Malware Analysis Report

2025-01-18 20:41

Sample ID 241213-cms92avpay
Target e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118
SHA256 e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af
Tags
xorist discovery persistence ransomware spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af

Threat Level: Known bad

The file e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer upx

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Renames multiple (2214) files with added filename extension

Renames multiple (2178) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 02:12

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 02:12

Reported

2024-12-13 02:14

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2178) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scunknown.inf_amd64_90993a57907d9959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentDialogDesktop_456x100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\27.jpg C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-200.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\HelpThumbnail.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-dark\Settings.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-300.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-125.HCWhite.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_connect.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\7.jpg C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-cdpusersvc_31bf3856ad364e35_10.0.19041.153_none_4259cda9b25455c9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..erver-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_453e8a3a82e13d28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ntosext_31bf3856ad364e35_10.0.19041.1_none_89e4438cceba3f44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fcb0687ecd315eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1202_none_c4b5deacb4dec365\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.19041.1151_none_0f2f3a9cb1826509\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_10.0.19041.1_none_ea2adcedc21c0730\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\InlineLoadingLight.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_10.0.19041.1_es-es_f01ae5dea51f1b01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.906_none_451f9f9f8c8636ec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-authext_31bf3856ad364e35_10.0.19041.746_none_ce8be68e52275b95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-fax-common_31bf3856ad364e35_10.0.19041.906_none_f47de783e3b018e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.868_none_cb09f56af1e015a6\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_7ca8369e55dbb238\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3bfbc85ba6735f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ctivities.resources_31bf3856ad364e35_10.0.19041.1_it-it_bcf00c050932b559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ccess-userdatautils_31bf3856ad364e35_10.0.19041.1081_none_53d3b598562c1dfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_b569cff30529aead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.264_none_e841ff75928aefbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_10.0.19041.1023_none_3754bff128f552e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\http_403.htm C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_10.0.19041.746_none_76199c1c412ad571\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\selectedTab_rightCorner.gif C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..es-ntdsai.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_81b3c2a84cb4525a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidbth.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_82ad241d129b2b9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Battery Low.wav C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_08f6da56337b289b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_10.0.19041.1_none_bf08ab1728da2535\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_display.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_dc917dd93f391667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.746_none_86054642ba7a769e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1202_none_d454db0c78bb56d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c8_31bf3856ad364e35_10.0.19041.173_none_e9ff08f651307ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ent-platforminterop_31bf3856ad364e35_10.0.19041.746_none_fa9c05ef68273981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_eventviewer.resources_31bf3856ad364e35_10.0.19041.1_en-us_23fed3709cd0dc08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_90d6f8903f12a42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b4d3eb876680b415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_presentationui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ea81084b9ffa469\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_it-it_30f6db964f3fb861\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_chargearbitration.inf_31bf3856ad364e35_10.0.19041.1_none_d564cdfecfd2a164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_product-onecore__mi..fp_hf.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8d8d263fcc27e538\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4629a3a74f53937a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ee133a5c1016ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-extrac32.resources_31bf3856ad364e35_10.0.19041.1_en-us_c1450d96907b2656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ormid-wmi.resources_31bf3856ad364e35_10.0.19041.1_it-it_02935a2b9dcd114d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-br_a28372437bff6cf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-display-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_64484ef42f5c7384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-authmanager-component_31bf3856ad364e35_10.0.19041.789_none_2777a97bb9a05cd3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c923184ff021aa55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_44843612015b3d1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1202_none_64787bc082e26efd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_201d37ba16e6afac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.workflow.runtime.resources_31bf3856ad364e35_4.0.15805.0_de-de_142e0ace56b75463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1266_none_bf3c721eca7a986a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-applicationmodel_31bf3856ad364e35_10.0.19041.264_none_0a3bed24321d7187\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\IME\IMETC\HELP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ui-xaml-inkcontrols_31bf3856ad364e35_10.0.19041.1023_none_4d8202ac4e35281f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1_none_bf56a5e7532d9c79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..honeservice-desktop_31bf3856ad364e35_10.0.19041.264_none_065e4e85016cb205\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca4ad7571b666b43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe,0" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GWFLJHONWDGKAMP" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/1324-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 f88492e36b3883d0259c4d5ccab6bc2b
SHA1 60f24fd1b969e034b9eb5477fc1f50233a5679a7
SHA256 8f6aa5abe9e5dd36bb4d91b5449898161cfdbb673b31efd880b980c03e4bb91b
SHA512 ceee5d62ef357cce14fbc3bc8fdec3337fff47a4339e959bfce9fe5d2f14f10d206d6e8a3fb29150a910566b80aa794209d7e4052db0c49b74a7d9661c1de926

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 b8dc30ceae940f73672c2fd032a3777d
SHA1 6bdc8739ca5ed84807a7db2a603d32c60b82c816
SHA256 7b101663e7646cf8a607c82cbfafb7d90317e866b411f02a3c0ecb152fbeeeb0
SHA512 5b571f013f734bdf358ba34a4632ecb6d5186de10640e71cc3a81b9bf6099970225c151db305bbf294405aeed2bbdbfb0a71ecad3a871b98faf24a3052a40782

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5e94f5fb95327a2ad10aa3f859a89932
SHA1 b1f276147ebaa2b00b2f1c3933097b118bae187f
SHA256 5481b8c75f4118f227f84e37653eb0f18462635816c30bd2dde27f8f00db5432
SHA512 9846a683ed896e7164f5075cc3012ff3d66f6cae726da4e91aa85367814980546dc8646721ee56cebc51d3cbd82c24f82b95c529561b4119da04e052d9a0f342

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 123cd5f7bba8ae1426bf16ceb15b65d5
SHA1 2e6c49b31f460f86529714b900077769c29a8e6c
SHA256 74e7b956795221a90a0dfa57e3aac8820b0b2ba0ca238d1b8721361b85161afb
SHA512 27dc110334bb52c3dadb6fba4ac8ec59ff44a6ef6cf5a3494a98e05fcbe0004a49053e5fc3988bf08c062ccdcc053537fce01c4cabe9bef873734de277345272

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 4ba54383820631c61d0ea574d787d5aa
SHA1 dc7ea5101afd0dffcd7ee522ed1839c0ce5177d0
SHA256 184215065bf64721dea52d7b807237a48d55f083221bceeee2af0c7794be5134
SHA512 36d72c8cd58dfb94cfc066d961171d6cb3e0b8d90ac84b42b07ad4ca40098363ee6e4b439ab85a2c23a760f8e0558cfead2321a6be2a38a37c2edb3cbb3dd871

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 68dbf62307d5b216589e963daa609d5a
SHA1 99bbc81a1648862a56208051e50a13c30042d8e5
SHA256 33c7de74edd4d29c2bc264f1f3b0aa019d2ba36a2e6171c524b26c6b92c52277
SHA512 64dcc3c053c07eac3f652f40583dbed64d8c85f68cd913e3cb0a2f0e03d056b3f48701b1b5dad110baf56eb19854f49d25db4d426e91a62fd4990987af78b751

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 8d2394c53b91c19a5dd546e2a2c3dad2
SHA1 87cb73d6429baadb42f29629ca1c498d587b1366
SHA256 ea0391b95ba51d19bf0cfcfae9efca4d8278215187b7ac1214d6c495b53f3c0c
SHA512 4d6d4fe72278e400cebd4b1409a4d7365257ef7363033e4b00415eea73a6e26889ca09800a8cc6763e304a027aa7f4855f15f15ec6d4da9319e036a12cd21643

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 6a32b73d895d32ab7a42425e65eb0ba5
SHA1 98b3ed1264d82f8657e653cbeaae17c35d97a0a7
SHA256 17517390ec273db101416183b8e97bcf16f23b765c9d19816e6dd32c97942451
SHA512 386e2e2eeda99c25f9b4ab78f0790079b01429051d9d847490e940b34faee24abdf70fc1c5e8e9232de41a8c0302f59e14556edec9ea22153bd22ed16f303316

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 fd0cbe3dc11540725af1f856ca62f81e
SHA1 7776cda3f4d15c5f2c86f9698f2f37e4cd0fda26
SHA256 7c0a42995a77e7463823edebe68d5a9d3e97c82de8dbd3da3410f7fe9dea4cf6
SHA512 b6ff31d991fa5031814be6181c25f723a279b6c601c78972eb0cb14a84a5f065b08715c3665f12b9e45ceddcf9ea7f5106dc773dba52a98ad58134b8021521ed

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 5038d4dd62a21446aaea58731db81b2a
SHA1 26178e0839196431bae78cf6dd92725c80c37430
SHA256 7afeb15fdd9b33225b93520dd0a2d91ce137679216db91442aed1e89d7c5adfa
SHA512 9d332746d665b80c131e0651c11d9bd1b0e4cb51b9fe337157cba848a9716d2ac30111f1be1f23f2310f7f1a70b900b65e1a5fb3f53aaae65f613ca39954679f

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 38918a7ce7ac4fe4d38c3636919f224e
SHA1 3fd34ca8935ea29088a43ff0a67e7f7b4aa55bdd
SHA256 19dac0fbf7fcc6ad3f8e9931c460dbdef8241120d890c70b732c2ee73b779e58
SHA512 a047708ea76e7efebbfecbf2a775b7f0c0d799ac5f40cef68c0af7c5da3e6fa9ae94034ec53b1dc69f12bea94dc7f173e9cd50f47326520fc9060b619fcba8c8

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 f3aa6a6317e9830fe3c2715f0a50046c
SHA1 6df991575dd8cfa85315e37fbc2c8bd15827638c
SHA256 1e8ee2d41436c02aaf674f42cff88e31b26672e4f9e8029ef0fc7fb55567b1e1
SHA512 6abd2cc90f0e72dd16b289ca06fc5261c2d9f0b713f3876315e73134052f508377d33483b19f7c3fe27b81bad47095b406e6828e42e7a1b8044abc5664af064c

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 5b5a96df67f858560bab2886c327249b
SHA1 aa27f3d81e33137c859b0ec5e580ade806369420
SHA256 2e55f53235230a4568bf1608d8c699d7dfb0c154c58eceb443a6ab82d4c29b89
SHA512 89931b0b2546d0d6e27a464753848e7411a6cc86406759ac6321de01e5576aadac7b26e34727cdc55d47b6bdd9d587e08a16fffbfbb9aa82b484dec7c84a5d8e

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 da6599872f901276ef05c64d9f2fc60c
SHA1 95b91355429adee70499c8ca713403932806e34b
SHA256 3f9dce4a01a3b91b0c233e9f5dd7cffd0fe3d4b5d482e56b0411fa34cbe17dc0
SHA512 3d7328120fbf3e004c1b5bb7034a9dac0de700cc169205f056bc84070d858126fb3b1c12146d4af8f42be9769446a7e0e3cdeebd0dbedf3aec59acf26375e2d0

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 899674ee3eea7bc8b126f473acf94b50
SHA1 aba99a2c4d9bfc4842ed39e2aefaca9d98e69c22
SHA256 c7fe3946d157d9639410276358a5313596c55937fd1958d76d8815016c313b6d
SHA512 85ce32e52b163289009b2a1fc61fbc42de547c3e8832775bbe23f2815e049a79d4aebdd2a22059ae6ae5aa59fe78e387e1451a2afe557a19b51d2bbcb4dc353e

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 a6e0d37e55687454cc3b8977c78a766f
SHA1 3e84a3ba6be7a9c9e7e0dbd92f65fa3e01e10f8a
SHA256 4d7f132ad30a3e70f9d95b8d61349c0736793aaeff28236152016c419746f5e2
SHA512 6d9d3efe3fd74e63e3f0fd1f998ff6e04350c817b0a2ea0f7ce3dccb38ea7f57587a3fed7a9b563ed0fd577cb087bb2920bf918eaea764e7f2598d455485b31a

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 fed832eb442afb04aab022fc07a2cf8f
SHA1 fce8a56beadca1059d5bbe3aaed87a9dfdad264d
SHA256 6c537d9d3effba2cf3c85f00ccc593c5d64ffc8bb0e3d288ed7a8961c8fc4297
SHA512 2fb0f15a9e621d22376adcb5fa7d7e20b7bcf6a6e6e6dec1923c06ce4850124e61a7d96cef7b26d8816c1baf80b9e23c3a21347dcf53f6144e9e5b31905155a1

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ab04113662da10a11f0f795cd3f56604
SHA1 170a19fab787ecf3514504ecc1c04dd3c7ece79e
SHA256 8419acb950c20a591345f0269deb0544d26ff30d9e11178ac3b91e5ca03536de
SHA512 d85178c6d4187bb3a306e745600e4b9b3fe1923daf34dc813d19db9f2496a832a3d09b3e534103c3452a2fbb7d21e494b593a5a164770ecab23cdf47646f817f

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 e58ca7315e9ff3962a48ca9c4a6d25b9
SHA1 8e4db20041b3729f55ecc9b357021dc0dc505a37
SHA256 9883123184fcce3197631dd3565d88207d132d0965cfba79ac220343722b530e
SHA512 6b4b3ea43c2cee427fbe99f95e7f595d6a05bab7327ba5c986dd3dcbbb8151590458bb6264a62a0d842f9d7e7350039f7af4c1684c76702d8ff3dae2cd016280

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9a73e6187f06c111dd7d5faed87c8823
SHA1 68f6f0e00e1603f61cc30b8f6c627d30ce67a949
SHA256 45629d9a2a669522822914412e5590c648dd1b7a16f3d714868691c80e172859
SHA512 b432e25321a01a1d1b50a2e45c5345d810fccc6b7db5098485e61cd9c59b3b157438574e32fee06aa32753afb9a05efb3d0a77e85709c0e3c571bff9a63431f9

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 642ddd58f87bbf3098d154eeaa826400
SHA1 2941142c894f0a0081ecd6069f83bc264f3d2bc0
SHA256 9ec4b4f18c291d41564696496394dc5c8922dcee57346a8c7d8fc41eeeea29fa
SHA512 bfddcc492e95a8fea96ed461f59047a744f7052a2c2055082614fc26e6668d41db9800246041c8edae7c5d559d59272ce0e460aef5c4aabbf4830efea82d8351

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 f751dc9ccb3393b3f76fdf8963235f9b
SHA1 51ba7af2e3ebf7335863a00a37958bfef9af2b23
SHA256 b174c898e15e47e991f8a8b4af334b07693f36e84008a5a8682506a3cff72360
SHA512 12bec479cff6f615edbdc1d6aa16bce64922a87679093d4fa8308a61daedda28a80ddd3e2ee1dc5c7fe67ba10357fcf468103c343f58f075c4808f4dc2158786

