 96f9f718ab4f93625710bbe8d5f1713112c6612289f760f8e83d76cd34881da54280c6d1af4b2f5d8a8be45fcf13475748e886c377916040803df03dbda46ec9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 500359411a5bc3798676afe7904642ca
SHA1 0aeadf71b46b8208c379815a817b95470ec1e6b1
SHA256 b21218155a5c4717945f6b3f81691b517e481e87731d21cf98eca3791005b679
SHA512 6fc12ba76accb64a3e2d92ac6436f024356408ab66919a791984ace1fe275fe141b36e46aafa91f37e88cadf14c8434d500a3f9ca87ff8f17f6cccadd8b57737

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 382d2f56495d6458a3f3046fa3840162
SHA1 d936ffe5d472a2cdaf251c8c2a00805dd8d706fe
SHA256 c9bed330c823f8317d433d31bf41676f0cc8c31e47d08915d2aea3d7326181f1
SHA512 43aa3e54f95af33a58c4ff9ece0a6236533774df3682712e4f737c48c83f568f2875f78814dd43197c0f4d2ff1b16ba626610ffff221206ce4f9075dfc70357e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 14a2aac82b61c5319b2fdc68b6456786
SHA1 806e0b48a0dce4c5bcc25d6397d934acf782392d
SHA256 912f813e97486708c10c6cf4a881cad2a312f9d6f7e3795d0e330446c4df18bf
SHA512 53974fb159aa47816e2561039753e845e0c6029e17b51c64f466c13422c3dea6774d8b19bc0c869456543f5ef9ec826ce7481353f2328992ba051d6fe781f6bd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 9270f92c4dedd6884c51e08d17fdf82d
SHA1 9961e0b6dc4c773a887e801313a851baff259573
SHA256 64c41f779738a5eee3a5ea6fa5fbd98fd5f2211e3d2bb6c87f3cbf19829d00ea
SHA512 fbcd8ddb73331d6cc77904725de75bde10317a4637045821178ec5bb3cf11e4c7faaaa75aeb96372561c517c70ea9565d2a1955096a13995111e342472950782

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 75443136b3237249a646e689f12100af
SHA1 3a8907af980f8a0306fbfcbf3509b4cf0c1db26f
SHA256 52d841f0b514f38f805add1d82078c67d0919869cc8b0f25d5d2bb7b6507166a
SHA512 589b7d6eff68024437d53fd4f6ab38954d74fede5a73a87f6afdb3cfadfccf33e44b1859d734e47123eb8cc52f08ea6f944dd5a339f73afa6a5cafa4a0ad0dfc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 7ecd7f8069df8552ab58459722e27028
SHA1 776c84ac7f78c74a2a7d0f637fd0c209cd88bacc
SHA256 9c061fa72622bce3076a94feb48de5cdd6a43bc84b5ea44c1878b45bbcb24a6a
SHA512 a3f0f427173941081c83a6f37ead143231b01eb1027d712f3304b6cfcb280c274b3498af52fd547a9dbc499270e6a3ec8f84d6dff3e30970a59b67465e86de8a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 ab12514fcaf89891b48e9dd16897cecd
SHA1 e5631909afd917db39412c7d9a0017ef5a2792ea
SHA256 e84f6f48df658480811756be693f30c96a9ffd92b5254aacddbda61af09d0a2c
SHA512 ebdc0fc02e247de5baec86544ef7b439b96c8cc22beff9932f9a7e2019cf30f06acffba444ceb9e09e0be678a50f639ca6c6901f2866832714efd483ebb41699

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 4d8fecce22eb5b151aefc5004350bcfa
SHA1 9c092cb1c86c7604e3c030a201414bb097055b59
SHA256 16727b256a5eeee4db033669d243f86a2b149062a8d62e4c3f69672e8419934e
SHA512 e9688f8c0f6f3e8dbfdc316006a0c32c92221401deafa939aba6d18e0f2fa0b484ae82458f2dc5e9feb863fae2d3edacf9a9e533e963702c2d7a3bfef2347ed3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 3b91913491f06a7371e94d37eaaf5b3f
SHA1 7a411f045ab11c1f17cc6035bf3e42f2fb2cde7e
SHA256 6527fb8a4b575203105ed817ff42eaba5a8a48bf6868c89a303af15fce8a15b1
SHA512 143a2037761e957f843a7365d9db81aec0f9de4e13e7050dd1cd6f14b804ae2bab7a1d0dd38a88ad668bd4700a9f93aeb83a87a8b3a26bbd5e4f691c591f578e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 24b0b7520e5ea1dfd94bacca96473d47
SHA1 2406db1e59f7a50f7707d50199626f42112556f8
SHA256 87682310dec92777dd41d4a888ef96c599009773746fab47a3a3982001dee410
SHA512 14e4cd09eb3fcc00e9b694126feee99ea383cbee1247bc816229e5a21e6117cf623e9b02a37b6bf350b5bfc95a9c32e162d942a7a4b9a8e663f48e5c6fc2f727

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 b20290c8952ac1460c0836a78acaa888
SHA1 3970a72342205e55e342ce9a52de2117090476ff
SHA256 129043cc96fbf533da426bb523241b67c43ad9b58ce6eef4f5ca5b528cc98a18
SHA512 291d5747838499443eb338d907a64aaa752188d62d3be87aa182757db36e46ddaaa7e24f23e94d3ca936df93df1f0ec1c2d2c11259596f684aa9222fcb329e28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 e587423575ca8782e71a7e72188f7d37
SHA1 703e767e585c501a23a4e824552c7ecc0b0c8667
SHA256 87e9aac755fc23f224b0443cf0c2bd84b2d1110ac576fddd3e01a7a9d1d4d9f9
SHA512 74b9e3c1e515e43e68a78f3b803fb18c96fcbe0ccb0adb3a48942ed3d56ac7b63f7759f410c2e5941da821afdc84e906c52abf9e6f3036351064f09d196000b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4b9f8811e55e3ea14062386f48e95193
SHA1 93e16cee4de126745e5c1f3b31c292f83c50a207
SHA256 11028dc8a4baf15bd8f638c585d316c3e6d60e47279e72ed3c5304906fbf5c0f
SHA512 a2a5291107a327e9161419c852b99fa8ac76ef6d8ebde94ea4bed3ee4551c823b2a7e3656567ccc1080cd0af4c1ecf98a6daedca9971fb9fa9f8b6a1ec669cb8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 0d472ba78ed071bd3837d0c75695ef98
SHA1 bdfdf8c2b31af8caccf07239e7f862635163b57f
SHA256 233a1def3216c879ab8761d7b7cfd71ba07166d52bb59e0aa6db40b235107a07
SHA512 91de4b5d3a089109a8f834c88f39da3405e5ce9f54152592717430197300f18f41f7a5940f7bd1fcb2afb881a9658154f79685d9317d9c050069f40d2e62a075

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 c46e948ddf73bf39ecad61fe92780d18
SHA1 cf9201e5c3dcfa4d9b7b2a0f35e2fe38f3cccec4
SHA256 6959466c0dd7c06dc9fbe48d50738b29c03f075be6c75a06bb31ae713237e497
SHA512 839bbbba2bbef3b0181017cf95df154432856675a5052554a2be19d55cbf41725e4bc93a0e77a6dc60d68f3f2d2b6284c5596a8d9fcf7416500cea6706343841

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 9360ed333216eb752b248a600b19c5b9
SHA1 ce531741ddc8d693790570fd4c4d9ec052d9a9bd
SHA256 ae1ca453e812d5c9e950c98f3a6f56070116a97b54f4518587ddfe664cf74381
SHA512 02dc167f7ddb17d4e07d10f745a50cae77c112eb5b879d43579f9e2a5a905689086eb1810f25457fbf6d923f2392f0c663517a4c497fdd5acfa7db864cf72dc8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 626473589cf72ad1d075fc9f68597966
SHA1 ea469e1ed9ffa7d21f435b3431726b419c30acd1
SHA256 91a4dcace470a92e50c0a5d471219216e350a796427465f142b1ff42fea78016
SHA512 c12fc02a86f27a45bf5fc64678e9cbc0b0ac13e058e91945c494bc719f6004f41339979e604db91b16fe82e9297621ab4db3c1476e4cc5c0178d203a84954bcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 a1e1ee776e7c7caf51ac2cdcccf9a99a
SHA1 ecbb967826af171ed6f0e23965dab037f01a980c
SHA256 88304fcd21ffe56512d42d56589b382ef5f88718ab039a3074b6185a4df2620d
SHA512 97e4902bb88fe3c08e35145b3d124d7b166f7dcac610b9b6ab23705514e45ef629f9edb810df2e78da986e4d13fd7f55bdef24b763f87ba90925f899dc4641cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 1d95aa0481366da3650580d4815ed7b0
SHA1 701182115e73ea6690b398f8805004e4bfdae900
SHA256 ab834ce1c76e4c5eed070e2e99138ffa1cf494f62cbc11f8089a6a633854d12c
SHA512 e98bfa909d00fda27f5e8fad2c7cd0ed88ed9c3f0df8650288d7af793f0866a01d82642fa56dbf689c33c0c3a3ad18155b262649064a9a8ca37bb94a3efa98cb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 fa2055ffec6e08986d9438edd4ca51fb
SHA1 71138dc9e4b993877376176d88b114ecdb3cc7fc
SHA256 55f66afaf9f7938131e575b980d0385780d0df6c74fc3c4341f6fee8f0848d0d
SHA512 ade27be62a9867ca14508701f3f4baa298945974e4856f98d1e1e6b1144e5e3734d35e8ebce9d30abc657d12095345728913c89775c3499240f39db0353ba729

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 e3928546cd285397e3198117ba681d4f
SHA1 cf2ea30f3b3f45e69825d7b40606997f1a664655
SHA256 5bf07d29fe2b79e69ce628ed5fd7a69bd5172be73ceeedab8acb1e0d4afc0aec
SHA512 6683a847904103bbab7c4d24e57308b8ad7cd9425d0a0236309a89188484a0b16e7cf35e5dd39db84b69139cd380e38d85b1d3c881988bc54c3846ce838649ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 9482637a38c55f6fd08ea197a0b1f09b
SHA1 d8cd3ac16d4ac97d4a42b0d6fef1195bd0d4fa41
SHA256 b3f925451ceb221abfb3bdb8d4c81234babd4cbeb3b9a6c7de69f9173136e245
SHA512 38a4659f7b79be27ed60a24205c694ec6c9ede3862e0201fb4d22597f9d5e45433408550dc7b576a3693d751b6e96f59ebeec5bab7777616a4be7ccd7532d331