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 1718472b14a330c54a60532e93f65490
SHA1 def84f7d5e5972b972fc865e22ab9cbf9a707a65
SHA256 3fabbe6f0c99e93fb14f3920c2ba765d4d455fa6fc86236f639089f85b65d4be
SHA512 4da5d10fddd26c6396cb099272c85dff50915e4a88082144f9527f751be71befbf898dfc05029d15f5d1f23b981cc309af2cf388050d38f17bd59da9e360745d

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 b936a8f438df27d392587e7c2ebbf57b
SHA1 65728351648558a554f63198e443577142bd3f0e
SHA256 86963af298953118aca8ca999930435b0ff2989777fa02305a05157b036a3589
SHA512 080dc31310a55779e663b59158a73733bd0dc0c178de0bbd025b904d69a5c3b3c6dcf6c72762b5b922241dc5e672051e4ccf6b29504e7528b8f8930bee10a789

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 ae67a8beeff5dd7bb485cd0cf4abcc3f
SHA1 4481ca3aa0b148f327f34a758dbef3d30b01cab5
SHA256 1d11b160e25ea2a478bcd6623aef41c050589784aa227b4cec72c654b87a3fdf
SHA512 af480f0b3722043819e7830168e2f756daec1419cd2c72711bebab27ec1eb5c25c102079ee64ab688e265fb434a27c993cf14e39ecce5ddce4671285f9b5a48b

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 364911c9171b19083e0d7c037dbae8a8
SHA1 973677c14fbcc297a5da1b184e1fa77222001306
SHA256 88202608212229d5e81503c4cf440ce41a72173c6aefd037e42543a0f06eed86
SHA512 1169b5b6fd5ca0cbcecfb0c4e6bf4f0ea37e9afe7295d160595f0b239c48538c7806a13a57dc661eb907167b61bfeade8ef8daf63ac06832c7535c313968cf51

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 c4eff88f53376bbf84e032a0dcd48d6b
SHA1 557f998eaab654a9c7c6c40965b82d6f747f3866
SHA256 cff878bed3b024453222532910be4bcd883163a0d8f537289ac81c0a8a1514be
SHA512 7fd09e2288d7f54ee764f854785099ed6bba76ecac3a87a44dd3d98f16097bdad0245852650bd4c3cb468afb2523ca6533f4db2470ed2e929db42f6ded2c3b74

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 92a23259f5ddcac459da2114f8863359
SHA1 5e441eed1921802cd8549008d4466178dfea38ec
SHA256 085584f8285dfc896b843d57e88ab61cb734e6403c52aada60bd0ad7f78c9f27
SHA512 56614ee9cb03ba9d77b03c79093f857a8c32b29fbba30068613c75539db984481476653577cb86f75e1cd895f738befbf53e159b1a61897615735ad1a8f2733b

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a635005da69b7395cc50054d2ff23c43
SHA1 33dc5ff0714b3d7905b1603ac53ccc9e1bbb0f0f
SHA256 7a83a083df2e8ee9f0846fd4ce25eceb2da3db156b172876d661d3b66d453c38
SHA512 b91ef2deddf28d2fd2600105f2b40673e153ed657183bbf37038b5d82bae58cbc058a6b038a85eb544bca19d8bc1fbc976d6d2c93250ccfdbb8ae1d2c00f97e3

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 fac021277a01a8a921bc555f0804fb16
SHA1 7df596d19e84d83956936df484a37cd8c43b09fe
SHA256 3f98fc9b8e882a5928aa46bbc85d3f708584b6928305b46de8093d4dc78f6905
SHA512 27ae845ad4a68dcfb4a91234f4e47b7478cee5bb2225c52b7d03aa4db69203418567af906b2e0334f8149f503d3ce95f6f90e730c07038af50b2e9ab8e4d2c77

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5ed6d6acee4637a24916d71e4ed8c687
SHA1 3d90bb782280439500085d5801b0f45987bdc786
SHA256 fdda0c84a5444426bdc8580b14ddf13c376fad463aa63e0b19dc5b2d06ec7b18
SHA512 74da4f79c7effa561e34cfa451760cbe3e58e893e61574d90e75346897c5c26486b2c5c5d8f0ea79dc00b2e501eba9ccf7c31ad07a7c37a772852de974421bb1

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 17ce64fe8837ea6b6903a56d971d47ca
SHA1 635ef2024bd52f7b098aa8e95a6ea17840f260e5
SHA256 6e54360130141a29a7198989d98dcc4a203ebd88b9e078406e0e8e3e2530ef20
SHA512 6b0f3cbd2647a788059f9b337448133e0170fe6651378f4495e08004b39f590e7f6166eed8fa71ac73a2bf9c8b03df37ee313e32a99069a73db88d6c4d1a17aa

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 701ef2f478aff487b7ff1754976cc1d1
SHA1 a97f899061a18adaf5fdafff1b1bc2dcc8e5f8a6
SHA256 583eb6cb4e47e70c4ddc9ba015675661642129cb3ae4dee2b3c384d936cbd160
SHA512 5c33951ec1d4d4842f9fd160c88b0ea1ace5bf89b8c21a265fb409168567a7d48090783bb65c1c7e31ce6e6eb1963975df497d76a26fade13a91212d1c9c68a1

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 b3d79c185639c15cf7ff9dbdd96b0255
SHA1 6cec07d45ad9a64070650b89a7f18ad3c61e7112
SHA256 bfe6f1d0e7d3d519a9cbd50921e27f62e65c1b08881d662146fdc36260260149
SHA512 b73ada9104d715435fb103dcb626f94980725ff6e5ba2c83b1b35dbdb3e54c5f551fb1e2d88909005fc7e1922b9565b984e9e64a309695831250fac944455535

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 ade6291f23685406612e783f3376dcc2
SHA1 6f32718edabdaa9f0f5590f73d17c792e28e8ca5
SHA256 576dff797832430e7017d43b937c3385634e156941ebcc7df5a2a0959743409f
SHA512 3bec3b179074783cdf0cb6ab846a4f63ca1ac181c1ffdeb3621935bba6e491dc5bd8bf7f49b67034e679eecaa24f7f49f6e45022791e0794b506d999321e5cca

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 af540ef30ab91703185463efc84c1fc1
SHA1 e78fc236f1555d2390aaf589eb00ac160cce2edc
SHA256 fbf015dd95b183c829be993dcbdb9dc7ea63d68555e34622807b36e7d81f59ae
SHA512 dfe4c41460aed2f6da98f9df0ae1d4ce000c1c459c2a30aa12355627662f60633ca5cc5af07ab9ab2ab1d36e4fc94b0430e0c49ba90179a4b96a2408350c891f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 ff4444cae687fd6e2302485240003a54
SHA1 918d44de9527ec8cfd449894071b461c1e99bda3
SHA256 0631d8cde6731a0d8f089258f9899d673ec60714f0296fb1302742d4b01364fb
SHA512 09bb8eab8bfc786567a6163a8305ad1f5fbd676bb8e479cb6a635abce25b2d6351752d723d50f96dc9f72cef9387993539c0bad6440b65d52b6d0ce99486b6c8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 74421d8bbc84ec475274f27c8236d8b1
SHA1 a9e83a9a9329ab3884b47397dccfb26503bac0cf
SHA256 94d898f8289fa397dd83f1a5a1c5b37b2d6256529d1d8c406cf6fd1773df01db
SHA512 8ea4221202740f07be711ae34f33d540c43970746c59ea463da6f06fc7f8c4f2cbe3dd4629d0a6e9d3e7ad92601f3d685ddc43191fc9bc5f5a61f28766675a5a

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 5fe0e1d5e2a07e735f3671918ce16e0c
SHA1 398041ddea8c59268b23f1216e3a25d3510ca781
SHA256 11c527fbf874725053476418edf89d5856964bdee3e998309b90009367ae3605
SHA512 a8a8e6cc2195e5f8d7ef3a7b86f6b8c79f72cc3c551abd9ca888948165359d7f7d14dd0999cf9e560eb9db54d724846466765dcc5b11dedbc1731a54ba57fd39

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 ec57ad03cd799af27c30bfeb83c63c4c
SHA1 2676a5ac4ecd3c070c0b4356770caca6fa6ca0e8
SHA256 62d1ac887f71108d5c1f901b4be28697488a7e0647c26b8742ac2792546494ad
SHA512 ee1720d531a8c0a9a9692e819c5542bc6b80265bcd96019378e91e8d0f28df2e2f9e6f521b0cf9b1b6136b4058ac4fb07f06fca05da8a74de5bf43682b3f8e7b

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 6f543b216d9c4d96f8095c95e4c294f2
SHA1 cf7ec72ba45ba92d8ad4803b13157cdc1a651188
SHA256 95fbc9be3e2b70c39831c99980940cad2f38b30fbfa393b664f094bcbdb3dc2a
SHA512 eb51ae0f0244dd84ffa632f11283fc4db46738d0890d60b43d475f80205d2d1da71a154d5c6875aa7427ef14e2a3889d079a8bd997aa9ecd605c278fc1c3e577

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 a9a582172c5e4012aab38e150fef03e9
SHA1 6e145f83bce174b84dae5d72f77ad430dedeb89d
SHA256 e11c1ffe90f07389beef3552c78546ab231cb6fd801172601f49713a121fdb73
SHA512 7a599b4fea8aa3410bea56c38af2166e81a57e5a967d10c880784cd3dd12b8cd21b752e57d9175a96e3615c1ff38fdd2b40a9b070ad665580f15805ffd8d886e

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 7db60733b50757de80abb8bf47f7ec32
SHA1 59f2f006e0506f983f15fc9c07512680fef0a9d1
SHA256 a3c45b01ae9418835593da02a6b322c9a1b6756fd9324798d98897136211ad24
SHA512 0c1e9afecfc1c7296799ab41d6084016bff35a68b47b0eb3db65b972f3d3a95732af9ee180382a9d1411eab6c9026f5328513627f9f23bb6a9831df7f0b6a80b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 75b4dc7617e35a66a482c14adca57f47
SHA1 4b7ad2bef787e041922a01638b251a8cf691ed2d
SHA256 577ee87d9fc8cd031b7af9c55c88f6d649437b91efe1d02a115d900f747ec647
SHA512 5a6ac2667b66f675244a6379ad467623ff1484c1a1fe1efe2f366353f0986af37cb7fc76c8ec0944998015030656d67c6e1a7e623a469df138e40f0f870c4b6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 9e0e3cfc5eea0dfda3df47e993267150
SHA1 4ae843d0bd92a257f7bedb85b477c876f700472b
SHA256 a82d88040ecef680c8891441b2ea48a7cb59a69e321c896014d7ddb864feb95c
SHA512 a936d5d2e037593cbfde4e1d3e6e5d4ce62c6199a733bb902abd754cb288c90124a06e22194e67a1f1669509287858d16254f966c9aa18b465af2824df1ad37a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2ea03624bcb52c1ddbed2a388ed75c9d
SHA1 c5b0f8db1b4289b6f38cefc9087f335f0281d28b
SHA256 df9a1473a1472465375bd8a9961636b75951bc0c1056ae2fdc3a180b41139838
SHA512 7fec65708202324cb8daaf57847776f5990b37edd695d1f17c8f85e5506c28352f80c45748a915b1a27bb682629a2e3704bf836ea48fea3e5c0135a166c63c99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 de3059c4be87da44e788a65e7ed2b555
SHA1 ba8d2957964acec2ac8f6461943ed0eed94688ef
SHA256 e527d0536d63b2f4b63d2e609e6b4fc68734f5b1ee58fd79a7a22408cd40d651
SHA512 d75d1f679fa0eaec8e531e58f041e9e47bc7fefad41eaa4069934f80a08a96df21a9ad4bb3fb91e57a09606aea9dfa244bbadb7867d744b1f6617a60ae93f8b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 40b56a557f8d0a817b71c066b9b6769b
SHA1 1ec5ecf00c824fabc1bb4879c37e5f80e2d793eb
SHA256 1c1b69f3000ec9546b0c50df9657d286cb1ad7942ba6662ea1273fa672e13b59
SHA512 a4c59a231b2c6872cea977a8e17f4c6f786c06f08410777f1c909af5d32a4414089d983249abcc6c5c74b631daf991ea37b57087266cc27da3c7e9f773474a23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 81fb30b5239e32ed27fa37c5c0e096b6
SHA1 b01b0fcef1967585c6c2af4faad67df0bb756b1e
SHA256 d2394ebe49e3dbbaf9a0747771f5c8edbcb53cf94bf4d1aa830241fcd9269671
SHA512 7fd60cc74a7300a68b6056df05178e35c7a87089a7f24b93d8d74176a9a7695d6af5a6b338843bed43a1ff95a19b54e448e89a1ab3633b4e997ef7083398e9f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 efe9d029d623176d4b407004b3719125
SHA1 72549448cd5f1ee2728bc497f95886ca887963b4
SHA256 bc094481cb795738e8eb54b8eb109e54c0b7cd90f9a4c58cbf5f2bd384ab5f71
SHA512 9791d4a49a1687733c8fb3f836fe04242087b404125c33f0b8588cfbbab29a14c11392ef13706497282fb750d23ff443a2f56b631992465b440202b20da49975

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 6cec48d7d00d9b1e609de5e54a3f8d9c
SHA1 354934aba127b8c474ae5e707fd2b517347b5254
SHA256 abba9bf27f84cb94095057d8d3268dd86131e987c46dcdd082dbd6ee1c1aba34
SHA512 940d8e87c1f66bb2ff2cf8b2bd49a156418a6f51458188d7195a80dbc364b3a07ed538c78808fef9de0e3c8d6b30bee36156f7810ae08cb8e87582b3c8986a3b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 3f8354e4d51c45f63ec54d4e74a0c7ec
SHA1 372cade9869c46ff2a45cd371a47cbdb43b401a9
SHA256 2133eed74a7f102f841aa27ce60f1ca7720aa1af452fbe8ccd3c0a96066ec5a8
SHA512 e6a65c39e8c59343f8d2174816432108b5e5149c044e5fcbcd0d216f112bd8397761004224fa9c0ca2d973efc03cbb177edc573d700c36bda9d150de72779a10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 b875d52bbaad67f4ff30029052c76e98
SHA1 4516a9e853703b6d1b8bd7826107e71579b527cc
SHA256 0a51bb82eaf8283740695b8480fd36a773fe86f5b91ea5e43f44218b2936f84a
SHA512 a012cb1750e728386ec249b49c8be592bfcf7034b368990c3438d5c9c8bd32cf0c43a704468d65a0a6a339838e79a889b5e391738f3ba2e63505a797208ddfab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 0c08092d2fa790ebc2c34adbfb7ef5be
SHA1 a63b0602f88f651f8760efc90b3fb732687a3093
SHA256 439d12d14d04b77a507a55f402026a7dbf8f1bedd13d0bb455f32e6427e6376a
SHA512 a0fb716bc804846d22ea33b360f1ff9eb97d3f62db10b769642a630b52e0f110d45ef93c3132645b21503e47e72e9c5b9726b0e2e7ecddbe9125e88239f275e9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f2548a338ea8b5c6f2a77a19a5623771
SHA1 2dde1592a488995465d7007faaeea61c672f1bc8
SHA256 bb62cfaae916504a8c84f99bd59ba96443004c853ebe8044f4bbd9c6a07e9e0e
SHA512 b7cd461464dae679bf84c7ed6f7dea68c8f65693bb397dc0f3e447297e64b913a1812e10601d277312f16cc71a76a6e0336d9fbdcaef36c92e19540486da1d9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 c4bd63087d8b9eeb8850f648b1ae81f8
SHA1 a274a52c7f5017ade032ddeaa09c3098a80ba910
SHA256 1cedb53f5bf87d2ec8429a0560ddde6cad33afdee69b63fff3d2bc67112d844b
SHA512 3c29760b6299791fe4c0b18c3db004b84ff489b59ff5b1f666de99cbe3618b12ba0c60d079fa5049d26ed86e1eed42ed84e5b01e35bbe4b209345c019b6fc083

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 4ff3624fa3664163ba796316a1f51883
SHA1 8d40a47ca1fb97cb325b78c2ff8f4504b84aaaa3
SHA256 9d305d5d8cc0f5cef6ee13748eee11acbb1a7fc11e898df39e90906ee1e4eab2
SHA512 c1970b4066bfb818451870323c2f09d1e0b29ba6fe1795c47aa76497feb44e66714235ab456326aae4e386683707309b9f799c965760281e031f0f7322e18c31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 cb230015bffc4f6a21dc3f875aec6c0c
SHA1 1dd6e20b785932d5f37d40924896ae0efb2681b3
SHA256 860d9910f36d038251c7545b766962f59d136371436e6f8b960565a38d888d26
SHA512 fb7aa37be75cfdd777bf79ef0ec92e1fe6746e37b48d1ee2b93c768171cf07421bb4b183a916211b2b869a2c9feb9554f898c82c845d4d07fa8499fdd2c1c55b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 4898d6e374409a36de89c42780c58b5e
SHA1 784b30db7a7412ea63f39469db76f44fe2cc92f4
SHA256 4fa0fb497cff8c22cf08807fe6de3536ba7e8ab51314c62e6d79efde6517ac84
SHA512 bfab39de58d3a4e9b6b1f6c9e439b83617bfc03ce0e8ea574f25198122202bcbf2a41b1ac4edfa38e1c838965c39def4a33920fa6104e14eb366a21dbec180ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 295b2626dbc45a9665862b2480824dbf
SHA1 95cad2e760c783dcae03893198915af91f745d89
SHA256 19f1534fc4c14db8b9ed0e94c10bf9840c6104d49898e83b0891ae16c3027d90
SHA512 0292a7b6607702a8e5e39cf64a0d3954badc19f17dbd14740fb36804820764af69717e88c35bede288fd4fd7eca221243d82f92614612cb548d5dfff57069737

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 1f5d55dca3a19dfb2f181a4754be2e99
SHA1 7e79fd4217f6557b76b5c0e872f221029da3f473
SHA256 3b2f142dde2cad44f6cdac3a050ad0f1385277338eec6d187e05dcb7f8b7907c
SHA512 8ecf57e6decfca8f0fe2e89617dcc4a110cbc7c2099cae3490619eda578d20b3f4ae2def7d5ae7d072383c6f0241b46d6c0c8417c40f2f271f20092c1ab6429b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 2b17d0011081281cb0d2f000bcfdc9e4
SHA1 1c0d7429d5cc873f49e479866128f20f4d38acfc
SHA256 775205c0d76c9e9605ee99ad636175c623962ee5265d1f4a3a5bddb3c81f558c
SHA512 4769e6e8ee378ba26d710f397a96d8523c0d0f7df5e75b23f7c4ac5cf63e697e77f0636b809ece212acc7e445575fc45a59ae930d29052f07f400a00c1283345

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 e20f293d993929388e931b0e3c4cbd88
SHA1 ea15244b1eedb01abf83c032fbfb9ff5ecdf9019
SHA256 299868c819d6fffaf87e7390f9ae619494d866338ba2ea0f89ea62fc3f2776d1
SHA512 d2312245073b8cd9b853968741d3e4fbf363af0b3b913b610f1a880324541670306f78c68e5c428901a4429fdea49d875b949a8a43b9e982daa6a42292169f76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 cb8ff50849bd4a3bb0f2f350d05e573b
SHA1 c64897deefc27d8f73a17ed6393925327937f45b
SHA256 b33de921d9ee19eb0887da2e490b2cd28fed1a6d7dc2a7d412ca79d0fcba1f4c
SHA512 9ed9e214444693f2c52fc2530fac9e055947e54d637b23a18eb7f66b87bd3646e3f72ef08cf86e79faa02a8bb18e199e72c8a8b5955bf302bef9de136a7f6f64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 fe4d9a1e5a3c0c6bb619cc6413e2f43f
SHA1 d7c633425d7418ddb1bcb8ed8cc92c6b00dd2786
SHA256 757693ef2ab38bb7001e947977ac3fb09eb03810d6d0a20c78a891d7217394fe
SHA512 0a6ecfd2b7ea69af516e3006aaca97e7f23e7c99f373598bc082ae1c1a14336c4ee8d4bda37d3b0c5236f3ca85eff998a833f620afd4b3ca1ab15105aa7f2209

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 1cbdc67237894517b06ff6ab25ad0255
SHA1 e4f7a93359c86b8f87a97fc3d23ca8a372014d3c
SHA256 ed6536e8b31c7edb92b224a3a09f5b641d9c88c49450ae35035154d6125f082d
SHA512 2d25121301d8bf0a663264407eecc299a00940186118278dcdd598383ad148a2eddc981e487383a454563e71fe5a393fc91735c4e2c8ad1c42a42b3c6bc0a193

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 50ead4f0a0a478a46bbdbe83076df066
SHA1 9cfbb567ad0c97b3670d648575b1e998c17c6f9e
SHA256 bf1ad5f1b201968b0872b29fefb9e482b4521f05234ddd8caf28d8765b99525d
SHA512 0d4b45ec5dc99c80a7f2df4464a26ec36e3306aa93abd53c3aa7f9371bf626678987b5216b454ada3c27663d5e0de988c8007469893d16e51e9e9d02b5c1c4be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 711a3aa0371efc1cf19eced89d546853
SHA1 511a3167c6baf0d7cdd727a328aef6d8555ff21e
SHA256 c5fbe967a52459c92bb56303b12648d994d12918f1da28d129999d969600b310
SHA512 c7b68392e9c6211a119937a4b7892ef7dac3f601856b39e493c57da0ddac2c1dffbd172a50c6820a89188667d5549a5ca7c1222833781908fbb2a45c21e9b286

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 980886a94776c926a880df1053932a81
SHA1 570405523b52d664ccdf436f47bbe29ba7c36dc3
SHA256 827d08f08f7c34313e40ce4c62bb9267257786dd11cf6ea9846e4e992e4b1b58
SHA512 26e06c20bd4813253b3ec705826a8a1b314175aac4ae00ae130bd8b7262cf609b4a57ab8175f1867453a00b24372956ad18a9ec1e031e8b214b64aa7ab2ef3fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 966710334669f9c0ecf84510bd420152
SHA1 7931fb75fce0d19ea3046adc97e274c083be576a
SHA256 2065e6185638c21e01b3ab4d18e0620c4dc951f9974d92a6a4004664c018bd17
SHA512 71a46831a26a513ceacf66574132085ff4787f41332ba781ae2d936d1514bd9c3b508d19566b30b2b539c4e8b900a4b9478fb967a11afb35ce1e47d9f764d80f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 a149385576e52343bb8601bf903c83b3
SHA1 3f9b6923c343199dd4b8d9b14b063b1d99d2a9cb
SHA256 03ac8b3c42cc2e4d7fd3e466ff0d73c310032353b9dd7416983a760f40c45a2a
SHA512 8b57ae77fd7405e7ef7dfee18813725c7b0d507c04ff012c2a8194dfc603496bbf4df8f756d98bfdac6b0140053a66efd2a2e47b3d5b3168156a30d44c3d29a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 fcb08bd93325a9a954cf84a51dc40bee
SHA1 0ba9f21de089cbe713f02d6c5c3259d6f386aabb
SHA256 4e223f5c029fc0adb26ef469e83721fc8f821a9c4211b3d08cf259fc0d8a12ff
SHA512 3df47d7b5b2d3d601f62cf3d3b094e7f071ed4ae110e4f1bb22594e454e44e98fce77a482329326e20718d14f4e0b5907899eb979576197c27621197dc63ac8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 e1d47119d0a2c2da00358466ca97002b
SHA1 e1f9b82c0c7afeb0981f89024d1a8f836b668439
SHA256 bdb055933965b4900d27ad8277ca117a3b06a394272107df88374092690b3739
SHA512 5fc1196d2cb129edd4b0e90547f30032bdede025534c5ecff7f4ae5931e563e64d72898be9728f522cf320834456df408d8be089500404c1046ea2a26d4ee786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 621318f23f46aa84fc392bcd66d99bf1
SHA1 fcee64c0f12ac1a925e6b9ac0876e935d788c43b
SHA256 1d621c0a6ba6488e6530303b096e1c9c93eda549ed36f58028045d5e008fcf0e
SHA512 d0ab97a2fbb34aee543f4676eee402ddf09656626f6f03fe4c95457ed1efff096ad032135400d0491c974956dda2666f42974bd503135b3a35ea0440ae6aa322

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 4fd0275513a30fbee3efdb95de4b9da8
SHA1 155920486410f3b7857cb0e2df29209344a759ee
SHA256 8a234c0923e734792b7d4e533e3047d0654f0231f2ac8f88eb1c9896497f1b7b
SHA512 91d7eccb4c6fdca9f49930d80005a493c40d5273136350b0d6866d84e25b68d841f2aba3c7361f6cc7eb7d1d82476c8f3bdf3f956fbb8619e2a08a6b11488cb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 b777c61a9ba5d3b58ae0c00b621e631f
SHA1 1fe60ef64b146bcbfe2e177e46ff57209a2df1ba
SHA256 e7cc32dcc476225234a41dd720789d8992f21050a4f8131220e07127770f641c
SHA512 4204ff976f18e7a05cfd51c4b443cfa849aa52e7dabf16235537ce9b9d8c77c406e27cfcc6356f49cb4e0e8bd070c5ba831eab33fdf3133e6aa37f937fb99986

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 34afdc178cd5d649baa2898c10242319
SHA1 bd12f8ef1530e484666b16fd795fe10eb37efcbe
SHA256 ae1411eb1377226c38e5828eceeaacfb5fd234105e82828866a043997f7078ac
SHA512 366e41ac94e139c989ca11056f583b8230c78eb8733844eb4822cb679bcc611cbfde85005ad5511574357903ae3021eb9404fc716dd8f4810f80a3415aee7aa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 903f45d2cff93c59a0a3646a8168bf3f
SHA1 c8841c18005d276e3f494d877ed764068fc1fd9a
SHA256 19bf7c80e79c105b2a2cf75382361db9dff6cfc9ea64d5687e60c3f02c9c8d19
SHA512 f737e6e5136a0eea6f17aae113792e1806ce55201c2cdfb8f01939d07cb01b3fdc40d81692fa56e0d7767c66470a5513986e5791fd800b599e3e3505611a9f74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 d5e1f18de2d5d3bc58f645293723b6d7
SHA1 34e7c70d87e3e3793cb58a99ad6e7a50a506f09b
SHA256 307b82a6eeddf59638fdb56cfb1e49b31492e6721cc6531198d965667bb01b27
SHA512 106b87bc802ec6c3cebdb9d61044035008c1e432cf59b52a763ff941be7d1b72f239fdb654fce3af6beda0a3f2e1cc734ae836fadd2c2acbe3069302cd2c6d5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 3945eef83d31d148e0fd97821cad413a
SHA1 76b57b7c5eaba11cfff7825e4985874beba61104
SHA256 a5d5f69a0ac735f9553c5fd45418b3e93b4d640f1636688a44cd5074f668f4cc
SHA512 ae329e40e62e6c158068407bd51485dc16c079486f849c1b0987d74ef3a30bec94b30d274a886225a32e10e6753c726f28220363b469fe81831295483b906821

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 8e35561d3762140b2e00bae6a9d5fffc
SHA1 06d588352e89b04fca928282a5f65866f6d80cbf
SHA256 4f0e2edb94f2dd974f5dc2d9162a35998a71d60ebe17fa08bce101db98ae5945
SHA512 d33125a829e61d767b55649703f9ead3c257f2feadf4b2cae711dc06a29e6a628cf339fd7c84ed824304860df39f134a7032f85add218c6c83c456636a248702

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 0fd9c1ab951930a4d6d6c3d3a8953166
SHA1 6fb4823a055da71e272bfd26d98b541d82613f88
SHA256 c90669dc68076ed3dbd5aa6c07b3bbee9cce1034f615bf417941eedc21f18c16
SHA512 662978750d23bd961ae04c82200ac5d6976bf4b00e9b0eca4af75cf792f87aaa48e08130da7da5d097d9ccfd8a0c51afa16a2331fe9ac64609411b6755e7a369

memory/1324-5672-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

MD5 fbd4c2df6c5c2ab5835cd08f5829758d
SHA1 9f4ddfaa840e2ed6edeca90000c2c7c815ec9865
SHA256 204db55a920386fb98a9fa53dca4d04aa3d8bdb052fef42a61bb38a3c8397d21
SHA512 3de05ca9c89dee974f7628105aa4474e6087b960beaab5d2967b195502378a6c4fd9df03ce97741979d4aae6812907787d6d27779c550bed27f4f801d1f6b316