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 d05257803344c55f46f76883281d2c72
SHA1 8c04efedb9b4b5554f57e3707681d11d366f7d4a
SHA256 053353db6f5b7359823db40a6142a5f7d89cb0d5c0b422e76a8c3287cd9f753a
SHA512 f8a44fe573330ffe6452f74b7f5d4cf2949f6d977576a58ac87bd3441f0af4c680426ad3cfbace820fca013dd2234bb0f458a166271c2dc87ab69c39d602d647

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt

MD5 e09e58b5d8c6bfa7d4bf3286793dd862
SHA1 b9e352ad1c9f720d4dd7a44f88007df1a9aa791d
SHA256 0d29ac65b1c5eaf2b3285f9c87cc6ba5709ed837edfcb13c6f9928af47031887
SHA512 9592ceb81f8856cf10695bd857dc4afeedcea171b16221067092e65a22e18f5ee2afd2b32fcc8e7ea962c1f9556f7275ee173dbf46b5ad37ace785cfe1ea4d2f

memory/1680-6530-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1680-6529-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

MD5 29dc8f64165229ac2e1aea9b0b520a86
SHA1 71f65ea2eb3b05a16fe72a79a621c4633dcba340
SHA256 7c519b707f8a5767ea1dad81766ac48856381f5bd8f388a35acd5682f99b77b5
SHA512 67664f82971a420ddacc4900134e516e0b57b8929c746976adfcb558b79f7ba99f4d8b763482afb9573600a054b2907912393fb8a5d49abe3e35b3d14a051e9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

MD5 a242916728df66e51ba2c8b88ea893d2
SHA1 7c5a107fcffc766df4b5aed755b85517e99df68b
SHA256 c5f27632856d03fe642a87a9e62864b8a0f7c9851f2e1bc8c3a66ae7723df8e0
SHA512 a969f89463122a21a5acbd9b5e5e05a803d02df836d4dd5b5e838b4d64b79c88892a4c1ad3fab5eea678b6a0db6a7c5713c5e9b4fc5a8651d50cf699a7e73b20

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

MD5 a194dbc53bd8bb62b578ec11bce2fedc
SHA1 9d560bf8dee801b12692e723d5f2199cb70ba86f
SHA256 dad7961ae92ff256b20bf3b0123f8736f96872e11d55961d97cdd3f863ea34ae
SHA512 cb7afceb131ae9ac7c171d5d697187d88de95e4696babf380e642fd83a970eac970e5110579498d768b97db6a2fff2a9e4393b00c6d470d790ee92932ae432cb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671717654086.txt.EnCiPhErEd

MD5 1c6452e8b20bdbf4cc3f37e1c8839ae4
SHA1 1c68f36e2d9f50b0f7727689f4dd01520ce6ce7a
SHA256 92fa8d7df6404d33a4a13fedb3d4049248bebf65354d849565642d9c5b10ca20
SHA512 c1ecfb00e64200798715df285e568128982e3c27b1ef7f9dc5b2dd3c7c9bc76ab73b4e0fc5e21b5d10fd005f5dbee281a704f04f0ddc5ebdf4b308192d623aa7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 b1f79a6c4fe2b47298e51574190501bd
SHA1 d3c957290ddc5b6ca4119c3b68682e95afd2f098
SHA256 3c28cb8f50728a420037702ab7e352ca9507f84fbdf5668c453409886ba57411
SHA512 ffaed29e3281c80d7d77dbef98f33a61ff118d54e4b967bb14caeca3c1b7342d7cfa5240487e16eaf758a1545c8e546eff6db6d5a96db16617f73bf45c1ceb0a

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 ba10301081b1b463db2f0b0e4bf34d48
SHA1 85ab04091b58ffb57eee1706db7dc97321bd3658
SHA256 0c6f9b7c2b0a8183f1f916bd3220b815410be280922a79c317573c3a6aece77e
SHA512 18b24bad7b4e417b90e37cb410011dc264c358779b4819f060c3e1ca7de5e4cbad20998c708757c57b6f0fcb2499190a106fab8f0cb2a92fa24fb022fc19f235

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 9adddfe021e9f711ef5fd442622770fd
SHA1 9bb62055de517f9324af33043f043d85c137892a
SHA256 64002f6c9c55ba587632221e1ccd5f9ace1a1522e776cd218e5a7e0bd5904c8a
SHA512 6b52b4dbbd48f44c614da24624434d2f0c3a774ca576b92acb6bed162bb25a23590df59a3b98904426a86b5c92a22f8687645c744070743858c941199db5f4d8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 66150bb21e80d75b28ae8879e98d4bbb
SHA1 ed96c42a366ace44254895dc34616af0efa0c4ee
SHA256 c0d4cdd2437b92c88f1768f2fe0a2deb3719ba08b76fedb7bb33fdf6e102c122
SHA512 a31d7da703340ccbee21a4b7761f25457300d867703e80551f9d9d41b0e34df433a72a8efe78189171bdfe1ecaa97792ca40f6f52c8d87548518f4638ebe5857