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

MD5 071d35cce49b538cfcf2a257d6b00619
SHA1 471831b32f9accc698f7999933f58774424fdf89
SHA256 abf73503efc958473dcafb5e7e4a4f8cd09551473f095a19dd65537661b7a1d7
SHA512 104bf6bbc95f42f2fd774b8e855821bebad11bcb55766fa6b85fcd1d626bfec107dfa0b0fa06d7d97ccfbd337a777e6d314cb2f95187fe66288b567776081b24

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

MD5 31507a87c372f51e662d282cddc35186
SHA1 05e53da14adb11daf7e24488b9ed124521b6ced1
SHA256 8dbe4cd9db3ac2b32c40ba30703be70c5e40949d877e5fc79d67614edbdf8b34
SHA512 29b54d5d2cbb463bb7d013275b4e02a4a6bd9bc32479185ac29c68c79f630349b670abdc81b6d3736df20cf789a0072d0e7cf84a075560996d0b0cd2779cd650

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

MD5 123a56afcdf920e01869a7752083c86c
SHA1 20fbfdd344a3b3e8b2da07e1988861635a814dff
SHA256 56775989a726003d15eb905c76e8925cad23edeb11fe874b7f0b68e1ff0c1190
SHA512 d8c550531e5cc4fc2e8ff1fcd73b45c1fb15cd5dacfc8f05fd4203c11f98911c842dba42444db305205bf5174f7cc427dd03fa2fc15bc8303635605a25b88e79

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 a6ae4b7410504853c71f4a971c08d0d0
SHA1 9d0d598d7cbf56a875cf6aca750e457f7bec9de6
SHA256 efa7107dce20de7065981563637a01c010ef7e940380d0a99333a134d60252e2
SHA512 eef0e0b030aca4583a1efa3a5453ebce8fe2f185323d0ac2e171bebbc3dbdcfbc0ff4c0157763848da03e9e8209e06b3c83313244baa6dd53f34796a083a6326

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d1d7ac62bb5075df17eaf56eed6febe5
SHA1 72fc3610d6b53450a3eef4ddc93746d375524f89
SHA256 a0ae8eb5cc2b1256769933fe525c47765f49784e0c9ed00c22c081d31ea712a0
SHA512 d7abd1ea092a99ed47b8d3a7e939e3afc3f74a83f661d9c30e373f64e8bda3285a474c51b8a7c4c461e26fe74709faab2091092af6d768acbb6e6a2a78abed2b

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 947a4a0fe815441767e049f70143f8f2
SHA1 1524f8da80a0d71a84ab02a9a4e6df49abeee48e
SHA256 7cb6ef44a5809befcef4265c70b43036bab92e2c2e9d4e17718b1dd4a8cc0c2f
SHA512 76dc58f65aeb05da7a5f19e5f4f6f81913eb65837e268a5c49de783f08d267c74486f0e9987f820fdfeba487d3d4f14aff61856755b852b3b0423dc6a13831f5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d1a791029b83d8da27fe43a35279938b
SHA1 b2cd78117984a9fc813422d0aa21fec365b96d33
SHA256 0ddd3a0e112256a87ab18960c7ddc1a7586e3f439fa553796fdc6a03527d8e80
SHA512 432c107595d4e6accc440143f5df10edb20e1bfc399962c138f80488b55ebc948cbf144f1ee874a418b39dce0dc396b07c8e3dd45bb06dc395372927adf6d191

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c3045c4ee7348bc98228794be872f497
SHA1 3dea5d7fa7784a05ea29cd2ebc8c3b779a90dee3
SHA256 016e471cbbdc1abc6d3ae65f034a43165dbbda8382e7a0698b917c811eb3f7e1
SHA512 b0959331adfc5116b92da9d6724300e9d43cbc439cd01263d96c6aeafea3d1dee5f0f9b07e180f928d009823e44a4d7e4c2f90e6723498431205f0fa331dcc9d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 ddf1a5fa2827b0c84f82cd276eea32cb
SHA1 da7561a6a6b6344d84c9411bdde50332384cd37e
SHA256 6dc03d8081c0ca8f8f9458bf6c9eef5d0d02c617349c305538d32276280b6d0e
SHA512 42d52c6bc8649b44da6b5de0af93025798c8310aa6d55ef4b69bb969b3e1ddecf0032dc3844f71cbccfae30f0bed4007814c7a5b9874b0dc6b087da00c21d4ee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 d641e337d80a94b8fa44d992bf3891a9
SHA1 c7f6f20881c96aff72cd0e570a191d63ecbab0ba
SHA256 9a42409d49df92e5250e6b6fa348435ee413014202983404974e95aac96a336a
SHA512 18926d3827696f32db8139bd6c155a95c9c62328b0074b584ab2911c8e33dd7554e39607430713856d8ba13fa2afe94103b7002e704e2a228f8d8c2901a67638

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 bdfd7b4496dcfa51859ffe4b63693d18
SHA1 7aa3f0fb67ade65669096b972fd7caef887b7d65
SHA256 054386416c410ce1055b30a88cdaac18ec3ba219a3a16a03dc1f043cccdccfe0
SHA512 96987953d23d83a8e6fde9b883a006befb53c1a2a9e49bbbe4148ccdeb715933340f9abcafb485583dd5c0dc48dbd03be13a43e01fa8ee9f4bde35f544af59fd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9ecdd20668c6d92185a03a4f79cec53f
SHA1 5aaf6d9d606ff80c51a8a58fd70e23d43ff34add
SHA256 03647040afa09f73fbcc7606e33eca0e99426d583c63460ff6dd6d27950fa2e6
SHA512 7d11ca04501ccac9f61f0604744541613d6c36c69a03caa9979ef5ad4317f11a1e73128feb7a252e33de14f261179cbfbbc4fc3917edb349e270ff00d7559353

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b829d80a446a52752ad96728c90bd0b7
SHA1 27b3e4668ee3a5864efdcf5127f226edea55f606
SHA256 d112c262cde2d05bee9669e90630eb132ffcd58e65f4b52aed4503852235cea3
SHA512 770e372d0e552db094a94ffa84155a62ec9956d297a9a5dd8a47639aa7f7c4269bcbfdd54c0e2a0113681283399410ce7af95ced5108d87dfb22a8968a0c68a3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 447fc7255ecea56cd576dc22f946bb21
SHA1 6d9171cd906bd1908116e444ff7a56c069415b36
SHA256 399a5d950b6eab9865c2fe0cc4832ebd78d72a29e85e5bb2fdcab8b93f647ca7
SHA512 a2078f7bd33cfbaaafd1612cee506bc5ef8b91757bdd9602d344ab21d703cefb1e48a0674d32044a3146817b7a827b696d16434d9e334ab10f8306343a7e9793

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 dfc4f34c1c3f1925a39af4d3685c74c8
SHA1 ff9f153337c65fe8ec4bc8237d99be4673d52222
SHA256 fca71752406b02417ba52300a3cc974cf069d56cd88e80107e4e9a54761379b5
SHA512 e1aa4ed2a45ade225764b3c54381b2aacf0f075de92fd78d013a59b8c22e4f0c2f6ca7d13aa7432907a1f7c3c0f1e1d24729eceb6ac12d14a240e0339c5fd4a2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d4ef2734e289db09136ed25f79c5fd28
SHA1 f99602b7121f34a6526c4dd561653140c40611fd
SHA256 7023371f6dc55381b5f9682e5309e3cc0509f5dec6982152348c6eb649489474
SHA512 0b2b84be8f63834740ed0cdbb1a32eebe296adf6fb381741bf25cb9472595d8dcc8d8b4982168528419c717ee345d599d4605a3cfa8ff45a34d30836c658747d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2a12227b497d9d9c58661950282a7f28
SHA1 d63279e0cba6fb04cc28b02ccdd9a3d9f2b9c99f
SHA256 1cc0dd904ad1f4888cc8ebf2f78baa3f0f60762f5f9205d1ec60517e7dbfd0e6
SHA512 2c12221e1770ae6ee3f32de4385af1f78c176e4c9478ce57ac6187fc214c668050e18c964c2ee5dfad48c481b304dc90f824cfcef7dccc5b0c7dc423b3f22f1f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 36a7bb6283b9ef82cfe7822b3fc80a1d
SHA1 46819f405a5f6231fa719c4178348a4012978ebf
SHA256 8174f2b565c6a828d499bf3f8f294f2530b2770ab7ad067727fabd6c686546a0
SHA512 35192153895515d8ad9581b05e1f855f0fb6d1cbaa5aa421e5f1d996c6ef15bf60f68ad4fab3e783bc5aafa6f42fb61d0f32684c61287ebd48e70fcae1014aef

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 61671c37080b9364a76d0901c194b7a6
SHA1 6635d66aa6f33e56e8df3dc611efa23d48c1f74b
SHA256 f0b671cc27027192688c9cd545e80de3e047adada805ac9d8f417096d13a72d5
SHA512 47a0ccb93f5f5a0c44a78b42ee370d280d8efc07385d6d133c5fdf359a81938d9dbdb3d9487c5494b682fbea4f102961ee753fa477414f9b7510c741dde82254

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 eb883f50f5bdb5c058850d06d16ca89c
SHA1 da06d1ec551f1e67a118591ce04675b4be8fa782
SHA256 ee573a202d86563ed98b874f6a511338910f7cfeab46408d4b7637f645dce92c
SHA512 96b2d3d23b6dcd82f5e9a330f5dd73d7b80a8ce2ed741dce25e46a8a5b175bdd5eaaaecd442225d84fcd3f5fb176e0bb76e368c7d195835b55e66ff9d45255be

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 381f4e7b18cc3bc148cc5167256c1549
SHA1 cd8bd17501d3d0a3b5474b46628ee940b0fbbdfe
SHA256 074387eb8cb8a927ceb3ddc276c263b68b0e20287dc2d14bb7a8a395fba3ce48
SHA512 304f8b174544181fe48a6a86a931afdff47bebcdde232e8c12181ef26c2a3879b5c8f39c0c9a011403a68805bfb63ef6d7cd07d2dc3108a3cea1429f58533519

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 2b2a37d3dfdf8103cfff5656d76d8fdb
SHA1 a58e837297ec6eb999019c3dd1c3be9fb798d00a
SHA256 f96cbd181529787ca4dd012b0f7829640bf04ce28f23c4a24193bc5178ee8f90
SHA512 3343ca22c3f17ce8e19456c953e840441573f3fa460731d1093c618db73951dd3276ba53304e3976f8bb48fcfb5f1f39ac31da3535f921ff31074fbe81bac86f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 27273d8e7aadb7053bd3210ca6aeec48
SHA1 258507ce7cfd05a17ac64501efb125515afd1173
SHA256 90142258a448972a34f3cdd444255f4575e8f0a38a145effb20da5dc2a24da1b
SHA512 0fca1b363628e10100142b83c6a21eddb939e2656417d9ffd815cfed2a45e45b8597e238f9de88f22820ea9897cde76fe0127929143c1510691d6192bd7e4f05

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 238cc1d5e43d13c549485348868a9bf7
SHA1 a5c4e86e769c657bd1d8d33f6f30e6877f676f85
SHA256 73ab39777f13f27b3b5cbf5be1cf49d65f0a7c82727c7036d05f545b00dcd159
SHA512 f7293d9cca5c849a91ca4ebfad4b2cc92ee37944e513d95e3402c4e053750222682fce5b5f37f1169d4b6f1a7d756ac6608629bd10fc571a693ae603ebd7c8a6

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 08f47d182694c2d910cefe47a6ea0aa5
SHA1 f65efc484fd55492a65835e24cd0aa45b28b8898
SHA256 5da8bd196cf672f6ebe2e3e01d285b1a25399076e9806dcc30cde53f17e2e4c8
SHA512 8dc74b0399d9ffb586f573537fce6b761327d11dd2acae9a8307d420e6dbf816a881301e1bbb887cafb0cf358ca603e8bdf04c1ce80382b43c8ceeddfe43bac6

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 54ac9e5dbbcfa9ed887554e85cdfc94f
SHA1 07a0542f0bcb6e696701f21aeb094e62525761c5
SHA256 7e120612d6f8f4199b028f57e1e036208a75ad804bbbfc39e7728b13ee032563
SHA512 9dad6f457e220342eb054e05e6aefef77623d09db06676cbd57db270b0f98323a9a72c94e37753fc49714abf4dd81197a98725cee0a8625895a7484a24c675dc

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2b7b66d45fbe3a127b4ed432273349f2
SHA1 5f1a0c14e093465b931e55922c3bea6e2bec54ed
SHA256 d33bd0b802c255ed8c389c160123dd2447dcb869263509d8116c8830065750db
SHA512 4d0aad42756c9796f4c3ac7f0a8b9b8b87b5de175f41b16284531dad2fe5f1785b46eacce93086f1c3e0c6343c8a1cd870e79dad79699a2eeec112ea1e05d1b7

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 843928183e7b5ec9b6a5412dea451fe7
SHA1 04db2bf16652d7ffb03519e2d15dd2cc956d2eeb
SHA256 050e7d3eaa8a013fe67b29fa6f50610968528112e81afc3ee4a0098988c3f9f6
SHA512 631e6156c6038426c8bb8805ffd16e5ded138a2b85c9008b741dbd7ca8ada793ec48a0bae86fb5edfc2c0ed9c082faa601c5ca3865c3f8a5fb0e9a66a5474995

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4013426c30b553061e3baff42fdc9797
SHA1 2af33488bb50dea5bf75cf066bb25df7656e7ebe
SHA256 55e3d02d1407430d5e9b5228f3347151974df6069bf8bee7bf0093063f62ea27
SHA512 267391abb5eebda4c461c63a874a5335c52f77e36b5b337774b68a44b1423e1ac667ee7e6d8de09164b7cb1a1caa50a8ef8cefeb648d45a0f6441af18b2b3825

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 e21e839313d0e852431e806d9767dfb3
SHA1 79b39b7306183f8a578eb308b6f18899f35ed6a9
SHA256 1dd4cbf24164e5da9b2a3641316b4beec3063cc4e8e5fcae1c42eee25914ef66
SHA512 aa25e52bec755870df4eedeb174591000a350d6fde7bc08158c3fc47c527ab53d020ad64d44825effa4f21d233e8447ae08f0de29de165ed89a8504fa3a99e80

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 60c699fb88c6c52bf7f8a53ab5358e96
SHA1 a78ff3f9111a8180b23ecdfad6f15e014bd0b805
SHA256 316d60c8168480ce613687fa8790142171666e9fbfa199e43166b54fb3f8dc30
SHA512 46b80dcb68334181f71b6296d693e37c755a70737c46ec149ae4b485a7c201fd2494c0aecf085ebb399274a9259203f0726bf39d1fcd273e0a468acc2d3ac99f