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9364ff1f8347369c8dfd2c0c1a665cf9
SHA1 5f9764f2c8976406bb79c3df398cc260a1373909
SHA256 bc36602fe2baa4129d38e366ec8b15e77d4db17331b96f6f8de9ba138e9a6ec2
SHA512 4b986b20730f2cc1536289cc1f28fe6e89b48a360ec1bd7ce41b7224de60bc9c824d357dde006c1fd93247979d0be56d981f70993b6eecf11aafb816adb7dd6b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 16438ad57f5cdb9fda39783c35398cb1
SHA1 b5fa856be63753a0d4e00c42a60d1137ee144911
SHA256 144b528325e73a38cfd84c09ee84af548a3765ac3065584ca59f43a0adecee24
SHA512 d6d671564373cf0e2f7f333e53501d911f32dd88dfe2cd493f0c3b52ef151916492ba10bfd94475808df2a06c0d96bb51ba5add6f4cbf86ab21b0080e32086a6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 e6f5edb1e561e91fe8a7a61820a095b5
SHA1 65e8d9078ca8664ce8dda1577558a8cc00d0741b
SHA256 3645ff3c2110111fbbf19b6dad00e162560bbc142320448a5f11c04b4fe3a32f
SHA512 a6d8c15adbca2dc3e901d324edffe3c0e7539936f093e836f36a0f33e43411173199fd8fb57880bd8873051838eeded0896ff1f3eee7cb2d7a60460b89f97617

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 f464247642bef47580f0b0f7725e59a2
SHA1 2b65e9b825c6cb05283481ac5a951ff6d06d5a97
SHA256 c6783d65f2b6011e4fc69598cc87f2af740ac810296cfdab2ad8af719d714dfe
SHA512 b6e93f0c4eaf684ec12cd5bc47de1e7c0fa8153fffbeb3f0267bd595a94a389a7d2fc97304c81af3f384cb553d7f1e3de72806c6fbd222f3df386c7d54f37d07

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 9b5017537815ddcd0b3be6103324cd89
SHA1 b8921e06529f401677c44ff641aa159b11dc44be
SHA256 38371a0c11817d75a49b733b1e9e5b466a4ffce47b7680f68ba4f024050cd376
SHA512 d106e0fe3837a4c5307e84d02771a955c3e255fcb7901419c69631962a3c9872c9052dcd8dd23881d300ce08d787edda226dd9257415549110ba74104edb78d6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 2c971ee7ecfac08b948d20019911ca24
SHA1 bea64c982e78c37cd4df17dbe2222943a0958f3a
SHA256 41e273fe465e0708ae15d65fdadb55c39988a43ecda34a5f1c759f24db32a882
SHA512 f66ca248175eee97aaead7852d6ca70e76e5d2d3a5b9cec14da9f2869d5eb0b737bab192a4988baba7b62a13e1b0cab25f97f38fbb7b7969900b9f2938432113

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 9c856d054c04d4bd9d79bb9171798c25
SHA1 a6ab636736fe520427e94b4e6a90ce3094ca17eb
SHA256 d8038d0085772201af31c7de0f78035dfce661334703a6809d77e63da828ea43
SHA512 834832fae846be910a191540d735d7fb8dd1476033ce69fe9cd43ed386ee560792a0612af55afb1fb3fb33838f0fd834b5b9edcaf7dd217e91c6ce9b35d0a1c9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 f3f349b1eb19bb240b10cb6276414844
SHA1 285a848b121fae460970d0caa43c95f32e64eff6
SHA256 ddd3c5b0087c8360f574dfd9d62967339f34784034f7e28274fd9b40d92954c8
SHA512 d7a5b1a506394ba8ca0adf861ee570c98e4578d40a1ca36b2eec85559ed3274370730f7d364a964ff8dd47be88c0f65f13edc69d017bbe43f28f877acf95e480

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 14417c11dafd345bb8c65a72867acac5
SHA1 eeef7ccafcbea52fd03dd58f5ea6c1b55ac320ba
SHA256 2c07ef59a87679205a13bb9501ebad13d1d4b228159e509ddafaf8f10dd4bfbd
SHA512 1579ffa76abf1abd52d386c722915845f1f1aceeac467ed76303bf5d17d4bd585d18b5e04afc50a1e85da63af2b8cb7827d8c99648a9b1564c12d6c512f8003e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 47d0a92f6c740269e49b4edaffa35394
SHA1 4fd75499b81b2baa79b37b508608f1ee4f84ed10
SHA256 2a844cbc6cae0c0f02fbd3b94717284eab90fa19048733678450fae1f050cc6e
SHA512 12dcc79fdb777ffe10170943d69b15acc4fc161f5f00ffdc1eae4194b3660608061b2bb0f4818762b5b23f40f45cd1c46fb598476cdc2c24becad2a64a19bb0b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 51499f9c7b689688c352f21fda608429
SHA1 c8177ef89682f7743663bd1fac83093256af7f81
SHA256 dad026e2bb150790d4b97d25a71492d7ed671a6e1cceda8317cf84e22169fde7
SHA512 27acb945dda817d3acf449468780369a3544af02e8567400c96a6e4caec974277ac29dd54448ed8b2a5b7a5c5b06b63bc1b3fe7bf8155ce91ef4f15a523f2573