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 2202bba15febf24c32b5f7ed4a71dc27
SHA1 9a32f6d5e333c5e8a7dee720711e9a33f5ee7d16
SHA256 8ada005268c4b2fcbb4f585f92f331d91adf804e3169c700f4cbaeef6d427a15
SHA512 63ded4f5c231671c5d4f301a8a9eab2173f93d6ac5ffc6b0f0e1cc5d9ed053b35e6684d407ba222c647d9c1cff10014f2e13b990bad9f7ebf6a7c7efc5a30329

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 7118a2ab5cf429c2db4381724eacf2ea
SHA1 31e82196d2f2ff89548b52e82fc3e7b3633c115a
SHA256 52989b4a84d9b7dccef273296d70c7adc7162710a7e471f318db8d3259be70a4
SHA512 72182fc92de4539c721fa6e9802cf6b4c76c4691fdfd4ac6dbc5f630a1e7b9a25bd00a0202c9ba8d061b4a2ee748b1d762cd74bc4834e13269e1ba626f6a096d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 69147f7bbc5f138f29df322589513590
SHA1 2e37b80a309839f04a32872407bb80fa4fed244f
SHA256 9bd532ea9a60f02b001fb3fd7700c856ee4ca1c24e44acbc49c3c3910001e9ae
SHA512 c3bbe0b34ab79e37f9dae047f10d3d4f31ce6762d8ca3d3d58a3e941156e20fb59d0da7709c7325b9fe5421b336d1a3046674589a43a6331120e16f0ed649f4d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 9fc413b78efbbb4249c6665604fada61
SHA1 fd1e61bd8f655ac45a419155ce6dc4bef81f9a49
SHA256 5b0f89ab29cfa27421a7bec97b713ba0c19900f0f34a5c7806823410d78b85a9
SHA512 de2a69d4baa2f0bf462a2ae6efde78fa22b24efca5b0fa411e32ffcf2ac3cadaee8210b3dd3370d4dde2a7fce4732fc9bbfc057ab3234037e6a2a4c9c23f325a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 c17742caeda939d769b01fbc43f068ad
SHA1 0eecd1ca1af00193d8833f32052e33a11ed50d41
SHA256 92fb5601b08a53ecb2def70a5e1049860678d3f2ffb06e84b851b8bbd3bf9f40
SHA512 673d253520892b420191c39f0d79d8b66c76c77802a4fefe708fe8440523fce1f56189518a5f4731518b3d24072694dbfa177761d1d871a94dd5f064220fb40a

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 c03f930ddc9b9b3413ce0af06cca5e79
SHA1 50b4866ff239e398873e3b5164067ecdc0ae108f
SHA256 edc4c30b47d0781d9413717236067aaba34ec8669a5b16d522f5cc69150b85fd
SHA512 87672dd5047deb09e11e7f346d044755af4c36d07f2c7a24315edd6e26153b71560640c6c823e68f66c4d188cd97defeb7a573b019759ddb125d095a14a32c7d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 d1c22fd5f14b2f10815b1bb1b7f62c26
SHA1 7379240df44cd55213ec913eba628de6927e08c3
SHA256 8235594d7083da47af826b5823da2d0dcaa9da73acd512eb68da397caf7d79c0
SHA512 f2af7546044b9a298ddd215b5a4c347d63ddf5680ebacd06f1ee13a369f6401ace149724ba7d524ab8aa1f1f05fc4eaf34c38a9bd799014fd5ea49e340da0fe5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 d128c617e16e5d564ad0a2eb77dc765c
SHA1 9666445145bc4caea26f2a157b581a28327ebab3
SHA256 fcf9c5c4974009df4c796bada2e0a27b0a28975d77e23298b0f0d7b0ff27fca3
SHA512 fdb46c43770bef036834381356c8cbd038125ed75487328f634712fae963f4b7ad43f5e4d3c3dc531b7b479050032758a8e31fd23c3468ae32bdf9fbb8e333d2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 adb5a2d847ad898ad507eb3b72b1361c
SHA1 ba9c05ffa44e4ecd4c3415c035da0295afac1b15
SHA256 b0b893640a799957f2e86896c234340101bbbf73cca661fbb8c8c40b60f5fa5a
SHA512 80a509ce68ae8982ecf50e7c0ed237f563e06980f9e0123f3df25f31cef7a6b83699add5a8b24c5f9df2be842ca9584bd8cd0dea1a664b29de8444f7028131f0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 966fa5af0ae1e6d8f6b8304c7ac640e2
SHA1 f0caf26cf4cba65b751175560e39cafe7f70fe0f
SHA256 f82aed72398d9bd6b34189de810d71539b830b14d8966bfda8302ea93d6232e3
SHA512 a274050cce5d7f5bde9053e8e1e0af844a6790c7f5202f53d9e77ef54bc18a23fa0cbaaf387fe39b7256d75f7ae50c26c7f0dafea4f4ccd58fe79af7c5882758

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 9baecfe6c9b251d3b115f1a725eae1ee
SHA1 4d50835d492a4f8267d3a7e66d4a092c05a3537f
SHA256 b1665fc5f75cec2b62e6f120ff81d52c2412769ecdd2e9aa21fd11d50210913b
SHA512 0d2ba2ec69dee3c04029166bfa4aaddcb793f6904fb0592ee7d70c3ae8e4f914550b5dc66082df1d9454e83818f7aaeb5c3265fc6513238da7412d7006e63bbe

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 4b0cc2eddf6bab914b4fde0997ca4095
SHA1 c1e711f64121cb04a3070a0b9f806b09404572c1
SHA256 c0046384eb1ef3590be6ec56de3adf8dc3a078a034620487215011c23820bbf2
SHA512 ea6823abfe64577373e064892675aa2948b82bd47b2c3516d7435136f0a5df263cc67cc3964c129bbe3e86d474b14268fb7079519d2298c52a5477e13f69f457

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 5de531d6d79a90055dfbcaf241843978
SHA1 d954e493df6aa34c7e8678f606913f01bb9808f3
SHA256 8fd1c37263f6fecb73c272a4180771b3bd9bb8d1008aafdca9d995f91d00d5f2
SHA512 2bfafcbdef9084f500a64e924c2d09804abee56841c9f1f41dffe9c6b4648b9250dbfcee467fd0093287e6dfc6c14086adf996c325cb0f4cbe01264a55c15a39

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 95b64f26d14ee7ce9d483213f4e24833
SHA1 ae7f2407833c7b3dd99a95d0bd80062511ccd515
SHA256 eba071f83ef900f7c50999f6277da1208f0a8cca594ce6cba650b36caa91a3ef
SHA512 e9d0c5b9ab65ab5e4aa36e50d553d823069f1d9a27119f623a425d907ebf4ebe24269e6b84ef69aeeecf6cc4fe30761da1e921e1f890500e38328dae507d9a88

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 3469cc6d423846d95f5a1e60bcc7d064
SHA1 baa29d067a49efdbacaa6ebcc14152e888d4dabc
SHA256 d87046f91fdd8346dc0bb0ffd5bf28d0f40a1f0cc74dcb12d60f3ff53253ffa4
SHA512 76aa7f4b9addb38adf6dccf5fddef2ced65c1845859b2eaa7e633dde15ff24f333ceee9763352fe3c50c860c14ba6699293612d72b6f7382ed26e0a7e5300095

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 955eaa71de7ba005b018e1a2bbf04478
SHA1 0d139a555ba3f1295de133b1f6ce9a4d873f82e6
SHA256 98e8b304f0ff7efd7671209d6d559e95f4df67f89735a9d9d6be0a7ce4840fc8
SHA512 7bb6dc558942dd497e04030e2766cb587adeb1b493b23dc89da6ccaddca9931530ef77a64e9dd7fdb402f3e08e3dcc3453953b19d7fddde86e4e38cc8ea6a101

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 06b120f84a074984f257242b0ea22360
SHA1 d5735e05d5e3a9066adea25eeb7e749f214a874d
SHA256 25e35f2a733c7c47c54ee308a34fd569f6ea07008b4c4feb7f92e1577fe7659f
SHA512 a04b54ff4b06d5c6d3f396d34f55a19cb0bc376465c1f454b661ffc1ccee020a0c1e660d92090ff8f3da7d913d52558896b66fff6f0267e571a461d95dd01cd1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 041bcabd88fedd76dea27840564c27c0
SHA1 697f3808a76c8d8f39171c055da0904b238ca2d5
SHA256 31f3d7dbc3e516bda4d18bf47cdfa25f697dc499526a94248ffbbd964b8000e5
SHA512 4cce4adb4c893ce9a9ec525414f3fc6b5ee6a3bd27da82efb8106b8ab5c05c4c1a633763641fc51eefffe61f461c1acd4aaa5ae253db61a92fd5147d19f816cb

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 b1208bec6e26f37c08650dc2510a5dfd
SHA1 0af8b7c867ef649cd0c13a1efefd3c3b6935cb38
SHA256 04d54c34d946bec00819a083e5c7f51ec90a0ad1199e424427f7ba8d01882f01
SHA512 5eb462dec5764e6fd7b734c2e439ae9479108de7761befd2a0aa64d8210f1275057506beeb4020eab188d0b06d8858b2f503b6ed73cf99cd41019f48dab95589

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 cf582936cddf12c149f31624f154340e
SHA1 5728e6c0bba0140b632f0293ac7aee8369b0e5b3
SHA256 45eb9caca68c5c00aaa9fcb477309461c17657c464753356044f321709c0e96e
SHA512 b4defc8ecf9abb00a50168ea8c37397fc30457ffe176a5e266ace08b8fa4c0a13f1d5e96afb347334784d3298bc9746eee322e0498617fa154d721bb2bf123de

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 e1e23a7a9a7f8a951eb14f12e4fc15c8
SHA1 c663c5e0c2def7f1be7baf2bae03bfe93835c4d8
SHA256 ca395ac67944aab33668b4f0b3a40a73670a9f976c6958cedc857c02dc597543
SHA512 547044c92e3bf1d2323ab632b3956759d14e47420d8cd6dd1a2922ac45f3e755d469b23bb5395ce24de074a5f105f5baaa398d0e64b9962d4711cfc89063b8bf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 71b1a49917f3ba8b60e10386e34b9a3b
SHA1 df4bb2122e699b7da8e355b5f5e5405817fd1c57
SHA256 02c3228492f63d914bf7244688e7a320616683d1582d875b09227a058f2ed5be
SHA512 288b2bea79f4d2f7f5d9e74f63c4d89be45e2969bc1b71cb35522804b0a817654edf2fc9ebef88c0f8c5354d0c6a5f394a7d5f8597ffc83b2a59852aa604c8e9

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 c72b64ea4c6e8a7273c2459c3271fe53
SHA1 3137fe5cc4c078c037585ede915e28858284fe1e
SHA256 cb247cd49a2c1f65710de4b9fd04dec5aa8d76cbf8f397267acc82be8080fc83
SHA512 e88fab00ba78c0ef3fba3248316ad318de8ee3155528b636a6c40f31b9f704dcc6573272e56a9b09c699f28c3bf5dcacf0a3d499dc4308223245b2be1e79321d

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 0fc688d458014d162c3b97daa23ac55e
SHA1 26c5423a3dd296d121acb7eeb912cde856606817
SHA256 af29270a67e71257452dff1d9fec0a02c90b6735cdee172c0320cf24264b488e
SHA512 1897ca814bd7468e11451153f573ffa92d84e80a3acdc00838f452b2ece3ee102f1f690b070f6a06251c474d292b0a4f9f12e626c8becf3c973b670ac424b942

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 9f63ebf558d21c3623bf8cbd9bfae797
SHA1 3edbba76ec350e923d687a054b3e8538f50a537d
SHA256 1dff039cd9f754c91681d68b4d290a2856af4108f20c9b76188062ab1e176a78
SHA512 9c609074da8206356ceda4689c05cb1abaf208edba56a51f92bbeee9028b00839315cb9b2e7128d51607bd1555c94ca9095796ba3f22c68762f54efc3c94700d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 751c8c5eb89f19bc41e33653674b144e
SHA1 7ebd6a0041f6dfd4c94c047d48da0317556a3020
SHA256 54b3385c23f724b4f1fdc0050268feb194fd43262540168d359ca32345428390
SHA512 4a05c1c31096aaa5f0fbe9f36711a75fec09f0abe117ea8e811120bb5affad3b2f2c21fc023abf2e46bbedb57936191703a1d188ed15a92f20176514fbea62de

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 51a187f46e4780e91bb607d022cb45e9
SHA1 eb64d93303803756fba5c7b9696cd760fb11ef91
SHA256 756c92f0af8a4bd3375915425ebbe70d378879bab04aa7fbc3792e2c27a45a39
SHA512 12a1f947cf5f480dc3d29b47619e3f4f6a14a9433a96be3582844f984e87fa78a3ce48161af970969b4a8647fc3c1f52e9dd4d24f73b4137919ea9649bc3899d

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 1183ab91fb607a4272d355de3dcd647e
SHA1 8e016207c870a3bf680b2d1f9ad370170813665c
SHA256 cd4445dace6c05653c61fab3feaa9bb9706db8bfa534ea756e8a129e5880af77
SHA512 e1cbb89fbad21c7b707359674e052cef0fc4485b2b6202905f008f57e27ce709b02059bfbd19c857db9595242383e05a448dd96083f8a68fedff42f43fee88cb

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 3079bd6e7c3f073a7328a62fd573d20b
SHA1 e1bf3e8a8913c4c18285248fff2ee919d02ead80
SHA256 ce049a68c3c5794050046461066f835b1fc5a18a344871b1e369a1030be168d7
SHA512 cf979c0b5418557e4a9b39bef2bd14fb07058587f84bbb87506049c51ae3064e2790fd84a575ec7601279b3b928ac5a8fe041b304cc0f7483a8e56ccdb583174