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 4d127f281e07ca25521c7a5b0cab8208
SHA1 f0f39de118bd7dc0b732e5946cb354cdf88d1d86
SHA256 41546e0a9fe87c504fe4b03ba62171e33a28a44ace4626f722fd1f05ce214140
SHA512 5764ab798b38352ae7f4d411f9a40cf20caafb9d04739f3e3f0d21f6b0589f617ef51402b6994776c87449947037673e91f4bed6111f1e0e579034412bfe7fc5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 5f6c9bf16e5621d9638e483a9e4739d7
SHA1 013b812c0f351b6b3177134e7664b41a38e4993b
SHA256 3b7fa5acc8cb984b85af671e84db362a1adb0cfec80c96cb06ea08c96b75f90d
SHA512 9661f7011967b5bf2d5f3c362d7e4a3562c70cf90f8db947334d5168fc69de7dc06937ebf0785216e9b4b7cc9fec27976ad9b4074075657ed5dad8e7e9da66fe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 c25801cbb9d9573438ec8617ddf79a62
SHA1 f43a1bf0113f9386b31d5d6a194d4215c9646d68
SHA256 84b5e8fc5cfe84e1fcb29dd5fc3d7e66cc58f1a10f921c33f47af557f7919824
SHA512 dfafb94dca0ddb4692f7edb8da9beb03bf1cf706ad9829125f7419b87acadbf3c67d8992ed67c23e1d472a113717644ad45d0369f9296ad713e27c55d4c1e2cc

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 5326f8ba9749b2acc3f7072d0abac5ce
SHA1 598ebebafae1ad2b65b88ed26efedf1891bcbd5e
SHA256 b1a410b37ff94b0d3111345f605963d2a72eedb99e287cb7726d7cdb7d919f02
SHA512 ee38c44f696ce3b022c82e93512f2d45e9b512089e5b97fdb259e94975ab828a2881dc689b481fe1c431dea3bf08bca098ac92fe393b7f80988f0a498eb4d8e9

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 37e40dd0b3b65b6adb5ba591fd4e715f
SHA1 8fcf4feec00ef78747814d4ebc20e3bdccc9af2c
SHA256 a9ba23734d4a6563cdf9c99f353453db672bb8b826cc58668caedb4b92942ab3
SHA512 6d8d382d9bb77c21c28b6f812d3e33db4950f0bbc0cc4a4047b39bd87e9fabcc5a742ed3b4b3f086035297d493e5e4f7956e98b3ce0be2b979ef819b1371ce7e

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 5fbdd7b04c58986dfde532a57e2320ac
SHA1 5c76be3034687afdd325812832d4a68723b02b04
SHA256 92b25dcb00f179a5e913cbf489c2a909b3380a22062d343cc60260e798cc8263
SHA512 89a001c6755a089d042ced7f8a65d731d94abebb01de25e8b363cdfecad688d6d9f33b1816d00a376b7e874dc1114ae492eeb4a5a71abbcfdc5b73ba742a27f2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 3f67d9836bb19a988836399a787d2baf
SHA1 253263b375827644e2e6c0ffe1dce7811f391c54
SHA256 47aab47c410a78d162e491381aa314c254945becd28b8402e60d2d60c6c310c3
SHA512 0a7d318cdc3ca9b2af5a4c393ce5a9aa67ec8d5379d72eaad98985c00179c27f4634ca2c997d511d10a1e9ad0a14a0c20bd785611d9e37a2effca5befbc8b172

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2ababd422e08a1136266513e534dbc45
SHA1 116357e5cd56585962d60a6b497361503b48b344
SHA256 d55d058a92b7226b004752f39462eabd0a779010da9356e464917d4754e653fd
SHA512 e68c446c4ba9edc91c98efa170a4c316a0995c8d7f471a070c787a5d0a5e2a0aa6351209795df178abbb2833ad3539810c9d2cf64bb6ce5814f6a7938c8910e6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 cfc2a68cf0754a59830f98f4fa11e907
SHA1 36fc7d036a3d79b50d88240157d19cae68458934
SHA256 138d9e47f8236c1e82b1a75d739349b8516ced86e7fab11930f4bbfdf4fff93e
SHA512 1cc862a6ac199002b7558664bff7479c3c3f0dddcdf8ca67d23db9688e3aa1348aaf81246223b5f9e79e81e9ba648fb576711df930ad7ef4fdc7c2f1fe8ab69b

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 a01c17250a4bd964a2d3b02e18113e34
SHA1 9a5fd44f98e8da25f8b5c601ac04899aae86dfe4
SHA256 0f267a54ceb8b5ae75dce25cd93d621ab9d53d887764a9be064e0e35d359623d
SHA512 a6446f29dfbdd20e1f1c19309d9a9a6ab23913d88716eb13b77332279c01825595862b7cf849ca3e06b3eca35804ab65c8c19471e4197978077927d2585c1038

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 1c1bd2bfa7b29312c5e94f04fafc92e8
SHA1 e3b01c6720c2acc77a113efe14438f6c3377720c
SHA256 b77e8ed629ad86fb8ba8b1cde6e03c9faaa73f69fb0961daec8696f0b240e450
SHA512 96d95456facbc3a6dbd5342836b20bf7dfe8a7403bb8c466b338d471d668885e86b108b02bfa9933237c38168c3654b4563ff12758171e41a35f4c5b1ca7e059

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 e5491ba64fff181f1fe67166f54ea108
SHA1 1d6631bd4950af3af1f16a754936bb8e7f1038d9
SHA256 d36e3420ab53931273b8a6604e200282b0119e902acfe406814f7f33a0164279
SHA512 317658a761fd8b276afbc27084ddb2e76b7bad83b633ab07bae0421d5923a2d18345bd067404e446eb13ca6cff31d2780b0fecf04b0b308211f3fdc7e71ca709

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 546fdc6c9255446eac1b0c51bff9f08f
SHA1 2da71a18422cccc5edebe2e12545e1d6c3ce411d
SHA256 e2b4d2a9107d35e1d50789d125e0ddfa9e051e97e56fdf2d602e938031a8304d
SHA512 89083e9f996adc79bc0ac5c10cc3fab7b69095115326ceeac711f9218d756b1e7f0111b5359d99f84d6365aed4cae95c7a860d330e9b268c7dd794487f01a7c7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 789aff2a5418ce66a724faeb7af686e0
SHA1 a79f9ffb6fd7c79a11eeb7349c3d5f3eb3222fa4
SHA256 aae89827426bed27374fe8444c642268c196ff9d40dab5b628a310f5e2aed5cd
SHA512 7b664d8b6e9ef27f6626d5621d43cf621bbf9ced96530f0db37979ed1b39561e169603f71aa3a6b6b7970c5f025c38554681d2c9a446deab702cf4ea4c241fbe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 77df348157f27c165fc78014bc37ac4d
SHA1 cadcd86e4d1c5e8e2df9357cb08285b94f9eb061
SHA256 8685a1b3e6e317c3c778d78c5b2d6277d65b050adf5278ce7bcdcc12d9b5a143
SHA512 59e5bee0b9f03b3ad4b1563d98bb1c104dcd0b1659016c07484e000e33d60d53a922d35f4d5d023095681aaaf0b8f048846984be8583b0343a85ec7ab399eeaa

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 92856913e7779c5a41739982437ac41f
SHA1 d2db041fd060002e1771a0c5d7d840716bde6cef
SHA256 222d64feeaa61c0f0523bcc774241416068bb77073dab4af71e5364af9b26ffb
SHA512 b96536d73972181f6861d2c45ef4a45f2fa4a6a82a8c95b7b869fdb483ff2e0586116d4f45adc3da52a3d7f9f690fd609f117ba85135b992ea808124ef6cd86e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 e4d9129cc82562033f0b8c6cf62e4dc7
SHA1 869abb6bd11993677a437814dd158f489722dc55
SHA256 8856648e4a446ec741d6a1d3fafb8c0d39355bea3140638b3a5ccafb6ee959bb
SHA512 97e9b4966be2f10d5520427a41bbe4c292010ac352704535ff71c791c07c04d4ed0ee425c7c1539f4dad98e1a7f61ccffebc36599791c4465c4622950642a147

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 a1e7d6ef763f98b2f1dcdd39973a5ff5
SHA1 539eb2b886ab2f5f491f857581e1bf8b91554991
SHA256 b75df21837ec54b17e389e6465089c7bdc6ab0db1fbc0e6599ce565470f8864e
SHA512 233bf9927786529d3b98abcb849dcd8d5a9d95a5277038813b6c4cb6e20c43d5797b310295d7d3f64573e970c895f1024f13dd1b1fff4443d85ea21d0744fb8a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 298867e987e94f4e02f5aec6b4532b18
SHA1 382a56fb425e3dda7d81781c84aff21b486f8d3c
SHA256 2a12c805a88d7b4b89509e26d0cb952555e214a79431ba0a4b3f4cb15bb24c46
SHA512 c7fc609f6f2abe9a84d481e191de635402dbe12d2525e144e382e7209118a8bbbef0e3d9e93538a6982896dc3c552079bf52c21c1c87148e7f5bd2c910a0809e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 3ad2572c59c4eb95dc3aaa3302f84064
SHA1 98cad2e36f9dc24504214d05aec469224ea36e90
SHA256 4fae4bc88b2bc9a755bbae1ad66e7c332e38217bde101504be60b2e9148373e6
SHA512 49441bfa8212636ccd8153e5020f617853f96e1d020d039bf31d916a3d846260e6cfa40bd1a1514db81da046f364754074e17ee06c51442ae2a358a5fbac2f15

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 dc3ead2cc713bb5ffd12d40c0e5fd4b0
SHA1 9214a555239cb7407958448361bc28d8afee6e79
SHA256 ce382c0aacdbaa00fbdb121f68a5e02bafd6445cd4580a2dd267f5bb159abd8d
SHA512 8b38cd1d2531a2ab149cff70a69c784b4907a837675f127b2631d9d64472720ef4b0c3b517850177824b277d41f1a9a61293fc7f343d4764d6e63473e108fe3a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 5f8c0091b2c556c1062cc61f202ac3b3
SHA1 3b59092aaa191b054a9365fd8a550878289a3bf4
SHA256 2d5955e571780936cdcbb2b0d3736608e5f08c95e395035ee6fd75ce53590ef7
SHA512 1041b8696624fe39c429cd4bf1a49e69b6e17d3c36c9f4ec194d39c44446755c3eb537c834da50c71ff0e262e82168b22598e276b3a9faedfd6557315f1e1654