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 869ed21f36e9df47fd51f80af210e6ce
SHA1 a439eadeb603fd6c6e368b586192b99624ae9679
SHA256 738ad46ab186ea022bda81063457cc78af8037bedf3da110a937c29b7edc0cfa
SHA512 3f9d15aa7a9af83b53d0ac22e7268d70eac5512640894c561a6b5edbdfc7462202b1313daf3cd516737c017ca17b05603e1a071823ad3920224046f805d9d32d

memory/1324-11305-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 02:12

Reported

2024-12-13 02:14

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2214) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_WS-Management_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Quoting_Rules.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\ClickDownExpanded.gif C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc303.inf_amd64_ja-jp_b0dcc6693f67451a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Arithmetic_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdmvsc.inf_amd64_neutral_a2cf745000e2ea92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\Windows Feed Discovered.wav C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm005.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f58109fce4573c6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ipbusenum.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0dabd93612b32e3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..stant-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2ea24157ca3263d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_e065b5e1703ceaf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_92a65a18e6532ae7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3dda7497011000f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dc11668d590a14f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4b6af585fba8a1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4441094abf1c13fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..splay-cpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_94814dfd77f08539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\inf\.NET CLR Networking 4.0.0.0\000E\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4419988711552355\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rasapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b49b20fca1133b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_67907df25245514b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnxx002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4d6cbbc8e10bed65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e0a6d881e7ef84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\Pets_btn-back-over-select.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Stucco.gif C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.wsman.runtime_31bf3856ad364e35_6.1.7600.16385_none_1e4e50354e5b15b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.1.7600.16385_none_6b3984a4d9e2684a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_6.1.7601.17514_de-de_34b70daeb9abb188\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_fc675397c4309dd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_79353b58b35fc1f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..figwizard.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4670f08fe8a98da6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_dd67cfae8586b8c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd09f3344310f0b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e74b416bedb49d7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_210cfcd024bc8621\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5aff93fe857d5dec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ac5cd329c16ab53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2734423061a0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c347d344b4180fd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnkm002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2a5a9b7567f974b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_86558b2879657e41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-perfcentercpl_31bf3856ad364e35_6.1.7601.17514_none_66748f1a52774c2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f10e1dcdb94c3d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_423613549dd6c74d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Speech Sleep.wav C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7a43d94b3ba04b6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_774f231c5b0ae344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_h.png C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_bff7ecd2569a521e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bac34d28499c12e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\DeviceCenter\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ctx-directinput-cpl_31bf3856ad364e35_6.1.7600.16385_none_ed74ea7e48da75bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7266a173a5b0605a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..chrecognizereng.ale_31bf3856ad364e35_6.1.7600.16385_en-gb_e3a447542ad2c5da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.manag..netclient.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed73cf91cf007c56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_06d626f19699cea6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Windows Logon Sound.wav C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_stexstor.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_77de2215ffcc00fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d77998142ec36c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_WMI_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2642d40f9481d427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a10d2391378d5e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe,0" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GWFLJHONWDGKAMP" C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"

Network

N/A

Files

memory/2112-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 69a98ef655778f1cb3764a923acbae80
SHA1 22683321e95c9a631039d15fc49ac5d3e639ac54
SHA256 2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512 610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 f88492e36b3883d0259c4d5ccab6bc2b
SHA1 60f24fd1b969e034b9eb5477fc1f50233a5679a7
SHA256 8f6aa5abe9e5dd36bb4d91b5449898161cfdbb673b31efd880b980c03e4bb91b
SHA512 ceee5d62ef357cce14fbc3bc8fdec3337fff47a4339e959bfce9fe5d2f14f10d206d6e8a3fb29150a910566b80aa794209d7e4052db0c49b74a7d9661c1de926

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 c12c8b0fe235be625aa731c93175d08c
SHA1 240d056c8f0ea58301216755b30428551ddb73b6
SHA256 76afa9785ba19d3db7657e9b4ef7f359f9cd3b6a1c6f7abff68090489daa9245
SHA512 5240f728b3c3e1a60e732d3c51d94ff7d8bd33f83fe1f97bc77f6f477af172663be774b379397edf2ff48613daf1b11ed731b532c7fc8ba4a64b4a6542c38a5c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 ca828abe1c014fd04083e16d5bb7ae10
SHA1 0836c51a70ed64467d427b5242aabf44a0d6718f
SHA256 6bb80244beddcab12880be0b4e817aeedde94a9bb034a8304b68104d886690b6
SHA512 df4944dbeb6074d87f8442b4156637cded931c54d66b434102bfb747b581bedb3004be89b500a814536be7c205f6be0d44afe800edaa560751e5692bcdf6c36c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 db0873133a58f83f5d62efbe0c8eae5b
SHA1 d6319db8eb820594a375bc2a9c2490e1c511d743
SHA256 72d6216bee8f925380b6cd785767e9e278fa1f3ad178c734fe48084149b7478e
SHA512 37b5d73abd0c63cd32e167c67282aa99829ee348b9425324dd67c2b6f97bd96804b508e70ae05d9680f604804c5d82718ee93f1d8ea8cb966f93418f857d990f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 045fc59eec9da5a18ce393fe523c6e3f
SHA1 ecc15bf2454831dc60dfe3c488afc6f70d3e87f9
SHA256 f2853a7c356459f145e1a37cc017418c2c29f63e688ae01358b61aa33aeb4a28
SHA512 8f0cc74a6e31c1ac253cbd84864fe045e362397ea52774f0cba19ba9178b99437343227c4af90973b4cdbaba5b6a8afd99a15ff6108b138d1ba971fe682971a8

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 a5057774738214698befd293820041c1
SHA1 b030b21c9b9919c120e75926550f24b3d330c262
SHA256 cc582e68e25dca99ce80567d358b60d39c811980a7a57f65190f8c916393bd3d
SHA512 1817cdeac7206e3d7a7b192b99b2f9c9b93541791b28235eecb0f185e7b0b25e69d32c7c4404ef75ce7f7bbbc0db7c320fb15ba9fd7519cc6fe8b3edf9892e11

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 6f1cae205e26963c4e83325d40173073
SHA1 e6780561abdc8d363ec8e292ccdd46ef1fc64f43
SHA256 19937a8d48f48907875ecc841b7459c6746f037d4bd1d940f46cf17918b5e25d
SHA512 bf40abf976792e69c296d6b610914c478044443e74be49911d1eb09f6da8f7082f96f043ad8f9427095d354c8a6f837107b99c734d6615e4258add2b79ddc03b

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 20c5b4782f0ff56f8d8832d19b73704d
SHA1 89fb32c1d6d74df5055a13a05588bad8f5850234
SHA256 94a4bd938354d0bbe655eb5ad7c224e6c6ac93242a32a84448a67d0991240d31
SHA512 f34fab1d3aad3577381b5e34eb1633a0c80e860a78f8ee79366170264af1c0b8116c216e599a1985b5b1382a5657f9adb95c8ec798357ccfef70947fec90ea31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 dc7f17f030e2c51fe41e882f880b7585
SHA1 d883c19d7203f2272ab25cb18c9fde8bd0d7a468
SHA256 4d6a38248f1b02218a84f0970fcc83bff944dacb5497124ce784da2c8f6cf45e
SHA512 f9d853b6940f4a40a65aebeb43fac79a7d02277144312fe37383325fae4bb73b65b1a9cecb3749592aca5840b7067cca2266992898840244e26db19da702ceb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 6c89757b1f2b356999c7105c29e954c8
SHA1 d12c4802fb9a030a1e71eddb34945ae1fc3e33a2
SHA256 cf05f68c96cf366f62795e31b516bc25eb5dcb053bf93a66725f9e8bc4bd67dc
SHA512 0695d6bc44b7a48029a31886f24e8ffda52cea912dbf6c73469636a872d4b0b6a18f4adce9f69ba930f45a6ddd5647a42d241ed798b4a0fd5421bd1b22ede7e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 3d8e38780910a1c77d860785796eb0e5
SHA1 7c8fb26b38e330e58cbf2b67552e050dc789aa22
SHA256 a955b1fb4b1fb8daeff9a775bc4354c17d24dc4725b802a0c56a512b831014f1
SHA512 5ec70a5976f99947cc55e5abec635a63db7e728d863ca16eb2d2dbdbc5be3d16b5a4680867af89f86a543f36880f3cfab99576ac4aec8db7e4b6999fb8718fc7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 801330a7a03b5639a201a4ae7bd94e1a
SHA1 981f5ec751bb7ede4789e9f6ca33df36349469c1
SHA256 eae7e5c58180b267314f99a6a383479c67286cbdbdebb04f373aaaf7209207ed
SHA512 67ddb7c5cc89473ab9368af01dc05aef205bcd63c50ad55140519ae62e6cdbe49dcc6f105d36d3e0b45c70b47076f6e8d82041060f15a52e605e288090b8ce47

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 011abfa241cd312ca382e96de5aa042c
SHA1 8ee925121ed3a4544c9150c325353a577d869d2a
SHA256 4b79f706e7b7b4e06a3f649141943ff034c0033ec08a39340ef45994448671f1
SHA512 5becd3837a76b7e02957db6e53036c39122109b7c3e459fab0922423d39d857b64488ed5cd7b1f06f7154f389f2e3df22f9fc2c6faf599873ac7ee2532836b84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 1875a4dafae01485c18957b0a47d00d6
SHA1 65cf680ae7929d2f4cfef9ffb8f8b0a30dc8739d
SHA256 ec14d11f12746a3068e6c802ced78737841000e7083762225b28ce153396a573
SHA512 b0d59ae6c85b39578ec518aab24c641ab3d41717f24cb8247e56be8590f404f1ce6d965944ebc9f7636ec5624e0145f14d93ee3a3b67ccb0fa3db3b0f3de502b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 d4e9673c317036a52c8c11bafa6c856f
SHA1 c1837592abb4ac8551fc48db4ae28eed7b2e446f
SHA256 f100c80abaa784387e0cb2262826ec11573349d0946eb1f0a4b0d8fb0c11f992
SHA512 375d658bfcd1a057419fdf0b01c0fadd0207b06e91bd3a067c3831ec8b1209bc150146ad7325dba217ac1ab53796def44db02283e312f3e9034aef8ef527b9b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 fc3d57be4c87c7987fb430056db66577
SHA1 8b6c82e6bf4da9ad2f6d8ec5661f59b094d81679
SHA256 bc4979a84b05869efe9013d3bf60f336313763e3834d7ac812336fd5f89e01e8
SHA512 38f9322a681378ee3c391fdce0285daee5f59dec153852b56cca47658449eb0eba4b40e92c72e0634286b4c76d3254f898ed90dfdd107532cb74f65a56d9596f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 eb1ff1c7a89dbb743efa52bd27a6232a
SHA1 a9780667a9bc2c2fb3f4bf34dcd67e96d3a2dd16
SHA256 6d432c6c3c575fbf2309fdd4fd7581739d9dee563bcbcbd7db04456a9090b369
SHA512 95b4c0e503b94d6f6f216da8c50df64653cd2631fbba92cbd539502eae2f603b52e3681be4ceb7ee51253df22a53ab54e4072a646e666698e6be0df422227039

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 2cf5de2ae2d42735459f88aa3a4593f2
SHA1 e62e7881d49f3eceb90782a74d92b04d8c034c42
SHA256 56e351061dca737ea4642c82af3da1fc1a20ae88aa9da3053a4793e0e7bb81dd
SHA512 fe149c47fab13753cdccea2fc60d4f71e5fa1e863a6cbbb024c44a8c2b2e194f6c2b124c1d5953c3f66a3727aa6ad3575cf7dd9bb8272ad43cdf69461ea65db8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 dbc12d4d07e185e69a1a942933a5584a
SHA1 42dac385fba7fd4b99bfa8aca49f940ebc9f3cd1
SHA256 a05471531de56bbb182b0cd7656c37f85c59e808f43e4d4822de4d7e16bd9aa5
SHA512 c67721760c06577df973f00c66757a8017880015989555334fa2c1e2f88524d8837b8dc937ff213d2538f1265869f0a09ed58f49d282c17580e2db619aa26e3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 5e0382869cafdc150f164396117003bf
SHA1 44ba5133073f83998d08e30e93cdb8aa10e89ea7
SHA256 23f5e5e1f2ea8aec935d9210e944c3a0f93f1d9d82d97038e19391a66206774b
SHA512 a8ea9a165f41b0c03cbda152dd9c2e7969cb59f274b821960ccdc149f9cb1b7c9d9f24a37d40fda773b3feb28716f0f335892d3272d7bd08bdfa4bf1c2a35fdf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 4e16329e3e6a299052fa6ac567716c7c
SHA1 255477951c3914fb7976642b567e2907cd873657
SHA256 325176b13c5eb0e5cf983852d41b829bd99f27f53f76a870d2d93373a118913a
SHA512 067587e956c4b017605398931aa1ba46e731bd304bae0c9dab2956accd0253dea32cfa6efec93880bdffcf3b6faf735e8020c723e15aab3d373df7f232679160

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 685bfed5f88d68d3f90e054b2d42dc05
SHA1 c49c1e7e4a97ca80ea500b1751d18d8ac46f01ab
SHA256 950fd92ef5dc7a896aa840058ac301980b65adb61339137828f39403d134e590
SHA512 a253a3d71c4bdd62a8facb8fdd3bd209bae029fba8225b7e252e2ea806bc672b2d5e98402c751241588911b8d6a357207ff1ee0daebf7c39c660083aa540e229

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 eedd4a4e03fef7c3a4638abd4468bacb
SHA1 1a6a5cc310c59a8135c70904fc05b7ca4f9dfd9b
SHA256 77663bcc264a93efb3eb302c7d53bd56ca13c029fca9602e44b228e28bc05c78
SHA512 598465e747c5c5f66f0848ec70b77c846a551bc7cbb3707b82689f23412fe7f21fb485621e23c6c02b24a4122ebf49d5b31d8185056de9c8f63fcf133fc98f5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 4cf0a0cd7abdbd6534c28457d9830f5d
SHA1 c8163467b303ffdb6365c03e395eafb06805cde5
SHA256 d04f5a88aa5500874ee5094cdef116266dfe4fcdec0ab31fdd9c26bbfc1bbbbe
SHA512 4dcc6aa8ceb02f238a2313e6f748a3f592f8ad9fb70425a9432668cbcc73821b3069f3784107ba292ca63d6dc3c32509e313d928ae8216081be9015dca8d1d1f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 4a9ac53e54cc13c58563106b32f30434
SHA1 9b8d1a013041b6dc2d50e46d7efcaa18f2b8d5c0
SHA256 3827462f048e388550b820d46e184e54e9bc46b287cf37d9b0ae0153b9e32fc2
SHA512 1fb66824bfe8850ab8744c58f61246085db35cb84edf4e3ed119e2f62d262ab0cc8e6c7a1a39d180fe3415e148840c785e70082e0626bc0680cf144ae7b836a2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 ff0b3ca23747ccb5f43fb9e8512dcb3c
SHA1 95a265b930ed78d90c27e7126f6134765a6d61d3
SHA256 ca8d1ed782d947aa8bad78276a455a87819649a2e35799b14b4b3b230b8821c1
SHA512 a39d4efb7b201ba2275190a1683cc44824b808b771350b5b552274db2445c560e082447fb61a102a692818ac6c99709e15ad4997df329bc0068e5a240f520b5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 7d26e35fb3dd4bf0b17800d7f1528795
SHA1 59b1c6d4cc21351aa60f595358c2732face044b5
SHA256 b382e7498259452407e599bb54cab32efa0bd4a727811fcac9785e45f63965d3
SHA512 ee442ca6b845d1201c1b7e0ed3981d06b9745fe9d3ad420d3cf915222a088d0363324b27d9038d4876abd6702e8ce6e4ecf9b0cfe6a9724ceeadf8abb4681aba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 dce041d7deda95e1f6e21e35d6ecb59d
SHA1 fc6ba8431c15da64f8f2a603185d2fd79c99b49b
SHA256 3ff64ea53d6b57c2eace147b96e7a81d49def8b467bfc3f3ef9b8bc4b14a2a1b
SHA512 f1ac2f782d3138fd4117411c3a4f03426b4580ef46d0b1fc410d36f47b9651746f84f5c0129beb44c93ec234a2dbb43ff15472bc7d4b267161688d79ebc8a258

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 8858bb9bcec3ce2bd7a279a74050c1b7
SHA1 793d8bbacd9926a939a1513af24107c917fffed3
SHA256 9be7fdf904d204d3b1d8da6bc57cbabda2869edad1cdb0547372f75972dd4efe
SHA512 efe1dfe0d16f84dc1215780df083d09120b339a11c173e03a1b89ddf85abf925f2001b5b2a7b3a8441f13efbefa8eabab6981a70217108f18a2f87351049615f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 1dce8aed94bddd4cc091b99d748d712d
SHA1 8aaf27d7d6eef1530d0884052e724af3bd1e6250
SHA256 c294d5a2d46840886e5bcbf10180b516d452417cc303a5982f1e5c44f0704004
SHA512 ddbc03df06e772c63dfbb333f44a5e9950a318d457fc023e9d2878b3fd829c0e8455aca7eb74cec7bfa0ffc2263406606610804f3cb43c7e4589852ab12e4d94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 be303e48eb7bab4b1f2603e6c428c31f
SHA1 397e45f77944a6de76d9c02f78ec8bd98f2f1242
SHA256 aa9486bf22ce813781a23139a523602e3a0cbf28b358a3175768de0279f30fc4
SHA512 70bbbb006aed09ce68f7154548f6a711c3275dca5512d4caed39494e04170ea3161398eb648057896f1784f44b145054381eca0fe0d68bb7885964a1c150212f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 98ac54a6cca6bcadc79d0dd8cd2e740e
SHA1 367634fb521e699660dd393ce5dfaf8f5e130b78
SHA256 2643e67327f1ab03c351ba709e47ec9a6775343d5738e56d720f2ad8d926b045
SHA512 d03a3b30f6ee0320f7f55cfd2c6c31a72efb8cad0355248b40c897b3206bffbba29413a26bdf57f307478de32b7885cf7392e726808855090bb7bc256308c742

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 12e3b76ac92a8c2631e9471f59fa8f7b
SHA1 9906f058ea901da2b160898dc27bdc91f4f10e63
SHA256 62fa098e6606285adcf80aaf5836a8f6971f2f7924d44dd9dadae6871e36f3f2
SHA512 98ee30fd63df26a25c23f5c44e94d59311709b7212ed9e1789b73b72b157c6047b9e5e4a5ee50730f639d270cc95b177e0fc8777dfed1707e5dfc29e81fda2cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 2fcd3770da73f343601ede1d6bee3600
SHA1 b84b64a266ca062f861235910d77ad6e43f3f5e7
SHA256 796be3e46aa6001b512d3f42237d9709d82ff38139e6be775d569481d1c02c90
SHA512 7785438bd4aea1aa24f615c0c3a038d7ee69b54802013b22ed796956e5174dd0033bca8291a1cfbbd2f072a4067b2689b3f41576bd3923eb74020182e7da44c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 d8544b1ba89f7f8eb805d6c8eabc7c26
SHA1 def471a79905d8e8b813be40f1854fc835b6a944
SHA256 32d5a0f2b88499714c7e3e1c12ec467cacd6c112dd3554733460be8e6b0aeaba
SHA512 6d07f8ecad73d20fff7d01fe1a11f3de2e3473dba95d9baf19fae741cc4065be3cb8a103a38ed2112fcd35d9dd0e9c3647cc4b10ec2036d5d16e6262e27abf4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 40dd2bff6441b04eed56e39f919c51b6
SHA1 f41ca5aa7275b0a5bed68768a25dfb739e77eae7
SHA256 1a96201fe2c9e2b2f762f491e7134dd88a31fae13c12d93b95d5e4f75d010fbd
SHA512 1a2e5ed1450d89d412c081fefca8beb549f4490376ab4bfcee05b37ea1389ef66e717ba456c35a8a57a7ef16ffc28162a34b32282532d94a6ad82a7ec741cdaa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 0117a93499207684280b5b8fbfd114f6
SHA1 693f63a6c9dd0ad5110c82534be66f6b3bf73d86
SHA256 791e60cfa898acd566afb9351b256265076a6adeef4f450dcb9353f025aa15a3
SHA512 d38d0d39d08235719c7ad938e219fba8f1d6fb7b226abad3ccf56510985eb80539e4358375b13c166f560fdf9457f1b7cb885ef4b8e6ecb9106505adefb35ee9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 8a2940a339745769e152d33fbbb619b5
SHA1 36a68877bfdc6129e3001482c1643775cb72f81b
SHA256 fedb8b37901e967e24ef9bffdf995ce38da7db5391435e4c33f0427a0cc1b5ff
SHA512 281ed7062b04942fc425cdf85f5417a4e065774223c299ed64c2be195be0e8c63eb6b792afe54f82c79ba2fd16734347c6fc2145300a04889a8d0d7152779e00

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 07f15421cafa63b323d65b1fee9b73f0
SHA1 bb70d2343fef79d65d8156f74dd288fdba6de372
SHA256 03bc9b9ae9639e2417193f42b73eb6962df5d4a664ee93d8328d8ad1de1ee09c
SHA512 8766c9176cdea69beea5e2cda3edc62e595706b8a814b4a6f07c4106e99c80181418d9778fb0ee94013e2312eb6281931ebf8f3d6cb36099b576cdaafb173eb8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 c5d09780b8bc399b6a04c92f5445cf1a
SHA1 67f213e977c4fc4ba4559d71f149a13ac92ad305
SHA256 2b6b2d0945c3fe22705eb7d9d03d79a6253fef855b256e36d493c3868a4ccf3a
SHA512 d8a86b2b1d98f53d2df16566ec41910dfacd850cce8be8589abc7e22caaee19b59c07abb7f7132b48bd1fa6c3666327f2cb2917942ae10338cc2424d437bf040

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 d9a428c0506c29dcbf78b38339b658a4
SHA1 8b7c80dc298aa0df3b996cd48df063e8a492e508
SHA256 2f6dad6d6dd82b6c301e7b303d183a94a6f2a9aa8225959e801052bb36cb9206
SHA512 c3583b9729a4f95750409e0e033ca7c1093c7a630489be3f514189dcb91647634b4a8da2fa1e3a7ccdba700a260df2f9283acdd7882f47b7a612c5799cb3de2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 d29b9fbb90beab76869d87104f8df2dc
SHA1 e2ee8cfef36577817f8fd8d1fde9383d76273140
SHA256 816fa45cc22ecb4bc7d06acd420fafa83a442a65f6658da73353c61c841cc367
SHA512 4b3a404156832b0e8f528d9aa2f60fdcc65acc2affde57dd3b2b3ca0443b3a1a550ab826cc0a8e63a9f3b1add75c6cd1fdc897ba4bc39ab636baee564be61904

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 85d699b18100c18648ebf5ec55716eab
SHA1 03991526ebcfec6402e68318e853c31553fbe500
SHA256 88475133491145b77be280053b5a351a506248c501a40fdc4781300f14bd9d1b
SHA512 426fdb62875920576cdf25c2d288b1ec872d2034f7fdae0eeea2c2ffa7ebef4b6c991fa97979ebdb200c5c4172a6053b2b3fe3be0d74b5834c8c4f75e2db487b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 62aeaa088f28756261fd48ad686aa255
SHA1 29b0faddd63f88fe67136be323384ddcacc19e68
SHA256 d97e15ce76b7936b447afebd0e7faa596fd08ae60ed776650c43341bb4203df3
SHA512 db5a38ed3586c3a281309361021273a4f9e5b841159bcae6c72713dd4971068139488caf9fc8d1a85f971266c8f8ec1f5c352f278e248c70a326f4c0eb5008a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 ab34d02b7172ee6cead1dee463fb62b2
SHA1 1e83d02aa261e9b6d449ba7773a036adf8f50a34
SHA256 147423fc118d012ec96e2ec7242d7e5a18d99ab87aa1097189da1bf77e06e3a8
SHA512 644b6b7a89c40c61ff1306bb53ad0d2cb9133b2546e0e96f6766fc18374d6f8b74512b858e71060f14442ff4221f3e95426c93a7de028ae85a2b5af32e9b96da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 852855d9ea645f5335f35d17a1744a81
SHA1 095c6934218f15d4155dd171d55764a204791a3d
SHA256 a4a3beda69e3fbc11bb537f04bd59efb5befebfa41b1622e2d33cb224eb7c9f3
SHA512 ada3c92e045f345bd82d02a385b09bfdc967ddcf31cfd06fbfae8694d6b4d72771065460c17d205cf8742f922f1716e61b709929050469099b888926f9711b61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 caa8c29459fdb62546b84798a1e1b486
SHA1 f0f5e7bc444b6a66b0d55a6a99460bddba287579
SHA256 30866af0fa5419de864b4632bafb9e066a797d4bdd770ecf50d0b83944dedcc5
SHA512 f694ee4d6473044ed9cc61b3b72fc589ef31fa335e1b36b1db6c5c892d8230c0792dd3657d4eb54266137a41f1dee3da0567cd554303a36f6cef08cc8deb4ccc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 b3d80ee7536efcd4add05b63a00b58fe
SHA1 daea82c83734043ca895336b326b89986b760a45
SHA256 76b7542e13754bc5ebd26ad3b2801d3ffc16586f13a3b161c4d04d31d413f9d4
SHA512 d4f4c7c81fe6af98e87e7f74c0ac63a53e50e70dfcca66c55117b54f4262526e81290485d0cef64abeef75af6bb39c7bcf51e73bb7d2d52d7aba0085d5ec1e3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 59a18ad9cce0bdeb6444d8036f2531c5
SHA1 9e92d922f3f6a37e257072f840735e63cb2aa5a7
SHA256 ead7866df3a41d696d71f8c6459918f9c8e05ba15418b0225fb524f535bf86bd
SHA512 c8fec71743bbec1cfdd85433d35272b856186ce325d75c30541066b00553f6c5c62cdb18311f4c5cd50a4f799fb1a548ca32d08ff484e546d76a42b77b9ffbb2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 617b59269d263dd9a124ac312e7f99f7
SHA1 d9e3b37c9d36f0e0ce8ee554aa17a8406e670cbe
SHA256 2dc76174eef9b2d030f086b53f739e7e684c16b9ae3d2bf72c1262e87fc01e41
SHA512 9d03495b471cd321a21bf365f6947f86804c9e5aaac022c5bf54735290f3e62563790c5dbd7bc1b7b9bec2378d09b26fb19fafb794e077ca43ebaae05a0a2dfd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 e5c19a249870e5224c07c0dc1d496e1e
SHA1 9d42ae34ef20dfcdb15c56238d6bae1b0c21abf4
SHA256 320f4cf0fa08ed92dac75517aed5c7b41643b9c721df842911c2f6efd7e81eea
SHA512 ca42700ec035ced75df29ef75c6f8d5755c7549d5b801ac995a61059c42c41d933c3f309efadaecfa44b6080ec7d95a7a8872bdafa1b814f153f4d1a0892c817

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 b109cf4f53c36c62ee5f92f26c04007c
SHA1 037a779d3022d673ace4197a8f9f98536570a7e4
SHA256 2e9c61faaa61f004b55c4f262a33cfd74a0796f5c29c6adf50e610b8a86e9003
SHA512 e7e2f9addaa1563292773c8ac893fbf683239e9f932369b206bc451989c422d6074578e566b50ba2d8ee093b350514a6eb4411532d43a9b3d14bf4a1a303b357

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 dcf97a7ec94d85b3f8b2f32a712c1f15
SHA1 a596802b7e3591850e8b74b9ab8ff7d3e333b7ab
SHA256 1896ce4c18a0f0ae755889b764e8da4b65739965aa39f1e6b606f8c5ed44116a
SHA512 c7ad783d8ec549e1437f6cc26a090ce1901ea8bc28583e74888295f0eb258b4c4193f15dc9ca4b5ee98319a91148ba0fc69672277491304690d4f035e9325378

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 6634e5fdeb945d6fff3ee309c60e3256
SHA1 5b5423bf90e44f565be6b0c58e5fbd8c93fa8ad1
SHA256 b0164879748d399b216eec59e280eacfda539dccf4fc067e61b8aa1a4932cca2
SHA512 6780b9ce4061e1e108b326311430443cbf504151d6fa3196f048096314bbdd662db458974e57aa3d6fcb38e0dc4699e762abcf2666f6481575ebfc39bd9f13cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 8ac4acb9060d4eadf4cd2236e127966a
SHA1 4facb3c7afc6458769cabde63ef0bf05484d6a3b
SHA256 c16fcd17cd769b558cd5941f82015cb87a0ede49da90315c18b2624416a30c15
SHA512 05ebd064fdc58e3c5a80b79248a31dd5eb9713a31d2849ffe0c27c3eaf60e5ae9c71d1ee02f52f9e0a66576185b3b524a8d69265585f56aa65c84739fbd73c21

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 12f986a9c95466af45b73181638744db
SHA1 36f26b81d9355485e3038416575548ff9a2d0780
SHA256 dbfada931e4a1a224edcc4d19a50aeb60d71ad9ab08dc44227cbe3a11e9aa556
SHA512 8474063feb826515d4363d5eaa9f8aa7de0ba2b8f71004209047c03944c13e4064203650acff614138739c7aa8f599f6ac45a7af5ef2b1a9b33270f700ccd551