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 2c48d5f0d88b4c46ba7f61c26741f1e7
SHA1 aea7064b318a5cdd1ab0b62abe944c1fbb291197
SHA256 eebd65cb5bb931bd0d8681aa4aceb134e522148d2df3e3e8240796ccb4e7835b
SHA512 138701ceb94ff1471e6ea72c45695a70f7eba152731ea9996caf671fe7ef5166221b1b1318bcfc687640097f0504e91f212ae6f2fcfd44f37b757793609fd605

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 59a703d6f04dbf2d84b2a56bdcdea5e7
SHA1 fc3afb49c233e4424d8c16f77a4733d194d63259
SHA256 24f52d45319a02ffd77ff3ffb6ca876798849c72645d2d508996bd1d4e393531
SHA512 23a31dc38bce22c63e686f142beb05bd8c847fa4a5c9d57c6ad26a92ef41acb7003706872163f31f800b9443b8ef0003d9c64d852441e97699098678ee95b411

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 195fe68a6b4e2bca466d0f24ce144e7d
SHA1 7e12c49f93aa00c50f6b78639296c3abfc207d8f
SHA256 571241e9a27c173d265728d936c8cd18c0de27f960500c6931680ef5cb267c34
SHA512 932ca722cfb3c5afe69d02e7eb112a74e418eb87947b7536f0ff4ba711adc0a532eeda26362e95465877e3538fd0575fae1ed2c9d7c1503e92ee5cecd1c72867

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 cbcd67bf496ffc7666446dd8cfd8f867
SHA1 33242f5e0f8ca9f114c75fe4db0ed8aa70279d0f
SHA256 1d6ba244e5cfb657e93c48dc7f84a5e81b5f1896e46d280a766e950fb5a56d62
SHA512 058f33d5741071c6275cc5ae1706afa2a87374ad74d67dd61bcdba65e08f5c6056aa4f7aecbde8e85f2ca0732309a0e604d5d178ba22fbbbdfe799912fc5a716

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 e5206e6fd8884bcecec87d12860872a9
SHA1 cecf47596b59e6cd05bda742e6dd436bf44abf0c
SHA256 a2c812471edc803305b70675b4c3bfb883f49678015e224ad5f1f903ae9b5cd3
SHA512 5550e1dd5e89b2e1e451bfd8a29ed644fe746b013f0813ee362a769b82c31b9c44be21c074c1f1ee385adf320416a4bdae89aad98dd8bcdff1bd4fca5277acd5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 5710f630a79e27cc4b3fe0a5c73d06fd
SHA1 d7a0a528bd350aeb6e010fd2d19c96a809736dd6
SHA256 6d367ac2ca847d646a09c67e6dc0bfff4fc9b6c9234f666647613d3e8129d19e
SHA512 7e28c5090fb80ae292ad8d3727a532e6a90b54eae4732191ceae143dbb8e1e3b724835d744eeb77093d7717419ffb43c3022bfb9c159ac244ef0206e506b4c97

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 7564300e99716e9d3653c3d44c8ef475
SHA1 22a11f0cba5e96bc14d48d7d9857fe34ffbfccdf
SHA256 40f1bfeb3870ea665a94f237b09ecef2a3deccd121cd06f39ac2f74d633c579c
SHA512 c72d47e21af66686e54e7e51008d834ed24cd441dcde3802138494499a0d68a87f3bfe214f976079d646386aeac77bfe985733cd55a5793316adb9eb01547919

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 c483718510a9c6cc62fe940f200b4563
SHA1 d80c3b3beb36f20a772f48353618446c34980000
SHA256 2f5bda2d05581bf395ba037e3bc080a076f66606885c506c6461301057c13f5e
SHA512 88881bf0fa728b78c68da749058be312843162475fa6857f597f77195ef3e438e25ad1ed62f3d0115b4d6cf005147b58e2bd8760414a67726e47d26631ff3658

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 500428f18af1faac87224d9608c90b34
SHA1 1a6f890c4fb163990f740a605c4a5e8309ad1a9f
SHA256 1c0ff3261a54e766117e8487acb14899b9d16f5dc1ffa0fff9604d2ca28c1929
SHA512 b2936910d3eb54f72a162ed33125c2176cd8af96d8dc6ff5eb8cdeef5cbb283e5e3d508118b2bf42a6b3230d3dcad0caa54b8e089c0929d71f0ffca2412bfe12

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 0335f1a86a2e94228c6d32832ec4b2df
SHA1 d4dfd1d009db1733ea98909fbce83f7402a64440
SHA256 4b92d1ab4bd407b019ba4fc8f981d8f5a28e57a386b4249b81e42255dd1942fd
SHA512 ccc8fafb8313d44bb2a7d959b59193050618cd6aa7a31eb9eec297c121efb0c083bb28779f42a5b78bd4f312a42da9e9082e114be9a1cfaad22173746eabdee1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 13179ae824c6240e6e62bfbc81357a0e
SHA1 ba149c1d6d5425bfe51ebcf3b91bf6f17fdadb00
SHA256 a16619068218388fc53f60833314a913e552c3e283d0ef71abde7d017aae266b
SHA512 5bd26bdebda9ee70ce74a4f7de76a391cd41673f3564164b94bedf198200161a13e83cbb6b8586d0bdbe47f9b38b2f689e49eb1e6473251da204fab9dcc503ce

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 c33bdf796a1851a8b6446c99f6e27ec9
SHA1 1a4d3acf49df66f7733fc46da3eda5c1e55fe402
SHA256 7efa0fbe4ac2e54f9d7af6440f6481f04416e639cb0c1cae5421b809df5024ce
SHA512 071b1c5db6d56551b8976099f3430d4202a39e2dfa751b34773a354570e1eee3d291e9f9371f6f7e3d6f636bfe3024572293e690e0a72eb9ed5411ef2a6f2d74

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 2a8899f2b3556c272e067216e586f2b5
SHA1 dc7abaeacf52478cfc4dff17797300bf7ce7a0ed
SHA256 da3b47505e1a46d11b333e5fd3ff16211179847636dc3938b1bc1954422dc40a
SHA512 6dd0b3c78e7c805dccf1b337cbfc7d652c1a4daa243ba0915fd99f483e774774b2e02e755b35a20ff1fb3e251d497a031cd7379e4a51f7e659b88d62404ab654

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 1c93c577b9842ca521fb50530c179254
SHA1 59e69273b6433ed93aaa2cf376a3451d298edd7e
SHA256 a6f8a5fe11b1e567c63e6bd6132cdf60891f9326a5bf3e83290ef85d1399b675
SHA512 31e3467f4155766999475f8d6b2491bb9cc72443424e3ae4ff3f23df7959aa98a66506af5f24902fddd27e6f74f8cf9364bf8ceba6296f5a45a8022666249d67

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 c22a07a0759d03ef875ef65f9ec17772
SHA1 ba13a6757260bb46ebd8c510d74db6220ba21b43
SHA256 a34d1e0ca52fcfb255f3924d48bdd32e2e1aa4606d706203081aaf84d6346030
SHA512 d264273d1250e4c6a979ed36acb7cb62a0721f45b70db7a263bc01554289b6e48d40755e1af83b3a97c91608ab1639dc89e86230f8e6729549cfc2112061b9d7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 6e26f60cc1fa1746bb1866f365e06930
SHA1 2372351ff091a54f3641e5d0df5f496af55fef37
SHA256 fc91480733586b083b84cf70d83745d25fe349cf290a2cb715627d99e15369be
SHA512 0f71e49329b512435892ec95801ff2b8d2c77f1ce1e19210cca1de9e2c70e8ac447cd23d5a93711eedbb62fbd3ba6f5236061cf6aa3cd33aab809258b0468657

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 0f9fe72d40c2522507bdfb4e4a55de2a
SHA1 cedf697b2cdb17979f16e87a240e83c7b83b8ccb
SHA256 a0ce5c11acee1a6cba7f75e678889362ddcbd07178187eec09b3ca115fd82576
SHA512 bd74cf4e564281e1f64140f3ca9e80aaeeb661ab3babd4096fb072117bf067dd5f49bfa380a52d1317f7959726e9c18f4e740c994ace9407881acc7569266ff3

memory/1680-11062-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1680-11606-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 30df9c34f0947711e5570c75b8e1e1b5
SHA1 4d546e3b33ccacfa54784be1375c49413cc9729a
SHA256 ee865721338df4b9d908800df47d5841494a8aa277a983f49a11195e561c1352
SHA512 31c514d7f7d3086e4b316e8f5c83f2c285a4b03d1802e42034e512fb3649e120a7d25b2dcf12891578680e06a49c13ac686affc46d0ca6f7a3b39b56873d25fe

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 a145e8aec84876ab814281b92dce7ed0
SHA1 ad5fb631ed7bcae5076529928b16a54e4e433928
SHA256 a85bf4ea49761115d2c1d5da6cd617f961b6a9610d4cbf445438db2114c5d244
SHA512 ed0cc0d3e298b9bc894421356c07bfb1d76b2b0ffb684e564eba452d03edcb6eb4ceb76dde3106b68a07664b52026931b1fd1f58c6350dd40c3eccb53389478b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 40206ffcbc70d4a2ee7988b34cc632de
SHA1 fc309f8b37c304d3e76ef3364f49a0e436afa028
SHA256 744a1e8bc3352f48607285fbd698549450a85c6e78984c955e6ce454db7e4189
SHA512 3fc1c213bb891118c839773f1315343c8f86594887373893d2f59faab15a85f4a6f78b6880d7309dc7e22bcaa80cefc31902cf0b4898f9f25c9a52313cf8d6f6

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 3af6a0c61f683b1b1656883dd821ede5
SHA1 6eb54ecdfa262017f7aef46b3926252f33e74c93
SHA256 d502ead49dfd2daa9abea4a0d75705870d7596872440bf88ad3fc2ef606f15a2
SHA512 edf507774a6d8612b77f605a0739672b3f626254e4e8613d7f77bb6b8779b6d670a2597323afdba32fb4a43130deadee3a817d5db528c79b35a4b62a851f83e1

memory/1680-11967-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1680-11970-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 a2c7ac93b4241c4726d4efea4ef87a4d
SHA1 47aa635649df786d9ae134c0c213796439566960
SHA256 e53cdf272c6a9f2b6be20327fb8375dc7c1a8efe2a66dbc8e522118a8b928a88
SHA512 ccdfa8a9a63c0c597fc86f4bf47ff5204406731ecde7451d827673e3eb52ca072c6fa52f032ccdbae37d341c4cbe63b8d104b13e1414f1f8f7ddaa31f5431fd1

memory/1680-11973-0x0000000000400000-0x000000000040C000-memory.dmp