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 74eb3106ad5a2f6c5447c2269ab2e0d2
SHA1 f6fec31c24737ed0b19703c158c6780e4942fb72
SHA256 61ca8f4cae09c5448c8cac94e9b47941d7a5241ac48aa11a78c9af7b5018185f
SHA512 5446947cf1c25a22ce604748e66f1657847f66a2509c5b087416d2f8a55e9196a390ec255df160c5468bacf1ee943c66a69bbdd835184de4a7008a1d8c539f80

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 edf3b10f3d98cfa81f489d1f62e4953c
SHA1 c7ce072d369e01cfdf5425abf95ad63d8fb32aa6
SHA256 349aab6333f34107d3881a97cf192868793d80449d4915d001b04a973302a8a4
SHA512 37783ea46427d3c4583674cb781f4a7e6249cbdfebb52e70d31e7a51150ef6538521bf6fc4f69370eca8218ededd5bd8c89c4117ee091a1c7ae9d4c07e10a44e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 85ebeb775839cc05301baf868638e0fb
SHA1 13747bc8cc0439b7f2787c1d2f45c4558a70e7e6
SHA256 ccbae6a23cf06d3db3483e4163c9d49c83f154c5002d7fcd92ac66a02aa6864a
SHA512 fab14b2b2ee7a642b1d1edade531c70fe5dcdc94b3ac931f1dd5bde6003ae56dc94fad0cdd82c977c253cbeb89c92f5c6c309853eebd605e5fc9e67004669175

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 c044aef23ed54c2ff2091dc61ac1902a
SHA1 e1555a18dc4f74cf32f4a72f1c74b4a684e914e3
SHA256 26e999f0cfc38ca60b881c624d89592e408a40c3011592cf252304ba12b51cb5
SHA512 d5863fec8f6de9bd94617cde33ee2c4de7653602f771182b0d81aafaee492ef9b93945ceb5075085cabffe1965cc4daeb3928fc2b1283c79d81fba9efbf270fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 1e6d56c8b519ec941d4215f7b60fe1bf
SHA1 9eb944a900a4b63bf3e44378edd991c64e860a8a
SHA256 1a0953895c6b348d4cc563ae1eae6133c214d533be923348a53e140755f26cc1
SHA512 796be12f12932c04e4dd69880ff3491e3c7b967e7b4b4193d10f1fa37a99129651c95c121405e17e40358215ea5b7c4d3028bcc45807d066da9c3cb75f4dd594

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 263427500f99a96bbc1d4b45cd10cd31
SHA1 e0c377634891aaefe0dbb7e0f3202fe73a0cc6c2
SHA256 12b6a703fc6526cb7cea3be897c4356b913f5455846741a14639ad4343836f7c
SHA512 e01256709f7cac395dd02fa9009a8260f9894b84749dd646f69b10312e4ee0cd35c0455e22ec7468071e588639808fca443a68a08185d01d609fb99aca9bdecf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 178fc159a69f3f89e44ea45e9f28d76c
SHA1 d5c42d2572481e985a15822ff9fa8b91ca28d917
SHA256 96cad5e54b43ba68cfd2e392b22b8bc8ba41b6b4f29bbf60c3f6cb5f655fdc21
SHA512 d00c990ea52d33ec9700e4a16dfc7a7c5a84749dac648ee2d5ec54134792e0f85be535a48b8910538eabcd4d515ab20b9fd373667e7ab3ff624e654e2dabda99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 1aea5e1c125c0caf589c87a15c9ec7a7
SHA1 a956b516c26941be53da9a16da3144619803aca7
SHA256 742ddef3f1e9fed8440641a3148e1d4f3f12f2f6bddf46db3fee72e10b21e100
SHA512 5788f2624343840928532adb24b274f00ddfc69f1a1a270498b74899e5b77d33c0aec40d77ec2d385a5e9388737541506493f4ec80af4c2289b884fb71fea660

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 4efe98759a8c9ad285b89f7a46d8a780
SHA1 39841a37556e622c70acc2f653db7f6fc79668e9
SHA256 cd8395320979a44e4887c9a6c9da8003451d131ca3cff0b121bb28d17d6cc95d
SHA512 c31ce893727b954c1df241404571d620cb7d00b36bdd6cea024e359766596f3be9f09a12e945a885be184c33f11974285fce7657fbbab04dcc2c0659e36c11ca

memory/2112-8208-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

MD5 2fb408fa4e066829075e6dfb2619464f
SHA1 70c0f86d13275c907454c37bac1299f3034d7bd0
SHA256 18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512 e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 d1d7ac62bb5075df17eaf56eed6febe5
SHA1 72fc3610d6b53450a3eef4ddc93746d375524f89
SHA256 a0ae8eb5cc2b1256769933fe525c47765f49784e0c9ed00c22c081d31ea712a0
SHA512 d7abd1ea092a99ed47b8d3a7e939e3afc3f74a83f661d9c30e373f64e8bda3285a474c51b8a7c4c461e26fe74709faab2091092af6d768acbb6e6a2a78abed2b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 947a4a0fe815441767e049f70143f8f2
SHA1 1524f8da80a0d71a84ab02a9a4e6df49abeee48e
SHA256 7cb6ef44a5809befcef4265c70b43036bab92e2c2e9d4e17718b1dd4a8cc0c2f
SHA512 76dc58f65aeb05da7a5f19e5f4f6f81913eb65837e268a5c49de783f08d267c74486f0e9987f820fdfeba487d3d4f14aff61856755b852b3b0423dc6a13831f5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 d1a791029b83d8da27fe43a35279938b
SHA1 b2cd78117984a9fc813422d0aa21fec365b96d33
SHA256 0ddd3a0e112256a87ab18960c7ddc1a7586e3f439fa553796fdc6a03527d8e80
SHA512 432c107595d4e6accc440143f5df10edb20e1bfc399962c138f80488b55ebc948cbf144f1ee874a418b39dce0dc396b07c8e3dd45bb06dc395372927adf6d191

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 ddf1a5fa2827b0c84f82cd276eea32cb
SHA1 da7561a6a6b6344d84c9411bdde50332384cd37e
SHA256 6dc03d8081c0ca8f8f9458bf6c9eef5d0d02c617349c305538d32276280b6d0e
SHA512 42d52c6bc8649b44da6b5de0af93025798c8310aa6d55ef4b69bb969b3e1ddecf0032dc3844f71cbccfae30f0bed4007814c7a5b9874b0dc6b087da00c21d4ee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 c3045c4ee7348bc98228794be872f497
SHA1 3dea5d7fa7784a05ea29cd2ebc8c3b779a90dee3
SHA256 016e471cbbdc1abc6d3ae65f034a43165dbbda8382e7a0698b917c811eb3f7e1
SHA512 b0959331adfc5116b92da9d6724300e9d43cbc439cd01263d96c6aeafea3d1dee5f0f9b07e180f928d009823e44a4d7e4c2f90e6723498431205f0fa331dcc9d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

MD5 d641e337d80a94b8fa44d992bf3891a9
SHA1 c7f6f20881c96aff72cd0e570a191d63ecbab0ba
SHA256 9a42409d49df92e5250e6b6fa348435ee413014202983404974e95aac96a336a
SHA512 18926d3827696f32db8139bd6c155a95c9c62328b0074b584ab2911c8e33dd7554e39607430713856d8ba13fa2afe94103b7002e704e2a228f8d8c2901a67638

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 08f47d182694c2d910cefe47a6ea0aa5
SHA1 f65efc484fd55492a65835e24cd0aa45b28b8898
SHA256 5da8bd196cf672f6ebe2e3e01d285b1a25399076e9806dcc30cde53f17e2e4c8
SHA512 8dc74b0399d9ffb586f573537fce6b761327d11dd2acae9a8307d420e6dbf816a881301e1bbb887cafb0cf358ca603e8bdf04c1ce80382b43c8ceeddfe43bac6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 27273d8e7aadb7053bd3210ca6aeec48
SHA1 258507ce7cfd05a17ac64501efb125515afd1173
SHA256 90142258a448972a34f3cdd444255f4575e8f0a38a145effb20da5dc2a24da1b
SHA512 0fca1b363628e10100142b83c6a21eddb939e2656417d9ffd815cfed2a45e45b8597e238f9de88f22820ea9897cde76fe0127929143c1510691d6192bd7e4f05

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 238cc1d5e43d13c549485348868a9bf7
SHA1 a5c4e86e769c657bd1d8d33f6f30e6877f676f85
SHA256 73ab39777f13f27b3b5cbf5be1cf49d65f0a7c82727c7036d05f545b00dcd159
SHA512 f7293d9cca5c849a91ca4ebfad4b2cc92ee37944e513d95e3402c4e053750222682fce5b5f37f1169d4b6f1a7d756ac6608629bd10fc571a693ae603ebd7c8a6

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 447fc7255ecea56cd576dc22f946bb21
SHA1 6d9171cd906bd1908116e444ff7a56c069415b36
SHA256 399a5d950b6eab9865c2fe0cc4832ebd78d72a29e85e5bb2fdcab8b93f647ca7
SHA512 a2078f7bd33cfbaaafd1612cee506bc5ef8b91757bdd9602d344ab21d703cefb1e48a0674d32044a3146817b7a827b696d16434d9e334ab10f8306343a7e9793

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 b829d80a446a52752ad96728c90bd0b7
SHA1 27b3e4668ee3a5864efdcf5127f226edea55f606
SHA256 d112c262cde2d05bee9669e90630eb132ffcd58e65f4b52aed4503852235cea3
SHA512 770e372d0e552db094a94ffa84155a62ec9956d297a9a5dd8a47639aa7f7c4269bcbfdd54c0e2a0113681283399410ce7af95ced5108d87dfb22a8968a0c68a3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 9ecdd20668c6d92185a03a4f79cec53f
SHA1 5aaf6d9d606ff80c51a8a58fd70e23d43ff34add
SHA256 03647040afa09f73fbcc7606e33eca0e99426d583c63460ff6dd6d27950fa2e6
SHA512 7d11ca04501ccac9f61f0604744541613d6c36c69a03caa9979ef5ad4317f11a1e73128feb7a252e33de14f261179cbfbbc4fc3917edb349e270ff00d7559353

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 dfc4f34c1c3f1925a39af4d3685c74c8
SHA1 ff9f153337c65fe8ec4bc8237d99be4673d52222
SHA256 fca71752406b02417ba52300a3cc974cf069d56cd88e80107e4e9a54761379b5
SHA512 e1aa4ed2a45ade225764b3c54381b2aacf0f075de92fd78d013a59b8c22e4f0c2f6ca7d13aa7432907a1f7c3c0f1e1d24729eceb6ac12d14a240e0339c5fd4a2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 bdfd7b4496dcfa51859ffe4b63693d18
SHA1 7aa3f0fb67ade65669096b972fd7caef887b7d65
SHA256 054386416c410ce1055b30a88cdaac18ec3ba219a3a16a03dc1f043cccdccfe0
SHA512 96987953d23d83a8e6fde9b883a006befb53c1a2a9e49bbbe4148ccdeb715933340f9abcafb485583dd5c0dc48dbd03be13a43e01fa8ee9f4bde35f544af59fd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 2b2a37d3dfdf8103cfff5656d76d8fdb
SHA1 a58e837297ec6eb999019c3dd1c3be9fb798d00a
SHA256 f96cbd181529787ca4dd012b0f7829640bf04ce28f23c4a24193bc5178ee8f90
SHA512 3343ca22c3f17ce8e19456c953e840441573f3fa460731d1093c618db73951dd3276ba53304e3976f8bb48fcfb5f1f39ac31da3535f921ff31074fbe81bac86f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

MD5 381f4e7b18cc3bc148cc5167256c1549
SHA1 cd8bd17501d3d0a3b5474b46628ee940b0fbbdfe
SHA256 074387eb8cb8a927ceb3ddc276c263b68b0e20287dc2d14bb7a8a395fba3ce48
SHA512 304f8b174544181fe48a6a86a931afdff47bebcdde232e8c12181ef26c2a3879b5c8f39c0c9a011403a68805bfb63ef6d7cd07d2dc3108a3cea1429f58533519

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

MD5 eb883f50f5bdb5c058850d06d16ca89c
SHA1 da06d1ec551f1e67a118591ce04675b4be8fa782
SHA256 ee573a202d86563ed98b874f6a511338910f7cfeab46408d4b7637f645dce92c
SHA512 96b2d3d23b6dcd82f5e9a330f5dd73d7b80a8ce2ed741dce25e46a8a5b175bdd5eaaaecd442225d84fcd3f5fb176e0bb76e368c7d195835b55e66ff9d45255be

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 61671c37080b9364a76d0901c194b7a6
SHA1 6635d66aa6f33e56e8df3dc611efa23d48c1f74b
SHA256 f0b671cc27027192688c9cd545e80de3e047adada805ac9d8f417096d13a72d5
SHA512 47a0ccb93f5f5a0c44a78b42ee370d280d8efc07385d6d133c5fdf359a81938d9dbdb3d9487c5494b682fbea4f102961ee753fa477414f9b7510c741dde82254

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

MD5 36a7bb6283b9ef82cfe7822b3fc80a1d
SHA1 46819f405a5f6231fa719c4178348a4012978ebf
SHA256 8174f2b565c6a828d499bf3f8f294f2530b2770ab7ad067727fabd6c686546a0
SHA512 35192153895515d8ad9581b05e1f855f0fb6d1cbaa5aa421e5f1d996c6ef15bf60f68ad4fab3e783bc5aafa6f42fb61d0f32684c61287ebd48e70fcae1014aef

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

MD5 2a12227b497d9d9c58661950282a7f28
SHA1 d63279e0cba6fb04cc28b02ccdd9a3d9f2b9c99f
SHA256 1cc0dd904ad1f4888cc8ebf2f78baa3f0f60762f5f9205d1ec60517e7dbfd0e6
SHA512 2c12221e1770ae6ee3f32de4385af1f78c176e4c9478ce57ac6187fc214c668050e18c964c2ee5dfad48c481b304dc90f824cfcef7dccc5b0c7dc423b3f22f1f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 d4ef2734e289db09136ed25f79c5fd28
SHA1 f99602b7121f34a6526c4dd561653140c40611fd
SHA256 7023371f6dc55381b5f9682e5309e3cc0509f5dec6982152348c6eb649489474
SHA512 0b2b84be8f63834740ed0cdbb1a32eebe296adf6fb381741bf25cb9472595d8dcc8d8b4982168528419c717ee345d599d4605a3cfa8ff45a34d30836c658747d

memory/2112-9180-0x0000000000400000-0x000000000040C000-memory.dmp